Merge pull request #556 from RUB-NDS/starttlsofthefuture

Starttls Improvements & Attribution

Author: ic0ns

Attacks/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>2.8</version>
+        <version>2.9</version>
     </parent>
     <artifactId>Attacks</artifactId>
     <packaging>jar</packaging>

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/actions/EarlyCcsAction.java

@@ -62,7 +62,7 @@ public EarlyCcsAction(Boolean targetsOpenssl1_0_0) {
      *             ClientKeyExchange message
      */
     @Override
-    public void execute(State state) throws IOException {
+    public void execute(State state) {
         WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(state.getConfig());
         ClientKeyExchangeMessage message = factory.createClientKeyExchangeMessage(AlgorithmResolver
                 .getKeyExchangeAlgorithm(state.getTlsContext().getChooser().getSelectedCipherSuite()));
@@ -86,7 +86,7 @@ public void execute(State state) throws IOException {
         try {
             state.getTlsContext().getTransportHandler().sendData(prepareRecords);
             executedAsPlanned = true;
-        } catch (SocketException E) {
+        } catch (IOException E) {
             LOGGER.debug("Could not write Data to stream", E);
             executedAsPlanned = false;
         }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/BleichenbacherCommandConfig.java

@@ -11,6 +11,7 @@
 import com.beust.jcommander.Parameter;
 import com.beust.jcommander.ParametersDelegate;
 import de.rub.nds.tlsattacker.attacks.config.delegate.AttackDelegate;
+import de.rub.nds.tlsattacker.attacks.pkcs1.BleichenbacherWorkflowType;
 import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.config.delegate.CiphersuiteDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
@@ -57,6 +58,11 @@ public class BleichenbacherCommandConfig extends AttackConfig {
     @ParametersDelegate
     private StarttlsDelegate starttlsDelegate;
 
+    @Parameter(names = "-workflowType", description = "Which workflow traces should be tested with")
+    private BleichenbacherWorkflowType workflowType = BleichenbacherWorkflowType.CKE_CCS_FIN;
+
+    ;
+
     /**
      *
      * @param delegate
@@ -157,11 +163,17 @@ public enum Type {
          *
          */
         FULL,
-
         /**
          *
          */
         FAST
     }
 
+    public BleichenbacherWorkflowType getWorkflowType() {
+        return workflowType;
+    }
+
+    public void setWorkflowType(BleichenbacherWorkflowType workflowType) {
+        this.workflowType = workflowType;
+    }
 }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/DrownCommandConfig.java

@@ -12,6 +12,7 @@
 import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
+import de.rub.nds.tlsattacker.core.config.delegate.StarttlsDelegate;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.record.layer.RecordLayerType;
 
@@ -28,14 +29,19 @@ public class DrownCommandConfig extends AttackConfig {
     @ParametersDelegate
     private ClientDelegate clientDelegate;
 
+    @ParametersDelegate
+    private StarttlsDelegate starttlsDelegate;
+
     /**
      *
      * @param delegate
      */
     public DrownCommandConfig(GeneralDelegate delegate) {
         super(delegate);
         clientDelegate = new ClientDelegate();
+        starttlsDelegate = new StarttlsDelegate();
         addDelegate(clientDelegate);
+        addDelegate(starttlsDelegate);
     }
 
     /**

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/EarlyCCSCommandConfig.java

@@ -15,6 +15,7 @@
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.HostnameExtensionDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.ProtocolVersionDelegate;
+import de.rub.nds.tlsattacker.core.config.delegate.StarttlsDelegate;
 import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
@@ -37,6 +38,8 @@ public class EarlyCCSCommandConfig extends AttackConfig {
     private CiphersuiteDelegate ciphersuiteDelegate;
     @ParametersDelegate
     private ProtocolVersionDelegate protocolVersionDelegate;
+    @ParametersDelegate
+    private StarttlsDelegate starttlsDelegate;
 
     /**
      *
@@ -48,10 +51,12 @@ public EarlyCCSCommandConfig(GeneralDelegate delegate) {
         hostnameExtensionDelegate = new HostnameExtensionDelegate();
         ciphersuiteDelegate = new CiphersuiteDelegate();
         protocolVersionDelegate = new ProtocolVersionDelegate();
+        starttlsDelegate = new StarttlsDelegate();
         addDelegate(clientDelegate);
         addDelegate(hostnameExtensionDelegate);
         addDelegate(ciphersuiteDelegate);
         addDelegate(protocolVersionDelegate);
+        addDelegate(starttlsDelegate);
     }
 
     /**

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/PaddingOracleCommandConfig.java

@@ -53,6 +53,21 @@ public class PaddingOracleCommandConfig extends AttackConfig {
     @ParametersDelegate
     private StarttlsDelegate starttlsDelegate;
 
+    /**
+     * How many rescans should be done to confirm vulnerabilities
+     */
+    private int mapListDepth = 3;
+
+    /**
+     * When a false positive or shaky scan orrcurs stop the evaluation
+     */
+    private boolean rescanNotVulnerable = true;
+
+    /**
+     * Do not rescan servers which appear not vulnerable on first try
+     */
+    private boolean abortRescansOnFailure = true;
+
     /**
      *
      * @param delegate
@@ -159,4 +174,29 @@ public Config createConfig(Config config) {
 
         return config;
     }
+
+    public int getMapListDepth() {
+        return mapListDepth;
+    }
+
+    public void setMapListDepth(int mapListDepth) {
+        this.mapListDepth = mapListDepth;
+    }
+
+    public boolean isAbortRescansOnFailure() {
+        return rescanNotVulnerable;
+    }
+
+    public void setAbortRescansOnFailure(boolean abortRescansOnFailure) {
+        this.rescanNotVulnerable = abortRescansOnFailure;
+    }
+
+    public boolean isRescanNotVulnerable() {
+        return rescanNotVulnerable;
+    }
+
+    public void setRescanNotVulnerable(boolean rescanNotVulnerable) {
+        this.rescanNotVulnerable = rescanNotVulnerable;
+    }
+
 }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/connectivity/ConnectivityChecker.java

@@ -9,26 +9,29 @@
 package de.rub.nds.tlsattacker.attacks.connectivity;
 
 import de.rub.nds.tlsattacker.core.config.Config;
-import de.rub.nds.tlsattacker.core.protocol.message.ClientHelloMessage;
+import de.rub.nds.tlsattacker.core.constants.RunningModeType;
 import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.SSL2ServerHelloMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.ServerHelloDoneMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.ServerHelloMessage;
-import de.rub.nds.tlsattacker.core.record.AbstractRecord;
 import de.rub.nds.tlsattacker.core.record.Record;
 import de.rub.nds.tlsattacker.core.state.State;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutorFactory;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
-import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
+import de.rub.nds.tlsattacker.core.workflow.action.AsciiAction;
 import de.rub.nds.tlsattacker.core.workflow.action.ReceiveTillAction;
-import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
+import de.rub.nds.tlsattacker.core.workflow.action.SendAsciiAction;
+import de.rub.nds.tlsattacker.core.workflow.action.TlsAction;
 import de.rub.nds.tlsattacker.core.workflow.action.executor.WorkflowExecutorType;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
 import de.rub.nds.tlsattacker.transport.Connection;
 import de.rub.nds.tlsattacker.transport.TransportHandler;
 import de.rub.nds.tlsattacker.transport.TransportHandlerFactory;
 import de.rub.nds.tlsattacker.transport.TransportHandlerType;
 import java.io.IOException;
+import java.util.Objects;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -80,9 +83,9 @@ public boolean isConnectable() {
     }
 
     public boolean speaksTls(Config config) {
-        config.setHttpsParsingEnabled(Boolean.TRUE);
-        WorkflowTrace trace = new WorkflowTrace();
-        trace.addTlsAction(new SendAction(new ClientHelloMessage(config)));
+        WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(config);
+        WorkflowTrace trace = factory.createWorkflowTrace(WorkflowTraceType.HELLO, RunningModeType.CLIENT);
+        trace.removeTlsAction(trace.getTlsActions().size() - 1);
         ReceiveTillAction receiveTillAction = new ReceiveTillAction(new ServerHelloDoneMessage());
         trace.addTlsAction(receiveTillAction);
         State state = new State(config, trace);
@@ -104,4 +107,25 @@ public boolean speaksTls(Config config) {
             return false;
         }
     }
+
+    public boolean speaksStartTls(Config config) {
+        WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(config);
+        WorkflowTrace trace = factory.createTlsEntryWorkflowtrace(config.getDefaultClientConnection());
+        State state = new State(config, trace);
+        WorkflowExecutor executor = WorkflowExecutorFactory.createWorkflowExecutor(WorkflowExecutorType.DEFAULT, state);
+        executor.executeWorkflow();
+        if (trace.allActionsExecuted()) {
+            for (TlsAction action : trace.getTlsActions()) {
+                if (action instanceof AsciiAction || !(action instanceof SendAsciiAction)) {
+                    AsciiAction asciiAction = (AsciiAction) action;
+                    if (asciiAction.getAsciiText() != null) {
+                        if (asciiAction.getAsciiText().toLowerCase().contains("TLS negotiation".toLowerCase())) {
+                            return true;
+                        }
+                    }
+                }
+            }
+        }
+        return false;
+    }
 }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/BleichenbacherAttacker.java

@@ -50,8 +50,6 @@ public class BleichenbacherAttacker extends Attacker<BleichenbacherCommandConfig
 
     private static final Logger LOGGER = LogManager.getLogger();
 
-    private Config tlsConfig;
-
     private BleichenbacherWorkflowType vulnerableType;
 
     private EqualityError errorType;
@@ -70,7 +68,6 @@ public class BleichenbacherAttacker extends Attacker<BleichenbacherCommandConfig
     public BleichenbacherAttacker(BleichenbacherCommandConfig bleichenbacherConfig, Config baseConfig) {
         super(bleichenbacherConfig, baseConfig);
         executor = new ParallelExecutor(1, 3);
-        this.tlsConfig = getTlsConfig();
     }
 
     /**
@@ -83,7 +80,6 @@ public BleichenbacherAttacker(BleichenbacherCommandConfig bleichenbacherConfig,
             ParallelExecutor executor) {
         super(bleichenbacherConfig, baseConfig);
         this.executor = executor;
-        this.tlsConfig = getTlsConfig();
     }
 
     /**
@@ -93,6 +89,7 @@ public BleichenbacherAttacker(BleichenbacherCommandConfig bleichenbacherConfig,
      * @return
      */
     public State executeTlsFlow(BleichenbacherWorkflowType type, byte[] encryptedPMS) {
+        Config tlsConfig = getTlsConfig();
         WorkflowTrace trace = BleichenbacherWorkflowGenerator.generateWorkflow(tlsConfig, type, encryptedPMS);
         State state = new State(tlsConfig, trace);
         tlsConfig.setWorkflowExecutorShouldClose(false);
@@ -108,35 +105,35 @@ public State executeTlsFlow(BleichenbacherWorkflowType type, byte[] encryptedPMS
      */
     @Override
     public Boolean isVulnerable() {
-        tlsConfig = getTlsConfig();
+        errorType = getEqualityError();
+        if (errorType != EqualityError.NONE) {
+            vulnerableType = config.getWorkflowType();
+            return true;
+        }
+        return false;
+    }
+
+    public EqualityError getEqualityError() {
+        Config tlsConfig = getTlsConfig();
         RSAPublicKey publicKey = (RSAPublicKey) CertificateFetcher.fetchServerPublicKey(tlsConfig);
         if (publicKey == null) {
             LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?");
             return null;
         }
         LOGGER.info("Fetched the following server public key: " + publicKey);
-
         List<Pkcs1Vector> pkcs1Vectors = Pkcs1VectorGenerator.generatePkcs1Vectors(publicKey, config.getType(),
                 tlsConfig.getDefaultHighestClientProtocolVersion());
-
         // we execute the attack with different protocol flows and
         // return true as soon as we find the first inconsistency
         CONSOLE.info("A server is considered vulnerable to this attack if it responds differently to the test vectors.");
         CONSOLE.info("A server is considered secure if it always responds the same way.");
-        for (BleichenbacherWorkflowType bbWorkflowType : BleichenbacherWorkflowType.values()) {
-            LOGGER.debug("Testing: " + bbWorkflowType);
-            errorType = isVulnerable(bbWorkflowType, pkcs1Vectors);
-            if (errorType != EqualityError.NONE) {
-                vulnerableType = bbWorkflowType;
-                return true;
-
-            }
-        }
-        return false;
+        LOGGER.debug("Testing: " + config.getWorkflowType());
+        errorType = isVulnerable(pkcs1Vectors);
+        return errorType;
     }
 
-    public EqualityError isVulnerable(BleichenbacherWorkflowType bbWorkflowType, List<Pkcs1Vector> pkcs1Vectors) {
-        fingerprintPairList = getBleichenbacherMap(bbWorkflowType, pkcs1Vectors);
+    public EqualityError isVulnerable(List<Pkcs1Vector> pkcs1Vectors) {
+        fingerprintPairList = getBleichenbacherMap(config.getWorkflowType(), pkcs1Vectors);
         if (fingerprintPairList.isEmpty()) {
             LOGGER.warn("Could not extract Fingerprints");
             return null;
@@ -148,15 +145,15 @@ public EqualityError isVulnerable(BleichenbacherWorkflowType bbWorkflowType, Lis
             // Socket Equality Errors can be caused by problems on on the
             // network. In this case we do a rescan
             // and check if we find the exact same answer behaviour (twice)
-            List<VectorFingerprintPair> secondBleichenbacherVectorMap = getBleichenbacherMap(bbWorkflowType,
+            List<VectorFingerprintPair> secondBleichenbacherVectorMap = getBleichenbacherMap(config.getWorkflowType(),
                     pkcs1Vectors);
             EqualityError error2 = getEqualityError(secondBleichenbacherVectorMap);
             BleichenbacherVulnerabilityMap mapOne = new BleichenbacherVulnerabilityMap(fingerprintPairList, error);
             BleichenbacherVulnerabilityMap mapTwo = new BleichenbacherVulnerabilityMap(secondBleichenbacherVectorMap,
                     error2);
             if (mapOne.looksIdentical(mapTwo)) {
-                List<VectorFingerprintPair> thirdBleichenbacherVectorMap = getBleichenbacherMap(bbWorkflowType,
-                        pkcs1Vectors);
+                List<VectorFingerprintPair> thirdBleichenbacherVectorMap = getBleichenbacherMap(
+                        config.getWorkflowType(), pkcs1Vectors);
                 EqualityError error3 = getEqualityError(secondBleichenbacherVectorMap);
                 BleichenbacherVulnerabilityMap mapThree = new BleichenbacherVulnerabilityMap(
                         thirdBleichenbacherVectorMap, error3);
@@ -172,7 +169,7 @@ public EqualityError isVulnerable(BleichenbacherWorkflowType bbWorkflowType, Lis
             }
         }
         if (error != EqualityError.NONE) {
-            CONSOLE.info("Found a vulnerability with " + bbWorkflowType.getDescription());
+            CONSOLE.info("Found a vulnerability with " + config.getWorkflowType().getDescription());
         }
         return error;
     }
@@ -206,6 +203,7 @@ private void printBleichenbacherVectormap(List<VectorFingerprintPair> bleichenba
 
     private List<VectorFingerprintPair> getBleichenbacherMap(BleichenbacherWorkflowType bbWorkflowType,
             List<Pkcs1Vector> pkcs1Vectors) {
+        Config tlsConfig = getTlsConfig();
         List<VectorFingerprintPair> bleichenbacherVectorMap = new LinkedList<>();
         List<State> stateList = new LinkedList<>();
         List<StateVectorPair> stateVectorPairList = new LinkedList<>();
@@ -233,11 +231,11 @@ private List<VectorFingerprintPair> getBleichenbacherMap(BleichenbacherWorkflowT
 
     private void processFinishedStateVectorPair(StateVectorPair stateVectorPair,
             List<VectorFingerprintPair> bleichenbacherVectorMap) {
-        if (stateVectorPair.getState().getWorkflowTrace().allActionsExecuted()) {
+        if (stateVectorPair.getState().getWorkflowTrace().executedAsPlanned()) {
             ResponseFingerprint fingerprint = ResponseExtractor.getFingerprint(stateVectorPair.getState());
             bleichenbacherVectorMap.add(new VectorFingerprintPair(fingerprint, stateVectorPair.getVector()));
         } else {
-            LOGGER.warn("Could not execute Workflow. Something went wrong... Check the debug output for more information");
+            LOGGER.error("Could not execute Workflow. Something went wrong... Check the debug output for more information");
         }
         clearConnections(stateVectorPair.getState());
 
@@ -267,6 +265,7 @@ public void executeAttack() {
             LOGGER.warn("The server is not vulnerable to the Bleichenbacher attack");
             return;
         }
+        Config tlsConfig = getTlsConfig();
         RSAPublicKey publicKey = (RSAPublicKey) CertificateFetcher.fetchServerPublicKey(tlsConfig);
         if (publicKey == null) {
             LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?");