Merge pull request #80 from RUB-NDS/esni_evaluation

Esni probe

Author: ic0ns

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/Main.java

@@ -10,23 +10,16 @@
 
 import com.beust.jcommander.JCommander;
 import com.beust.jcommander.ParameterException;
+
 import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
 import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
 import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
 import de.rub.nds.tlsscanner.serverscanner.constants.AnsiColor;
-import de.rub.nds.tlsscanner.serverscanner.leak.InformationLeakReport;
-import de.rub.nds.tlsscanner.serverscanner.leak.InformationLeakTest;
 import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
 import java.io.IOException;
-import java.util.LinkedList;
-import java.util.List;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-/**
- *
- * @author Robert Merget <[email protected]>
- */
 public class Main {
 
     private static final Logger LOGGER = LogManager.getLogger();

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/TlsScanner.java

@@ -13,8 +13,8 @@
 import de.rub.nds.tlsattacker.core.constants.StarttlsType;
 import de.rub.nds.tlsattacker.core.workflow.NamedThreadFactory;
 import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
+import de.rub.nds.tlsscanner.probe.EsniProbe;
 import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
-import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
 import de.rub.nds.tlsscanner.serverscanner.probe.*;
 import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
 import de.rub.nds.tlsscanner.serverscanner.report.after.AfterProbe;
@@ -106,6 +106,7 @@ private void fillDefaultProbeLists() {
         probeList.add(new CcaSupportProbe(config, parallelExecutor));
         probeList.add(new CcaRequiredProbe(config, parallelExecutor));
         probeList.add(new CcaProbe(config, parallelExecutor));
+        probeList.add(new EsniProbe(config, parallelExecutor));
         afterList.add(new Sweet32AfterProbe());
         afterList.add(new PoodleAfterProbe());
         afterList.add(new FreakAfterProbe());

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/constants/ProbeType.java

@@ -13,6 +13,7 @@
  * @author Robert Merget - [email protected]
  */
 public enum ProbeType {
+    ESNI,
     CERTIFICATE,
     OCSP,
     CIPHERSUITE_ORDER,

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/EsniProbe.java

@@ -0,0 +1,158 @@
+/**
+ * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker.
+ *
+ * Copyright 2017-2019 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import java.util.Arrays;
+import java.util.LinkedList;
+import java.util.List;
+
+import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.constants.CipherSuite;
+import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
+import de.rub.nds.tlsattacker.core.constants.NamedGroup;
+import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
+import de.rub.nds.tlsattacker.core.constants.RunningModeType;
+import de.rub.nds.tlsattacker.core.constants.SignatureAndHashAlgorithm;
+import de.rub.nds.tlsattacker.core.state.State;
+import de.rub.nds.tlsattacker.core.state.TlsContext;
+import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
+import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
+import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
+import de.rub.nds.tlsscanner.serverscanner.report.result.EsniResult;
+import de.rub.nds.tlsscanner.serverscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
+import de.rub.nds.tlsscanner.serverscanner.probe.TlsProbe;
+import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
+import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
+import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
+import de.rub.nds.tlsscanner.serverscanner.report.result.SniResult;
+
+public class EsniProbe extends TlsProbe {
+
+    public EsniProbe(ScannerConfig scannerConfig, ParallelExecutor parallelExecutor) {
+        super(parallelExecutor, ProbeType.ESNI, scannerConfig);
+    }
+
+    @Override
+    public ProbeResult executeTest() {
+        Config tlsConfig = getScannerConfig().createConfig();
+        tlsConfig.setHighestProtocolVersion(ProtocolVersion.TLS13);
+        tlsConfig.setSupportedVersions(ProtocolVersion.TLS13);
+        tlsConfig.setUseFreshRandom(true);
+        tlsConfig.setQuickReceive(true);
+        tlsConfig.setDefaultClientSupportedCiphersuites(this.getClientSupportedCiphersuites());
+        tlsConfig.setSupportedSignatureAndHashAlgorithms(this.getTls13SignatureAndHashAlgorithms());
+        tlsConfig.setEnforceSettings(false);
+        tlsConfig.setEarlyStop(true);
+        tlsConfig.setStopReceivingAfterFatal(true);
+        tlsConfig.setStopActionsAfterFatal(true);
+
+        tlsConfig.setDefaultClientNamedGroups(NamedGroup.ECDH_X25519);
+        tlsConfig.setDefaultSelectedNamedGroup(NamedGroup.ECDH_X25519);
+        tlsConfig.setAddECPointFormatExtension(false);
+        tlsConfig.setAddEllipticCurveExtension(true);
+        tlsConfig.setAddSignatureAndHashAlgorithmsExtension(true);
+        tlsConfig.setAddSupportedVersionsExtension(true);
+        tlsConfig.setAddKeyShareExtension(true);
+        tlsConfig.setClientSupportedEsniCiphersuites(this.getClientSupportedCiphersuites());
+        tlsConfig.getClientSupportedEsniNamedGroups().addAll(this.getImplementedGroups());
+        tlsConfig.setAddServerNameIndicationExtension(false);
+        tlsConfig.setAddEncryptedServerNameIndicationExtension(true);
+
+        WorkflowTrace trace = new WorkflowConfigurationFactory(tlsConfig).createWorkflowTrace(WorkflowTraceType.HELLO,
+                RunningModeType.CLIENT);
+        State state = new State(tlsConfig, trace);
+        executeState(state);
+
+        TlsContext context = state.getTlsContext();
+        boolean isDnsKeyRecordAvailable = context.getEsniRecordBytes() != null;
+        boolean isReceivedCorrectNonce = context.getEsniServerNonce() != null
+                && Arrays.equals(context.getEsniServerNonce(), context.getEsniClientNonce());
+        if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, trace)) {
+            return new SniResult(TestResult.ERROR_DURING_TEST);
+        } else if (isDnsKeyRecordAvailable && isReceivedCorrectNonce) {
+            return (new EsniResult(TestResult.TRUE));
+        } else {
+            return (new EsniResult(TestResult.FALSE));
+        }
+    }
+
+    @Override
+    public boolean canBeExecuted(SiteReport report) {
+        return true;
+    }
+
+    @Override
+    public void adjustConfig(SiteReport report) {
+    }
+
+    @Override
+    public ProbeResult getCouldNotExecuteResult() {
+        return new SniResult(TestResult.COULD_NOT_TEST);
+    }
+
+    private List<CipherSuite> getClientSupportedCiphersuites() {
+        List<CipherSuite> cipherSuites = new LinkedList<>();
+        cipherSuites.add(CipherSuite.TLS_AES_128_GCM_SHA256);
+        cipherSuites.add(CipherSuite.TLS_AES_256_GCM_SHA384);
+        return cipherSuites;
+    }
+
+    private List<SignatureAndHashAlgorithm> getTls13SignatureAndHashAlgorithms() {
+        List<SignatureAndHashAlgorithm> algos = new LinkedList<>();
+        algos.add(SignatureAndHashAlgorithm.RSA_SHA256);
+        algos.add(SignatureAndHashAlgorithm.RSA_SHA384);
+        algos.add(SignatureAndHashAlgorithm.RSA_SHA512);
+        algos.add(SignatureAndHashAlgorithm.ECDSA_SHA256);
+        algos.add(SignatureAndHashAlgorithm.ECDSA_SHA384);
+        algos.add(SignatureAndHashAlgorithm.ECDSA_SHA512);
+        algos.add(SignatureAndHashAlgorithm.RSA_PSS_PSS_SHA256);
+        algos.add(SignatureAndHashAlgorithm.RSA_PSS_PSS_SHA384);
+        algos.add(SignatureAndHashAlgorithm.RSA_PSS_PSS_SHA512);
+        algos.add(SignatureAndHashAlgorithm.RSA_PSS_RSAE_SHA256);
+        algos.add(SignatureAndHashAlgorithm.RSA_PSS_RSAE_SHA384);
+        algos.add(SignatureAndHashAlgorithm.RSA_PSS_RSAE_SHA512);
+        return algos;
+    }
+
+    private List<NamedGroup> getImplementedGroups() {
+        List<NamedGroup> list = new LinkedList();
+        list.add(NamedGroup.ECDH_X25519);
+        list.add(NamedGroup.ECDH_X448);
+        list.add(NamedGroup.SECP160K1);
+        list.add(NamedGroup.SECP160R1);
+        list.add(NamedGroup.SECP160R2);
+        list.add(NamedGroup.SECP192K1);
+        list.add(NamedGroup.SECP192R1);
+        list.add(NamedGroup.SECP224K1);
+        list.add(NamedGroup.SECP224R1);
+        list.add(NamedGroup.SECP256K1);
+        list.add(NamedGroup.SECP256R1);
+        list.add(NamedGroup.SECP384R1);
+        list.add(NamedGroup.SECP521R1);
+        list.add(NamedGroup.SECT163K1);
+        list.add(NamedGroup.SECT163R1);
+        list.add(NamedGroup.SECT163R2);
+        list.add(NamedGroup.SECT193R1);
+        list.add(NamedGroup.SECT193R2);
+        list.add(NamedGroup.SECT233K1);
+        list.add(NamedGroup.SECT233R1);
+        list.add(NamedGroup.SECT239K1);
+        list.add(NamedGroup.SECT283K1);
+        list.add(NamedGroup.SECT283R1);
+        list.add(NamedGroup.SECT409K1);
+        list.add(NamedGroup.SECT409R1);
+        list.add(NamedGroup.SECT571K1);
+        list.add(NamedGroup.SECT571R1);
+        return list;
+    }
+
+}

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/AnalyzedProperty.java

@@ -10,6 +10,7 @@
 
 public enum AnalyzedProperty {
 
+    SUPPORTS_ESNI(AnalyzedPropertyCategory.ESNI),
     SUPPORTS_SSL_2(AnalyzedPropertyCategory.VERSIONS),
     SUPPORTS_SSL_3(AnalyzedPropertyCategory.VERSIONS),
     SUPPORTS_TLS_1_0(AnalyzedPropertyCategory.VERSIONS),
@@ -214,7 +215,6 @@ public enum AnalyzedProperty {
     REUSES_GCM_NONCES(AnalyzedPropertyCategory.FRESHNESS),
     REQUIRES_SNI(AnalyzedPropertyCategory.SNI),
     HAS_GNU_TLS_MAGIC_BYTES(AnalyzedPropertyCategory.SESSION_TICKET),
-
     /**
      * CCA Properties
      */

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/AnalyzedPropertyCategory.java

@@ -9,8 +9,9 @@
 package de.rub.nds.tlsscanner.serverscanner.report;
 
 public enum AnalyzedPropertyCategory {
-    SESSION_TICKET,
+    ESNI,
     VERSIONS,
+    SESSION_TICKET,
     CIPHER_SUITES,
     EXTENSIONS,
     SESSION_RESUMPTION,

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/SiteReportPrinter.java

@@ -1316,6 +1316,7 @@ public StringBuilder appendExtensions(StringBuilder builder) {
         prettyAppend(builder, "Tokenbinding", AnalyzedProperty.SUPPORTS_TOKENBINDING);
         prettyAppend(builder, "Certificate Status Request", AnalyzedProperty.SUPPORTS_CERTIFICATE_STATUS_REQUEST);
         prettyAppend(builder, "Certificate Status Request v2", AnalyzedProperty.SUPPORTS_CERTIFICATE_STATUS_REQUEST_V2);
+        prettyAppend(builder, "ESNI", AnalyzedProperty.SUPPORTS_ESNI);
 
         if (report.getResult(AnalyzedProperty.SUPPORTS_TOKENBINDING) == TestResult.TRUE) {
             prettyAppendHeading(builder, "Tokenbinding Version");

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/report/result/EsniResult.java

@@ -0,0 +1,29 @@
+/**
+ * TLS-Scanner - A TLS configuration and analysis tool based on TLS-Attacker.
+ *
+ * Copyright 2017-2019 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.serverscanner.report.result;
+
+import de.rub.nds.tlsscanner.serverscanner.constants.ProbeType;
+import de.rub.nds.tlsscanner.serverscanner.rating.TestResult;
+import de.rub.nds.tlsscanner.serverscanner.report.AnalyzedProperty;
+import de.rub.nds.tlsscanner.serverscanner.report.SiteReport;
+import de.rub.nds.tlsscanner.serverscanner.report.result.ProbeResult;
+
+public class EsniResult extends ProbeResult {
+    private TestResult receivedCorrectNonce;
+
+    public EsniResult(TestResult receivedCorrectNonce) {
+        super(ProbeType.ESNI);
+        this.receivedCorrectNonce = receivedCorrectNonce;
+    }
+
+    @Override
+    public void mergeData(SiteReport report) {
+        report.putResult(AnalyzedProperty.SUPPORTS_ESNI, receivedCorrectNonce);
+    }
+}