Integraded InvalidCurveProbe

Author: ic0ns

src/main/java/de/rub/nds/tlsscanner/TLSScanner.java

@@ -18,6 +18,7 @@
 import de.rub.nds.tlsscanner.probe.CiphersuiteProbe;
 import de.rub.nds.tlsscanner.probe.Cve20162107Probe;
 import de.rub.nds.tlsscanner.probe.HeartbleedProbe;
+import de.rub.nds.tlsscanner.probe.InvalidCurveProbe;
 import de.rub.nds.tlsscanner.probe.PaddingOracleProbe;
 import de.rub.nds.tlsscanner.probe.PoodleProbe;
 import de.rub.nds.tlsscanner.probe.ProtocolVersionProbe;
@@ -79,6 +80,8 @@ public SiteReport scan() {
         testList.add(new PoodleProbe(config));
         testList.add(new TlsPoodleProbe(config));
         testList.add(new Cve20162107Probe(config));
+        testList.add(new InvalidCurveProbe(config));
+        
         // testList.add(new SignatureAndHashAlgorithmProbe(websiteHost));
         ScanJob job = new ScanJob(testList);
         return executor.execute(config, job);

src/main/java/de/rub/nds/tlsscanner/probe/Cve20162107Probe.java

@@ -26,7 +26,7 @@
 public class Cve20162107Probe extends TLSProbe {
 
     public Cve20162107Probe(ScannerConfig config) {
-        super(ProbeType.CVE20172107, config);
+        super(ProbeType.CVE20162107, config);
     }
 
     @Override

src/main/java/de/rub/nds/tlsscanner/probe/InvalidCurveProbe.java

@@ -0,0 +1,47 @@
+/**
+ * TLS-Scanner - A TLS Configuration Analysistool based on TLS-Attacker
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsscanner.probe;
+
+import de.rub.nds.tlsattacker.attacks.config.InvalidCurveAttackConfig;
+import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.impl.InvalidCurveAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
+import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
+import de.rub.nds.tlsscanner.config.ScannerConfig;
+import de.rub.nds.tlsscanner.report.ProbeResult;
+import de.rub.nds.tlsscanner.report.ResultValue;
+import de.rub.nds.tlsscanner.report.check.CheckType;
+import de.rub.nds.tlsscanner.report.check.TLSCheck;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author Robert Merget - [email protected]
+ */
+public class InvalidCurveProbe extends TLSProbe {
+
+    public InvalidCurveProbe(ScannerConfig config) {
+        super(ProbeType.INVALID_CURVE, config);
+    }
+
+    @Override
+    public ProbeResult call() {
+        LOGGER.debug("Starting InvalidCurveProbe");
+        InvalidCurveAttackConfig invalidCurveAttackConfig = new InvalidCurveAttackConfig(getScannerConfig().getGeneralDelegate());
+        ClientDelegate delegate = (ClientDelegate) invalidCurveAttackConfig.getDelegate(ClientDelegate.class);
+        delegate.setHost(getScannerConfig().getClientDelegate().getHost());
+        InvalidCurveAttacker attacker = new InvalidCurveAttacker(invalidCurveAttackConfig);
+        Boolean vulnerable = attacker.isVulnerable();
+        TLSCheck check = new TLSCheck(vulnerable, CheckType.ATTACK_INVALID_CURVE, 10);
+        List<TLSCheck> checkList = new LinkedList<>();
+        checkList.add(check);
+        return new ProbeResult(getType(), new LinkedList<ResultValue>(), checkList);
+    }
+}

src/main/java/de/rub/nds/tlsscanner/probe/ProbeType.java

@@ -20,9 +20,10 @@ public enum ProbeType {
     BLEICHENBACHER,
     NAMED_CURVES,
     PADDING_ORACLE,
-    CVE20172107,
+    CVE20162107,
     POODLE,
     TLS_POODLE,
     PROTOCOL_VERSION,
+    INVALID_CURVE,
     SIGNATURE_AND_HASH,
 }

src/main/java/de/rub/nds/tlsscanner/report/check/CheckType.java

@@ -32,5 +32,6 @@ public enum CheckType {
     ATTACK_HEARTBLEED,
     ATTACK_POODLE,
     ATTACK_TLS_POODLE,
-    ATTACK_CVE20162107
+    ATTACK_CVE20162107,
+    ATTACK_INVALID_CURVE
 }