Skip to content

Commit

Permalink
Merge pull request #546 from RUB-NDS/tls13fix
Browse files Browse the repository at this point in the history 
Tls13fix
  • Loading branch information
@ic0ns
ic0ns authored Mar 1, 2019
2 parents 3c772c6 + 01f4b9c commit 0a176ae
Show file tree
Hide file tree
Showing 26 changed files with 228 additions and 139 deletions.
2 changes: 1 addition & 1 deletion Attacks/pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<parent>
<groupId>de.rub.nds.tlsattacker</groupId>
<artifactId>TLS-Attacker</artifactId>
<version>2.7</version>
<version>2.8</version>
</parent>
<artifactId>Attacks</artifactId>
<packaging>jar</packaging>
Expand Down
1 change: 1 addition & 0 deletions Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Lucky13CommandConfig.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,7 @@ public Lucky13CommandConfig(GeneralDelegate delegate) {
ciphersuiteDelegate = new CiphersuiteDelegate();
protocolVersionDelegate = new ProtocolVersionDelegate();
starttlsDelegate = new StarttlsDelegate();
proxyDelegate = new ProxyDelegate();
addDelegate(clientDelegate);
addDelegate(hostnameExtensionDelegate);
addDelegate(ciphersuiteDelegate);
Expand Down
5 changes: 1 addition & 4 deletions Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/PaddingOracleAttacker.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,9 +100,7 @@ public void executeAttack() {
*/
@Override
public Boolean isVulnerable() {
if (config.getRecordGeneratorType() == PaddingRecordGeneratorType.VERY_SHORT) {
groupRecords = false;
}
groupRecords = false;
CONSOLE.info("A server is considered vulnerable to this attack if it responds differently to the test vectors.");
CONSOLE.info("A server is considered secure if it always responds the same way.");
EqualityError error;
Expand Down Expand Up @@ -205,7 +203,6 @@ public boolean lookEqual(List<VectorResponse> responseVectorListOne, List<Vector
* @return
*/
public List<VectorResponse> createVectorResponseList() {

PaddingTraceGenerator generator = PaddingTraceGeneratorFactory.getPaddingTraceGenerator(config);
PaddingVectorGenerator vectorGenerator = generator.getVectorGenerator();
List<TlsTask> taskList = new LinkedList<>();
Expand Down
92 changes: 50 additions & 42 deletions Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/LongPaddingGenerator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -68,10 +68,13 @@ public List<PaddingVector> getVectors(CipherSuite suite, ProtocolVersion version
List<PaddingVector> createBasicMacVectors(CipherSuite suite, ProtocolVersion version) {
List<PaddingVector> vectorList = new LinkedList<>();
int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize();
int i = 1;
for (ByteArrayXorModification modification : createFlippedModifications(macSize)) {
vectorList.add(new TrippleVector("BasicMac-" + modification.getStartPosition() + "-"
+ ArrayConverter.bytesToHexString(modification.getXor()), new ByteArrayExplicitValueModification(
new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize - DEFAULT_PADDING_LENGTH]), modification, null));
+ ArrayConverter.bytesToHexString(modification.getXor()), "BasicMac" + i,
new ByteArrayExplicitValueModification(new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize
- DEFAULT_PADDING_LENGTH]), modification, null));
i++;
}
return vectorList;
}
Expand All @@ -88,18 +91,20 @@ List<PaddingVector> createMissingMacByteVectors(CipherSuite suite, ProtocolVersi
int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize();
byte[] padding = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - macSize);
// Missing first MAC byte because of overlong valid padding
vectorList.add(new TrippleVector("MissingMacByteFirst", new ByteArrayExplicitValueModification(new byte[0]),
new ByteArrayDeleteModification(0, 1), new ByteArrayExplicitValueModification(padding)));
vectorList.add(new TrippleVector("MissingMacByteFirst", "MissingMacByteFirst",
new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification(0, 1),
new ByteArrayExplicitValueModification(padding)));
// Missing last MAC byte because of overlong valid padding
vectorList.add(new TrippleVector("MissingMacByteLast", new ByteArrayExplicitValueModification(new byte[0]),
new ByteArrayDeleteModification((macSize - 1), 1), new ByteArrayExplicitValueModification(padding)));
vectorList.add(new TrippleVector("MissingMacByteLast", "MissingMacByteLast",
new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification((macSize - 1), 1),
new ByteArrayExplicitValueModification(padding)));
return vectorList;
}

List<PaddingVector> createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion version) {
List<PaddingVector> vectorList = new LinkedList<>();
byte[] plain = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - 1);
vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", plain));
vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", "PlainOnlyPadding", plain));
plain = new byte[] { (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255,
(byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255,
(byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255,
Expand All @@ -111,7 +116,7 @@ List<PaddingVector> createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion
(byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255,
(byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255,
(byte) 255, };
vectorList.add(createVectorWithPlainData("Plain FF", plain));
vectorList.add(createVectorWithPlainData("Plain FF", "PlainTooMuchPadding", plain));
return vectorList;
}

Expand All @@ -137,19 +142,19 @@ private List<PaddingVector> createClassicModifiedPaddingWithValidMAC(int applica
byte[] padding = createPaddingBytes(paddingValue);
padding[i] ^= 0x80; // flip first padding byte highest bit
vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x80-" + applicationLength + "-" + paddingValue,
new ByteArrayExplicitValueModification(new byte[applicationLength]), null,
"InvPadValMacStart" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null,
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
padding[i] ^= 0x8; // flip middle padding byte
// middle bit
vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x08-" + applicationLength + "-" + paddingValue,
new ByteArrayExplicitValueModification(new byte[applicationLength]), null,
"InvPadValMacMid" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null,
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
padding[i] ^= 0x01; // flip last padding byte lowest
// bit
vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x01-" + applicationLength + "-" + paddingValue,
new ByteArrayExplicitValueModification(new byte[applicationLength]), null,
"InvPadValMacEnd" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null,
new ByteArrayExplicitValueModification(padding)));
}
return vectorList;
Expand All @@ -161,64 +166,67 @@ private List<PaddingVector> createClassicModifiedPaddingWithInvalidMAC(int appli
for (int i = 0; i < DEFAULT_CIPHERTEXT_LENGTH - applicationLength - paddingValue - 1; i++) {
byte[] padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00000001-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0b00000001 }, i), new ByteArrayExplicitValueModification(
padding)));
+ paddingValue, "ValPadInvMac1_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00000001 }, i),
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00000010-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0b00000010 }, i), new ByteArrayExplicitValueModification(
padding)));
+ paddingValue, "ValPadInvMac2_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00000010 }, i),
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00000100-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0b00000100 }, i), new ByteArrayExplicitValueModification(
padding)));
+ paddingValue, "ValPadInvMac3_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00000100 }, i),
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00001000-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0b00001000 }, i), new ByteArrayExplicitValueModification(
padding)));
+ paddingValue, "ValPadInvMac4_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00001000 }, i),
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00010000-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0b00010000 }, i), new ByteArrayExplicitValueModification(
padding)));
+ paddingValue, "ValPadInvMac5_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00010000 }, i),
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00100000-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0b00100000 }, i), new ByteArrayExplicitValueModification(
padding)));
+ paddingValue, "ValPadInvMac6_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00100000 }, i),
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b01000000-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0b01000000 }, i), new ByteArrayExplicitValueModification(
padding)));
+ paddingValue, "ValPadInvMac7_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b01000000 }, i),
new ByteArrayExplicitValueModification(padding)));
padding = createPaddingBytes(paddingValue);
vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b10000000-" + applicationLength + "-"
+ paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { (byte) 0b10000000 }, i),
+ paddingValue, "ValPadInvMac8_" + i, new ByteArrayExplicitValueModification(
new byte[applicationLength]), new ByteArrayXorModification(new byte[] { (byte) 0b10000000 }, i),
new ByteArrayExplicitValueModification(padding)));
}
for (int i = 0; i < paddingValue; i++) {
byte[] padding = createPaddingBytes(paddingValue);

padding[i] ^= 0x80; // flip first padding byte highest bit
vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x80-" + applicationLength + "-" + paddingValue,
new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification(
new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding)));
"InvPadInvMacStart" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(
padding)));
padding = createPaddingBytes(paddingValue);
padding[i] ^= 0x8; // flip middle padding byte
// middle bit
vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x08-" + applicationLength + "-" + paddingValue,
new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification(
new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding)));
"InvPadInvMacMid" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(
padding)));
padding = createPaddingBytes(paddingValue);
padding[i] ^= 0x01; // flip last padding lowest first
// bit
vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x01-" + applicationLength + "-" + paddingValue,
new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification(
new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding)));
"InvPadInvMacEnd" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]),
new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(
padding)));
}
return vectorList;
}
Expand All @@ -237,8 +245,8 @@ private List<ByteArrayXorModification> createFlippedModifications(int byteLength
return modificationList;
}

private PaddingVector createVectorWithPlainData(String name, byte[] plain) {
return new PlainPaddingVector(name,
private PaddingVector createVectorWithPlainData(String name, String identifier, byte[] plain) {
return new PlainPaddingVector(name, identifier,
(ByteArrayExplicitValueModification) ByteArrayModificationFactory.explicitValue(plain));
}
}
Loading

0 comments on commit 0a176ae

Please sign in to comment.