Skip to content

Commit e7eb705

Browse files
ic0nsic0ns
authored
Updated key gen (#895)
* Updated keygen.sh script to use saner parameters * Added RecordSizeLimitExtensionMessage constructor * Added a warning on an infinite loop if we are auto creating 0 byte records * Removed a deprecated test
1 parent 36c9eb1 commit e7eb705

File tree

4 files changed

+38
-39
lines changed

4 files changed

+38
-39
lines changed

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/extension/RecordSizeLimitExtensionMessage.java

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
import de.rub.nds.modifiablevariable.ModifiableVariableFactory;
1313
import de.rub.nds.modifiablevariable.ModifiableVariableProperty;
1414
import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray;
15+
import de.rub.nds.tlsattacker.core.config.Config;
1516
import de.rub.nds.tlsattacker.core.constants.ExtensionType;
1617
import javax.xml.bind.annotation.XmlRootElement;
1718

@@ -24,6 +25,10 @@ public class RecordSizeLimitExtensionMessage extends ExtensionMessage {
2425
@ModifiableVariableProperty
2526
private ModifiableByteArray recordSizeLimit;
2627

28+
public RecordSizeLimitExtensionMessage(Config config) {
29+
super(ExtensionType.RECORD_SIZE_LIMIT);
30+
}
31+
2732
public RecordSizeLimitExtensionMessage() {
2833
super(ExtensionType.RECORD_SIZE_LIMIT);
2934
}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/SendMessageHelper.java

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -260,6 +260,10 @@ private List<AbstractRecord> getEnoughRecords(int length, int position, List<Abs
260260
toFillList.add(record);
261261
if (record.getMaxRecordLengthConfig() == null) {
262262
record.setMaxRecordLengthConfig(context.getChooser().getOutboundMaxRecordDataSize());
263+
if (context.getChooser().getOutboundMaxRecordDataSize() == 0) {
264+
LOGGER.warn("OutboundMaxRecordDataSize is 0. This is an endless loop. Aborting");
265+
break;
266+
}
263267
}
264268
recordLength += record.getMaxRecordLengthConfig();
265269
position++;

TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/delegate/ClientDelegateTest.java

Lines changed: 0 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -71,29 +71,6 @@ public void testSetHost() {
7171
assertTrue(delegate.getHost().equals("123456"));
7272
}
7373

74-
/**
75-
* Test of applyDelegate method, of class ClientDelegate.
76-
*/
77-
@Test
78-
public void testApplyDelegate() {
79-
Config config = Config.createConfig();
80-
args = new String[2];
81-
args[0] = "-connect";
82-
args[1] = "99.99.99.99:1448";
83-
84-
jcommander.parse(args);
85-
delegate.applyDelegate(config);
86-
87-
AliasedConnection actual = config.getDefaultClientConnection();
88-
assertNotNull(actual);
89-
assertThat(actual.getHostname(), equalTo("99.99.99.99"));
90-
assertThat(actual.getPort(), equalTo(1448));
91-
assertThat(actual.getLocalConnectionEndType(), equalTo(ConnectionEndType.CLIENT));
92-
}
93-
94-
/**
95-
* Make sure that applying with host = null fails properly.
96-
*/
9774
@Test
9875
public void testApplyDelegateNullHost() {
9976
Config config = Config.createConfig();

resources/keygen.sh

Lines changed: 29 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,24 +1,37 @@
1-
#!/bin/sh
2-
3-
for len in 512 1024 2048
1+
#!/bin/bash
2+
for len in 512 1024 2048 3072
43
do
54
openssl genpkey -genparam -algorithm DSA -out dsap${len}.pem -pkeyopt dsa_paramgen_bits:${len}
6-
openssl genpkey -paramfile dsap${len}.pem -out dsa${len}key.pem
7-
openssl req -key dsa${len}key.pem -new -x509 -days 365 -out dsa${len}cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=<script>alert('TLS-Attacker')<\/script>/CN=tls-attacker.de"
8-
rm dsap${len}.pem
9-
cat dsa${len}key.pem dsa${len}cert.pem > dsa${len}.pem
5+
openssl genpkey -paramfile dsap${len}.pem -out dsa${len}_key.pem
6+
openssl req -key dsa${len}_key.pem -new -x509 -days 2000 -out dsa${len}_cert.pem -subj "/CN=tls-attacker.com"
107
done
11-
128
for len in 512 1024 2048 4096
139
do
14-
openssl genpkey -algorithm RSA -out rsa${len}key.pem -pkeyopt rsa_keygen_bits:${len}
15-
openssl req -key rsa${len}key.pem -new -x509 -days 365 -out rsa${len}cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=<script>alert('TLS-Attacker')<\/script>/CN=tls-attacker.de"
16-
cat rsa${len}key.pem rsa${len}cert.pem > rsa${len}.pem
10+
openssl genpkey -algorithm RSA -out rsa${len}_key.pem -pkeyopt rsa_keygen_bits:${len}
11+
openssl req -key rsa${len}_key.pem -new -x509 -days 2000 -out rsa${len}_cert.pem -subj "/CN=tls-attacker.com"
12+
done
13+
for named_curve in secp160k1 secp160r1 secp160r2 secp192k1 secp224k1 secp224r1 secp256k1 secp384r1 secp521r1 sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1
14+
do
15+
openssl ecparam -name ${named_curve} -genkey -out ec_${named_curve}_key.pem
16+
openssl req -key ec_${named_curve}_key.pem -new -x509 -days 2000 -out ec_${named_curve}_cert.pem -subj "/CN=tls-attacker.com"
1717
done
1818

19-
for len in 192 256 384 521
19+
20+
openssl req -x509 -new -nodes -extensions v3_ca -key rsa2048_key.pem -days 2000 -out rsa_ca.pem -sha256 -subj "/CN=TLS-Attacker CA"
21+
openssl req -x509 -new -nodes -extensions v3_ca -key dsa1024_key.pem -days 2000 -out dsa_ca.pem -sha256 -subj "/CN=TLS-Attacker CA"
22+
23+
openssl dhparam -out dhparam.pem 1024
24+
openssl genpkey -paramfile dhparam.pem -out dhkey.pem
25+
openssl pkey -in dhkey.pem -pubout -out dhpubkey.pem
26+
openssl req -new -key rsa2048_key.pem -out rsa.csr -subj "/CN=tls-attacker.com"
27+
openssl x509 -req -in rsa.csr -CAkey rsa2048_key.pem -CA rsa_ca.pem -force_pubkey dhpubkey.pem -outrsa_dhcert.pem -CAcreateserial
28+
openssl req -new -key dsa1024_key.pem -out dsa.csr -subj "/CN=tls-attacker.com"
29+
openssl x509 -req -in dsa.csr -CAkey dsa1024_key.pem -CA dsa_ca.pem -force_pubkey dhpubkey.pem -out
30+
dsa_dhcert.pem -CAcreateserial
31+
for named_curve in secp160k1 secp160r1 secp160r2 secp192k1 secp224k1 secp224r1 secp256k1 secp384r1 secp521r1 sect163k1 sect163r1 sect163r2 sect193r1 sect193r2 sect233k1 sect233r1 sect239k1 sect283k1 sect283r1 sect409k1 sect409r1 sect571k1 sect571r1
2032
do
21-
openssl genpkey -algorithm EC -out ec${len}key.pem -pkeyopt ec_paramgen_curve:P-${len} -pkeyopt ec_param_enc:named_curve
22-
openssl req -key ec${len}key.pem -new -x509 -days 365 -out ec${len}cert.pem -subj "/C=DE/ST=NRW/L=Bochum/O=<script>alert('TLS-Attacker')<\/script>/CN=tls-attacker.de"
23-
cat ec${len}key.pem ec${len}cert.pem > ec${len}.pem
24-
done
33+
openssl ecparam -out ec_param_${named_curve}.pem -name ${named_curve}
34+
openssl genpkey -paramfile ec_param_${named_curve}.pem -out ec_rsa_private_key_${named_curve}.pem
35+
openssl pkey -in ec_rsa_private_key_${named_curve}.pem -pubout -out ec_rsa_public_key_${named_curve}.pem
36+
openssl x509 -req -in rsa.csr -CAkey rsa2048_key.pem -CA rsa_ca.pem -force_pubkey ec_rsa_public_key_${named_curve}.pem -out ec_rsa_cert_${named_curve}.pem -CAcreateserial
37+
done

0 commit comments

Comments
 (0)