From 7589d7c710c185692f35723b68bb05cb885819a7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Szil=C3=A1rd=20Pfeiffer?= <coroner@pfeifferszilard.hu>
Date: Sat, 13 Nov 2021 11:11:35 +0100
Subject: [PATCH] feat(tls)!: Readd minimal signature algorithms extension

Some implementations alerts internal error if there is no signature
algorithms extension in the client hello message
---
 dheater/__main__.py | 33 ++++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/dheater/__main__.py b/dheater/__main__.py
index 3462d18..05dab52 100755
--- a/dheater/__main__.py
+++ b/dheater/__main__.py
@@ -12,12 +12,13 @@
 import attr
 import urllib3
 
+from cryptoparser.common.algorithm import Authentication
 from cryptoparser.common.exception import InvalidType, NotEnoughData
 
+from cryptoparser.tls.algorithm import TlsSignatureAndHashAlgorithm
 from cryptoparser.tls.ciphersuite import TlsCipherSuite
-from cryptoparser.tls.extension import TlsExtensionType, TlsExtensionsClient
 from cryptoparser.tls.record import TlsRecord
-from cryptoparser.tls.subprotocol import TlsHandshakeType, TlsCipherSuiteVector
+from cryptoparser.tls.subprotocol import TlsHandshakeType
 from cryptoparser.tls.version import TlsProtocolVersionFinal, TlsVersion
 
 from cryptoparser.ssh.record import SshRecordInit, SshRecordKexDH, SshRecordKexDHGroup
@@ -39,6 +40,7 @@
 from cryptolyzer.tls.client import (
     L7ClientTlsBase,
     TlsHandshakeClientHelloKeyExchangeDHE,
+    TlsHandshakeClientHelloSpecalization,
 )
 import cryptolyzer.ssh.dhparams
 import cryptolyzer.ssh.ciphers
@@ -279,13 +281,26 @@ def _get_client(self):
 
     def _prepare_packets(self):
         protocol_version = TlsProtocolVersionFinal(TlsVersion.TLS1_2)
-        client_hello = TlsHandshakeClientHelloKeyExchangeDHE(protocol_version, self.uri.host)
-        client_hello.cipher_suites = TlsCipherSuiteVector([self.pre_check_result.cipher_suite, ])
-        client_hello.extensions = TlsExtensionsClient([
-            extension
-            for extension in client_hello.extensions
-            if extension.extension_type != TlsExtensionType.SIGNATURE_ALGORITHMS
-        ])
+        cipher_suite = self.pre_check_result.cipher_suite
+        if cipher_suite.value.authentication == Authentication.RSA:
+            signature_algorithms = [
+                TlsSignatureAndHashAlgorithm.RSA_SHA256,
+                TlsSignatureAndHashAlgorithm.RSA_SHA1,
+            ]
+        elif cipher_suite.value.authentication == Authentication.ECDSA:
+            signature_algorithms = [
+                TlsSignatureAndHashAlgorithm.ECDSA_SHA256,
+                TlsSignatureAndHashAlgorithm.ECDSA_SHA1,
+            ]
+
+        client_hello = TlsHandshakeClientHelloSpecalization(
+            hostname=self.uri.host,
+            protocol_versions=[protocol_version, ],
+            cipher_suites=[cipher_suite, ],
+            named_curves=[],
+            signature_algorithms=signature_algorithms,
+            extensions=[],
+        )
         client_hello_bytes = TlsRecord(client_hello.compose()).compose()
 
         return client_hello_bytes