Merge pull request #592 from RUB-NDS/dynamicWorkflow

Dynamic workflow

Author: ic0ns

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/WorkflowTrace.java

@@ -132,6 +132,7 @@ public static WorkflowTrace copy(WorkflowTrace orig) {
             @XmlElement(type = SendAction.class, name = "Send"),
             @XmlElement(type = SendDynamicClientKeyExchangeAction.class, name = "SendDynamicClientKeyExchange"),
             @XmlElement(type = SendDynamicServerKeyExchangeAction.class, name = "SendDynamicServerKeyExchange"),
+            @XmlElement(type = SendDynamicServerCertificateAction.class, name = "SendDynamicCertificate"),
             @XmlElement(type = WaitAction.class, name = "Wait"),
             @XmlElement(type = SendAsciiAction.class, name = "SendAscii"),
             @XmlElement(type = FlushSessionCacheAction.class, name = "FlushSessionCache"),

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/SendDynamicServerCertificateAction.java

@@ -0,0 +1,205 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.core.workflow.action;
+
+import de.rub.nds.modifiablevariable.ModifiableVariable;
+import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
+import de.rub.nds.tlsattacker.core.constants.CipherSuite;
+import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
+import de.rub.nds.tlsattacker.core.protocol.ModifiableVariableHolder;
+import de.rub.nds.tlsattacker.core.protocol.message.CertificateMessage;
+import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage;
+import de.rub.nds.tlsattacker.core.protocol.message.ServerKeyExchangeMessage;
+import de.rub.nds.tlsattacker.core.record.AbstractRecord;
+import de.rub.nds.tlsattacker.core.state.State;
+import de.rub.nds.tlsattacker.core.state.TlsContext;
+import de.rub.nds.tlsattacker.core.workflow.action.executor.MessageActionResult;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
+import java.io.IOException;
+import java.lang.reflect.Field;
+import java.util.ArrayList;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Objects;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+public class SendDynamicServerCertificateAction extends MessageAction implements SendingAction {
+
+    private static final Logger LOGGER = LogManager.getLogger();
+
+    public SendDynamicServerCertificateAction() {
+        super();
+    }
+
+    public SendDynamicServerCertificateAction(String connectionAlias) {
+        super(connectionAlias);
+    }
+
+    @Override
+    public void execute(State state) throws WorkflowExecutionException {
+        TlsContext tlsContext = state.getTlsContext(connectionAlias);
+
+        if (isExecuted()) {
+            throw new WorkflowExecutionException("Action already executed!");
+        }
+        messages = new LinkedList<>();
+        WorkflowConfigurationFactory workflowFactory = new WorkflowConfigurationFactory(state.getConfig());
+        CipherSuite selectedCipherSuite = tlsContext.getSelectedCipherSuite();
+        if (workflowFactory.shouldServerSendACertificate(selectedCipherSuite)) {
+            messages.add(new CertificateMessage());
+        }
+        String sending = getReadableString(messages);
+        if (hasDefaultAlias()) {
+            LOGGER.info("Sending Dynamic Certificate: " + sending);
+        } else {
+            LOGGER.info("Sending Dynamic Certificate (" + connectionAlias + "): " + sending);
+        }
+
+        try {
+            MessageActionResult result = sendMessageHelper.sendMessages(messages, records, tlsContext);
+            messages = new ArrayList<>(result.getMessageList());
+            records = new ArrayList<>(result.getRecordList());
+            setExecuted(true);
+        } catch (IOException E) {
+            tlsContext.setReceivedTransportHandlerException(true);
+            LOGGER.debug(E);
+            setExecuted(false);
+        }
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder sb;
+        if (isExecuted()) {
+            sb = new StringBuilder("Send Dynamic Certificate Action:\n");
+        } else {
+            sb = new StringBuilder("Send Dynamic Certificate: (not executed)\n");
+        }
+        sb.append("\tMessages:");
+        if (messages != null) {
+            for (ProtocolMessage message : messages) {
+                sb.append(message.toCompactString());
+                sb.append(", ");
+            }
+            sb.append("\n");
+        } else {
+            sb.append("null (no messages set)");
+        }
+        return sb.toString();
+    }
+
+    @Override
+    public String toCompactString() {
+        StringBuilder sb = new StringBuilder(super.toCompactString());
+        if ((messages != null) && (!messages.isEmpty())) {
+            sb.append(" (");
+            for (ProtocolMessage message : messages) {
+                sb.append(message.toCompactString());
+                sb.append(",");
+            }
+            sb.deleteCharAt(sb.lastIndexOf(",")).append(")");
+        } else {
+            sb.append(" (no messages set)");
+        }
+        return sb.toString();
+    }
+
+    @Override
+    public boolean executedAsPlanned() {
+        return isExecuted();
+    }
+
+    @Override
+    public void setRecords(List<AbstractRecord> records) {
+        this.records = records;
+    }
+
+    @Override
+    public void reset() {
+        List<ModifiableVariableHolder> holders = new LinkedList<>();
+        if (messages != null) {
+            for (ProtocolMessage message : messages) {
+                holders.addAll(message.getAllModifiableVariableHolders());
+            }
+        }
+        if (getRecords() != null) {
+            for (AbstractRecord record : getRecords()) {
+                holders.addAll(record.getAllModifiableVariableHolders());
+            }
+        }
+        for (ModifiableVariableHolder holder : holders) {
+            List<Field> fields = holder.getAllModifiableVariableFields();
+            for (Field f : fields) {
+                f.setAccessible(true);
+
+                ModifiableVariable mv = null;
+                try {
+                    mv = (ModifiableVariable) f.get(holder);
+                } catch (IllegalArgumentException | IllegalAccessException ex) {
+                    LOGGER.warn("Could not retrieve ModifiableVariables");
+                    LOGGER.debug(ex);
+                }
+                if (mv != null) {
+                    if (mv.getModification() != null || mv.isCreateRandomModification()) {
+                        mv.setOriginalValue(null);
+                    } else {
+                        try {
+                            f.set(holder, null);
+                        } catch (IllegalArgumentException | IllegalAccessException ex) {
+                            LOGGER.warn("Could not strip ModifiableVariable without Modification");
+                        }
+                    }
+                }
+            }
+        }
+        setExecuted(null);
+    }
+
+    @Override
+    public List<ProtocolMessage> getSendMessages() {
+        return messages;
+    }
+
+    @Override
+    public List<AbstractRecord> getSendRecords() {
+        return records;
+    }
+
+    @Override
+    public boolean equals(Object obj) {
+        if (this == obj) {
+            return true;
+        }
+        if (obj == null) {
+            return false;
+        }
+        if (getClass() != obj.getClass()) {
+            return false;
+        }
+        final SendDynamicClientKeyExchangeAction other = (SendDynamicClientKeyExchangeAction) obj;
+        if (!Objects.equals(this.messages, other.messages)) {
+            return false;
+        }
+        if (!Objects.equals(this.records, other.records)) {
+            return false;
+        }
+        return super.equals(obj);
+    }
+
+    @Override
+    public int hashCode() {
+        int hash = super.hashCode();
+        hash = 67 * hash + Objects.hashCode(this.messages);
+        hash = 67 * hash + Objects.hashCode(this.records);
+
+        return hash;
+    }
+
+}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/factory/WorkflowConfigurationFactory.java

@@ -43,11 +43,15 @@
 import de.rub.nds.tlsattacker.core.workflow.action.PrintLastHandledApplicationDataAction;
 import de.rub.nds.tlsattacker.core.workflow.action.PrintSecretsAction;
 import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
+import de.rub.nds.tlsattacker.core.workflow.action.ReceiveTillAction;
 import de.rub.nds.tlsattacker.core.workflow.action.RemBufferedChCiphersAction;
 import de.rub.nds.tlsattacker.core.workflow.action.RemBufferedChExtensionsAction;
 import de.rub.nds.tlsattacker.core.workflow.action.RenegotiationAction;
 import de.rub.nds.tlsattacker.core.workflow.action.ResetConnectionAction;
 import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
+import de.rub.nds.tlsattacker.core.workflow.action.SendDynamicClientKeyExchangeAction;
+import de.rub.nds.tlsattacker.core.workflow.action.SendDynamicServerCertificateAction;
+import de.rub.nds.tlsattacker.core.workflow.action.SendDynamicServerKeyExchangeAction;
 import de.rub.nds.tlsattacker.core.workflow.action.TlsAction;
 import de.rub.nds.tlsattacker.transport.ConnectionEndType;
 import java.util.ArrayList;
@@ -64,7 +68,7 @@ public class WorkflowConfigurationFactory {
     private static final Logger LOGGER = LogManager.getLogger();
 
     protected final Config config;
-    RunningModeType mode;
+    private RunningModeType mode;
 
     public WorkflowConfigurationFactory(Config config) {
         this.config = config;
@@ -105,6 +109,8 @@ public WorkflowTrace createWorkflowTrace(WorkflowTraceType type, RunningModeType
                 return createFalseStartWorkflow();
             case RSA_SYNC_PROXY:
                 return createSyncProxyWorkflow();
+            case DYNAMIC_HANDSHAKE:
+                return createDynamicHandshakeWorkflow();
         }
         throw new ConfigurationException("Unknown WorkflowTraceType " + type.name());
     }
@@ -194,8 +200,7 @@ public WorkflowTrace createHelloWorkflow(AliasedConnection connection) {
             messages.add(new FinishedMessage(config));
         } else {
             CipherSuite selectedCipherSuite = config.getDefaultSelectedCipherSuite();
-            if (!selectedCipherSuite.isSrpSha() && !selectedCipherSuite.isPskOrDhPsk() && !selectedCipherSuite.isAnon()
-                    && !selectedCipherSuite.isPWD()) {
+            if (shouldServerSendACertificate(selectedCipherSuite)) {
                 if (connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT) {
                     messages.add(new CertificateMessage());
                 } else {
@@ -216,6 +221,11 @@ public WorkflowTrace createHelloWorkflow(AliasedConnection connection) {
         return workflowTrace;
     }
 
+    public boolean shouldServerSendACertificate(CipherSuite suite) {
+        return !suite.isSrpSha() && !suite.isPskOrDhPsk() && !suite.isAnon() && !suite.isPWD();
+
+    }
+
     /**
      * Create a handshake workflow for the default connection end defined in
      * config.
@@ -826,4 +836,59 @@ public WorkflowTrace addStartTlsActions(AliasedConnection connection, StarttlsTy
         }
         return workflowTrace;
     }
+
+    private WorkflowTrace createDynamicHandshakeWorkflow() {
+        AliasedConnection connection = getConnection();
+        WorkflowTrace trace = new WorkflowTrace();
+        if (config.getStarttlsType() != StarttlsType.NONE) {
+            addStartTlsActions(connection, config.getStarttlsType(), trace);
+        }
+        trace.addTlsAction(MessageActionFactory.createAction(connection, ConnectionEndType.CLIENT,
+                new ClientHelloMessage(config)));
+        if (connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT) {
+            if (config.getHighestProtocolVersion().isTLS13()) {
+                trace.addTlsAction(new ReceiveTillAction(new FinishedMessage()));
+            } else {
+                trace.addTlsAction(new ReceiveTillAction(new ServerHelloDoneMessage()));
+            }
+            trace.addTlsAction(new SendDynamicClientKeyExchangeAction());
+            trace.addTlsAction(new SendAction(new ChangeCipherSpecMessage(config), new FinishedMessage(config)));
+            trace.addTlsAction(new ReceiveAction(new ChangeCipherSpecMessage(config), new FinishedMessage(config)));
+
+        } else {
+            List<ProtocolMessage> messages = new LinkedList<>();
+            messages.add(new ServerHelloMessage(config));
+
+            if (config.getHighestProtocolVersion().isTLS13()) {
+                if (config.getTls13BackwardsCompatibilityMode() == Boolean.TRUE) {
+                    messages.add(new ChangeCipherSpecMessage());
+                }
+                messages.add(new EncryptedExtensionsMessage(config));
+                if (config.isClientAuthentication()) {
+                    CertificateRequestMessage certRequest = new CertificateRequestMessage(config);
+                    messages.add(certRequest);
+                }
+                messages.add(new CertificateMessage(config));
+                messages.add(new CertificateVerifyMessage(config));
+                messages.add(new FinishedMessage(config));
+                trace.addTlsAction(MessageActionFactory.createAction(connection, ConnectionEndType.SERVER, messages));
+
+            } else {
+                trace.addTlsAction(MessageActionFactory.createAction(connection, ConnectionEndType.SERVER, messages));
+                trace.addTlsAction(new SendDynamicServerCertificateAction());
+                trace.addTlsAction(new SendDynamicServerKeyExchangeAction());
+                messages = new LinkedList<>();
+
+                if (config.isClientAuthentication()) {
+                    CertificateRequestMessage certRequest = new CertificateRequestMessage(config);
+                    messages.add(certRequest);
+                }
+                messages.add(new ServerHelloDoneMessage(config));
+                trace.addTlsAction(MessageActionFactory.createAction(connection, ConnectionEndType.SERVER, messages));
+                trace.addTlsAction(new ReceiveTillAction(new FinishedMessage()));
+                trace.addTlsAction(new SendAction(new ChangeCipherSpecMessage(config), new FinishedMessage(config)));
+            }
+        }
+        return trace;
+    }
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/factory/WorkflowTraceType.java

@@ -11,6 +11,7 @@
 public enum WorkflowTraceType {
     FULL,
     HANDSHAKE,
+    DYNAMIC_HANDSHAKE,
     HELLO,
     SHORT_HELLO,
     RESUMPTION,

TLS-Server/src/main/java/de/rub/nds/tlsattacker/server/config/ServerCommandConfig.java

@@ -115,9 +115,8 @@ public ServerCommandConfig(GeneralDelegate delegate) {
     public Config createConfig() {
         Config config = super.createConfig();
 
-        // Run FULL trace if no workflow trace (type) is set explicitly
         if (config.getWorkflowTraceType() == null) {
-            config.setWorkflowTraceType(WorkflowTraceType.FULL);
+            config.setWorkflowTraceType(WorkflowTraceType.HANDSHAKE);
         }
         return config;
     }