de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig Maven / Gradle / Ivy

/**
 * TLS-Attacker - A Modular Penetration Testing Framework for TLS
 *
 * Copyright 2014-2021 Ruhr University Bochum, Paderborn University, Hackmanit GmbH
 *
 * Licensed under Apache License, Version 2.0
 * http://www.apache.org/licenses/LICENSE-2.0.txt
 */

package de.rub.nds.tlsattacker.attacks.config;

import com.beust.jcommander.Parameter;
import com.beust.jcommander.ParametersDelegate;
import de.rub.nds.tlsattacker.attacks.constants.PaddingRecordGeneratorType;
import de.rub.nds.tlsattacker.attacks.constants.PaddingVectorGeneratorType;
import de.rub.nds.tlsattacker.core.config.Config;
import de.rub.nds.tlsattacker.core.config.delegate.CipherSuiteDelegate;
import de.rub.nds.tlsattacker.core.config.delegate.ClientDelegate;
import de.rub.nds.tlsattacker.core.config.delegate.GeneralDelegate;
import de.rub.nds.tlsattacker.core.config.delegate.ProtocolVersionDelegate;
import de.rub.nds.tlsattacker.core.config.delegate.StarttlsDelegate;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.CipherSuite;
import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
import java.util.LinkedList;
import java.util.List;

/**
 *
 */
public class PaddingOracleCommandConfig extends AttackConfig {

    /**
     *
     */
    public static final String ATTACK_COMMAND = "padding_oracle";

    @Parameter(names = "-recordEngine", description = "The record generator used for the PaddingOracle")
    private PaddingRecordGeneratorType recordGeneratorType = PaddingRecordGeneratorType.SHORT;

    @Parameter(names = "-vectorEngine", description = "The vector generator used for the PaddingOracle")
    private PaddingVectorGeneratorType vectorGeneratorType = PaddingVectorGeneratorType.CLASSIC;

    @ParametersDelegate
    private ClientDelegate clientDelegate;

    @ParametersDelegate
    private CipherSuiteDelegate ciphersuiteDelegate;

    @ParametersDelegate
    private ProtocolVersionDelegate protocolVersionDelegate;

    @ParametersDelegate
    private StarttlsDelegate starttlsDelegate;

    /**
     * How many rescans should be done
     */
    private int numberOfIterations = 3;

    /**
     *
     * @param delegate
     */
    public PaddingOracleCommandConfig(GeneralDelegate delegate) {
        super(delegate);
        clientDelegate = new ClientDelegate();
        ciphersuiteDelegate = new CipherSuiteDelegate();
        protocolVersionDelegate = new ProtocolVersionDelegate();
        starttlsDelegate = new StarttlsDelegate();
        addDelegate(clientDelegate);
        addDelegate(ciphersuiteDelegate);
        addDelegate(protocolVersionDelegate);
        addDelegate(starttlsDelegate);
    }

    /**
     *
     * @return
     */
    public PaddingRecordGeneratorType getRecordGeneratorType() {
        return recordGeneratorType;
    }

    /**
     *
     * @param recordGeneratorType
     */
    public void setRecordGeneratorType(PaddingRecordGeneratorType recordGeneratorType) {
        this.recordGeneratorType = recordGeneratorType;
    }

    /**
     *
     * @return
     */
    public PaddingVectorGeneratorType getVectorGeneratorType() {
        return vectorGeneratorType;
    }

    /**
     *
     * @param vectorGeneratorType
     */
    public void setVectorGeneratorType(PaddingVectorGeneratorType vectorGeneratorType) {
        this.vectorGeneratorType = vectorGeneratorType;
    }

    /**
     *
     * @return
     */
    @Override
    public boolean isExecuteAttack() {
        return false;
    }

    @Override
    public Config createConfig() {
        return this.createConfig(super.createConfig());
    }

    /**
     *
     * @param  config
     * @return
     */
    @Override
    public Config createConfig(Config config) {
        super.createConfig(config);
        if (ciphersuiteDelegate.getCipherSuites() == null) {
            List cipherSuites = new LinkedList<>();
            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA);
            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA);
            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_128_CBC_SHA256);
            cipherSuites.add(CipherSuite.TLS_RSA_WITH_AES_256_CBC_SHA256);
            config.setDefaultClientSupportedCipherSuites(cipherSuites);
        }
        for (CipherSuite suite : config.getDefaultClientSupportedCipherSuites()) {
            if (!suite.isCBC()) {
                throw new ConfigurationException("This attack only works with CBC Cipher suites");
            }
        }
        config.setQuickReceive(true);
        config.setAddRenegotiationInfoExtension(true);
        config.setAddServerNameIndicationExtension(true);
        config.setAddSignatureAndHashAlgorithmsExtension(true);
        config.setStopActionsAfterIOException(true);
        config.setStopActionsAfterFatal(false);
        config.setStopReceivingAfterFatal(false);
        config.setEarlyStop(true);
        config.setWorkflowExecutorShouldClose(false);
        boolean containsEc = false;
        for (CipherSuite suite : config.getDefaultClientSupportedCipherSuites()) {
            KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(suite);
            if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) {
                containsEc = true;
                break;
            }
        }
        config.setAddECPointFormatExtension(containsEc);
        config.setAddEllipticCurveExtension(containsEc);

        return config;
    }

    public int getNumberOfIterations() {
        return numberOfIterations;
    }

    public void setNumberOfIterations(int mapListDepth) {
        this.numberOfIterations = mapListDepth;
    }

    public CipherSuiteDelegate getCipherSuiteDelegate() {
        return ciphersuiteDelegate;
    }

    public ProtocolVersionDelegate getProtocolVersionDelegate() {
        return protocolVersionDelegate;
    }
}