From 220aeda58bb056e629e4e53e02a10fba42e38cc8 Mon Sep 17 00:00:00 2001 From: Robert Merget Date: Mon, 25 Feb 2019 11:07:43 +0100 Subject: [PATCH 1/6] Adjusted minor mistakes in padding generator (medium and short) --- .../attacks/padding/MediumPaddingGenerator.java | 8 +++++--- .../attacks/padding/ShortPaddingGenerator.java | 5 +++-- 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java index c18ad8980f..21aa8694d8 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java @@ -19,7 +19,6 @@ import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver; import de.rub.nds.tlsattacker.core.constants.CipherSuite; import de.rub.nds.tlsattacker.core.constants.ProtocolVersion; -import java.util.Collections; import java.util.LinkedList; import java.util.List; @@ -159,8 +158,10 @@ private List createClassicModifiedPaddingWithValidMAC(int applica private List createClassicModifiedPaddingWithInvalidMAC(int applicationLength, int paddingValue) { List vectorList = new LinkedList<>(); // invalid mac - byte[] padding = createPaddingBytes(paddingValue); - for (int i = 0; i < DEFAULT_CIPHERTEXT_LENGTH - paddingValue - applicationLength; i++) { + byte[] padding = null; + for (int i = 0; i < DEFAULT_CIPHERTEXT_LENGTH - paddingValue - applicationLength - 1; i++) { + + padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]0x01-" + applicationLength + "-" + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( new byte[] { 0x01 }, i), new ByteArrayExplicitValueModification(padding))); @@ -176,6 +177,7 @@ private List createClassicModifiedPaddingWithInvalidMAC(int appli new byte[] { (byte) 0x80 }, i), new ByteArrayExplicitValueModification(padding))); } for (int i = 0; i < paddingValue; i++) { + padding = createPaddingBytes(paddingValue); padding[i] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x80-" + applicationLength + "-" + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java index c04f459efa..edd3776008 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java @@ -166,12 +166,13 @@ private List createClassicModifiedPaddingWithInvalidMAC(int appli padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + (8) + "]-" + applicationLength + "-" + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 8), new ByteArrayExplicitValueModification(padding))); + new byte[] { 0x08 }, 8), new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[15]-" + applicationLength + "-" + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 15), new ByteArrayExplicitValueModification(padding))); + new byte[] { (byte) 0x80 }, 15), new ByteArrayExplicitValueModification(padding))); + padding = createPaddingBytes(paddingValue); padding[0] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadInvMac-[0]-" + applicationLength + "-" + paddingValue, From 021061d5243d6c0e23909ab79ad51da113d7a653 Mon Sep 17 00:00:00 2001 From: Robert Merget Date: Tue, 26 Feb 2019 11:43:53 +0100 Subject: [PATCH 2/6] Added padding vector identification for attribution --- .../attacks/impl/PaddingOracleAttacker.java | 5 +- .../attacks/padding/LongPaddingGenerator.java | 92 ++++++++++--------- .../padding/MediumPaddingGenerator.java | 62 ++++++++----- .../padding/ShortPaddingGenerator.java | 66 +++++++------ .../padding/VeryShortPaddingGenerator.java | 12 +-- .../padding/vector/CleanAndPaddingVector.java | 4 +- .../padding/vector/ModifiedMacVector.java | 4 +- .../padding/vector/ModifiedPaddingVector.java | 4 +- .../attacks/padding/vector/PaddingVector.java | 8 +- .../padding/vector/PlainPaddingVector.java | 4 +- .../attacks/padding/vector/TrippleVector.java | 6 +- .../util/response/FingerPrintChecker.java | 46 ++++++++++ 12 files changed, 195 insertions(+), 118 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/PaddingOracleAttacker.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/PaddingOracleAttacker.java index 5e5da05e17..3090bac821 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/PaddingOracleAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/PaddingOracleAttacker.java @@ -100,9 +100,7 @@ public void executeAttack() { */ @Override public Boolean isVulnerable() { - if (config.getRecordGeneratorType() == PaddingRecordGeneratorType.VERY_SHORT) { - groupRecords = false; - } + groupRecords = false; CONSOLE.info("A server is considered vulnerable to this attack if it responds differently to the test vectors."); CONSOLE.info("A server is considered secure if it always responds the same way."); EqualityError error; @@ -205,7 +203,6 @@ public boolean lookEqual(List responseVectorListOne, List createVectorResponseList() { - PaddingTraceGenerator generator = PaddingTraceGeneratorFactory.getPaddingTraceGenerator(config); PaddingVectorGenerator vectorGenerator = generator.getVectorGenerator(); List taskList = new LinkedList<>(); diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/LongPaddingGenerator.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/LongPaddingGenerator.java index b846108b0f..bd47a4fc9c 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/LongPaddingGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/LongPaddingGenerator.java @@ -68,10 +68,13 @@ public List getVectors(CipherSuite suite, ProtocolVersion version List createBasicMacVectors(CipherSuite suite, ProtocolVersion version) { List vectorList = new LinkedList<>(); int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); + int i = 1; for (ByteArrayXorModification modification : createFlippedModifications(macSize)) { vectorList.add(new TrippleVector("BasicMac-" + modification.getStartPosition() + "-" - + ArrayConverter.bytesToHexString(modification.getXor()), new ByteArrayExplicitValueModification( - new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize - DEFAULT_PADDING_LENGTH]), modification, null)); + + ArrayConverter.bytesToHexString(modification.getXor()), "BasicMac" + i, + new ByteArrayExplicitValueModification(new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize + - DEFAULT_PADDING_LENGTH]), modification, null)); + i++; } return vectorList; } @@ -88,18 +91,20 @@ List createMissingMacByteVectors(CipherSuite suite, ProtocolVersi int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); byte[] padding = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - macSize); // Missing first MAC byte because of overlong valid padding - vectorList.add(new TrippleVector("MissingMacByteFirst", new ByteArrayExplicitValueModification(new byte[0]), - new ByteArrayDeleteModification(0, 1), new ByteArrayExplicitValueModification(padding))); + vectorList.add(new TrippleVector("MissingMacByteFirst", "MissingMacByteFirst", + new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification(0, 1), + new ByteArrayExplicitValueModification(padding))); // Missing last MAC byte because of overlong valid padding - vectorList.add(new TrippleVector("MissingMacByteLast", new ByteArrayExplicitValueModification(new byte[0]), - new ByteArrayDeleteModification((macSize - 1), 1), new ByteArrayExplicitValueModification(padding))); + vectorList.add(new TrippleVector("MissingMacByteLast", "MissingMacByteLast", + new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification((macSize - 1), 1), + new ByteArrayExplicitValueModification(padding))); return vectorList; } List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion version) { List vectorList = new LinkedList<>(); byte[] plain = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - 1); - vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", plain)); + vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", "PlainOnlyPadding", plain)); plain = new byte[] { (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, @@ -111,7 +116,7 @@ List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, }; - vectorList.add(createVectorWithPlainData("Plain FF", plain)); + vectorList.add(createVectorWithPlainData("Plain FF", "PlainTooMuchPadding", plain)); return vectorList; } @@ -137,19 +142,19 @@ private List createClassicModifiedPaddingWithValidMAC(int applica byte[] padding = createPaddingBytes(paddingValue); padding[i] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x80-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacStart" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x8; // flip middle padding byte // middle bit vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x08-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacMid" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x01; // flip last padding byte lowest // bit vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x01-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacEnd" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); } return vectorList; @@ -161,43 +166,43 @@ private List createClassicModifiedPaddingWithInvalidMAC(int appli for (int i = 0; i < DEFAULT_CIPHERTEXT_LENGTH - applicationLength - paddingValue - 1; i++) { byte[] padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00000001-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0b00000001 }, i), new ByteArrayExplicitValueModification( - padding))); + + paddingValue, "ValPadInvMac1_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00000001 }, i), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00000010-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0b00000010 }, i), new ByteArrayExplicitValueModification( - padding))); + + paddingValue, "ValPadInvMac2_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00000010 }, i), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00000100-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0b00000100 }, i), new ByteArrayExplicitValueModification( - padding))); + + paddingValue, "ValPadInvMac3_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00000100 }, i), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00001000-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0b00001000 }, i), new ByteArrayExplicitValueModification( - padding))); + + paddingValue, "ValPadInvMac4_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00001000 }, i), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00010000-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0b00010000 }, i), new ByteArrayExplicitValueModification( - padding))); + + paddingValue, "ValPadInvMac5_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00010000 }, i), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b00100000-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0b00100000 }, i), new ByteArrayExplicitValueModification( - padding))); + + paddingValue, "ValPadInvMac6_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b00100000 }, i), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b01000000-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0b01000000 }, i), new ByteArrayExplicitValueModification( - padding))); + + paddingValue, "ValPadInvMac7_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0b01000000 }, i), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]-0b10000000-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { (byte) 0b10000000 }, i), + + paddingValue, "ValPadInvMac8_" + i, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { (byte) 0b10000000 }, i), new ByteArrayExplicitValueModification(padding))); } for (int i = 0; i < paddingValue; i++) { @@ -205,20 +210,23 @@ private List createClassicModifiedPaddingWithInvalidMAC(int appli padding[i] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x80-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacStart" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification( + padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x8; // flip middle padding byte // middle bit vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x08-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacMid" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification( + padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x01; // flip last padding lowest first // bit vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x01-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacEnd" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification( + padding))); } return vectorList; } @@ -237,8 +245,8 @@ private List createFlippedModifications(int byteLength return modificationList; } - private PaddingVector createVectorWithPlainData(String name, byte[] plain) { - return new PlainPaddingVector(name, + private PaddingVector createVectorWithPlainData(String name, String identifier, byte[] plain) { + return new PlainPaddingVector(name, identifier, (ByteArrayExplicitValueModification) ByteArrayModificationFactory.explicitValue(plain)); } } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java index 21aa8694d8..be45e1268b 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/MediumPaddingGenerator.java @@ -68,11 +68,15 @@ public List getVectors(CipherSuite suite, ProtocolVersion version List createBasicMacVectors(CipherSuite suite, ProtocolVersion version) { List vectorList = new LinkedList<>(); int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); + int i = 1; for (ByteArrayXorModification modification : createFlippedModifications(macSize)) { vectorList.add(new TrippleVector("BasicMac-" + modification.getStartPosition() + "-" - + ArrayConverter.bytesToHexString(modification.getXor()), new ByteArrayExplicitValueModification( - new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize - DEFAULT_PADDING_LENGTH]), modification, null)); + + ArrayConverter.bytesToHexString(modification.getXor()), "BasicMac" + i, + new ByteArrayExplicitValueModification(new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize + - DEFAULT_PADDING_LENGTH]), modification, null)); + i++; } + return vectorList; } @@ -88,18 +92,20 @@ List createMissingMacByteVectors(CipherSuite suite, ProtocolVersi int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); byte[] padding = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - macSize); // Missing first MAC byte because of overlong valid padding - vectorList.add(new TrippleVector("MissingMacByteFirst", new ByteArrayExplicitValueModification(new byte[0]), - new ByteArrayDeleteModification(0, 1), new ByteArrayExplicitValueModification(padding))); + vectorList.add(new TrippleVector("MissingMacByteFirst", "MissingMacByteFirst", + new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification(0, 1), + new ByteArrayExplicitValueModification(padding))); // Missing last MAC byte because of overlong valid padding - vectorList.add(new TrippleVector("MissingMacByteLast", new ByteArrayExplicitValueModification(new byte[0]), - new ByteArrayDeleteModification((macSize - 1), 1), new ByteArrayExplicitValueModification(padding))); + vectorList.add(new TrippleVector("MissingMacByteLast", "MissingMacByteLast", + new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification((macSize - 1), 1), + new ByteArrayExplicitValueModification(padding))); return vectorList; } List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion version) { List vectorList = new LinkedList<>(); byte[] plain = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - 1); - vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", plain)); + vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", "PlainOnlyPadding", plain)); plain = new byte[] { (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, @@ -111,7 +117,7 @@ List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, }; - vectorList.add(createVectorWithPlainData("Plain FF", plain)); + vectorList.add(createVectorWithPlainData("Plain FF", "PlainTooMuchPadding", plain)); return vectorList; } @@ -137,19 +143,19 @@ private List createClassicModifiedPaddingWithValidMAC(int applica byte[] padding = createPaddingBytes(paddingValue); padding[i] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x80-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacStart" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x8; // flip middle padding byte // middle bit vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x08-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacMid" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x01; // flip last padding byte lowest // bit vectorList.add(new TrippleVector("InvPadValMac-[" + i + "]x01-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacEnd" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); } return vectorList; @@ -163,37 +169,43 @@ private List createClassicModifiedPaddingWithInvalidMAC(int appli padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]0x01-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, i), new ByteArrayExplicitValueModification(padding))); + "ValPadInvMacStart" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, i), new ByteArrayExplicitValueModification( + padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]0x08-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x08 }, i), new ByteArrayExplicitValueModification(padding))); + "ValPadInvMacMid" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x08 }, i), new ByteArrayExplicitValueModification( + padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + i + "]0x80-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { (byte) 0x80 }, i), new ByteArrayExplicitValueModification(padding))); + "ValPadInvMacEnd" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { (byte) 0x80 }, i), + new ByteArrayExplicitValueModification(padding))); } for (int i = 0; i < paddingValue; i++) { padding = createPaddingBytes(paddingValue); padding[i] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x80-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacStart" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification( + padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x8; // flip middle padding byte // middle bit vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x08-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacMid" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification( + padding))); padding = createPaddingBytes(paddingValue); padding[i] ^= 0x01; // flip last padding lowest first // bit vectorList.add(new TrippleVector("InvPadInvMac-[" + i + "]x01-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacEnd" + i, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification( + padding))); } return vectorList; @@ -213,8 +225,8 @@ List createFlippedModifications(int byteLength) { return modificationList; } - private PaddingVector createVectorWithPlainData(String name, byte[] plain) { - return new PlainPaddingVector(name, + private PaddingVector createVectorWithPlainData(String name, String identifier, byte[] plain) { + return new PlainPaddingVector(name, identifier, (ByteArrayExplicitValueModification) ByteArrayModificationFactory.explicitValue(plain)); } } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java index edd3776008..0de3c0f963 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/ShortPaddingGenerator.java @@ -68,10 +68,13 @@ public List getVectors(CipherSuite suite, ProtocolVersion version List createBasicMacVectors(CipherSuite suite, ProtocolVersion version) { List vectorList = new LinkedList<>(); int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); + int i = 1; for (ByteArrayXorModification modification : createFlippedModifications(macSize)) { vectorList.add(new TrippleVector("BasicMac-" + modification.getStartPosition() + "-" - + ArrayConverter.bytesToHexString(modification.getXor()), new ByteArrayExplicitValueModification( - new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize - DEFAULT_PADDING_LENGTH]), modification, null)); + + ArrayConverter.bytesToHexString(modification.getXor()), "BasicMac" + i, + new ByteArrayExplicitValueModification(new byte[DEFAULT_CIPHERTEXT_LENGTH - macSize + - DEFAULT_PADDING_LENGTH]), modification, null)); + i++; } return vectorList; } @@ -88,20 +91,22 @@ List createMissingMacByteVectors(CipherSuite suite, ProtocolVersi int macSize = AlgorithmResolver.getMacAlgorithm(version, suite).getSize(); byte[] padding = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - macSize); // Missing first MAC byte because of overlong valid padding - vectorList.add(new TrippleVector("MissingMacByteFirst", new ByteArrayExplicitValueModification(new byte[0]), - new ByteArrayDeleteModification(0, 1), new ByteArrayExplicitValueModification(padding))); + vectorList.add(new TrippleVector("MissingMacByteFirst", "MissingMacByteFirst", + new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification(0, 1), + new ByteArrayExplicitValueModification(padding))); // Missing last MAC byte because of overlong valid padding padding = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - macSize); - vectorList.add(new TrippleVector("MissingMacByteLast", new ByteArrayExplicitValueModification(new byte[0]), - new ByteArrayDeleteModification((macSize - 1), 1), new ByteArrayExplicitValueModification(padding))); + vectorList.add(new TrippleVector("MissingMacByteLast", "MissingMacByteLast", + new ByteArrayExplicitValueModification(new byte[0]), new ByteArrayDeleteModification((macSize - 1), 1), + new ByteArrayExplicitValueModification(padding))); return vectorList; } List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion version) { List vectorList = new LinkedList<>(); byte[] plain = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - 1); - vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", plain)); + vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", "PlainOnlyPadding", plain)); plain = new byte[] { (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, @@ -113,7 +118,7 @@ List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, }; - vectorList.add(createVectorWithPlainData("Plain FF", plain)); + vectorList.add(createVectorWithPlainData("Plain FF", "PlainTooMuchPadding", plain)); return vectorList; } @@ -122,12 +127,12 @@ List createClassicModifiedPadding(CipherSuite suite, ProtocolVers int paddingValue = DEFAULT_CIPHERTEXT_LENGTH - macSize - 1; int applicationLength = 0; List vectorList = createClassicModifiedPaddingWithValidMAC(applicationLength, paddingValue); - vectorList.addAll(createClassicModifiedPaddingWithInvalidMAC(applicationLength, paddingValue)); + vectorList.addAll(createClassicModifiedPaddingWithInvalidMAC(applicationLength, paddingValue, "0")); paddingValue = 6; applicationLength = DEFAULT_CIPHERTEXT_LENGTH - macSize - 7; vectorList.addAll(createClassicModifiedPaddingWithValidMAC(applicationLength, paddingValue)); - vectorList.addAll(createClassicModifiedPaddingWithInvalidMAC(applicationLength, paddingValue)); + vectorList.addAll(createClassicModifiedPaddingWithInvalidMAC(applicationLength, paddingValue, "")); return vectorList; } @@ -138,58 +143,61 @@ private List createClassicModifiedPaddingWithValidMAC(int applica byte[] padding = createPaddingBytes(paddingValue); padding[0] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadValMac-[0]-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacStart", new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[paddingValue / 2] ^= 0x8; // flip middle padding byte // middle bit vectorList.add(new TrippleVector("InvPadValMac-[" + (paddingValue / 2) + "]-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), null, - new ByteArrayExplicitValueModification(padding))); + + paddingValue, "InvPadValMacMid", new ByteArrayExplicitValueModification(new byte[applicationLength]), + null, new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[padding.length - 1] ^= 0x01; // flip last padding byte lowest // bit vectorList.add(new TrippleVector("InvPadValMac-[last]-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), null, + "InvPadValMacEnd", new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); return vectorList; } - private List createClassicModifiedPaddingWithInvalidMAC(int applicationLength, int paddingValue) { + private List createClassicModifiedPaddingWithInvalidMAC(int applicationLength, int paddingValue, + String suffix) { List vectorList = new LinkedList<>(); // invalid mac byte[] padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[0]-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "ValPadInvMacStart" + suffix, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[" + (8) + "]-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x08 }, 8), new ByteArrayExplicitValueModification(padding))); + "ValPadInvMacMid" + suffix, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x08 }, 8), new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); vectorList.add(new TrippleVector("ValPadInvMac-[15]-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { (byte) 0x80 }, 15), new ByteArrayExplicitValueModification(padding))); + "ValPadInvMacEnd" + suffix, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { (byte) 0x80 }, 15), new ByteArrayExplicitValueModification( + padding))); padding = createPaddingBytes(paddingValue); padding[0] ^= 0x80; // flip first padding byte highest bit vectorList.add(new TrippleVector("InvPadInvMac-[0]-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacStart" + suffix, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[paddingValue / 2] ^= 0x8; // flip middle padding byte // middle bit vectorList.add(new TrippleVector("InvPadInvMac-[" + (paddingValue / 2) + "]-" + applicationLength + "-" - + paddingValue, new ByteArrayExplicitValueModification(new byte[applicationLength]), - new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + + paddingValue, "InvPadInvMacMid" + suffix, new ByteArrayExplicitValueModification( + new byte[applicationLength]), new ByteArrayXorModification(new byte[] { 0x01 }, 0), + new ByteArrayExplicitValueModification(padding))); padding = createPaddingBytes(paddingValue); padding[padding.length - 1] ^= 0x01; // flip last padding lowest first // bit vectorList.add(new TrippleVector("InvPadInvMac-[last]-" + applicationLength + "-" + paddingValue, - new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( - new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); + "InvPadInvMacEnd" + suffix, new ByteArrayExplicitValueModification(new byte[applicationLength]), + new ByteArrayXorModification(new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); return vectorList; } @@ -204,8 +212,8 @@ List createFlippedModifications(int byteLength) { return modificationList; } - private PaddingVector createVectorWithPlainData(String name, byte[] plain) { - return new PlainPaddingVector(name, + private PaddingVector createVectorWithPlainData(String name, String identifier, byte[] plain) { + return new PlainPaddingVector(name, identifier, (ByteArrayExplicitValueModification) ByteArrayModificationFactory.explicitValue(plain)); } } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/VeryShortPaddingGenerator.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/VeryShortPaddingGenerator.java index 3c96a5f9a8..467d543eaa 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/VeryShortPaddingGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/VeryShortPaddingGenerator.java @@ -53,7 +53,7 @@ public List getVectors(CipherSuite suite, ProtocolVersion version List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion version) { List vectorList = new LinkedList<>(); byte[] plain = createPaddingBytes(DEFAULT_CIPHERTEXT_LENGTH - 1); - vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", plain)); + vectorList.add(createVectorWithPlainData("Plain XF (0xXF=#padding bytes)", "PlainOnlyPadding", plain)); plain = new byte[] { (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, @@ -65,7 +65,7 @@ List createOnlyPaddingVectors(CipherSuite suite, ProtocolVersion (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, (byte) 255, }; - vectorList.add(createVectorWithPlainData("Plain FF", plain)); + vectorList.add(createVectorWithPlainData("Plain FF", "PlainTooMuchPadding", plain)); return vectorList; } @@ -84,7 +84,7 @@ private List createClassicModifiedPaddingWithValidMAC(int applica // valid mac byte[] padding = createPaddingBytes(paddingValue); padding[0] ^= 0x80; // flip first padding byte highest bit - vectorList.add(new TrippleVector("InvPadValMac-[0]-" + applicationLength + "-" + paddingValue, + vectorList.add(new TrippleVector("InvPadValMac-[0]-" + applicationLength + "-" + paddingValue, "InvPadValMac", new ByteArrayExplicitValueModification(new byte[applicationLength]), null, new ByteArrayExplicitValueModification(padding))); return vectorList; @@ -94,7 +94,7 @@ private List createClassicModifiedPaddingWithInvalidMAC(int appli List vectorList = new LinkedList<>(); // invalid mac byte[] padding = createPaddingBytes(paddingValue); - vectorList.add(new TrippleVector("ValPadInvMac-[0]-" + applicationLength + "-" + paddingValue, + vectorList.add(new TrippleVector("ValPadInvMac-[0]-" + applicationLength + "-" + paddingValue, "valPadInvMac", new ByteArrayExplicitValueModification(new byte[applicationLength]), new ByteArrayXorModification( new byte[] { 0x01 }, 0), new ByteArrayExplicitValueModification(padding))); return vectorList; @@ -111,8 +111,8 @@ List createFlippedModifications(int byteLength) { return modificationList; } - private PaddingVector createVectorWithPlainData(String name, byte[] plain) { - return new PlainPaddingVector(name, + private PaddingVector createVectorWithPlainData(String name, String identifier, byte[] plain) { + return new PlainPaddingVector(name, identifier, (ByteArrayExplicitValueModification) ByteArrayModificationFactory.explicitValue(plain)); } } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/CleanAndPaddingVector.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/CleanAndPaddingVector.java index 7d76fb5281..f2d883ddf9 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/CleanAndPaddingVector.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/CleanAndPaddingVector.java @@ -24,9 +24,9 @@ public class CleanAndPaddingVector extends PaddingVector { private final VariableModification paddingModification; private final VariableModification cleanModification; - public CleanAndPaddingVector(String name, VariableModification paddingModification, + public CleanAndPaddingVector(String name, String identifier, VariableModification paddingModification, VariableModification cleanModification) { - super(name); + super(name, identifier); this.paddingModification = paddingModification; this.cleanModification = cleanModification; } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedMacVector.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedMacVector.java index 830ab43fa8..3743ea959f 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedMacVector.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedMacVector.java @@ -24,8 +24,8 @@ public class ModifiedMacVector extends PaddingVector { private final ByteArrayXorModification modification; - public ModifiedMacVector(String name, ByteArrayXorModification modification) { - super(name); + public ModifiedMacVector(String name, String identifier, ByteArrayXorModification modification) { + super(name, identifier); this.modification = modification; } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedPaddingVector.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedPaddingVector.java index 6621ebff04..f2bcea6054 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedPaddingVector.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/ModifiedPaddingVector.java @@ -23,8 +23,8 @@ public class ModifiedPaddingVector extends PaddingVector { private final VariableModification modification; - public ModifiedPaddingVector(String name, VariableModification modification) { - super(name); + public ModifiedPaddingVector(String name, String identifier, VariableModification modification) { + super(name, identifier); this.modification = modification; } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PaddingVector.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PaddingVector.java index 8f35305c2e..b0f5a96c33 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PaddingVector.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PaddingVector.java @@ -19,8 +19,11 @@ public abstract class PaddingVector { protected final String name; - public PaddingVector(String name) { + protected final String identifier; + + public PaddingVector(String name, String identifier) { this.name = name; + this.identifier = identifier; } public abstract Record createRecord(); @@ -31,4 +34,7 @@ public String getName() { return name; } + public String getIdentifier() { + return identifier; + } } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PlainPaddingVector.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PlainPaddingVector.java index 73f49edf63..a2634a1b03 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PlainPaddingVector.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/PlainPaddingVector.java @@ -23,8 +23,8 @@ public class PlainPaddingVector extends PaddingVector { private final ByteArrayExplicitValueModification modification; - public PlainPaddingVector(String name, ByteArrayExplicitValueModification modification) { - super(name); + public PlainPaddingVector(String name, String identifier, ByteArrayExplicitValueModification modification) { + super(name, identifier); this.modification = modification; } diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/TrippleVector.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/TrippleVector.java index e1c11dbc15..51db459c45 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/TrippleVector.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/padding/vector/TrippleVector.java @@ -26,9 +26,9 @@ public class TrippleVector extends PaddingVector { private final VariableModification macModification; private final VariableModification paddingModification; - public TrippleVector(String name, VariableModification cleanModification, VariableModification macModification, - VariableModification paddingModification) { - super(name); + public TrippleVector(String name, String identifier, VariableModification cleanModification, + VariableModification macModification, VariableModification paddingModification) { + super(name, identifier); this.cleanModification = cleanModification; this.macModification = macModification; this.paddingModification = paddingModification; diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/util/response/FingerPrintChecker.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/util/response/FingerPrintChecker.java index eee3f82708..a7c44a32c6 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/util/response/FingerPrintChecker.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/util/response/FingerPrintChecker.java @@ -9,6 +9,7 @@ package de.rub.nds.tlsattacker.attacks.util.response; import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType; +import de.rub.nds.tlsattacker.core.protocol.message.AlertMessage; import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage; import de.rub.nds.tlsattacker.core.record.AbstractRecord; import de.rub.nds.tlsattacker.core.record.BlobRecord; @@ -153,6 +154,25 @@ private static boolean checkAlertMessageEquality(List recordList return true; } + private static boolean checkMessageListAlertEquality(List messageList1, + List messageList2) { + for (int i = 0; i < messageList1.size(); i++) { + ProtocolMessage protocolMessage1 = messageList1.get(i); + ProtocolMessage protocolMessage2 = messageList2.get(i); + if (protocolMessage1 instanceof AlertMessage && protocolMessage2 instanceof AlertMessage) { + if (((AlertMessage) protocolMessage1).getDescription().getValue() != ((AlertMessage) protocolMessage2) + .getDescription().getValue()) { + return false; + } + if (((AlertMessage) protocolMessage1).getLevel().getValue() != ((AlertMessage) protocolMessage2) + .getLevel().getValue()) { + return false; + } + } + } + return true; + } + private static boolean checkRecordLengthEquality(List recordList1, List recordList2) { for (int i = 0; i < recordList1.size(); i++) { AbstractRecord abstractRecord1 = recordList1.get(i); @@ -205,6 +225,32 @@ private static boolean checkRecordContentTypeEquality(List recor return true; } + public static EqualityError checkSimpleEquality(ResponseFingerprint fingerprint1, ResponseFingerprint fingerprint2, + boolean canDecryptAlerts) { + if (fingerprint1.isReceivedTransportHandlerException() != fingerprint2.isReceivedTransportHandlerException()) { + return EqualityError.SOCKET_EXCEPTION; + } + if (fingerprint1.getNumberRecordsReceived() != fingerprint2.getNumberRecordsReceived()) { + return EqualityError.RECORD_COUNT; + } + if (fingerprint1.isEncryptedAlert() != fingerprint2.isEncryptedAlert()) { + return EqualityError.ENCRYPTED_ALERT; + } + if ((!fingerprint1.isEncryptedAlert() && !canDecryptAlerts) || canDecryptAlerts) { + if (!checkMessageListAlertEquality(fingerprint1.getMessageList(), fingerprint2.getMessageList())) { + return EqualityError.ALERT_MESSAGE_CONTENT; + } + if (fingerprint1.getNumberOfMessageReceived() != fingerprint2.getNumberOfMessageReceived()) { + return EqualityError.MESSAGE_COUNT; + } + } + if (!checkSocketState(fingerprint1, fingerprint2)) { + return EqualityError.SOCKET_STATE; + } + return EqualityError.NONE; + + } + private FingerPrintChecker() { } } From 680da137abc8cc9128e4ac8790d92f454a935bbb Mon Sep 17 00:00:00 2001 From: Robert Merget Date: Fri, 1 Mar 2019 15:43:07 +0100 Subject: [PATCH 3/6] Fixed TLS 1.3 Implementations (ups) --- .../core/record/cipher/RecordAEADCipher.java | 10 +++++++--- .../core/record/crypto/RecordEncryptor.java | 6 +++--- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/cipher/RecordAEADCipher.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/cipher/RecordAEADCipher.java index 4163c8097f..61ecc21d33 100644 --- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/cipher/RecordAEADCipher.java +++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/cipher/RecordAEADCipher.java @@ -82,16 +82,20 @@ public DecryptionResult decrypt(DecryptionRequest decryptionRequest) { } private EncryptionResult encryptTLS13(EncryptionRequest request) throws CryptoException { - byte[] sequenceNumberByte = ArrayConverter.longToBytes(context.getWriteSequenceNumber(), + byte[] sequenceNumberBytes = ArrayConverter.longToBytes(context.getWriteSequenceNumber(), RecordByteLength.SEQUENCE_NUMBER); + LOGGER.debug("SQN bytes: " + ArrayConverter.bytesToHexString(sequenceNumberBytes)); byte[] nonce = ArrayConverter.concatenate(new byte[AEAD_IV_LENGTH - RecordByteLength.SEQUENCE_NUMBER], - sequenceNumberByte); + sequenceNumberBytes); + LOGGER.debug("NonceBytes:" + ArrayConverter.bytesToHexString(nonce)); + byte[] encryptIV = prepareAeadParameters(nonce, getEncryptionIV()); LOGGER.debug("Encrypting GCM with the following IV: {}", ArrayConverter.bytesToHexString(encryptIV)); byte[] cipherText; if (version == ProtocolVersion.TLS13 || version == ProtocolVersion.TLS13_DRAFT25 || version == ProtocolVersion.TLS13_DRAFT26 || version == ProtocolVersion.TLS13_DRAFT27 || version == ProtocolVersion.TLS13_DRAFT28) { + LOGGER.debug("AAD:" + ArrayConverter.bytesToHexString(request.getAdditionalAuthenticatedData())); cipherText = encryptCipher.encrypt(encryptIV, AEAD_TAG_LENGTH * 8, request.getAdditionalAuthenticatedData(), request.getPlainText()); } else { @@ -189,7 +193,7 @@ public boolean isUsingTags() { @Override public int getTagSize() { - if (cipherSuite.usesStrictExplicitIv()) { + if (cipherSuite.usesStrictExplicitIv() || version.isTLS13()) { return AEAD_TAG_LENGTH; } else { return SEQUENCE_NUMBER_LENGTH + AEAD_TAG_LENGTH; diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java index d985f8d7e0..44ec53f0f2 100644 --- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java +++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java @@ -55,9 +55,9 @@ public void encrypt(Record record) { record.getComputations().setNonMetaDataMaced(cleanBytes); if (context.getChooser().getSelectedProtocolVersion().isTLS13()) { // TLS13 needs the record length before encrypting - int length = AlgorithmResolver.getCipher(cipherSuite).getBlocksize() - - (record.getCleanProtocolMessageBytes().getValue().length % AlgorithmResolver.getCipher( - cipherSuite).getBlocksize()) + recordCipher.getTagSize(); + // Encrypted length + int cleanLength = record.getCleanProtocolMessageBytes().getValue().length; + int length = cleanLength + recordCipher.getTagSize() + 1; //+1 for the encrypted record type record.setLength(length); } byte[] additionalAuthenticatedData = collectAdditionalAuthenticatedData(record, context.getChooser() From 4b84640439930446f42bf57b2eb17ff2d969466f Mon Sep 17 00:00:00 2001 From: Robert Merget Date: Fri, 1 Mar 2019 15:43:23 +0100 Subject: [PATCH 4/6] fixed aria gcm ciphers --- .../rub/nds/tlsattacker/core/constants/CipherAlgorithm.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/CipherAlgorithm.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/CipherAlgorithm.java index 943dede508..d9fabe1ab4 100644 --- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/CipherAlgorithm.java +++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/CipherAlgorithm.java @@ -34,8 +34,8 @@ public enum CipherAlgorithm { DES40_CBC(8, 8, 0, 8, "DES/CBC/NoPadding"), // currently uses des 56bit ARIA_128_CBC(16, 16, 0, 16, "ARIA/CBC/NoPadding"), // not tested yet ARIA_256_CBC(32, 16, 0, 16, "ARIA/CBC/NoPadding"), // not tested yet - ARIA_128_GCM(16, 16, 0, 16, "ARIA/GCM/NoPadding"), // not tested yet - ARIA_256_GCM(16, 16, 0, 16, "ARIA/GCM/NoPadding"), // not tested yet + ARIA_128_GCM(16, 16, 8, 16, "ARIA/GCM/NoPadding"), // not tested yet + ARIA_256_GCM(16, 16, 8, 16, "ARIA/GCM/NoPadding"), // not tested yet GOST_28147_CNT(32, 8, 0, 8, "GOST28147/ECB/NoPadding"), FORTEZZA_CBC(0, 0, 0, 0);// TODO From c51475ed4201db93fe0441e2d0f0e5b84b901357 Mon Sep 17 00:00:00 2001 From: Robert Merget Date: Fri, 1 Mar 2019 15:48:39 +0100 Subject: [PATCH 5/6] fixed attacks.jar main method --- .../rub/nds/tlsattacker/attacks/config/Lucky13CommandConfig.java | 1 + 1 file changed, 1 insertion(+) diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Lucky13CommandConfig.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Lucky13CommandConfig.java index bbecf6982a..c4df418442 100644 --- a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Lucky13CommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Lucky13CommandConfig.java @@ -65,6 +65,7 @@ public Lucky13CommandConfig(GeneralDelegate delegate) { ciphersuiteDelegate = new CiphersuiteDelegate(); protocolVersionDelegate = new ProtocolVersionDelegate(); starttlsDelegate = new StarttlsDelegate(); + proxyDelegate = new ProxyDelegate(); addDelegate(clientDelegate); addDelegate(hostnameExtensionDelegate); addDelegate(ciphersuiteDelegate); From 01f4b9caf2ed74575a20b8c83e95acfa618eb198 Mon Sep 17 00:00:00 2001 From: Robert Merget Date: Fri, 1 Mar 2019 16:00:10 +0100 Subject: [PATCH 6/6] Updated version and formated record encryptor --- Attacks/pom.xml | 2 +- TLS-Client/pom.xml | 2 +- TLS-Core/pom.xml | 2 +- .../nds/tlsattacker/core/record/crypto/RecordEncryptor.java | 6 +++++- TLS-Forensics/pom.xml | 2 +- TLS-Mitm/pom.xml | 2 +- TLS-Server/pom.xml | 2 +- TraceTool/pom.xml | 2 +- Transport/pom.xml | 2 +- Utils/pom.xml | 2 +- pom.xml | 2 +- 11 files changed, 15 insertions(+), 11 deletions(-) diff --git a/Attacks/pom.xml b/Attacks/pom.xml index 17e9c10e6b..db7e25a42c 100644 --- a/Attacks/pom.xml +++ b/Attacks/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 Attacks jar diff --git a/TLS-Client/pom.xml b/TLS-Client/pom.xml index 7f312649ba..d7f92d0a1c 100644 --- a/TLS-Client/pom.xml +++ b/TLS-Client/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 TLS-Client TLS-Client diff --git a/TLS-Core/pom.xml b/TLS-Core/pom.xml index fa2c4a2d4d..4717552e8c 100644 --- a/TLS-Core/pom.xml +++ b/TLS-Core/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 TLS-Core jar diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java index 44ec53f0f2..acdf748a8a 100644 --- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java +++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordEncryptor.java @@ -57,7 +57,11 @@ public void encrypt(Record record) { // TLS13 needs the record length before encrypting // Encrypted length int cleanLength = record.getCleanProtocolMessageBytes().getValue().length; - int length = cleanLength + recordCipher.getTagSize() + 1; //+1 for the encrypted record type + int length = cleanLength + recordCipher.getTagSize() + 1; // +1 for + // the + // encrypted + // record + // type record.setLength(length); } byte[] additionalAuthenticatedData = collectAdditionalAuthenticatedData(record, context.getChooser() diff --git a/TLS-Forensics/pom.xml b/TLS-Forensics/pom.xml index 274b457c57..ee25b2ad46 100644 --- a/TLS-Forensics/pom.xml +++ b/TLS-Forensics/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 TLS-Forensics jar diff --git a/TLS-Mitm/pom.xml b/TLS-Mitm/pom.xml index dfd8f3e95f..8e79a2b9ea 100644 --- a/TLS-Mitm/pom.xml +++ b/TLS-Mitm/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 TLS-Mitm jar diff --git a/TLS-Server/pom.xml b/TLS-Server/pom.xml index 16234c87c2..a0a843ed08 100644 --- a/TLS-Server/pom.xml +++ b/TLS-Server/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 TLS-Server jar diff --git a/TraceTool/pom.xml b/TraceTool/pom.xml index 4a079cc548..4996a5cc8b 100644 --- a/TraceTool/pom.xml +++ b/TraceTool/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 TraceTool jar diff --git a/Transport/pom.xml b/Transport/pom.xml index 8363bc9256..0f4811a6e5 100644 --- a/Transport/pom.xml +++ b/Transport/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 Transport jar diff --git a/Utils/pom.xml b/Utils/pom.xml index 2aa81f6ce0..e421ca296a 100644 --- a/Utils/pom.xml +++ b/Utils/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 Utils jar diff --git a/pom.xml b/pom.xml index c2860a88e7..670e1b30b7 100644 --- a/pom.xml +++ b/pom.xml @@ -3,7 +3,7 @@ 4.0.0 de.rub.nds.tlsattacker TLS-Attacker - 2.7 + 2.8 pom 2015 TLS-Attacker