Added some helpful messages to Bleichenbacher attack output

jurajsomorovsky · jurajsomorovsky · commit 91da459b7b03 · 2017-09-25T17:06:51.000+02:00
diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/BleichenbacherAttacker.java
@@ -10,6 +10,7 @@
 
 import de.rub.nds.modifiablevariable.bytearray.ByteArrayModificationFactory;
 import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray;
+import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.tlsattacker.attacks.config.BleichenbacherCommandConfig;
 import de.rub.nds.tlsattacker.attacks.pkcs1.PKCS1VectorGenerator;
 import de.rub.nds.tlsattacker.core.config.Config;
@@ -87,14 +88,17 @@ public Boolean isVulnerable() {
 
         List<ProtocolMessage> protocolMessages = new LinkedList<>();
         byte[][] vectors = PKCS1VectorGenerator.generatePkcs1Vectors(publicKey, config.getType());
+        byte[][] plainVectors = PKCS1VectorGenerator.generatePlainPkcs1Vectors(publicKey, config.getType());
         for (byte[] vector : vectors) {
             ProtocolMessage pm = executeTlsFlow(vector);
             protocolMessages.add(pm);
         }
 
         LOGGER.info("The following list of protocol messages was found (the last protocol message in the client-server communication):");
-        for (ProtocolMessage pm : protocolMessages) {
-            LOGGER.info("Sent Type: {}", pm.getProtocolMessageType());
+        for (int i = 0; i < protocolMessages.size(); i++) {
+            ProtocolMessage pm = protocolMessages.get(i);
+            LOGGER.info("Tested vector: {}", ArrayConverter.bytesToHexString(plainVectors[i]));
+            LOGGER.info("Last server TLS message: {}", pm.getProtocolMessageType());
             if (pm.getProtocolMessageType() == ProtocolMessageType.ALERT) {
                 AlertMessage alert = (AlertMessage) pm;
                 AlertDescription ad = AlertDescription.getAlertDescription(alert.getDescription().getValue());
diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/pkcs1/PKCS1VectorGenerator.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/pkcs1/PKCS1VectorGenerator.java
@@ -43,6 +43,38 @@ public class PKCS1VectorGenerator {
      */
     public static byte[][] generatePkcs1Vectors(RSAPublicKey publicKey, BleichenbacherCommandConfig.Type type) {
 
+        // compute the number of all vectors that are being generated
+        int rsaKeyLength = publicKey.getModulus().bitLength() / 8;
+        int vectorSize = STATIC_VECTOR_SIZE;
+        if (type == BleichenbacherCommandConfig.Type.FULL) {
+            vectorSize += rsaKeyLength - 2;
+        }
+        byte[][] plainPaddedKeys = generatePlainPkcs1Vectors(publicKey, type);
+
+        try {
+            Cipher rsa = Cipher.getInstance("RSA/NONE/NoPadding");
+            rsa.init(Cipher.ENCRYPT_MODE, publicKey);
+            byte[][] encryptedKeys = new byte[vectorSize][];
+            // encrypt all the padded keys
+            for (int i = 0; i < encryptedKeys.length; i++) {
+                encryptedKeys[i] = rsa.doFinal(plainPaddedKeys[i]);
+            }
+
+            return encryptedKeys;
+        } catch (BadPaddingException | IllegalBlockSizeException | InvalidKeyException | NoSuchAlgorithmException
+                | NoSuchPaddingException ex) {
+            throw new ConfigurationException("The different PKCS#1 attack vectors could not be generated.", ex);
+        }
+    }
+
+    /**
+     * Generates different plain PKCS1 vectors
+     * 
+     * @param publicKey
+     * @param type
+     * @return
+     */
+    public static byte[][] generatePlainPkcs1Vectors(RSAPublicKey publicKey, BleichenbacherCommandConfig.Type type) {
         // we do not need secure random here
         Random random = new Random();
         byte[] keyBytes = new byte[HandshakeByteLength.PREMASTER_SECRET];
@@ -74,21 +106,7 @@ public static byte[][] generatePkcs1Vectors(RSAPublicKey publicKey, Bleichenbach
             byte[][] additionalPaddedKeys = getEK_DifferentPositionsOf0x00(rsaKeyLength, keyBytes);
             System.arraycopy(additionalPaddedKeys, 0, plainPaddedKeys, STATIC_VECTOR_SIZE, additionalPaddedKeys.length);
         }
-
-        try {
-            Cipher rsa = Cipher.getInstance("RSA/NONE/NoPadding");
-            rsa.init(Cipher.ENCRYPT_MODE, publicKey);
-            byte[][] encryptedKeys = new byte[vectorSize][];
-            // encrypt all the padded keys
-            for (int i = 0; i < encryptedKeys.length; i++) {
-                encryptedKeys[i] = rsa.doFinal(plainPaddedKeys[i]);
-            }
-
-            return encryptedKeys;
-        } catch (BadPaddingException | IllegalBlockSizeException | InvalidKeyException | NoSuchAlgorithmException
-                | NoSuchPaddingException ex) {
-            throw new ConfigurationException("The different PKCS#1 attack vectors could not be generated.", ex);
-        }
+        return plainPaddedKeys;
     }
 
     /**
