Merge pull request #282 from RUB-NDS/gcmccm

GCM and CCM functionality added.

Author: ic0ns

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/BleichenbacherCommandConfig.java

@@ -97,6 +97,8 @@ public Config createConfig() {
             cipherSuites.add(CipherSuite.TLS_RSA_WITH_RC4_128_SHA);
             config.setDefaultClientSupportedCiphersuites(cipherSuites);
         }
+        config.setQuickReceive(true);
+        config.setEarlyStop(true);
         return config;
     }
 

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/PaddingOracleCommandConfig.java

@@ -82,7 +82,8 @@ public Config createConfig() {
                 throw new ConfigurationException("This attack only works with CBC Ciphersuites");
             }
         }
-
+        config.setQuickReceive(true);
+        config.setEarlyStop(true);
         return config;
     }
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java

@@ -800,6 +800,10 @@ public static Config mergeWithDefaultValues(Config c) {
 
     private byte[] defaultServerHandshakeTrafficSecret = new byte[0];
 
+    private byte[] defaultClientApplicationTrafficSecret = new byte[0];
+
+    private byte[] defaultServerApplicationTrafficSecret = new byte[0];
+
     private TokenBindingType defaultTokenBindingType = TokenBindingType.PROVIDED_TOKEN_BINDING;
 
     private CustomECPoint defaultTokenBindingECPublicKey = null;
@@ -2382,4 +2386,19 @@ public void setStopActionsAfterFatal(boolean stopActionsAfterFatal) {
         this.stopActionsAfterFatal = stopActionsAfterFatal;
     }
 
+    public byte[] getDefaultClientApplicationTrafficSecret() {
+        return defaultClientApplicationTrafficSecret;
+    }
+
+    public void setDefaultClientApplicationTrafficSecret(byte[] defaultClientApplicationTrafficSecret) {
+        this.defaultClientApplicationTrafficSecret = defaultClientApplicationTrafficSecret;
+    }
+
+    public byte[] getDefaultServerApplicationTrafficSecret() {
+        return defaultServerApplicationTrafficSecret;
+    }
+
+    public void setDefaultServerApplicationTrafficSecret(byte[] defaultServerApplicationTrafficSecret) {
+        this.defaultServerApplicationTrafficSecret = defaultServerApplicationTrafficSecret;
+    }
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/AlgorithmResolver.java

@@ -8,6 +8,17 @@
  */
 package de.rub.nds.tlsattacker.core.constants;
 
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.AES;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.CAMELLIA;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.DES;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.DES40;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.DESede;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.FORTEZZA;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.IDEA;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.NULL;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.RC2;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.RC4;
+import static de.rub.nds.tlsattacker.core.constants.BulkCipherAlgorithm.SEED;
 import java.util.HashSet;
 import java.util.Set;
 import org.apache.logging.log4j.LogManager;
@@ -42,7 +53,7 @@ public static PRFAlgorithm getPRFAlgorithm(ProtocolVersion protocolVersion, Ciph
         if (protocolVersion == ProtocolVersion.TLS10 || protocolVersion == ProtocolVersion.TLS11
                 || protocolVersion == ProtocolVersion.DTLS10) {
             result = PRFAlgorithm.TLS_PRF_LEGACY;
-        } else if (cipherSuite.name().endsWith("SHA384")) {
+        } else if (cipherSuite.usesSHA384()) {
             result = PRFAlgorithm.TLS_PRF_SHA384;
         } else {
             result = PRFAlgorithm.TLS_PRF_SHA256;
@@ -72,7 +83,7 @@ public static DigestAlgorithm getDigestAlgorithm(ProtocolVersion protocolVersion
         if (protocolVersion == ProtocolVersion.TLS10 || protocolVersion == ProtocolVersion.TLS11
                 || protocolVersion == ProtocolVersion.DTLS10) {
             result = DigestAlgorithm.LEGACY;
-        } else if (cipherSuite.name().endsWith("SHA384")) {
+        } else if (cipherSuite.usesSHA384()) {
             result = DigestAlgorithm.SHA384;
         } else {
             result = DigestAlgorithm.SHA256;
@@ -241,20 +252,54 @@ public static CipherAlgorithm getCipher(CipherSuite cipherSuite) {
         throw new UnsupportedOperationException("The cipher algorithm in " + cipherSuite + " is not supported yet.");
     }
 
+    /**
+     * @param cipherSuite
+     * @return
+     */
+    public static BulkCipherAlgorithm getBulkCipherAlgorithm(CipherSuite cipherSuite) {
+        String cipher = cipherSuite.toString().toUpperCase();
+        if (cipher.contains("3DES_EDE")) {
+            return DESede;
+        } else if (cipher.contains("AES")) {
+            return AES;
+        } else if (cipher.contains("RC4")) {
+            return RC4;
+        } else if (cipher.contains("RC2")) {
+            return RC2; // Tode add export rc2
+        } else if (cipher.contains("WITH_NULL")) {
+            return NULL;
+        } else if (cipher.contains("IDEA")) {
+            return IDEA;
+        } else if (cipher.contains("DES40")) {
+            return DES40;
+        } else if (cipher.contains("DES")) {
+            return DES;
+        } else if (cipher.contains("WITH_FORTEZZA")) {
+            return FORTEZZA;
+        } else if (cipher.contains("CAMELLIA")) {
+            return CAMELLIA;
+        } else if (cipher.contains("SEED")) {
+            return SEED;
+        } else if (cipher.contains("ARIA")) {
+            return SEED;
+        }
+        throw new UnsupportedOperationException("The cipher algorithm from " + cipherSuite + " is not supported yet.");
+    }
+
     /**
      *
      * @param cipherSuite
      * @return
      */
     public static CipherType getCipherType(CipherSuite cipherSuite) {
-        String cipher = cipherSuite.toString().toUpperCase();
-        if (cipherSuite.isAEAD()) {
+        String cs = cipherSuite.toString().toUpperCase();
+        if (cipherSuite.isGCM() || cipherSuite.isCCM() || cipherSuite.isOCB()) {
             return CipherType.AEAD;
-        } else if (cipher.contains("AES") || cipher.contains("DES") || cipher.contains("IDEA")
-                || cipher.contains("WITH_FORTEZZA") || cipher.contains("CAMELLIA") || cipher.contains("GOST")
-                || cipher.contains("WITH_SEED") || cipher.contains("WITH_ARIA") || cipher.contains("RC2")) {
+        } else if (cs.contains("AES") || cs.contains("DES") || cs.contains("IDEA") || cs.contains("WITH_FORTEZZA")
+                || cs.contains("CAMELLIA") || cs.contains("GOST") || cs.contains("WITH_SEED")
+                || cs.contains("WITH_ARIA") || cs.contains("RC2")) {
             return CipherType.BLOCK;
-        } else if (cipher.contains("RC4") || cipher.contains("WITH_NULL") || cipher.contains("CHACHA")) {
+        } else if (cs.contains("RC4") || cs.contains("WITH_NULL") || cs.contains("CHACHA")) {
             return CipherType.STREAM;
         }
         if (cipherSuite == CipherSuite.TLS_FALLBACK_SCSV
@@ -268,7 +313,7 @@ public static CipherType getCipherType(CipherSuite cipherSuite) {
 
     public static MacAlgorithm getMacAlgorithm(ProtocolVersion protocolVersion, CipherSuite cipherSuite) {
         MacAlgorithm result = null;
-        if (cipherSuite.isAEAD()) {
+        if (getCipherType(cipherSuite) == CipherType.AEAD) {
             result = MacAlgorithm.AEAD;
         } else {
             String cipher = cipherSuite.toString();

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/BulkCipherAlgorithm.java

@@ -29,40 +29,6 @@ public enum BulkCipherAlgorithm {
     ARIA,
     AES;
 
-    /**
-     * @param cipherSuite
-     * @return
-     */
-    public static BulkCipherAlgorithm getBulkCipherAlgorithm(CipherSuite cipherSuite) {
-        String cipher = cipherSuite.toString().toUpperCase();
-        if (cipher.contains("3DES_EDE")) {
-            return DESede;
-        } else if (cipher.contains("AES")) {
-            return AES;
-        } else if (cipher.contains("RC4")) {
-            return RC4;
-        } else if (cipher.contains("RC2")) {
-            return RC2; // Tode add export rc2
-        } else if (cipher.contains("WITH_NULL")) {
-            return NULL;
-        } else if (cipher.contains("IDEA")) {
-            return IDEA;
-        } else if (cipher.contains("DES40")) {
-            return DES40;
-        } else if (cipher.contains("DES")) {
-            return DES;
-        } else if (cipher.contains("WITH_FORTEZZA")) {
-            return FORTEZZA;
-        } else if (cipher.contains("CAMELLIA")) {
-            return CAMELLIA;
-        } else if (cipher.contains("SEED")) {
-            return SEED;
-        } else if (cipher.contains("ARIA")) {
-            return SEED;
-        }
-        throw new UnsupportedOperationException("The cipher algorithm from " + cipherSuite + " is not supported yet.");
-    }
-
     public String getJavaName() {
         if (this == DES40) {
             return "DES";

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/CipherSuite.java

@@ -513,15 +513,6 @@ public boolean isExport() {
         return this.name().contains("EXPORT");
     }
 
-    /**
-     * Returns true in case the cipher suite is an AEAD cipher suite.
-     *
-     * @return
-     */
-    public boolean isAEAD() {
-        return (this.name().contains("_GCM") || this.name().contains("_CCM") || this.name().contains("_OCB"));
-    }
-
     /**
      * Returns true in case the cipher suite is a CBC cipher suite.
      *
@@ -531,10 +522,35 @@ public boolean isCBC() {
         return (this.name().contains("_CBC"));
     }
 
+    public boolean isUsingPadding() {
+        // todo this should be extended
+        return (this.name().contains("_CBC"));
+    }
+
+    public boolean isUsingMac() {
+        return (this.name().contains("_CBC") || this.name().contains("RC4"));
+    }
+
     public boolean isSCSV() {
         return (this.name().contains("SCSV"));
     }
 
+    public boolean isGCM() {
+        return (this.name().contains("_GCM"));
+    }
+
+    public boolean isCCM() {
+        return (this.name().contains("_CCM"));
+    }
+
+    public boolean isOCB() {
+        return (this.name().contains("_OCB"));
+    }
+
+    public boolean usesSHA384() {
+        return this.name().endsWith("SHA384");
+    }
+
     /**
      * Returns true if the cipher suite is supported by the specified protocol
      * version.
@@ -617,6 +633,30 @@ public static List<CipherSuite> getImplemented() {
         list.add(TLS_RSA_WITH_RC4_128_SHA);
         list.add(TLS_ECDHE_RSA_WITH_RC4_128_SHA);
         list.add(TLS_DHE_DSS_WITH_RC4_128_SHA);
+        list.add(TLS_RSA_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_RSA_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_DHE_RSA_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_DHE_RSA_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_DH_RSA_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_DH_RSA_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_DHE_DSS_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_DHE_DSS_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_DH_DSS_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256);
+        list.add(TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384);
+        list.add(TLS_RSA_WITH_AES_128_CCM);
+        list.add(TLS_RSA_WITH_AES_256_CCM);
+        list.add(TLS_DHE_RSA_WITH_AES_128_CCM);
+        list.add(TLS_DHE_RSA_WITH_AES_256_CCM);
+        list.add(TLS_ECDHE_ECDSA_WITH_AES_128_CCM);
+        list.add(TLS_ECDHE_ECDSA_WITH_AES_256_CCM);
+
         return list;
     }
 

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/ProtocolVersion.java

@@ -167,4 +167,9 @@ public boolean isTLS13() {
     public boolean isSSL() {
         return this == SSL2 || this == SSL3;
     }
+
+    public boolean usesExplicitIv() {
+        return this == ProtocolVersion.TLS11 || this == ProtocolVersion.TLS12 || this == ProtocolVersion.DTLS10
+                || this == ProtocolVersion.DTLS12;
+    }
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/HKDFunction.java

@@ -113,7 +113,7 @@ public static byte[] expand(HKDFAlgorithm hkdfAlgortihm, byte[] prk, byte[] info
                 i++;
             }
             return Arrays.copyOfRange(stream.toByteArray(), 0, outLen);
-        } catch (IOException | NoSuchAlgorithmException | InvalidKeyException ex) {
+        } catch (IOException | NoSuchAlgorithmException | InvalidKeyException | IllegalArgumentException ex) {
             throw new CryptoException(ex);
         }
     }
@@ -169,5 +169,4 @@ public static byte[] expandLabel(HKDFAlgorithm hkdfAlgortihm, byte[] prk, String
         byte[] info = labelEncoder(hashValue, labelIn, outLen);
         return expand(hkdfAlgortihm, prk, info, outLen);
     }
-
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/CertificateRequestHandler.java

@@ -59,10 +59,14 @@ private void adjustServerSupportedSignatureAndHashAlgorithms(CertificateRequestM
     }
 
     private void adjustDistinguishedNames(CertificateRequestMessage message) {
-        byte[] distinguishedNames = message.getDistinguishedNames().getValue();
-        tlsContext.setDistinguishedNames(distinguishedNames);
-        LOGGER.debug("Set DistinguishedNames in Context to "
-                + ArrayConverter.bytesToHexString(distinguishedNames, false));
+        if (message.getDistinguishedNames() != null && message.getDistinguishedNames().getValue() != null) {
+            byte[] distinguishedNames = message.getDistinguishedNames().getValue();
+            tlsContext.setDistinguishedNames(distinguishedNames);
+            LOGGER.debug("Set DistinguishedNames in Context to "
+                    + ArrayConverter.bytesToHexString(distinguishedNames, false));
+        } else {
+            LOGGER.debug("Not adjusting DistinguishedNames");
+        }
     }
 
     private void adjustClientCertificateTypes(CertificateRequestMessage message) {

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/ChangeCipherSpecHandler.java

@@ -44,6 +44,7 @@ public void adjustTLSContext(ChangeCipherSpecMessage message) {
         if (tlsContext.getTalkingConnectionEndType() != tlsContext.getChooser().getConnectionEnd()
                 .getConnectionEndType()) {
             tlsContext.getRecordLayer().updateDecryptionCipher();
+            tlsContext.setReadSequenceNumber(0);
         }
     }
 }