Merge branch 'master' into java-11-compatibility

Author: ic0ns

Attacks/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.5.0</version>
+        <version>3.6.0</version>
     </parent>
     <artifactId>Attacks</artifactId>
     <packaging>jar</packaging>

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/InvalidCurveAttackConfig.java

@@ -60,6 +60,9 @@ public class InvalidCurveAttackConfig extends AttackConfig {
     @Parameter(names = "-protocol_flows", description = "Number of Protocol flows")
     private int protocolFlows = 15;
 
+    @Parameter(names = "-key_offset", description = "Offset of the first attempted secretkey")
+    private int keyOffset = 0;
+
     // These are for scanning only
     @Parameter(names = "-premaster_secret", description = "Premaster Secret String (use 0x at the beginning for a hex value)", hidden = true, converter = BigIntegerConverter.class)
     private BigInteger premasterSecret;
@@ -347,6 +350,7 @@ public Config createConfig() {
         config.setStopReceivingAfterFatal(true);
         config.setEarlyStop(true);
         config.setStopActionsAfterIOException(true);
+        config.setStopTraceAfterUnexpected(true);
         config.setAddECPointFormatExtension(true);
         config.setAddEllipticCurveExtension(true);
         config.setAddServerNameIndicationExtension(true);
@@ -403,4 +407,12 @@ public boolean isAttackInRenegotiation() {
     public void setAttackInRenegotiation(boolean attackInRenegotiation) {
         this.attackInRenegotiation = attackInRenegotiation;
     }
+
+    public int getKeyOffset() {
+        return keyOffset;
+    }
+
+    public void setKeyOffset(int keyOffset) {
+        this.keyOffset = keyOffset;
+    }
 }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/ec/InvalidCurvePoint.java

@@ -167,8 +167,9 @@ public Boolean isVulnerable() {
 
         List<TlsTask> taskList = new LinkedList<>();
         for (int i = 1; i <= protocolFlows; i++) {
-            setPremasterSecret(curve, i, point);
-            InvalidCurveTask taskToAdd = new InvalidCurveTask(buildState(), executor.getReexecutions(), i);
+            setPremasterSecret(curve, i + config.getKeyOffset(), point);
+            InvalidCurveTask taskToAdd = new InvalidCurveTask(buildState(), executor.getReexecutions(), i
+                    + config.getKeyOffset());
             taskList.add(taskToAdd);
         }
         executor.bulkExecuteTasks(taskList);

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/ec/TwistedCurvePoint.java

@@ -235,7 +235,7 @@ public boolean equals(Object obj) {
 
                     } else {
                         // Comparing BlobRecords
-                        if (Arrays.equals(this.getRecordList().get(i).getCompleteRecordBytes().getValue(), other
+                        if (!Arrays.equals(this.getRecordList().get(i).getCompleteRecordBytes().getValue(), other
                                 .getRecordList().get(i).getCompleteRecordBytes().getValue())) {
                             return false;
                         }

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/InvalidCurveAttacker.java

@@ -0,0 +1,118 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
+ * and Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.ec;
+
+import de.rub.nds.tlsattacker.core.constants.NamedGroup;
+import de.rub.nds.tlsattacker.core.crypto.ec.CurveFactory;
+import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurve;
+import de.rub.nds.tlsattacker.core.crypto.ec.FieldElementFp;
+import de.rub.nds.tlsattacker.core.crypto.ec.Point;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+public class InvalidCurvePointTest {
+
+    public InvalidCurvePointTest() {
+    }
+
+    /**
+     * Test points of small order.
+     */
+    @Test
+    public void testSmallOrder() {
+        List<NamedGroup> knownGroups = new ArrayList<>(Arrays.asList(NamedGroup.values()));
+        for (NamedGroup group : knownGroups) {
+            assertTrue(pointsForGroupAreOrdered(group));
+            InvalidCurvePoint invP = InvalidCurvePoint.smallOrder(group);
+            if (invP != null) {
+                assertEquals(group, invP.getNamedGroup());
+                assertTrue(isOrderCorrect(invP));
+            }
+        }
+    }
+
+    /**
+     * Test points of alternative order.
+     */
+    @Test
+    public void testAlternativeOrder() {
+        List<NamedGroup> knownGroups = new ArrayList<>(Arrays.asList(NamedGroup.values()));
+        for (NamedGroup group : knownGroups) {
+            assertTrue(pointsForGroupAreOrdered(group));
+            InvalidCurvePoint invP = InvalidCurvePoint.alternativeOrder(group);
+            if (invP != null) {
+                assertEquals(group, invP.getNamedGroup());
+                assertTrue(isOrderCorrect(invP));
+            }
+        }
+    }
+
+    /**
+     * Test points of large order.
+     */
+    @Test
+    public void testLargeOrder() {
+        List<NamedGroup> knownGroups = new ArrayList<>(Arrays.asList(NamedGroup.values()));
+        for (NamedGroup group : knownGroups) {
+            assertTrue(pointsForGroupAreOrdered(group));
+            InvalidCurvePoint invP = InvalidCurvePoint.largeOrder(group);
+            if (invP != null) {
+                assertEquals(group, invP.getNamedGroup());
+                assertTrue(isOrderCorrect(invP));
+            }
+        }
+    }
+
+    private boolean isOrderCorrect(InvalidCurvePoint invP) {
+        EllipticCurve curve = CurveFactory.getCurve(invP.getNamedGroup());
+        FieldElementFp bX = new FieldElementFp(invP.getPublicPointBaseX(), curve.getModulus());
+        FieldElementFp bY = new FieldElementFp(invP.getPublicPointBaseY(), curve.getModulus());
+        Point point = new Point(bX, bY);
+
+        if (invP.getOrder().isProbablePrime(100)) {
+            Point res = curve.mult(invP.getOrder(), point);
+            return res.isAtInfinity();
+        } else {
+            for (int i = 1; i <= invP.getOrder().intValue(); i++) {
+                Point res = curve.mult(BigInteger.valueOf(i), point);
+                if (res.isAtInfinity()) {
+                    return i == invP.getOrder().intValue();
+                }
+            }
+        }
+        return false;
+    }
+
+    private boolean pointsForGroupAreOrdered(NamedGroup group) {
+        InvalidCurvePoint invP1 = InvalidCurvePoint.smallOrder(group);
+        InvalidCurvePoint invP2 = InvalidCurvePoint.alternativeOrder(group);
+        InvalidCurvePoint invP3 = InvalidCurvePoint.largeOrder(group);
+
+        if (invP1 == null && (invP2 != null || invP3 != null)) {
+            return false;
+        } else if (invP2 == null && invP3 != null) {
+            return false;
+        } else if (invP2 != null && invP1.getOrder().compareTo(invP2.getOrder()) >= 0) {
+            return false;
+        } else if (invP3 != null && invP2 != null && invP2.getOrder().compareTo(invP3.getOrder()) >= 0) {
+            return false;
+        }
+        return true;
+    }
+
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/util/response/ResponseFingerprint.java

@@ -0,0 +1,139 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
+ * and Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.ec;
+
+import de.rub.nds.tlsattacker.core.constants.NamedGroup;
+import de.rub.nds.tlsattacker.core.crypto.ec.CurveFactory;
+import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurve;
+import de.rub.nds.tlsattacker.core.crypto.ec.EllipticCurveOverFp;
+import de.rub.nds.tlsattacker.core.crypto.ec.FieldElementFp;
+import de.rub.nds.tlsattacker.core.crypto.ec.Point;
+import de.rub.nds.tlsattacker.core.crypto.ec.RFC7748Curve;
+import java.math.BigInteger;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
+import org.junit.Test;
+import static org.junit.Assert.*;
+
+public class TwistedCurvePointTest {
+
+    public TwistedCurvePointTest() {
+    }
+
+    @Test
+    public void testSmallOrder() {
+        List<NamedGroup> knownGroups = new ArrayList<>(Arrays.asList(NamedGroup.values()));
+        for (NamedGroup group : knownGroups) {
+            assertTrue(pointsForGroupAreOrdered(group));
+            TwistedCurvePoint invP = TwistedCurvePoint.smallOrder(group);
+            if (invP != null) {
+                assertEquals(group, invP.getIntendedNamedGroup());
+                assertTrue(isOrderCorrect(invP));
+            }
+        }
+    }
+
+    @Test
+    public void testAlternativeOrder() {
+        List<NamedGroup> knownGroups = new ArrayList<>(Arrays.asList(NamedGroup.values()));
+        for (NamedGroup group : knownGroups) {
+            assertTrue(pointsForGroupAreOrdered(group));
+            TwistedCurvePoint invP = TwistedCurvePoint.alternativeOrder(group);
+            if (invP != null) {
+                assertEquals(group, invP.getIntendedNamedGroup());
+                assertTrue(isOrderCorrect(invP));
+            }
+        }
+    }
+
+    @Test
+    public void testLargeOrder() {
+        List<NamedGroup> knownGroups = new ArrayList<>(Arrays.asList(NamedGroup.values()));
+        for (NamedGroup group : knownGroups) {
+            assertTrue(pointsForGroupAreOrdered(group));
+            TwistedCurvePoint invP = TwistedCurvePoint.largeOrder(group);
+            if (invP != null) {
+                assertEquals(group, invP.getIntendedNamedGroup());
+                assertTrue(isOrderCorrect(invP));
+            }
+        }
+    }
+
+    private boolean isOrderCorrect(TwistedCurvePoint invP) {
+        if (invP.getIntendedNamedGroup() == NamedGroup.ECDH_X25519
+                || invP.getIntendedNamedGroup() == NamedGroup.ECDH_X448) {
+            RFC7748Curve rfcCurve = (RFC7748Curve) CurveFactory.getCurve(invP.getIntendedNamedGroup());
+            Point montgPoint = rfcCurve.getPoint(invP.getPublicPointBaseX(), invP.getPublicPointBaseY());
+            Point weierPoint = rfcCurve.toWeierstrass(montgPoint);
+            BigInteger transformedX = weierPoint.getX().getData().multiply(invP.getD()).mod(rfcCurve.getModulus());
+
+            EllipticCurveOverFp intendedCurve = ((RFC7748Curve) CurveFactory.getCurve(invP.getIntendedNamedGroup()))
+                    .getWeierstrassEquivalent();
+            BigInteger modA = intendedCurve.getA().getData().multiply(invP.getD().pow(2))
+                    .mod(intendedCurve.getModulus());
+            BigInteger modB = intendedCurve.getB().getData().multiply(invP.getD().pow(3))
+                    .mod(intendedCurve.getModulus());
+            EllipticCurveOverFp twistedCurve = new EllipticCurveOverFp(modA, modB, intendedCurve.getModulus());
+            Point point = Point.createPoint(transformedX, invP.getPublicPointBaseY(), invP.getIntendedNamedGroup());
+
+            for (long i = 1; i <= invP.getOrder().longValue(); i++) {
+                Point res = twistedCurve.mult(BigInteger.valueOf(i), point);
+                if (res.isAtInfinity()) {
+                    return i == invP.getOrder().intValue();
+                }
+            }
+        } else {
+            EllipticCurveOverFp intendedCurve = (EllipticCurveOverFp) CurveFactory.getCurve(invP
+                    .getIntendedNamedGroup());
+            BigInteger modA = intendedCurve.getA().getData().multiply(invP.getD().pow(2))
+                    .mod(intendedCurve.getModulus());
+            BigInteger modB = intendedCurve.getB().getData().multiply(invP.getD().pow(3))
+                    .mod(intendedCurve.getModulus());
+            EllipticCurveOverFp twistedCurve = new EllipticCurveOverFp(modA, modB, intendedCurve.getModulus());
+
+            BigInteger modX = invP.getPublicPointBaseX().multiply(invP.getD()).mod(twistedCurve.getModulus());
+            FieldElementFp bX = new FieldElementFp(modX, twistedCurve.getModulus());
+            FieldElementFp bY = new FieldElementFp(invP.getPublicPointBaseY(), twistedCurve.getModulus());
+            Point point = new Point(bX, bY);
+
+            if (invP.getOrder().isProbablePrime(100)) {
+                Point res = twistedCurve.mult(invP.getOrder(), point);
+                return res.isAtInfinity();
+            } else {
+                for (long i = 1; i <= invP.getOrder().longValue(); i++) {
+                    Point res = twistedCurve.mult(BigInteger.valueOf(i), point);
+                    if (res.isAtInfinity()) {
+                        return i == invP.getOrder().intValue();
+                    }
+                }
+            }
+        }
+        return false;
+    }
+
+    private boolean pointsForGroupAreOrdered(NamedGroup group) {
+        TwistedCurvePoint invP1 = TwistedCurvePoint.smallOrder(group);
+        TwistedCurvePoint invP2 = TwistedCurvePoint.alternativeOrder(group);
+        TwistedCurvePoint invP3 = TwistedCurvePoint.largeOrder(group);
+
+        if (invP1 == null && (invP2 != null || invP3 != null)) {
+            return false;
+        } else if (invP2 == null && invP3 != null) {
+            return false;
+        } else if (invP2 != null && invP1.getOrder().compareTo(invP2.getOrder()) >= 0) {
+            return false;
+        } else if (invP3 != null && invP2 != null && invP2.getOrder().compareTo(invP3.getOrder()) >= 0) {
+            return false;
+        }
+        return true;
+    }
+
+}

Attacks/src/test/java/de/rub/nds/tlsattacker/attacks/ec/InvalidCurvePointTest.java

@@ -1,6 +1,6 @@
 # TLS-Attacker
 
-[![release](https://img.shields.io/badge/Release-v3.4.0-blue.svg)](https://github.com/RUB-NDS/TLS-Attacker/releases)
+[![release](https://img.shields.io/badge/Release-v3.6.0-blue.svg)](https://github.com/RUB-NDS/TLS-Attacker/releases)
 ![licence](https://img.shields.io/badge/License-Apachev2-brightgreen.svg)
 [![travis](https://travis-ci.org/RUB-NDS/TLS-Attacker.svg?branch=master)](https://travis-ci.org/RUB-NDS/TLS-Attacker)
 

Attacks/src/test/java/de/rub/nds/tlsattacker/attacks/ec/TwistedCurvePointTest.java

@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.5.0</version>
+        <version>3.6.0</version>
     </parent>
     <name>TLS-Client</name>
     <artifactId>TLS-Client</artifactId>