Skip to content

Commit 19d37f2

Browse files
ic0nsic0ns
committed
removed draft tests and fixed tests
2 parents 049d0b7 + 06122ae commit 19d37f2

File tree

348 files changed

+27520
-1245
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

348 files changed

+27520
-1245
lines changed

.gitignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,4 @@
1+
*.iml
12
target/
23
pom.xml.tag
34
pom.xml.releaseBackup
@@ -44,3 +45,5 @@ Utils/.settings/org.eclipse.jdt.core.prefs
4445
test.sh
4546
.settings/
4647
.classpath
48+
.idea
49+
*.iml

Attacks/pom.xml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
<parent>
55
<groupId>de.rub.nds.tlsattacker</groupId>
66
<artifactId>TLS-Attacker</artifactId>
7-
<version>3.4.0</version>
7+
<version>3.5.0</version>
88
</parent>
99
<artifactId>Attacks</artifactId>
1010
<packaging>jar</packaging>

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/cca/CcaCertificateChain.java

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
/**
2+
* TLS-Attacker - A Modular Penetration Testing Framework for TLS
3+
*
4+
* Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
5+
* and Hackmanit GmbH
6+
*
7+
* Licensed under Apache License 2.0
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*/
10+
package de.rub.nds.tlsattacker.attacks.cca;
11+
12+
import de.rub.nds.tlsattacker.core.crypto.keys.CustomPrivateKey;
13+
import de.rub.nds.tlsattacker.core.crypto.keys.CustomPublicKey;
14+
15+
import java.util.LinkedList;
16+
import java.util.List;
17+
18+
public class CcaCertificateChain {
19+
private List<byte[]> encodedCertificates;
20+
private CustomPrivateKey leafCertificatePrivateKey;
21+
private CustomPublicKey leafCertificatePublicKey;
22+
23+
CcaCertificateChain() {
24+
this.encodedCertificates = new LinkedList<>();
25+
}
26+
27+
public void appendEncodedCertificate(byte[] encodedCertificate) {
28+
encodedCertificates.add(encodedCertificate);
29+
}
30+
31+
public void setLeafCertificatePrivateKey(CustomPrivateKey leafCertificatePrivateKey) {
32+
this.leafCertificatePrivateKey = leafCertificatePrivateKey;
33+
}
34+
35+
public CustomPrivateKey getLeafCertificatePrivateKey() {
36+
return leafCertificatePrivateKey;
37+
}
38+
39+
public void setLeafCertificatePublicKey(CustomPublicKey leafCertificatePublicKey) {
40+
this.leafCertificatePublicKey = leafCertificatePublicKey;
41+
}
42+
43+
public CustomPublicKey getLeafCertificatePublicKey() {
44+
return leafCertificatePublicKey;
45+
}
46+
47+
public List<byte[]> getEncodedCertificates() {
48+
return encodedCertificates;
49+
}
50+
51+
public void setEncodedCertificates(List<byte[]> encodedCertificates) {
52+
this.encodedCertificates = encodedCertificates;
53+
}
54+
}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/cca/CcaCertificateGenerator.java

Lines changed: 183 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,183 @@
1+
/**
2+
* TLS-Attacker - A Modular Penetration Testing Framework for TLS
3+
*
4+
* Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
5+
* and Hackmanit GmbH
6+
*
7+
* Licensed under Apache License 2.0
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*/
10+
package de.rub.nds.tlsattacker.attacks.cca;
11+
12+
import de.rub.nds.modifiablevariable.util.ArrayConverter;
13+
import de.rub.nds.modifiablevariable.util.Modifiable;
14+
import de.rub.nds.tlsattacker.core.certificate.CertificateKeyPair;
15+
import de.rub.nds.tlsattacker.core.constants.HandshakeByteLength;
16+
import de.rub.nds.tlsattacker.core.protocol.message.CertificateMessage;
17+
import de.rub.nds.tlsattacker.core.protocol.message.cert.CertificatePair;
18+
import org.apache.logging.log4j.LogManager;
19+
import org.apache.logging.log4j.Logger;
20+
import org.bouncycastle.crypto.tls.Certificate;
21+
22+
import java.io.ByteArrayInputStream;
23+
import java.io.IOException;
24+
import java.security.PrivateKey;
25+
import java.security.PublicKey;
26+
import java.util.LinkedList;
27+
import java.util.List;
28+
29+
public class CcaCertificateGenerator {
30+
31+
/**
32+
*
33+
* @param ccaCertificateManager
34+
* @param ccaCertificateType
35+
* @return
36+
*/
37+
public static CertificateMessage generateCertificate(CcaCertificateManager ccaCertificateManager,
38+
CcaCertificateType ccaCertificateType) {
39+
CertificateMessage certificateMessage = new CertificateMessage();
40+
if (ccaCertificateType != null) {
41+
switch (ccaCertificateType) {
42+
case CLIENT_INPUT:
43+
List<CertificatePair> certificatePairsList = new LinkedList<>();
44+
CertificatePair certificatePair = new CertificatePair(ccaCertificateManager
45+
.getCertificateChain(ccaCertificateType).getEncodedCertificates().get(0));
46+
certificatePairsList.add(certificatePair);
47+
certificateMessage.setCertificatesList(certificatePairsList);
48+
break;
49+
case EMPTY:
50+
certificateMessage.setCertificatesListBytes(Modifiable.explicit(new byte[0]));
51+
break;
52+
case ROOTv1_CAv3_LEAFv1_nLEAF_RSAv3:
53+
case ROOTv1_CAv3_LEAFv2_nLEAF_RSAv3:
54+
case ROOTv3_CAv3_NameConstraints_LEAF_RSAv3:
55+
case ROOTv3_CAv3_CaFalse_LEAF_RSAv3:
56+
case ROOTv3_CAv3_KeyUsageDigitalSignatures_LEAF_RSAv3:
57+
case ROOTv3_CAv3_KeyUsageNothing_LEAF_RSAv3:
58+
case ROOTv3_CAv3_LEAF_RSAv1:
59+
case ROOTv3_CAv3_LEAF_RSAv2:
60+
case ROOTv3_CAv3_LEAF_RSAv3:
61+
case ROOTv3_CAv3_LEAF_RSAv3__RDN_difference:
62+
case ROOTv3_CAv3_LEAF_RSAv3_expired:
63+
case ROOTv3_CAv3_LEAF_RSAv3_extendedKeyUsageCodeSign:
64+
case ROOTv3_CAv3_LEAF_RSAv3_extendedKeyUsageServerAuth:
65+
case ROOTv3_CAv3_LEAF_RSAv3_NotYetValid:
66+
case ROOTv3_CAv3_LEAF_RSAv3_UnknownCritExt:
67+
case ROOTv3_CAv3_LEAFv1_nLEAF_RSAv3:
68+
case ROOTv3_CAv3_LEAFv2_nLEAF_RSAv3:
69+
case ROOTv3_CAv3_NoBasicConstraints_LEAF_RSAv3:
70+
case ROOTv3_CAv3_NoKeyUsage_LEAF_RSAv3:
71+
case ROOTv3_CAv3_ZeroPathLen_CAv3_LEAF_RSAv3:
72+
case ROOTv3_CAv3_CAv3_PathLoop:
73+
case ROOTv3_CAv3_LEAF_RSAv3_UnknownExt:
74+
case ROOTv3_CAv3_LEAF_RSAv3_KeyUsageKeyAgreement:
75+
case ROOTv3_CAv3_LEAF_RSAv3_KeyUsageNothing:
76+
case ROOTv3_CAv3_MalformedNameConstraints_LEAF_RSAv3:
77+
case ROOTv3_CAv3_LEAF_RSAv3_SelfSigned:
78+
case ROOTv3_CAv3_LEAF_RSAv3_EmptySigned:
79+
case ROOTv3_CAv3_LEAF_RSAv3_CertPolicy:
80+
case ROOTv3_CAv3_LEAF_RSAv3_NullSigned:
81+
case ROOTv3_CAv3_LEAF_RSAv3_MalformedAlgorithmParameters:
82+
case ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SANCrit:
83+
case ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SAN2Crit:
84+
case ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SAN:
85+
case ROOTv3_CAv3_NameConstraints_LEAF_RSAv3_SAN2:
86+
case ROOTv3_CAv3_LEAF_RSAv3_CRLDistributionPoints:
87+
case ROOTv3_NewFakeChain_ROOTv3_CAv3_LEAF_RSAv3:
88+
case ROOTv3_CAv3_LEAF_RSAvNeg1:
89+
case ROOTv3_CAv3_LEAF_RSAvNeg1_nLeaf_RSAv3:
90+
case ECROOTv3_CAv3_LEAF_ECv3:
91+
case ECROOTv3_CAv3CustomCurve_LEAF_ECv3:
92+
case ECROOTv3_Curveball_CAv3_LEAF_ECv3:
93+
case ROOTv3_CAv3_LEAF_RSAv1_UniqueIdentifiers:
94+
case ROOTv3_CAv3_LEAF_RSAv3_MismatchingAlgorithmParameters:
95+
case ROOTv3_CAv3_LEAF_RSAv3_MismatchingAlgorithms1:
96+
case ROOTv3_CAv3_LEAF_RSAv3_MismatchingAlgorithms2:
97+
case ECROOTv3_CAv3_LEAF_ECv3_GarbageParameters:
98+
case DSAROOTv3_CAv3_LEAF_DSAv3:
99+
case DSAROOTv3_CAv3_LEAF_DSAv3_GarbageParameters:
100+
case ROOTv3_CAv3_LEAF_RSAv3_Md2withRSA:
101+
case ROOTv3_CAv3_LEAF_RSAv3_Md4withRSA:
102+
case ROOTv3_CAv3_LEAF_RSAv3_Md5withRSA:
103+
case DSAROOTv3_CAv3_LEAF_DSAv3_Sha1:
104+
case ROOTv3_CAv3_LEAF_RSAv3_weakKey:
105+
case ROOTv3_CAv3_LEAF_DHv3_KeyAgreement:
106+
case ROOTv3_CAv3_LEAF_ECv3_KeyAgreement:
107+
case ROOTv3_CAv3_LEAF_ECv3_KeyAgreement2:
108+
case ECROOTv3_CAv3_LEAF_ECv3_KeyAgreement:
109+
case ECROOTv3_CAv3_LEAF_ECv3_KeyAgreement2:
110+
case DSAROOTv3_CAv3_LEAF_DHv3_KeyAgreement:
111+
case ECROOTv3_CAv3_LEAF_ECv3_Sha1:
112+
case ROOTv3_CAv3_LEAF_DHv3:
113+
case ROOTv3_CAv3_LEAF_ECv3:
114+
case DSAROOTv3_CAv3_LEAF_DHv3:
115+
case ROOTv3_CAv3_LEAFv3_nLEAF_RSAv3:
116+
certificateMessage = generateCertificateMessage(ccaCertificateManager, ccaCertificateType);
117+
break;
118+
default:
119+
break;
120+
}
121+
}
122+
return certificateMessage;
123+
}
124+
125+
private static CertificateMessage generateCertificateMessage(CcaCertificateManager ccaCertificateManager,
126+
CcaCertificateType ccaCertificateType) {
127+
128+
Logger LOGGER = LogManager.getLogger();
129+
130+
CertificateMessage certificateMessage = new CertificateMessage();
131+
List<CertificatePair> certificatePairList = new LinkedList<>();
132+
CertificatePair certificatePair;
133+
byte[] encodedLeafCertificate;
134+
CertificateKeyPair certificateKeyPair;
135+
136+
CcaCertificateChain ccaCertificateChain = ccaCertificateManager.getCertificateChain(ccaCertificateType);
137+
138+
encodedLeafCertificate = ccaCertificateChain.getEncodedCertificates().get(0);
139+
140+
for (byte[] certificate : ccaCertificateChain.getEncodedCertificates()) {
141+
if (certificate.length > 0) {
142+
certificatePair = new CertificatePair(certificate);
143+
certificatePairList.add(certificatePair);
144+
}
145+
}
146+
147+
certificateMessage.setCertificatesList(certificatePairList);
148+
// Parse leaf certificate for CertificateKeyPair
149+
Certificate certificate = parseCertificate(encodedLeafCertificate.length, encodedLeafCertificate);
150+
151+
if (certificate != null) {
152+
try {
153+
certificateKeyPair = new CertificateKeyPair(certificate,
154+
(PrivateKey) ccaCertificateChain.getLeafCertificatePrivateKey(),
155+
(PublicKey) ccaCertificateChain.getLeafCertificatePublicKey());
156+
} catch (IOException ioe) {
157+
LOGGER.error("IOE while creating CertificateKeyPair");
158+
return null;
159+
}
160+
} else {
161+
certificateKeyPair = new CertificateKeyPair(encodedLeafCertificate,
162+
(PrivateKey) ccaCertificateChain.getLeafCertificatePrivateKey(),
163+
(PublicKey) ccaCertificateChain.getLeafCertificatePublicKey());
164+
165+
}
166+
certificateMessage.setCertificateKeyPair(certificateKeyPair);
167+
168+
return certificateMessage;
169+
}
170+
171+
private static Certificate parseCertificate(int lengthBytes, byte[] bytesToParse) {
172+
try {
173+
ByteArrayInputStream stream = new ByteArrayInputStream(ArrayConverter.concatenate(ArrayConverter
174+
.intToBytes(lengthBytes + HandshakeByteLength.CERTIFICATES_LENGTH,
175+
HandshakeByteLength.CERTIFICATES_LENGTH), ArrayConverter.intToBytes(lengthBytes,
176+
HandshakeByteLength.CERTIFICATES_LENGTH), bytesToParse));
177+
return Certificate.parse(stream);
178+
} catch (Exception E) {
179+
return null;
180+
}
181+
}
182+
183+
}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/cca/CcaCertificateKeyType.java

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
/**
2+
* TLS-Attacker - A Modular Penetration Testing Framework for TLS
3+
*
4+
* Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
5+
* and Hackmanit GmbH
6+
*
7+
* Licensed under Apache License 2.0
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*/
10+
package de.rub.nds.tlsattacker.attacks.cca;
11+
12+
public enum CcaCertificateKeyType {
13+
RSA("rsa"),
14+
DH("dh"),
15+
DSA("dsa"),
16+
ECDSA("ecdsa");
17+
18+
private String javaName;
19+
20+
CcaCertificateKeyType(String javaName) {
21+
this.javaName = javaName;
22+
}
23+
24+
public static CcaCertificateKeyType fromJavaName(String name) {
25+
for (CcaCertificateKeyType ccaCertificateKeyType : values()) {
26+
if (ccaCertificateKeyType.getJavaName().equals(name)) {
27+
return ccaCertificateKeyType;
28+
}
29+
}
30+
return null;
31+
}
32+
33+
public String getJavaName() {
34+
return javaName;
35+
}
36+
37+
}

0 commit comments

Comments
 (0)