Merge pull request #390 from RUB-NDS/PaddingOracleWIP

Padding oracle wip

Author: ic0ns

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/Main.java

@@ -20,9 +20,9 @@
 import de.rub.nds.tlsattacker.attacks.config.PoodleCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.SimpleMitmProxyCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.TLSPoodleCommandConfig;
-import de.rub.nds.tlsattacker.attacks.config.TokenBindingMitmCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.TooManyAlgorithmsAttackConfig;
 import de.rub.nds.tlsattacker.attacks.config.WinshockCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.delegate.GeneralAttackDelegate;
 import de.rub.nds.tlsattacker.attacks.impl.Attacker;
 import de.rub.nds.tlsattacker.attacks.impl.BleichenbacherAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.PskBruteForcerAttackServer;
@@ -35,7 +35,6 @@
 import de.rub.nds.tlsattacker.attacks.impl.PoodleAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.SimpleMitmProxy;
 import de.rub.nds.tlsattacker.attacks.impl.TLSPoodleAttacker;
-import de.rub.nds.tlsattacker.attacks.impl.TokenBindingMitm;
 import de.rub.nds.tlsattacker.attacks.impl.TooManyAlgorithmsAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.WinshockAttacker;
 import de.rub.nds.tlsattacker.core.config.TLSDelegateConfig;
@@ -49,7 +48,7 @@ public class Main {
     private static Logger LOGGER = LogManager.getLogger(Main.class.getName());
 
     public static void main(String[] args) {
-        GeneralDelegate generalDelegate = new GeneralDelegate();
+        GeneralDelegate generalDelegate = new GeneralAttackDelegate();
         JCommander jc = new JCommander(generalDelegate);
         BleichenbacherCommandConfig bleichenbacherTest = new BleichenbacherCommandConfig(generalDelegate);
         jc.addCommand(BleichenbacherCommandConfig.ATTACK_COMMAND, bleichenbacherTest);
@@ -165,10 +164,10 @@ public static void main(String[] args) {
         } else {
 
             if (attacker.getConfig().isExecuteAttack()) {
-                attacker.executeAttack();
+                attacker.checkVulnerability();
             } else {
                 try {
-                    Boolean result = attacker.isVulnerable();
+                    Boolean result = attacker.checkVulnerability();
                     LOGGER.info("Vulnerable:" + (result == null ? "Uncertain" : result.toString()));
                 } catch (UnsupportedOperationException E) {
                     LOGGER.info("The selected attacker is currently not implemented");

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/AttackConfig.java

@@ -8,14 +8,26 @@
  */
 package de.rub.nds.tlsattacker.attacks.config;
 
+import com.beust.jcommander.Parameter;
 import de.rub.nds.tlsattacker.core.config.TLSDelegateConfig;
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
 
 public abstract class AttackConfig extends TLSDelegateConfig {
 
+    @Parameter(names = "-skipConnectionCheck", description = "If set to true the Attacker will not check if the target is reachable.")
+    private boolean skipConnectionCheck = false;
+
     public AttackConfig(GeneralDelegate delegate) {
         super(delegate);
     }
 
     public abstract boolean isExecuteAttack();
+
+    public boolean isSkipConnectionCheck() {
+        return skipConnectionCheck;
+    }
+
+    public void setSkipConnectionCheck(boolean skipConnectionCheck) {
+        this.skipConnectionCheck = skipConnectionCheck;
+    }
 }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/BleichenbacherCommandConfig.java

@@ -17,11 +17,12 @@
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.HostnameExtensionDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.ProtocolVersionDelegate;
+import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
+import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
+import de.rub.nds.tlsattacker.transport.TransportHandlerType;
 import java.util.LinkedList;
 import java.util.List;
-import org.apache.logging.log4j.Level;
-import org.apache.logging.log4j.core.config.Configurator;
 
 public class BleichenbacherCommandConfig extends AttackConfig {
 
@@ -37,17 +38,12 @@ public class BleichenbacherCommandConfig extends AttackConfig {
     private ProtocolVersionDelegate protocolVersionDelegate;
     @ParametersDelegate
     private AttackDelegate attackDelegate;
-    @Parameter(names = "-valid_response", description = "Bleichenbacher oracle responds with true if the last server "
-            + "message contains this string")
-    private String validResponseContent;
-    @Parameter(names = "-invalid_response", description = "Bleichenbacher oracle responds with false if the last server "
-            + "message contains this string")
-    private String invalidResponseContent;
     @Parameter(names = "-encrypted_premaster_secret", description = "Encrypted premaster secret from the RSA client key "
             + "exchange message. You can retrieve this message from the Wireshark traffic. Find the client key exchange "
             + "message, right click on the \"EncryptedPremaster\" value and copy this value as a Hex Stream.")
     private String encryptedPremasterSecret;
-    @Parameter(names = "-type", description = "Type of the Bleichenbacher Test results in a different number of server test quries")
+    @Parameter(names = "-type", description = "Type of the Bleichenbacher test. FAST contains only basic server test queries. "
+            + "FULL results in a comprehensive server evaluation.")
     private Type type = Type.FAST;
     @Parameter(names = "-msgPkcsConform", description = "Used by the real Bleichenbacher attack. Indicates whether the original "
             + "message that we are going to decrypt is PKCS#1 conform or not (more precisely, whether it starts with 0x00 0x02.")
@@ -65,10 +61,6 @@ public BleichenbacherCommandConfig(GeneralDelegate delegate) {
         addDelegate(ciphersuiteDelegate);
         addDelegate(protocolVersionDelegate);
         addDelegate(attackDelegate);
-
-        if (delegate.getLogLevel() != Level.ALL && delegate.getLogLevel() != Level.TRACE) {
-            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.ERROR);
-        }
     }
 
     public Type getType() {
@@ -84,17 +76,20 @@ public Config createConfig() {
         Config config = super.createConfig();
         if (ciphersuiteDelegate.getCipherSuites() == null) {
             List<CipherSuite> cipherSuites = new LinkedList<>();
-            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
-            cipherSuites.add(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
-            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256);
-            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA);
-            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256);
-            cipherSuites.add(CipherSuite.TLS_RSA_WITH_RC4_128_MD5);
-            cipherSuites.add(CipherSuite.TLS_RSA_WITH_RC4_128_SHA);
+            for (CipherSuite suite : CipherSuite.getImplemented()) {
+                if (AlgorithmResolver.getKeyExchangeAlgorithm(suite) == KeyExchangeAlgorithm.RSA
+                        || AlgorithmResolver.getKeyExchangeAlgorithm(suite) == KeyExchangeAlgorithm.RSA_PSK) {
+                    cipherSuites.add(suite);
+                }
+            }
             config.setDefaultClientSupportedCiphersuites(cipherSuites);
         }
         config.setQuickReceive(true);
         config.setEarlyStop(true);
+        config.setAddSignatureAndHashAlgrorithmsExtension(true);
+        config.setStopActionsAfterFatal(true);
+        config.setAddECPointFormatExtension(false);
+        config.setAddEllipticCurveExtension(false);
         return config;
     }
 
@@ -103,14 +98,6 @@ public boolean isExecuteAttack() {
         return attackDelegate.isExecuteAttack();
     }
 
-    public String getValidResponseContent() {
-        return validResponseContent;
-    }
-
-    public String getInvalidResponseContent() {
-        return invalidResponseContent;
-    }
-
     public String getEncryptedPremasterSecret() {
         return encryptedPremasterSecret;
     }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Cve20162107CommandConfig.java

@@ -18,6 +18,7 @@
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
+import de.rub.nds.tlsattacker.transport.TransportHandlerType;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/EarlyCCSCommandConfig.java

@@ -15,6 +15,7 @@
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.HostnameExtensionDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.ProtocolVersionDelegate;
+import de.rub.nds.tlsattacker.transport.TransportHandlerType;
 
 public class EarlyCCSCommandConfig extends AttackConfig {
     public static final String ATTACK_COMMAND = "early_ccs";
@@ -47,7 +48,8 @@ public boolean isExecuteAttack() {
 
     @Override
     public Config createConfig() {
-        return super.createConfig();
+        Config config = super.createConfig();
+        return config;
     }
 
 }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/HeartbleedCommandConfig.java

@@ -18,6 +18,7 @@
 import de.rub.nds.tlsattacker.core.config.delegate.ProtocolVersionDelegate;
 import de.rub.nds.tlsattacker.core.constants.HeartbeatMode;
 import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
+import de.rub.nds.tlsattacker.transport.TransportHandlerType;
 
 public class HeartbleedCommandConfig extends AttackConfig {
 

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/InvalidCurveAttackConfig.java

@@ -93,14 +93,6 @@ public InvalidCurveAttackConfig(GeneralDelegate delegate) {
         addDelegate(ciphersuiteDelegate);
         addDelegate(protocolVersionDelegate);
         addDelegate(attackDelegate);
-        if (delegate.getLogLevel() != Level.ALL && delegate.getLogLevel() != Level.TRACE) {
-            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.ERROR);
-        }
-
-        if (delegate.getLogLevel() == Level.TRACE) {
-            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.TRACE);
-        }
-
     }
 
     public BigInteger getPremasterSecret() {

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/PskBruteForcerAttackClientCommandConfig.java

@@ -65,10 +65,6 @@ public PskBruteForcerAttackClientCommandConfig(GeneralDelegate delegate) {
         addDelegate(ciphersuiteDelegate);
         addDelegate(protocolVersionDelegate);
         addDelegate(attackDelegate);
-
-        if (delegate.getLogLevel() != Level.ALL && delegate.getLogLevel() != Level.TRACE) {
-            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.ERROR);
-        }
     }
 
     @Override

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/PskBruteForcerAttackServerCommandConfig.java

@@ -75,10 +75,6 @@ public PskBruteForcerAttackServerCommandConfig(GeneralDelegate delegate) {
         addDelegate(ciphersuiteDelegate);
         addDelegate(protocolVersionDelegate);
         addDelegate(attackDelegate);
-
-        if (delegate.getLogLevel() != Level.ALL && delegate.getLogLevel() != Level.TRACE) {
-            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.ERROR);
-        }
     }
 
     @Override

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/delegate/GeneralAttackDelegate.java

@@ -0,0 +1,51 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.config.delegate;
+
+import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
+import de.rub.nds.tlsattacker.util.UnlimitedStrengthEnabler;
+import java.security.Provider;
+import java.security.Security;
+import org.apache.logging.log4j.Level;
+import org.apache.logging.log4j.core.config.Configurator;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+
+public class GeneralAttackDelegate extends GeneralDelegate {
+
+    public GeneralAttackDelegate() {
+    }
+
+    @Override
+    public void applyDelegate(Config config) {
+        Security.addProvider(new BouncyCastleProvider());
+        if (isDebug()) {
+            setLogLevel(Level.DEBUG);
+        }
+        Configurator.setRootLevel(getLogLevel());
+        Configurator.setAllLevels("de.rub.nds.modifiablevariable", Level.FATAL);
+        if (getLogLevel() == Level.ALL) {
+            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.ALL);
+            Configurator.setAllLevels("de.rub.nds.tlsattacker.transport", Level.DEBUG);
+        } else if (getLogLevel() == Level.TRACE) {
+            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.DEBUG);
+            Configurator.setAllLevels("de.rub.nds.tlsattacker.transport", Level.DEBUG);
+        } else {
+            Configurator.setAllLevels("de.rub.nds.tlsattacker.core", Level.OFF);
+        }
+        LOGGER.debug("Using the following security providers");
+        for (Provider p : Security.getProviders()) {
+            LOGGER.debug("Provider {}, version, {}", p.getName(), p.getVersion());
+        }
+
+        // remove stupid Oracle JDK security restriction (otherwise, it is not
+        // possible to use strong crypto with Oracle JDK)
+        UnlimitedStrengthEnabler.enable();
+    }
+}