Fixed ciphersuite selection for bleichenbacher probe

ic0ns · ic0ns · commit 20933377cb3c · 2019-02-21T22:40:19.000Z
diff --git a/src/main/java/de/rub/nds/tlsscanner/probe/BleichenbacherProbe.java b/src/main/java/de/rub/nds/tlsscanner/probe/BleichenbacherProbe.java
@@ -13,7 +13,11 @@
 import de.rub.nds.tlsattacker.attacks.pkcs1.Pkcs1Vector;
 import de.rub.nds.tlsattacker.attacks.pkcs1.Pkcs1VectorGenerator;
 import de.rub.nds.tlsattacker.attacks.util.response.EqualityError;
+import de.rub.nds.tlsattacker.core.config.delegate.CiphersuiteDelegate;
 import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
+import de.rub.nds.tlsattacker.core.constants.CipherSuite;
+import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
 import de.rub.nds.tlsattacker.core.util.CertificateFetcher;
 import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
 import de.rub.nds.tlsscanner.config.ScannerConfig;
@@ -31,16 +35,19 @@
  */
 public class BleichenbacherProbe extends TlsProbe {
 
+    private List<CipherSuite> suiteList;
+
     public BleichenbacherProbe(ScannerConfig config, ParallelExecutor parallelExecutor) {
         super(parallelExecutor, ProbeType.BLEICHENBACHER, config, 10);
+        suiteList = new LinkedList<>();
     }
 
     @Override
     public ProbeResult executeTest() {
         BleichenbacherCommandConfig bleichenbacherConfig = new BleichenbacherCommandConfig(getScannerConfig().getGeneralDelegate());
         ClientDelegate delegate = (ClientDelegate) bleichenbacherConfig.getDelegate(ClientDelegate.class);
         delegate.setHost(getScannerConfig().getClientDelegate().getHost());
-
+        ((CiphersuiteDelegate) (bleichenbacherConfig.getDelegate(CiphersuiteDelegate.class))).setCipherSuites(suiteList);
         RSAPublicKey publicKey = (RSAPublicKey) CertificateFetcher.fetchServerPublicKey(bleichenbacherConfig.createConfig());
         if (publicKey == null) {
             LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?");
@@ -74,6 +81,19 @@ public boolean shouldBeExecuted(SiteReport report) {
 
     @Override
     public void adjustConfig(SiteReport report) {
+        if (report.getCipherSuites() != null) {
+            for (CipherSuite suite : report.getCipherSuites()) {
+                if (AlgorithmResolver.getKeyExchangeAlgorithm(suite) == KeyExchangeAlgorithm.RSA) {
+                    suiteList.add(suite);
+                }
+            }
+        } else {
+            for (CipherSuite suite : CipherSuite.values()) {
+                if (AlgorithmResolver.getKeyExchangeAlgorithm(suite) == KeyExchangeAlgorithm.RSA) {
+                    suiteList.add(suite);
+                }
+            }
+        }
     }
 
     @Override
