Merge pull request #361 from RUB-NDS/fixAlpn

fix: Add missing length field to ALPN extension, see #360

Author: ic0ns

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java

@@ -290,9 +290,9 @@ public static Config mergeWithDefaultValues(Config c) {
     private byte[] certificateStatusRequestExtensionRequestExtension = new byte[0];
 
     /**
-     * Default ALPN announced protocols It's HTTP/2 0x68 0x32 as of RFC7540
+     * Default ALPN announced protocols
      */
-    private String applicationLayerProtocolNegotiationAnnouncedProtocols = "h2";
+    private String[] alpnAnnouncedProtocols = new String[] { "h2" };
 
     @XmlJavaTypeAdapter(ByteArrayAdapter.class)
     private byte[] sessionId = new byte[0];
@@ -2055,13 +2055,12 @@ public void setCertificateStatusRequestExtensionRequestExtension(
         this.certificateStatusRequestExtensionRequestExtension = certificateStatusRequestExtensionRequestExtension;
     }
 
-    public String getApplicationLayerProtocolNegotiationAnnouncedProtocols() {
-        return applicationLayerProtocolNegotiationAnnouncedProtocols;
+    public String[] getAlpnAnnouncedProtocols() {
+        return alpnAnnouncedProtocols;
     }
 
-    public void setApplicationLayerProtocolNegotiationAnnouncedProtocols(
-            String applicationLayerProtocolNegotiationAnnouncedProtocols) {
-        this.applicationLayerProtocolNegotiationAnnouncedProtocols = applicationLayerProtocolNegotiationAnnouncedProtocols;
+    public void setAlpnAnnouncedProtocols(String[] alpnAnnouncedProtocols) {
+        this.alpnAnnouncedProtocols = alpnAnnouncedProtocols;
     }
 
     public byte[] getSessionId() {

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/ExtensionByteLength.java

@@ -113,6 +113,8 @@ public class ExtensionByteLength {
      */
     public static final int ALPN_EXTENSION_LENGTH = 2;
 
+    public static final int ALPN_ENTRY_LENGTH = 1;
+
     /**
      * Length of the SRP extension identifier length field
      */

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/ClientHelloMessage.java

@@ -155,7 +155,7 @@ public ClientHelloMessage(Config tlsConfig) {
             addExtension(new CertificateStatusRequestExtensionMessage());
         }
         if (tlsConfig.isAddAlpnExtension()) {
-            addExtension(new AlpnExtensionMessage());
+            addExtension(new AlpnExtensionMessage(tlsConfig));
         }
         if (tlsConfig.isAddSRPExtension()) {
             addExtension(new SRPExtensionMessage());

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/ServerHelloMessage.java

@@ -112,7 +112,7 @@ public ServerHelloMessage(Config tlsConfig) {
             addExtension(new CertificateStatusRequestExtensionMessage());
         }
         if (tlsConfig.isAddAlpnExtension()) {
-            addExtension(new AlpnExtensionMessage());
+            addExtension(new AlpnExtensionMessage(tlsConfig));
         }
         if (tlsConfig.isAddSRPExtension()) {
             addExtension(new SRPExtensionMessage());

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/extension/Alpn/AlpnEntry.java

@@ -0,0 +1,67 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.core.protocol.message.extension.Alpn;
+
+import de.rub.nds.modifiablevariable.ModifiableVariableFactory;
+import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray;
+import de.rub.nds.modifiablevariable.integer.ModifiableInteger;
+import de.rub.nds.tlsattacker.core.protocol.ModifiableVariableHolder;
+import java.io.Serializable;
+
+/**
+ *
+ * @author Robert Merget <robert.merget@rub.de>
+ */
+public class AlpnEntry extends ModifiableVariableHolder implements Serializable {
+
+    private ModifiableInteger alpnEntryLength;
+
+    private ModifiableByteArray alpnEntryBytes;
+
+    private byte[] alpnEntryConfig;
+
+    public AlpnEntry() {
+    }
+
+    public AlpnEntry(byte[] alpnEntryConfig) {
+        this.alpnEntryConfig = alpnEntryConfig;
+    }
+
+    public ModifiableInteger getAlpnEntryLength() {
+        return alpnEntryLength;
+    }
+
+    public void setAlpnEntryLength(ModifiableInteger alpnEntryLength) {
+        this.alpnEntryLength = alpnEntryLength;
+    }
+
+    public void setAlpnEntryLength(int alpnEntryLength) {
+        this.alpnEntryLength = ModifiableVariableFactory.safelySetValue(this.alpnEntryLength, alpnEntryLength);
+    }
+
+    public ModifiableByteArray getAlpnEntryBytes() {
+        return alpnEntryBytes;
+    }
+
+    public void setAlpnEntryBytes(ModifiableByteArray alpnEntryBytes) {
+        this.alpnEntryBytes = alpnEntryBytes;
+    }
+
+    public void setAlpnEntryBytes(byte[] alpnEntryBytes) {
+        this.alpnEntryBytes = ModifiableVariableFactory.safelySetValue(this.alpnEntryBytes, alpnEntryBytes);
+    }
+
+    public byte[] getAlpnEntryConfig() {
+        return alpnEntryConfig;
+    }
+
+    public void setAlpnEntryConfig(byte[] alpnEntryConfig) {
+        this.alpnEntryConfig = alpnEntryConfig;
+    }
+}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/extension/AlpnExtensionMessage.java

@@ -8,15 +8,20 @@
  */
 package de.rub.nds.tlsattacker.core.protocol.message.extension;
 
+import de.rub.nds.modifiablevariable.HoldsModifiableVariable;
 import de.rub.nds.modifiablevariable.ModifiableVariableFactory;
 import de.rub.nds.modifiablevariable.ModifiableVariableProperty;
 import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray;
 import de.rub.nds.modifiablevariable.integer.ModifiableInteger;
+import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.constants.ExtensionType;
+import de.rub.nds.tlsattacker.core.protocol.message.extension.Alpn.AlpnEntry;
+import java.util.LinkedList;
+import java.util.List;
 
 /**
  * This extension is defined in RFC7301
- * 
+ *
  * @author Matthias Terlinde <matthias.terlinde@rub.de>
  */
 public class AlpnExtensionMessage extends ExtensionMessage {
@@ -26,8 +31,28 @@ public class AlpnExtensionMessage extends ExtensionMessage {
     @ModifiableVariableProperty
     private ModifiableByteArray alpnAnnouncedProtocols;
 
+    @HoldsModifiableVariable
+    private List<AlpnEntry> alpnEntryList;
+
     public AlpnExtensionMessage() {
         super(ExtensionType.ALPN);
+        alpnEntryList = new LinkedList<>();
+    }
+
+    public AlpnExtensionMessage(Config config) {
+        super(ExtensionType.ALPN);
+        alpnEntryList = new LinkedList<>();
+        for (String string : config.getAlpnAnnouncedProtocols()) {
+            alpnEntryList.add(new AlpnEntry(string.getBytes()));
+        }
+    }
+
+    public List<AlpnEntry> getAlpnEntryList() {
+        return alpnEntryList;
+    }
+
+    public void setAlpnEntryList(List<AlpnEntry> alpnEntryList) {
+        this.alpnEntryList = alpnEntryList;
     }
 
     public ModifiableInteger getAlpnExtensionLength() {

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/parser/extension/AlpnExtensionParser.java

@@ -9,7 +9,11 @@
 package de.rub.nds.tlsattacker.core.protocol.parser.extension;
 
 import de.rub.nds.tlsattacker.core.constants.ExtensionByteLength;
+import de.rub.nds.tlsattacker.core.protocol.message.extension.Alpn.AlpnEntry;
 import de.rub.nds.tlsattacker.core.protocol.message.extension.AlpnExtensionMessage;
+import de.rub.nds.tlsattacker.core.protocol.parser.extension.alpn.AlpnEntryParser;
+import java.util.LinkedList;
+import java.util.List;
 
 /**
  *
@@ -24,7 +28,16 @@ public AlpnExtensionParser(int startposition, byte[] array) {
     @Override
     public void parseExtensionMessageContent(AlpnExtensionMessage msg) {
         msg.setAlpnExtensionLength(parseIntField(ExtensionByteLength.ALPN_EXTENSION_LENGTH));
-        msg.setAlpnAnnouncedProtocols(parseByteArrayField(msg.getAlpnExtensionLength().getValue()));
+        byte[] anouncedProtocols = parseByteArrayField(msg.getAlpnExtensionLength().getValue());
+        msg.setAlpnAnnouncedProtocols(anouncedProtocols);
+        List<AlpnEntry> entryList = new LinkedList<>();
+        int pointer = 0;
+        while (pointer < anouncedProtocols.length) {
+            AlpnEntryParser parser = new AlpnEntryParser(pointer, anouncedProtocols);
+            entryList.add(parser.parse());
+            pointer = parser.getPointer();
+        }
+        msg.setAlpnEntryList(entryList);
     }
 
     @Override

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/parser/extension/alpn/AlpnEntryParser.java

@@ -0,0 +1,33 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.core.protocol.parser.extension.alpn;
+
+import de.rub.nds.tlsattacker.core.constants.ExtensionByteLength;
+import de.rub.nds.tlsattacker.core.protocol.message.extension.Alpn.AlpnEntry;
+import de.rub.nds.tlsattacker.core.protocol.parser.Parser;
+
+/**
+ *
+ * @author Robert Merget <robert.merget@rub.de>
+ */
+public class AlpnEntryParser extends Parser<AlpnEntry> {
+
+    public AlpnEntryParser(int startposition, byte[] array) {
+        super(startposition, array);
+    }
+
+    @Override
+    public AlpnEntry parse() {
+        AlpnEntry entry = new AlpnEntry();
+        entry.setAlpnEntryLength(parseIntField(ExtensionByteLength.ALPN_ENTRY_LENGTH));
+        entry.setAlpnEntryBytes(parseByteArrayField(entry.getAlpnEntryLength().getValue()));
+        return entry;
+    }
+
+}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/extension/AlpnExtensionPreparator.java

@@ -9,9 +9,14 @@
 package de.rub.nds.tlsattacker.core.protocol.preparator.extension;
 
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
+import de.rub.nds.tlsattacker.core.protocol.message.extension.Alpn.AlpnEntry;
 import de.rub.nds.tlsattacker.core.protocol.message.extension.AlpnExtensionMessage;
+import de.rub.nds.tlsattacker.core.protocol.preparator.extension.alpn.AlpnEntryPreparator;
 import de.rub.nds.tlsattacker.core.protocol.serializer.extension.ExtensionSerializer;
+import de.rub.nds.tlsattacker.core.protocol.serializer.extension.alpn.AlpnEntrySerializer;
 import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
 
 /**
  *
@@ -29,8 +34,18 @@ public AlpnExtensionPreparator(Chooser chooser, AlpnExtensionMessage message,
 
     @Override
     public void prepareExtensionContent() {
-        msg.setAlpnAnnouncedProtocols(chooser.getConfig().getApplicationLayerProtocolNegotiationAnnouncedProtocols()
-                .getBytes());
+        ByteArrayOutputStream stream = new ByteArrayOutputStream();
+        for (AlpnEntry entry : msg.getAlpnEntryList()) {
+            AlpnEntryPreparator preparator = new AlpnEntryPreparator(chooser, entry);
+            preparator.prepare();
+            AlpnEntrySerializer serializer = new AlpnEntrySerializer(entry);
+            try {
+                stream.write(serializer.serialize());
+            } catch (IOException ex) {
+                LOGGER.warn("Could not serialize AlpnEntry");
+            }
+        }
+        msg.setAlpnAnnouncedProtocols(stream.toByteArray());
         LOGGER.debug("Prepared the ALPN Extension with announced protocols "
                 + ArrayConverter.bytesToHexString(msg.getAlpnAnnouncedProtocols()));
         msg.setAlpnExtensionLength(msg.getAlpnAnnouncedProtocols().getValue().length);

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/extension/alpn/AlpnEntryPreparator.java

@@ -0,0 +1,34 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.core.protocol.preparator.extension.alpn;
+
+import de.rub.nds.tlsattacker.core.protocol.message.extension.Alpn.AlpnEntry;
+import de.rub.nds.tlsattacker.core.protocol.preparator.Preparator;
+import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
+
+/**
+ *
+ * @author Robert Merget <robert.merget@rub.de>
+ */
+public class AlpnEntryPreparator extends Preparator<AlpnEntry> {
+
+    private final AlpnEntry entry;
+
+    public AlpnEntryPreparator(Chooser chooser, AlpnEntry entry) {
+        super(chooser, entry);
+        this.entry = entry;
+    }
+
+    @Override
+    public void prepare() {
+        entry.setAlpnEntryBytes(entry.getAlpnEntryConfig());
+        entry.setAlpnEntryLength(entry.getAlpnEntryBytes().getValue().length);
+    }
+
+}