Brainpool curves are negotiated but not correctly decoded #545
Description
Describe the bug
A server using brainpoolP512r1, brainpoolP384r1, or brainpoolP256r1 as the basis for ephmeral keys leads to an abort.
* Error when running --tlsv1_2:
You can open an issue at https://github.com/nabla-c0d3/sslyze/issues with the following information:
* SSLyze version: 5.0.0
* Server: 127.0.0.1:443 - 127.0.0.1
* Scan command: tls_1_2_cipher_suites
Traceback (most recent call last):
File "C:\Users\plc\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\sslyze\scanner\_mass_scanner.py", line 265, in _generate_result_for_completed_server_scan
scan_cmd_result = plugin_implementation_cls.result_for_completed_scan_jobs(
File "C:\Users\plc\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\sslyze\plugins\openssl_cipher_suites\implementation.py", line 125, in result_for_completed_scan_jobs
cipher_suite_result = completed_job.get_result()
File "C:\Users\plc\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\sslyze\plugins\plugin_base.py", line 62, in get_result
raise self._exception
File "C:\Users\plc\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\sslyze\scanner\_jobs_worker_thread.py", line 50, in run
return_value = job_to_complete.function_to_call(*job_to_complete.function_arguments)
File "C:\Users\plc\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\sslyze\plugins\openssl_cipher_suites\_test_cipher_suite.py", line 56, in connect_with_cipher_suite
ephemeral_key = ssl_connection.ssl_client.get_ephemeral_key()
File "C:\Users\plc\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\nassl\ssl_client.py", line 326, in get_ephemeral_key
return NistEcDhKeyExchangeInfo(**dh_info)
File "<string>", line 9, in __init__
File "C:\Users\plc\AppData\Local\Packages\PythonSoftwareFoundation.Python.3.9_qbz5n2kfra8p0\LocalCache\local-packages\Python39\site-packages\nassl\ephemeral_key_info.py", line 142, in __post_init__
object.__setattr__(self, "curve_name", _OPENSSL_NID_TO_SECG_ANSI_X9_62[self.curve])
KeyError: 927
To Reproduce
Run against a server that has Brainpool curves enabled. The SSLyze client advertises Brainpool curves:
0:000 emSSL - SSL: ProcessSupportedGroupExtension
0:000 emSSL - | Group ID 001A - brainpoolP256r1 - selected
Expected behavior
Well, I expect it to correctly display the appropriate Brainpool curve name. :-)
Python environment (please complete the following information):
Python 3.9.9 on Windows.
Additional context
Adding a temporary measure to ephemeral_key_info.py...
OpenSslEcNidEnum.SECP384R1: "secp384r1",
OpenSslEcNidEnum.SECP521R1: "secp521r1",
OpenSslEcNidEnum.X25519: "X25519",
OpenSslEcNidEnum.X448: "X448",
927: "brainpoolP256r1"
...results in:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 ECDH: brainpoolP256r1 (256 bits)
...which doesn't fault.