Merge pull request #382 from RUB-NDS/DeepCopyBuffers

Deep copy buffers & 0RTT MITM replay trace

Author: ic0ns

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/extension/PSK/PSKBinder.java

@@ -12,8 +12,9 @@
 import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray;
 import de.rub.nds.modifiablevariable.integer.ModifiableInteger;
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
+import java.io.Serializable;
 
-public class PSKBinder {
+public class PSKBinder implements Serializable {
 
     private CipherSuite binderCipherConfig;
 

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/extension/PSK/PSKIdentity.java

@@ -12,12 +12,13 @@
 import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray;
 import de.rub.nds.modifiablevariable.integer.ModifiableInteger;
 import de.rub.nds.modifiablevariable.util.ByteArrayAdapter;
+import java.io.Serializable;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.adapters.XmlJavaTypeAdapter;
 
 @XmlAccessorType(XmlAccessType.FIELD)
-public class PSKIdentity {
+public class PSKIdentity implements Serializable {
 
     @XmlJavaTypeAdapter(ByteArrayAdapter.class)
     private byte[] identityConfig;

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/WorkflowTrace.java

@@ -69,6 +69,9 @@ public class WorkflowTrace implements Serializable {
             @XmlElement(type = CopyContextFieldAction.class, name = "CopyContextField"),
             @XmlElement(type = CopyServerRandomAction.class, name = "CopyServerRandom"),
             @XmlElement(type = DeactivateEncryptionAction.class, name = "DeactivateEncryption"),
+            @XmlElement(type = DeepCopyBufferedMessagesAction.class, name = "DeepCopyBufferedMessages"),
+            @XmlElement(type = DeepCopyBufferedRecordsAction.class, name = "DeepCopyBufferedRecords"),
+            @XmlElement(type = DeepCopyBuffersAction.class, name = "DeepCopyBuffers"),
             @XmlElement(type = FindReceivedProtocolMessageAction.class, name = "FindReceivedProtocolMessage"),
             @XmlElement(type = ForwardAction.class, name = "Forward"),
             @XmlElement(type = ForwardRecordsAction.class, name = "ForwardRecords"),

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/DeepCopyBufferedMessagesAction.java

@@ -0,0 +1,70 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.core.workflow.action;
+
+import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
+import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage;
+import de.rub.nds.tlsattacker.core.state.TlsContext;
+import static de.rub.nds.tlsattacker.core.workflow.action.TlsAction.LOGGER;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.util.LinkedList;
+
+public class DeepCopyBufferedMessagesAction extends CopyContextFieldAction {
+
+    public DeepCopyBufferedMessagesAction() {
+    }
+
+    public DeepCopyBufferedMessagesAction(String srcConnectionAlias, String dstConnectionAlias) {
+        super(srcConnectionAlias, dstConnectionAlias);
+    }
+
+    @Override
+    protected void copyField(TlsContext src, TlsContext dst) {
+        deepCopyMessages(src, dst);
+    }
+
+    @Override
+    public boolean executedAsPlanned() {
+        return isExecuted();
+    }
+
+    @Override
+    public void reset() {
+        setExecuted(false);
+    }
+
+    private void deepCopyMessages(TlsContext src, TlsContext dst) {
+        LinkedList<ProtocolMessage> messageBuffer = new LinkedList<>();
+        ObjectOutputStream outStream;
+        ObjectInputStream inStream;
+        try {
+            for (ProtocolMessage message : src.getMessageBuffer()) {
+
+                ByteArrayOutputStream stream = new ByteArrayOutputStream();
+                outStream = new ObjectOutputStream(stream);
+                outStream.writeObject(message);
+                outStream.close();
+                inStream = new ObjectInputStream(new ByteArrayInputStream(stream.toByteArray()));
+                ProtocolMessage messageCopy = (ProtocolMessage) inStream.readObject();
+
+                messageBuffer.add(messageCopy);
+            }
+        } catch (IOException | ClassNotFoundException ex) {
+            LOGGER.error("Error while creating deep copy of messageBuffer");
+            throw new WorkflowExecutionException(ex.toString());
+        }
+
+        dst.setMessageBuffer(messageBuffer);
+    }
+
+}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/DeepCopyBufferedRecordsAction.java

@@ -0,0 +1,71 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.core.workflow.action;
+
+import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
+import de.rub.nds.tlsattacker.core.record.AbstractRecord;
+import de.rub.nds.tlsattacker.core.state.TlsContext;
+import static de.rub.nds.tlsattacker.core.workflow.action.TlsAction.LOGGER;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectInputStream;
+import java.io.ObjectOutputStream;
+import java.util.LinkedList;
+
+public class DeepCopyBufferedRecordsAction extends CopyContextFieldAction {
+
+    public DeepCopyBufferedRecordsAction() {
+
+    }
+
+    public DeepCopyBufferedRecordsAction(String srcConnectionAlias, String dstConnectionAlias) {
+        super(srcConnectionAlias, dstConnectionAlias);
+    }
+
+    @Override
+    protected void copyField(TlsContext src, TlsContext dst) {
+        deepCopyRecords(src, dst);
+    }
+
+    @Override
+    public boolean executedAsPlanned() {
+        return isExecuted();
+    }
+
+    @Override
+    public void reset() {
+        setExecuted(false);
+    }
+
+    private void deepCopyRecords(TlsContext src, TlsContext dst) {
+        LinkedList<AbstractRecord> recordBuffer = new LinkedList<>();
+        ObjectOutputStream outStream;
+        ObjectInputStream inStream;
+        try {
+            for (AbstractRecord record : src.getRecordBuffer()) {
+
+                ByteArrayOutputStream stream = new ByteArrayOutputStream();
+                outStream = new ObjectOutputStream(stream);
+                outStream.writeObject(record);
+                outStream.close();
+                inStream = new ObjectInputStream(new ByteArrayInputStream(stream.toByteArray()));
+                AbstractRecord recordCopy = (AbstractRecord) inStream.readObject();
+
+                recordBuffer.add(recordCopy);
+            }
+        } catch (IOException | ClassNotFoundException ex) {
+            LOGGER.error("Error while creating deep copy of recordBuffer");
+            throw new WorkflowExecutionException(ex.toString());
+        }
+
+        dst.setRecordBuffer(recordBuffer);
+    }
+
+}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/DeepCopyBuffersAction.java

@@ -0,0 +1,53 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.core.workflow.action;
+
+import de.rub.nds.tlsattacker.core.state.State;
+import de.rub.nds.tlsattacker.core.state.TlsContext;
+
+public class DeepCopyBuffersAction extends CopyContextFieldAction {
+
+    private State state;
+
+    public DeepCopyBuffersAction() {
+
+    }
+
+    public DeepCopyBuffersAction(String srcConnectionAlias, String dstConnectionAlias) {
+        super(srcConnectionAlias, dstConnectionAlias);
+    }
+
+    @Override
+    public void execute(State state) {
+        this.state = state;
+        super.execute(state);
+    }
+
+    @Override
+    public boolean executedAsPlanned() {
+        return isExecuted();
+    }
+
+    @Override
+    public void reset() {
+        setExecuted(false);
+    }
+
+    @Override
+    protected void copyField(TlsContext srcContext, TlsContext dstContext) {
+        DeepCopyBufferedRecordsAction copyRecords = new DeepCopyBufferedRecordsAction(super.getSrcContextAlias(),
+                super.getDstContextAlias());
+        DeepCopyBufferedMessagesAction copyMessages = new DeepCopyBufferedMessagesAction(super.getSrcContextAlias(),
+                super.getDstContextAlias());
+
+        copyRecords.execute(state);
+        copyMessages.execute(state);
+    }
+
+}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/ResetConnectionAction.java

@@ -32,7 +32,7 @@ public void execute(State state) throws WorkflowExecutionException, IOException
         tlsContext.getRecordLayer().updateEncryptionCipher();
         LOGGER.info("Resetting MessageDigest");
         tlsContext.getDigest().reset();
-        LOGGER.info("Resettin ActiveKeySets");
+        LOGGER.info("Resetting ActiveKeySets");
         tlsContext.setActiveClientKeySetType(Tls13KeySetType.NONE);
         tlsContext.setActiveServerKeySetType(Tls13KeySetType.NONE);
         tlsContext.setReadSequenceNumber(0);

resources/examples/0rtt_replay.xml

@@ -0,0 +1,72 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- A MITM trace to replay 0-RTT data
+
+Run server using:
+openssl s_server -key rsa1024key.pem -cert rsa1024cert.pem -tls1_3 -early_data
+
+Run client using:
+openssl s_client -connect 127.0.0.1:4433 -tls1_3 -early_data earlyDataFile -sess_out 0rtt.pem
+
+Stop the client, start TlsAttacker using this trace and run client again using:
+openssl s_client -connect 127.0.0.1:4432 -tls1_3 -early_data earlyDataFile -sess_in 0rtt.pem
+
+OpenSSL should accept and print the early data
+-->
+<workflowTrace>
+	<OutboundConnection>
+        <alias>mitm2server</alias>
+        <port>4433</port>
+        <hostname>localhost</hostname>
+        <timeout>100</timeout>
+    </OutboundConnection>
+    <InboundConnection>
+        <alias>client2mitm</alias>
+        <port>4432</port>
+        <timeout>100</timeout>
+    </InboundConnection>
+	<!-- Buffer incoming ClientHello and early data -->
+	<BufferedGenericReceive>
+		<connectionAlias>client2mitm</connectionAlias>
+		<messages/>
+		<records/>
+	</BufferedGenericReceive>
+	<!-- Copy buffers to send the messages to the server -->
+	<DeepCopyBuffers>
+		<from>client2mitm</from>
+		<to>mitm2server</to>
+	</DeepCopyBuffers>
+	<!-- Send ClientHello to server -->
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server</connectionAlias>
+	</PopAndSendRecord>
+	<!-- Send early data to server -->
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server</connectionAlias>
+	</PopAndSendRecord>
+	<!-- Forward server's responses to client -->
+	<ForwardRecords>
+		<receiveFromAlias>mitm2server</receiveFromAlias>
+		<forwardToAlias>client2mitm</forwardToAlias>
+	</ForwardRecords>
+	<!-- Forward client's EndOfEarlyData + Finished to Server -->
+	<ForwardRecords>
+		<receiveFromAlias>client2mitm</receiveFromAlias>
+		<forwardToAlias>mitm2server</forwardToAlias>
+	</ForwardRecords>
+	<!-- Reset connection to server -->
+	<ResetConnection>
+		<connectionAlias>mitm2server</connectionAlias>
+	</ResetConnection>
+	<!-- Copy buffers from client's context again -->
+	<CopyBuffers>
+		<from>client2mitm</from>
+		<to>mitm2server</to>
+	</CopyBuffers>
+	<!-- Execute the actual replay attack -->
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server</connectionAlias>
+	</PopAndSendRecord>
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server</connectionAlias>
+	</PopAndSendRecord>
+</workflowTrace>

resources/examples/0rtt_replay2servers.xml

@@ -0,0 +1,82 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<!-- A MITM trace to replay 0-RTT data by sending it to another server with the same certificate
+
+Run server 1 using:
+openssl s_server -key rsa1024key.pem -cert rsa1024cert.pem -tls1_3 -early_data
+Run server 2 using:
+openssl s_server -key rsa1024key.pem -cert rsa1024cert.pem -tls1_3 -early_data -port 4434
+
+Run client using:
+openssl s_client -connect 127.0.0.1:4433 -tls1_3 -early_data earlyDataFile -sess_out 0rtt.pem
+
+Stop the client, start TlsAttacker using this trace and run client again using:
+openssl s_client -connect 127.0.0.1:4432 -tls1_3 -early_data earlyDataFile -sess_in 0rtt.pem
+
+Server 1 should accept and print the early data (although EndOfEarlyData is missing)
+Server 2 should accept the re-transmitted application data
+-->
+<workflowTrace>
+	<OutboundConnection>
+        <alias>mitm2server</alias>
+        <port>4433</port>
+        <hostname>localhost</hostname>
+        <timeout>100</timeout>
+    </OutboundConnection>
+	<OutboundConnection>
+        <alias>mitm2server2</alias>
+        <port>4434</port>
+        <hostname>localhost</hostname>
+        <timeout>100</timeout>
+    </OutboundConnection>
+    <InboundConnection>
+        <alias>client2mitm</alias>
+        <port>4432</port>
+        <timeout>100</timeout>
+    </InboundConnection>
+	<!-- Buffer incoming ClientHello and early data -->
+	<BufferedGenericReceive>
+		<connectionAlias>client2mitm</connectionAlias>
+		<messages/>
+		<records/>
+	</BufferedGenericReceive>
+	<!-- Copy buffers to send the messages to the 1st server -->
+	<DeepCopyBuffers>
+		<from>client2mitm</from>
+		<to>mitm2server</to>
+	</DeepCopyBuffers>
+	<!-- Copy buffers to send the messages to the 2nd server -->
+	<DeepCopyBuffers>
+		<from>client2mitm</from>
+		<to>mitm2server2</to>
+	</DeepCopyBuffers>
+	<!-- Send ClientHello to 1st server -->
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server</connectionAlias>
+	</PopAndSendRecord>
+	<!-- Send early data to 1st server -->
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server</connectionAlias>
+	</PopAndSendRecord>
+	<!-- Send ClientHello to 2nd server -->
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server2</connectionAlias>
+	</PopAndSendRecord>
+	<!-- Send early data to 2nd server -->
+	<PopAndSendRecord>
+		<connectionAlias>mitm2server2</connectionAlias>
+	</PopAndSendRecord>
+	<!-- Reset connection to 1st server (from now on, the  client will only talk to server 2)-->
+	<ResetConnection>
+		<connectionAlias>mitm2server</connectionAlias>
+	</ResetConnection>
+	<!-- Forward server responses to client -->
+	<ForwardRecords>
+		<receiveFromAlias>mitm2server2</receiveFromAlias>
+		<forwardToAlias>client2mitm</forwardToAlias>
+	</ForwardRecords>
+	<!-- Forward client's handshake messages + retransmitted AppData to Server -->
+	<ForwardRecords>
+		<receiveFromAlias>client2mitm</receiveFromAlias>
+		<forwardToAlias>mitm2server2</forwardToAlias>
+	</ForwardRecords>
+</workflowTrace>