Merge pull request #225 from tls-attacker/serverClosesConnection

Connection Closing Probe

Author: NErinola

TLS-Client-Scanner/src/main/java/de/rub/nds/tlsscanner/clientscanner/execution/TlsClientScanner.java

@@ -42,11 +42,11 @@ public TlsClientScanner(ClientScannerConfig config, Function<State, Integer> cli
         parallelExecutor = new ParallelExecutor(config.getOverallThreads(), 3);
         parallelExecutor.setDefaultBeforeTransportInitCallback(clientAfterPreInitCallback);
         parallelExecutor.setDefaultBeforeTransportPreInitCallback(createConnectionHook());
-        fillDefaultProbeLists();
+        fillProbeLists();
     }
 
     @Override
-    protected void fillDefaultProbeLists() {
+    protected void fillProbeLists() {
         addProbeToProbeList(new BasicProbe(parallelExecutor, config));
         addProbeToProbeList(new DheParameterProbe(parallelExecutor, config));
         addProbeToProbeList(new ForcedCompressionProbe(parallelExecutor, config));

TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/TlsAnalyzedProperty.java

@@ -129,6 +129,7 @@ public enum TlsAnalyzedProperty implements AnalyzedProperty {
     SUPPORTS_UNCOMPRESSED_POINT(TlsAnalyzedPropertyCategory.EC),
     SUPPORTS_ANSIX962_COMPRESSED_PRIME(TlsAnalyzedPropertyCategory.EC),
     SUPPORTS_ANSIX962_COMPRESSED_CHAR2(TlsAnalyzedPropertyCategory.EC),
+    HANDSHAKES_WITH_UNDEFINED_POINT_FORMAT(TlsAnalyzedPropertyCategory.EC),
     SUPPORTS_TLS13_SECP_COMPRESSION(TlsAnalyzedPropertyCategory.EC),
     SUPPORTS_EXPLICIT_PRIME_CURVE(TlsAnalyzedPropertyCategory.EC),
     SUPPORTS_EXPLICIT_CHAR2_CURVE(TlsAnalyzedPropertyCategory.EC),

TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/constants/TlsProbeType.java

@@ -62,6 +62,7 @@ public enum TlsProbeType implements ProbeType {
     CROSS_PROTOCOL_ALPACA("Alpaca attack"),
     RANDOMNESS("Randomness"),
     TLS_FALLBACK_SCSV("TLS Fallback SCSV"),
+    CONNECTION_CLOSING_DELTA("Connection Closing Delta"),
     // CLIENT SPECIFIC PROBES
     FORCED_COMPRESSION("Forced Compression"),
     FREAK("Freak"),

TLS-Scanner-Core/src/main/java/de/rub/nds/tlsscanner/core/execution/TlsScanner.java

@@ -31,10 +31,15 @@ public TlsScanner(List<ScannerProbe> probeList, List<AfterProbe> afterList, List
         this.probeList = probeList;
     }
 
-    protected abstract void fillDefaultProbeLists();
+    protected abstract void fillProbeLists();
 
     protected void addProbeToProbeList(TlsProbe probe) {
-        if (probeTypesToExecute == null || probeTypesToExecute.contains(probe.getType())) {
+        addProbeToProbeList(probe, true);
+    }
+
+    protected void addProbeToProbeList(TlsProbe probe, boolean addByDefault) {
+        if ((probeTypesToExecute == null && addByDefault)
+            || (probeTypesToExecute != null && probeTypesToExecute.contains(probe.getType()))) {
             probeList.add(probe);
         }
     }

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/execution/TlsServerScanner.java

@@ -60,6 +60,7 @@
 import de.rub.nds.tlsscanner.serverscanner.probe.CipherSuiteProbe;
 import de.rub.nds.tlsscanner.serverscanner.probe.CommonBugProbe;
 import de.rub.nds.tlsscanner.serverscanner.probe.CompressionsProbe;
+import de.rub.nds.tlsscanner.serverscanner.probe.ConnectionClosingProbe;
 import de.rub.nds.tlsscanner.serverscanner.probe.DirectRaccoonProbe;
 import de.rub.nds.tlsscanner.serverscanner.probe.DrownProbe;
 import de.rub.nds.tlsscanner.serverscanner.probe.DtlsBugsProbe;
@@ -122,7 +123,7 @@ public TlsServerScanner(ServerScannerConfig config) {
         parallelExecutor = new ParallelExecutor(config.getOverallThreads(), 3,
             new NamedThreadFactory(config.getClientDelegate().getHost() + "-Worker"));
         setCallbacks();
-        fillDefaultProbeLists();
+        fillProbeLists();
     }
 
     public TlsServerScanner(ServerScannerConfig config, ParallelExecutor parallelExecutor) {
@@ -132,7 +133,7 @@ public TlsServerScanner(ServerScannerConfig config, ParallelExecutor parallelExe
         this.parallelExecutor = parallelExecutor;
         closeAfterFinishParallel = false;
         setCallbacks();
-        fillDefaultProbeLists();
+        fillProbeLists();
     }
 
     public TlsServerScanner(ServerScannerConfig config, ParallelExecutor parallelExecutor, List<ScannerProbe> probeList,
@@ -171,7 +172,7 @@ private void setCallbacks() {
     }
 
     @Override
-    protected void fillDefaultProbeLists() {
+    protected void fillProbeLists() {
         if (config.getAdditionalRandomnessHandshakes() > 0) {
             addProbeToProbeList(new RandomnessProbe(configSelector, parallelExecutor));
         }
@@ -203,7 +204,6 @@ protected void fillDefaultProbeLists() {
         addProbeToProbeList(new SignatureAndHashAlgorithmProbe(configSelector, parallelExecutor));
         addProbeToProbeList(new SignatureHashAlgorithmOrderProbe(configSelector, parallelExecutor));
         addProbeToProbeList(new TlsFallbackScsvProbe(configSelector, parallelExecutor));
-        // Init StatsWriter
 
         afterList.add(new Sweet32AfterProbe());
         afterList.add(new FreakAfterProbe());
@@ -236,8 +236,10 @@ protected void fillDefaultProbeLists() {
                 addProbeToProbeList(new HttpFalseStartProbe(configSelector, parallelExecutor));
             }
             addProbeToProbeList(new DrownProbe(configSelector, parallelExecutor));
+            addProbeToProbeList(new ConnectionClosingProbe(configSelector, parallelExecutor), false);
             afterList.add(new PoodleAfterProbe());
         }
+        // Init StatsWriter
         setDefaultProbeWriter();
     }
 

TLS-Server-Scanner/src/main/java/de/rub/nds/tlsscanner/serverscanner/probe/ConnectionClosingProbe.java

@@ -0,0 +1,126 @@
+/**
+ * TLS-Server-Scanner - A TLS configuration and analysis tool based on TLS-Attacker
+ *
+ * Copyright 2017-2022 Ruhr University Bochum, Paderborn University, Hackmanit GmbH
+ *
+ * Licensed under Apache License, Version 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0.txt
+ */
+
+package de.rub.nds.tlsscanner.serverscanner.probe;
+
+import de.rub.nds.scanner.core.constants.TestResults;
+import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.constants.CipherSuite;
+import de.rub.nds.tlsattacker.core.constants.NamedGroup;
+import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
+import de.rub.nds.tlsattacker.core.constants.RunningModeType;
+import de.rub.nds.tlsattacker.core.https.HttpsRequestMessage;
+import de.rub.nds.tlsattacker.core.protocol.message.ApplicationMessage;
+import de.rub.nds.tlsattacker.core.state.State;
+import de.rub.nds.tlsattacker.core.workflow.ParallelExecutor;
+import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
+import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
+import de.rub.nds.tlsattacker.transport.socket.SocketState;
+import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler;
+import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty;
+import de.rub.nds.tlsscanner.core.constants.TlsProbeType;
+import de.rub.nds.tlsscanner.core.probe.TlsProbe;
+import de.rub.nds.tlsscanner.serverscanner.config.ServerScannerConfig;
+import de.rub.nds.tlsscanner.serverscanner.probe.result.ConnectionClosingResult;
+import de.rub.nds.tlsscanner.serverscanner.report.ServerReport;
+import de.rub.nds.tlsscanner.serverscanner.selector.ConfigSelector;
+import java.io.IOException;
+
+/**
+ * Determines when the server closes the connection. It's meant for tests in the lab so we limit the probe. Note that
+ * NO_RESULT may indicate that we couldn't identify a closing delta, i.e the server didn't close the connection within
+ * our limit or the probe could not be executed.
+ */
+public class ConnectionClosingProbe extends TlsServerProbe<ConfigSelector, ServerReport, ConnectionClosingResult> {
+
+    public static final long NO_RESULT = -1;
+    private static final long LIMIT = 5000;
+
+    private boolean useHttpAppData = false;
+
+    public ConnectionClosingProbe(ConfigSelector configSelector, ParallelExecutor parallelExecutor) {
+        super(parallelExecutor, TlsProbeType.CONNECTION_CLOSING_DELTA, configSelector);
+    }
+
+    @Override
+    public ConnectionClosingResult executeTest() {
+        Config tlsConfig = configSelector.getBaseConfig();
+        configSelector.repairConfig(tlsConfig);
+        tlsConfig.setWorkflowTraceType(WorkflowTraceType.HTTPS);
+        tlsConfig.setWorkflowExecutorShouldClose(false);
+
+        WorkflowTrace handshakeOnly = getWorkflowTrace(tlsConfig);
+        WorkflowTrace handshakeWithAppData = getWorkflowTrace(tlsConfig);
+        if (useHttpAppData) {
+            handshakeWithAppData.addTlsAction(new SendAction(new HttpsRequestMessage(tlsConfig)));
+        } else {
+            handshakeWithAppData.addTlsAction(new SendAction(new ApplicationMessage(tlsConfig)));
+        }
+
+        return new ConnectionClosingResult(evaluateClosingDelta(tlsConfig, handshakeOnly),
+            evaluateClosingDelta(tlsConfig, handshakeWithAppData));
+    }
+
+    public WorkflowTrace getWorkflowTrace(Config tlsConfig) {
+        WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(tlsConfig);
+        return factory.createWorkflowTrace(WorkflowTraceType.HANDSHAKE, RunningModeType.CLIENT);
+    }
+
+    private long evaluateClosingDelta(Config tlsConfig, WorkflowTrace workflowTrace) {
+        State state = new State(tlsConfig, workflowTrace);
+        executeState(state);
+        long delta = 0;
+        SocketState socketState = null;
+        do {
+            try {
+                socketState = (((TcpTransportHandler) (state.getTlsContext().getTransportHandler())).getSocketState());
+                switch (socketState) {
+                    case CLOSED:
+                    case IO_EXCEPTION:
+                    case PEER_WRITE_CLOSED:
+                    case SOCKET_EXCEPTION:
+                    case TIMEOUT:
+                        closeSocket(state);
+                        return delta;
+                    default:
+                }
+                Thread.sleep(10);
+                delta += 10;
+            } catch (InterruptedException ignored) {
+            }
+        } while (delta < LIMIT);
+        closeSocket(state);
+        return NO_RESULT;
+    }
+
+    public void closeSocket(State state) {
+        try {
+            state.getTlsContext().getTransportHandler().closeConnection();
+        } catch (IOException ignored) {
+        }
+    }
+
+    @Override
+    public boolean canBeExecuted(ServerReport report) {
+        return report.isProbeAlreadyExecuted(TlsProbeType.HTTP_HEADER);
+    }
+
+    @Override
+    public ConnectionClosingResult getCouldNotExecuteResult() {
+        return new ConnectionClosingResult(NO_RESULT, NO_RESULT);
+    }
+
+    @Override
+    public void adjustConfig(ServerReport report) {
+        useHttpAppData = report.getResult(TlsAnalyzedProperty.SUPPORTS_HTTPS) == TestResults.TRUE;
+    }
+
+}