Updated Lucky13 Attack to fit current coding style

Author: ic0ns

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Lucky13CommandConfig.java

@@ -10,10 +10,10 @@
 
 import com.beust.jcommander.Parameter;
 import com.beust.jcommander.ParametersDelegate;
+import de.rub.nds.tlsattacker.attacks.config.delegate.ProxyDelegate;
 import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.config.delegate.*;
 
-import java.util.HashMap;
 import java.util.LinkedList;
 import java.util.List;
 
@@ -26,31 +26,20 @@ public class Lucky13CommandConfig extends AttackConfig {
 
     public static final String ATTACK_COMMAND = "lucky13";
 
-    protected List<CipherSuite> cipherSuites;
-
-    protected static HashMap<CipherSuite, Integer> blockSizeForCipherSuite;
-    static {
-        blockSizeForCipherSuite = new HashMap<>();
-        blockSizeForCipherSuite.put(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA, 16);
-        blockSizeForCipherSuite.put(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA, 16);
-        blockSizeForCipherSuite.put(CipherSuite.TLS_RSA_WITH_DES_CBC_SHA, 8);
-        blockSizeForCipherSuite.put(CipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA, 8);
-    }
-
     @Parameter(names = "-measurements", description = "Number of timing measurement iterations")
-    Integer measurements = 100;
+    private Integer measurements = 100;
 
     @Parameter(names = "-mona_file", description = "File output for Mona timing lib. If set, the output is generated and written.")
-    String monaFile;
+    private String monaFile;
 
     @Parameter(names = "-mona_jar", description = "Location of the ReportingTool.jar file.")
-    String monaJar = "ReportingTool.jar";
+    private String monaJar = "ReportingTool.jar";
 
     @Parameter(names = "-paddings", description = "Paddings to check for differences, column separated.")
-    String paddings = "0,255";
+    private String paddings = "0,255";
 
     @Parameter(names = "-blocks", description = "Number of blocks to encrypt (default is set to the value from the Lucky 13 paper, Section 3)")
-    Integer blocks = 18;
+    private Integer blocks = 18;
 
     @ParametersDelegate
     private ClientDelegate clientDelegate;
@@ -62,6 +51,8 @@ public class Lucky13CommandConfig extends AttackConfig {
     private ProtocolVersionDelegate protocolVersionDelegate;
     @ParametersDelegate
     private StarttlsDelegate starttlsDelegate;
+    @ParametersDelegate
+    private ProxyDelegate proxyDelegate;
 
     /**
      *
@@ -79,17 +70,7 @@ public Lucky13CommandConfig(GeneralDelegate delegate) {
         addDelegate(ciphersuiteDelegate);
         addDelegate(protocolVersionDelegate);
         addDelegate(starttlsDelegate);
-        cipherSuites = new LinkedList<>();
-        cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
-        cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA);
-    }
-
-    public Integer getBlockSizeForCiphersuite(CipherSuite suite) {
-        return blockSizeForCipherSuite.get(suite);
-    }
-
-    public List<CipherSuite> getCipherSuites() {
-        return cipherSuites;
+        addDelegate(proxyDelegate);
     }
 
     public Integer getMeasurements() {
@@ -153,11 +134,11 @@ public Config createConfig() {
              * No explicit cipher suites are set. Use the default cipher suites
              * for this attack
              */
-            config.setDefaultServerSupportedCiphersuites(cipherSuites);
-            config.setDefaultClientSupportedCiphersuites(cipherSuites);
-            config.setDefaultSelectedCipherSuite(cipherSuites.get(0));
-        } else {
-            cipherSuites = ciphersuiteDelegate.getCipherSuites();
+            List<CipherSuite> suiteList = new LinkedList<>();
+            suiteList.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
+            config.setDefaultServerSupportedCiphersuites(suiteList);
+            config.setDefaultClientSupportedCiphersuites(suiteList);
+            config.setDefaultSelectedCipherSuite(suiteList.get(0));
         }
         return config;
     }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/delegate/ProxyDelegate.java

@@ -0,0 +1,75 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.config.delegate;
+
+import com.beust.jcommander.Parameter;
+import com.beust.jcommander.ParameterException;
+import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.config.delegate.Delegate;
+import de.rub.nds.tlsattacker.core.connection.OutboundConnection;
+
+/**
+ *
+ * @author ic0ns
+ */
+public class ProxyDelegate extends Delegate {
+
+    @Parameter(names = "-proxyData", description = "Specify the host and port for data used in the proxy. Syntax: localhost:4444")
+    private String proxyData = "localhost:4444";
+
+    @Parameter(names = "-proxyControl", description = "Specify the host and port for control messafes used in the proxy. Syntax: localhost:5555")
+    private String proxyControl = "localhost:5555";
+
+    @Override
+    public void applyDelegate(Config config) {
+
+        OutboundConnection con = config.getDefaultClientConnection();
+        if (con == null) {
+            con = new OutboundConnection();
+            config.setDefaultClientConnection(con);
+        }
+        if (proxyData != null) {
+            String[] parsedProxyData = proxyData.split(":");
+            switch (parsedProxyData.length) {
+                case 1:
+                    con.setProxyDataHostname(proxyData);
+                    break;
+                case 2:
+                    con.setProxyDataHostname(parsedProxyData[0]);
+                    con.setProxyDataPort(parsePort(parsedProxyData[1]));
+                    break;
+                default:
+                    throw new ParameterException("Could not parse provided proxyData: " + proxyData);
+            }
+        }
+
+        if (proxyControl != null) {
+            String[] parsedProxyControl = proxyControl.split(":");
+            switch (parsedProxyControl.length) {
+                case 1:
+                    con.setProxyControlHostname(proxyControl);
+                    break;
+                case 2:
+                    con.setProxyControlHostname(parsedProxyControl[0]);
+                    con.setProxyControlPort(parsePort(parsedProxyControl[1]));
+                    break;
+                default:
+                    throw new ParameterException("Could not parse provided proxyControl: " + proxyControl);
+            }
+        }
+    }
+
+    private int parsePort(String portStr) {
+        int port = Integer.parseInt(portStr);
+        if (port < 0 || port > 65535) {
+            throw new ParameterException("port must be in interval [0,65535], but is " + port);
+        }
+        return port;
+    }
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/Lucky13Attacker.java

@@ -29,6 +29,7 @@
 import de.rub.nds.modifiablevariable.VariableModification;
 import de.rub.nds.modifiablevariable.bytearray.ByteArrayModificationFactory;
 import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray;
+import de.rub.nds.tlsattacker.core.config.delegate.CiphersuiteDelegate;
 import java.io.FileWriter;
 import java.io.IOException;
 import java.util.*;
@@ -89,8 +90,6 @@ public void executeAttackRound(Record record) {
         ReceiveAction action = new ReceiveAction();
 
         AlertMessage alertMessage = new AlertMessage(tlsConfig);
-        alertMessage.setDescription(AlertDescription.BAD_RECORD_MAC.getValue());
-        alertMessage.setLevel(AlertLevel.FATAL.getValue());
         List<ProtocolMessage> messages = new LinkedList<>();
         messages.add(alertMessage);
         action.setExpectedMessages(messages);
@@ -122,7 +121,7 @@ public void executeAttackRound(Record record) {
 
     private Record createRecordWithPadding(int p, CipherSuite suite) {
         byte[] padding = createPaddingBytes(p);
-        int recordLength = config.getBlockSizeForCiphersuite(suite) * config.getBlocks();
+        int recordLength = AlgorithmResolver.getCipher(suite).getBlocksize() * config.getBlocks();
         if (recordLength < padding.length) {
             throw new ConfigurationException("Padding too large");
         }
@@ -156,7 +155,7 @@ private byte[] createPaddingBytes(int padding) {
     protected Boolean isVulnerable() {
         Boolean vulnerable = false;
         StringBuilder commands = new StringBuilder();
-        List<CipherSuite> suites = config.getCipherSuites();
+        List<CipherSuite> suites = tlsConfig.getDefaultClientSupportedCiphersuites();
         for (CipherSuite suite : suites) {
             results.clear();
             LOGGER.info("Testing ciphersuite {}", suite);
@@ -168,7 +167,7 @@ protected Boolean isVulnerable() {
             for (int i = 0; i < paddingStrings.length; i++) {
                 paddings[i] = Integer.parseInt(paddingStrings[i]);
             }
-            for (int i = 0; i < ((int) config.getMeasurements() * 1.25); i++) {
+            for (int i = 0; i < config.getMeasurements(); i++) {
                 LOGGER.info("Starting round {}", i);
                 for (int p : paddings) {
                     Record record = createRecordWithPadding(p, suite);
@@ -200,7 +199,7 @@ protected Boolean isVulnerable() {
                     for (int j = i + 1; j < paddings.length; j++) {
                         String fileName = config.getMonaFile() + "-" + paddings[i] + "-" + paddings[j] + "-"
                                 + suite.name() + ".csv";
-                        String[] delimiters = { (";" + paddings[i] + ";"), (";" + paddings[j] + ";") };
+                        String[] delimiters = {(";" + paddings[i] + ";"), (";" + paddings[j] + ";")};
                         createMonaFile(fileName, delimiters, results.get(paddings[i]), results.get(paddings[j]));
                         String command = "java -jar " + config.getMonaJar() + " --inputFile=" + fileName
                                 + " --name=lucky13-" + suite.name().replace('_', '-') + "-" + paddings[i] + "-"
@@ -211,7 +210,6 @@ protected Boolean isVulnerable() {
                     }
                 }
             }
-            // vulnerable |= false;
         }
         LOGGER.info("All commands at once: \n{}", commands);
         LOGGER.warn("Vulnerability has to be tested using the mona timing lib.");

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/delegate/ClientDelegate.java

@@ -19,12 +19,6 @@ public class ClientDelegate extends Delegate {
     @Parameter(names = "-connect", required = true, description = "Who to connect to. Syntax: localhost:4433")
     private String host = null;
 
-    @Parameter(names = "-proxyData", description = "Specify the host and port for data used in the proxy. Syntax: localhost:4444")
-    private String proxyData = "localhost:4444";
-
-    @Parameter(names = "-proxyControl", description = "Specify the host and port for control messafes used in the proxy. Syntax: localhost:5555")
-    private String proxyControl = "localhost:5555";
-
     public ClientDelegate() {
     }
 
@@ -64,36 +58,6 @@ public void applyDelegate(Config config) {
             default:
                 throw new ParameterException("Could not parse provided host: " + host);
         }
-
-        if (proxyData != null) {
-            String[] parsedProxyData = proxyData.split(":");
-            switch (parsedProxyData.length) {
-                case 1:
-                    con.setProxyDataHostname(proxyData);
-                    break;
-                case 2:
-                    con.setProxyDataHostname(parsedProxyData[0]);
-                    con.setProxyDataPort(parsePort(parsedProxyData[1]));
-                    break;
-                default:
-                    throw new ParameterException("Could not parse provided proxyData: " + proxyData);
-            }
-        }
-
-        if (proxyControl != null) {
-            String[] parsedProxyControl = proxyControl.split(":");
-            switch (parsedProxyControl.length) {
-                case 1:
-                    con.setProxyControlHostname(proxyControl);
-                    break;
-                case 2:
-                    con.setProxyControlHostname(parsedProxyControl[0]);
-                    con.setProxyControlPort(parsePort(parsedProxyControl[1]));
-                    break;
-                default:
-                    throw new ParameterException("Could not parse provided proxyControl: " + proxyControl);
-            }
-        }
     }
 
     private int parsePort(String portStr) {

TLS-Core/src/main/resources/default_config.xml

@@ -88,18 +88,10 @@
         <alias>client</alias>
         <port>443</port>
         <hostname>localhost</hostname>
-        <proxyDataPort>8080</proxyDataPort>
-        <proxyDataHostname>localhost</proxyDataHostname>
-        <proxyControlPort>8080</proxyControlPort>
-        <proxyControlHostname>localhost</proxyControlHostname>
     </defaultClientConnection>
     <defaultServerConnection>
         <alias>server</alias>
         <port>443</port>
-        <proxyDataPort>8080</proxyDataPort>
-        <proxyDataHostname>localhost</proxyDataHostname>
-        <proxyControlPort>8080</proxyControlPort>
-        <proxyControlHostname>localhost</proxyControlHostname>
     </defaultServerConnection>
     <defaultRunningMode>CLIENT</defaultRunningMode>
     <clientAuthentication>false</clientAuthentication>