Merge pull request #338 from tls-attacker/feature/newClientScanningProbes

Added new client scanning probes

Author: NErinola

TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/config/ClientScannerConfig.java

@@ -60,6 +60,8 @@ public class ClientScannerConfig extends TlsScannerConfig {
                     "The directory the scanner should use to log the client output. Be wary: This creates a lot of files for a full scan")
     private String logDirectory = null;
 
+    private Function<State, Integer> externalRunCallback = null;
+
     public ClientScannerConfig(GeneralDelegate delegate) {
         super(delegate);
 
@@ -80,7 +82,9 @@ public Config createConfig() {
 
         Config config = super.createConfig(Config.createConfig());
         config.getDefaultClientConnection().setTimeout(getTimeout());
-
+        config.setRespectClientProposedExtensions(true);
+        // will only be added if proposed by client
+        config.setAddRenegotiationInfoExtension(true);
         return config;
     }
 
@@ -129,7 +133,11 @@ public File getLogDirectory() {
     }
 
     public Function<State, Integer> getRunCommandExecutionCallback() {
-        return getRunCommandExecutionCallback(getRunCommand());
+        if (externalRunCallback != null) {
+            return externalRunCallback;
+        } else {
+            return getRunCommandExecutionCallback(getRunCommand());
+        }
     }
 
     /** Provides a callback that executes the client run command. */
@@ -182,4 +190,12 @@ private Integer getServerPort(TransportHandler serverTransportHandler) {
         throw new RuntimeException(
                 "Got unknown ServerTransportHandler when trying to extract server port.");
     }
+
+    public Function<State, Integer> getExternalRunCallback() {
+        return externalRunCallback;
+    }
+
+    public void setExternalRunCallback(Function<State, Integer> externalRunCallback) {
+        this.externalRunCallback = externalRunCallback;
+    }
 }

TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/execution/TlsClientScanner.java

@@ -25,18 +25,21 @@
 import de.rub.nds.tlsscanner.clientscanner.probe.CertificateProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.CipherSuiteProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.CompressionProbe;
+import de.rub.nds.tlsscanner.clientscanner.probe.ConnectionClosingProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.DheParameterProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.DtlsBugsProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.DtlsFragmentationProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.DtlsHelloVerifyRequestProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.DtlsMessageSequenceProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.DtlsReorderingProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.DtlsRetransmissionsProbe;
+import de.rub.nds.tlsscanner.clientscanner.probe.ECPointFormatProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.FreakProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.PaddingOracleProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.ProtocolVersionProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.RecordFragmentationProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.ResumptionProbe;
+import de.rub.nds.tlsscanner.clientscanner.probe.ServerCertificateKeySizeProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.SniProbe;
 import de.rub.nds.tlsscanner.clientscanner.probe.Version13RandomProbe;
 import de.rub.nds.tlsscanner.clientscanner.report.ClientReport;
@@ -99,6 +102,9 @@ protected void fillProbeLists() {
         addProbeToProbeList(new AlpnProbe(parallelExecutor, config));
         addProbeToProbeList(new SniProbe(parallelExecutor, config));
         addProbeToProbeList(new ResumptionProbe(parallelExecutor, config));
+        addProbeToProbeList(new ServerCertificateKeySizeProbe(parallelExecutor, config));
+        addProbeToProbeList(new ConnectionClosingProbe(parallelExecutor, config));
+        addProbeToProbeList(new ECPointFormatProbe(parallelExecutor, config));
         afterList.add(new Sweet32AfterProbe());
         afterList.add(new FreakAfterProbe());
         afterList.add(new LogjamAfterProbe());

TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/CipherSuiteProbe.java

@@ -141,25 +141,25 @@ public CipherSuiteProbe(ParallelExecutor executor, ClientScannerConfig scannerCo
     @Override
     public void executeTest() {
         pairLists = new LinkedList<>();
+        List<State> statesToExecute = new LinkedList<>();
         for (ProtocolVersion version : protocolVersions) {
+            pairLists.add(new VersionSuiteListPair(version, new LinkedList<>()));
             LOGGER.debug("Testing cipher suites for version {}", version);
 
-            Config config;
-            if (version.isTLS13()) {
-                config = getTls13Config();
-            } else {
-                config = getBaseConfig();
-            }
-            config.setHighestProtocolVersion(version);
-            config.setDefaultSelectedProtocolVersion(version);
-            config.setEnforceSettings(true);
-
             List<CipherSuite> toTestList = getToTestCipherSuitesByVersion(version);
-            List<CipherSuite> supportedSuites = new LinkedList<>();
 
             while (!toTestList.isEmpty()) {
+                Config config;
+                if (version.isTLS13()) {
+                    config = getTls13Config();
+                } else {
+                    config = getBaseConfig();
+                }
+                config.setHighestProtocolVersion(version);
+                config.setDefaultSelectedProtocolVersion(version);
+                config.setEnforceSettings(true);
                 CipherSuite currentSuite = toTestList.get(0);
-                config.setDefaultServerSupportedCipherSuites(toTestList);
+                config.setDefaultServerSupportedCipherSuites(currentSuite);
                 config.setDefaultSelectedCipherSuite(currentSuite);
                 WorkflowTrace trace =
                         new WorkflowConfigurationFactory(config)
@@ -168,15 +168,27 @@ public void executeTest() {
                 trace.addTlsAction(new ReceiveTillAction(new FinishedMessage()));
 
                 State state = new State(config, trace);
-                executeState(state);
-                if (state.getWorkflowTrace().executedAsPlanned()) {
-                    supportedSuites.add(currentSuite);
-                }
+                statesToExecute.add(state);
+
                 toTestList.remove(currentSuite);
             }
-
-            if (!supportedSuites.isEmpty()) {
-                pairLists.add(new VersionSuiteListPair(version, supportedSuites));
+        }
+        executeState(statesToExecute);
+        for (State executedState : statesToExecute) {
+            if (executedState.getWorkflowTrace().executedAsPlanned()
+                    && executedState.getTlsContext().getSelectedCipherSuite()
+                            == executedState.getConfig().getDefaultSelectedCipherSuite()) {
+                pairLists.stream()
+                        .filter(
+                                pair ->
+                                        pair.getVersion()
+                                                == executedState
+                                                        .getConfig()
+                                                        .getDefaultSelectedProtocolVersion())
+                        .findAny()
+                        .orElseThrow()
+                        .getCipherSuiteList()
+                        .add(executedState.getConfig().getDefaultSelectedCipherSuite());
             }
         }
     }
@@ -212,7 +224,6 @@ private Config getBaseConfig() {
         config.setStopActionsAfterIOException(true);
         config.setStopTraceAfterUnexpected(true);
         config.setStopActionsAfterWarning(true);
-        config.setAddRenegotiationInfoExtension(false);
         return config;
     }
 

TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/ConnectionClosingProbe.java

@@ -0,0 +1,64 @@
+/*
+ * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker
+ *
+ * Copyright 2017-2023 Ruhr University Bochum, Paderborn University, Technology Innovation Institute, and Hackmanit GmbH
+ *
+ * Licensed under Apache License, Version 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0.txt
+ */
+package de.rub.nds.tlsscanner.clientscanner.probe;
+
+import de.rub.nds.scanner.core.probe.requirements.Requirement;
+import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.constants.RunningModeType;
+import de.rub.nds.tlsattacker.core.protocol.message.ApplicationMessage;
+import de.rub.nds.tlsattacker.core.state.State;
+import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
+import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
+import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
+import de.rub.nds.tlsscanner.clientscanner.config.ClientScannerConfig;
+import de.rub.nds.tlsscanner.clientscanner.report.ClientReport;
+import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
+import de.rub.nds.tlsscanner.core.probe.closing.ConnectionClosingUtils;
+
+public class ConnectionClosingProbe extends TlsClientProbe<ClientScannerConfig, ClientReport> {
+
+    private long closedAfterFinishedDelta = ConnectionClosingUtils.NO_RESULT;
+    private long closedAfterAppDataDelta = ConnectionClosingUtils.NO_RESULT;
+
+    public ConnectionClosingProbe(
+            ParallelExecutor parallelExecutor, ClientScannerConfig scannerConfig) {
+        super(parallelExecutor, TlsProbeType.CONNECTION_CLOSING_DELTA, scannerConfig);
+    }
+
+    @Override
+    protected void mergeData(ClientReport report) {
+        report.setClosedAfterAppDataDelta(closedAfterAppDataDelta);
+        report.setClosedAfterFinishedDelta(closedAfterFinishedDelta);
+    }
+
+    @Override
+    public void executeTest() {
+        // TODO extend with HTTP app data
+        Config tlsConfig = scannerConfig.createConfig();
+        WorkflowTrace handshakeOnly =
+                ConnectionClosingUtils.getWorkflowTrace(tlsConfig, RunningModeType.SERVER);
+        WorkflowTrace handshakeWithAppData =
+                ConnectionClosingUtils.getWorkflowTrace(tlsConfig, RunningModeType.SERVER);
+        handshakeWithAppData.addTlsAction(new SendAction(new ApplicationMessage()));
+        State runningState = new State(tlsConfig, handshakeOnly);
+        executeState(runningState);
+        closedAfterFinishedDelta = ConnectionClosingUtils.evaluateClosingDelta(runningState);
+        runningState = new State(tlsConfig, handshakeWithAppData);
+        executeState(runningState);
+        closedAfterAppDataDelta = ConnectionClosingUtils.evaluateClosingDelta(runningState);
+    }
+
+    @Override
+    public Requirement getRequirements() {
+        return Requirement.NO_REQUIREMENT;
+    }
+
+    @Override
+    public void adjustConfig(ClientReport report) {}
+}

TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/probe/DheParameterProbe.java

@@ -187,7 +187,8 @@ public Requirement getRequirements() {
     public void adjustConfig(ClientReport report) {
         supportedDheCipherSuites = new LinkedList<>();
         for (CipherSuite suite : report.getSupportedCipherSuites()) {
-            if (AlgorithmResolver.getKeyExchangeAlgorithm(suite).isKeyExchangeDhe()) {
+            if (AlgorithmResolver.getKeyExchangeAlgorithm(suite) != null
+                    && AlgorithmResolver.getKeyExchangeAlgorithm(suite).isKeyExchangeDhe()) {
                 supportedDheCipherSuites.add(suite);
             }
         }