Merge origin/master into STARTTLS

.gitignore

@@ -6,4 +6,38 @@ pom.xml.next
 release.properties
 /apps/
 nbproject/
-nbactions.xml
+nbactions.xml.project
+.settings/org.eclipse.core.resources.prefs
+Attacks/.classpath
+Attacks/.project
+Attacks/.settings/org.eclipse.core.resources.prefs
+Attacks/.settings/org.eclipse.jdt.core.prefs
+TLS-Client/.classpath
+TLS-Client/.project
+TLS-Client/.settings/org.eclipse.core.resources.prefs
+TLS-Client/.settings/org.eclipse.jdt.core.prefs
+TLS-Core/.classpath
+TLS-Core/.project
+TLS-Core/.settings/org.eclipse.core.resources.prefs
+TLS-Core/.settings/org.eclipse.jdt.core.prefs
+TLS-Mitm/.classpath
+TLS-Mitm/.project
+TLS-Mitm/.settings/org.eclipse.core.resources.prefs
+TLS-Mitm/.settings/org.eclipse.jdt.core.prefs
+TLS-Server/.classpath
+TLS-Server/.project
+TLS-Server/.settings/org.eclipse.core.resources.prefs
+TLS-Server/.settings/org.eclipse.jdt.core.prefs
+TraceTool/.classpath
+TraceTool/.project
+TraceTool/.settings/org.eclipse.core.resources.prefs
+TraceTool/.settings/org.eclipse.jdt.core.prefs
+Transport/.classpath
+Transport/.project
+Transport/.settings/org.eclipse.core.resources.prefs
+Transport/.settings/org.eclipse.jdt.core.prefs
+Utils/.classpath
+Utils/.project
+Utils/.settings/org.eclipse.core.resources.prefs
+Utils/.settings/org.eclipse.jdt.core.prefs
+.project

Attacks/early_finished.xml

@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<workflowTrace>
+    <Send>
+        <messages>
+            <ClientHello>
+                <extensions>
+                    <ECPointFormat/>
+                    <EllipticCurves/>
+                    <RenegotiationInfoExtension/>
+                </extensions>
+            </ClientHello>
+        </messages>
+    </Send>
+    <Receive>
+        <expectedMessages>
+            <ServerHello>
+                <extensions>
+                    <ECPointFormat/>
+                    <RenegotiationInfoExtension/>
+                </extensions>
+            </ServerHello>
+            <Certificate/>
+            <ServerHelloDone/>
+        </expectedMessages>
+    </Receive>
+    <Send>
+        <messages>
+            <RSAClientKeyExchange/>
+            <ChangeCipherSpec/>
+        </messages>
+    </Send>
+    <Receive>
+        <expectedMessages>
+            <ChangeCipherSpec/>
+            <Finished/>
+        </expectedMessages>
+    </Receive>
+</workflowTrace>

Attacks/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>2.3</version>
+        <version>2.5</version>
     </parent>
     <artifactId>Attacks</artifactId>
     <packaging>jar</packaging>

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/Main.java

@@ -10,29 +10,31 @@
 
 import com.beust.jcommander.JCommander;
 import de.rub.nds.tlsattacker.attacks.config.BleichenbacherCommandConfig;
-import de.rub.nds.tlsattacker.attacks.config.PskBruteForcerAttackServerCommandConfig;
-import de.rub.nds.tlsattacker.attacks.config.PskBruteForcerAttackClientCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.Cve20162107CommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.DrownCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.EarlyCCSCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.HeartbleedCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.InvalidCurveAttackConfig;
 import de.rub.nds.tlsattacker.attacks.config.PaddingOracleCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.PoodleCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.PskBruteForcerAttackClientCommandConfig;
+import de.rub.nds.tlsattacker.attacks.config.PskBruteForcerAttackServerCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.SimpleMitmProxyCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.TLSPoodleCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.TooManyAlgorithmsAttackConfig;
 import de.rub.nds.tlsattacker.attacks.config.WinshockCommandConfig;
 import de.rub.nds.tlsattacker.attacks.config.delegate.GeneralAttackDelegate;
 import de.rub.nds.tlsattacker.attacks.impl.Attacker;
 import de.rub.nds.tlsattacker.attacks.impl.BleichenbacherAttacker;
-import de.rub.nds.tlsattacker.attacks.impl.PskBruteForcerAttackServer;
-import de.rub.nds.tlsattacker.attacks.impl.PskBruteForcerAttackClient;
 import de.rub.nds.tlsattacker.attacks.impl.Cve20162107Attacker;
+import de.rub.nds.tlsattacker.attacks.impl.DrownAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.EarlyCCSAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.HeartbleedAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.InvalidCurveAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.PaddingOracleAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.PoodleAttacker;
+import de.rub.nds.tlsattacker.attacks.impl.PskBruteForcerAttackClient;
+import de.rub.nds.tlsattacker.attacks.impl.PskBruteForcerAttackServer;
 import de.rub.nds.tlsattacker.attacks.impl.SimpleMitmProxy;
 import de.rub.nds.tlsattacker.attacks.impl.TLSPoodleAttacker;
 import de.rub.nds.tlsattacker.attacks.impl.TooManyAlgorithmsAttacker;
@@ -88,6 +90,8 @@ public static void main(String[] args) {
         jc.addCommand(SimpleMitmProxyCommandConfig.ATTACK_COMMAND, simpleMitmProxy);
         TooManyAlgorithmsAttackConfig tooManyAlgorithms = new TooManyAlgorithmsAttackConfig(generalDelegate);
         jc.addCommand(TooManyAlgorithmsAttackConfig.ATTACK_COMMAND, tooManyAlgorithms);
+        DrownCommandConfig drownConfig = new DrownCommandConfig(generalDelegate);
+        jc.addCommand(DrownCommandConfig.COMMAND, drownConfig);
         // TokenBindingMitmCommandConfig tokenBindingMitm = new
         // TokenBindingMitmCommandConfig(generalDelegate);
         // jc.addCommand(TokenBindingMitmCommandConfig.ATTACK_COMMAND,
@@ -149,7 +153,9 @@ public static void main(String[] args) {
             case PskBruteForcerAttackServerCommandConfig.ATTACK_COMMAND:
                 attacker = new PskBruteForcerAttackServer(pskBruteForcerAttackServerTest);
                 break;
-
+            case DrownCommandConfig.COMMAND:
+                attacker = new DrownAttacker(drownConfig);
+                break;
             // case TokenBindingMitmCommandConfig.ATTACK_COMMAND:
             // attacker = new TokenBindingMitm(tokenBindingMitm);
             // break;

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/actions/EarlyCcsAction.java

@@ -0,0 +1,76 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.actions;
+
+import de.rub.nds.modifiablevariable.bool.BooleanExplicitValueModification;
+import de.rub.nds.modifiablevariable.bool.ModifiableBoolean;
+import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
+import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
+import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
+import de.rub.nds.tlsattacker.core.protocol.handler.ClientKeyExchangeHandler;
+import de.rub.nds.tlsattacker.core.protocol.message.ClientKeyExchangeMessage;
+import de.rub.nds.tlsattacker.core.record.AbstractRecord;
+import de.rub.nds.tlsattacker.core.record.Record;
+import de.rub.nds.tlsattacker.core.state.State;
+import de.rub.nds.tlsattacker.core.workflow.action.TlsAction;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
+import java.io.IOException;
+import java.util.LinkedList;
+import java.util.List;
+
+/**
+ *
+ * @author robert
+ */
+public class EarlyCcsAction extends TlsAction {
+
+    private Boolean targetOpenssl1_0_0;
+
+    public EarlyCcsAction(Boolean adjustContext) {
+        this.targetOpenssl1_0_0 = adjustContext;
+    }
+
+    @Override
+    public void execute(State state) throws WorkflowExecutionException, IOException {
+        Record r = new Record();
+        WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(state.getConfig());
+        ClientKeyExchangeMessage message = factory.createClientKeyExchangeMessage(AlgorithmResolver
+                .getKeyExchangeAlgorithm(state.getTlsContext().getSelectedCipherSuite()));
+        ModifiableBoolean modifiableBoolean = new ModifiableBoolean();
+        modifiableBoolean.setModification(new BooleanExplicitValueModification(false));
+        if (!targetOpenssl1_0_0) {
+            message.setIncludeInDigest(modifiableBoolean);
+        }
+        message.setAdjustContext(modifiableBoolean);
+        ClientKeyExchangeHandler handler = (ClientKeyExchangeHandler) message.getHandler(state.getTlsContext());
+        byte[] protocolMessageBytes = handler.prepareMessage(message);
+        if (targetOpenssl1_0_0) {
+            handler.adjustPremasterSecret(message);
+            handler.adjustMasterSecret(message);
+        }
+        handler.adjustTlsContextAfterSerialize(message);
+        List<AbstractRecord> recordList = new LinkedList<>();
+        recordList.add(new Record());
+        byte[] prepareRecords = state.getTlsContext().getRecordLayer()
+                .prepareRecords(protocolMessageBytes, ProtocolMessageType.HANDSHAKE, recordList);
+        state.getTlsContext().getTransportHandler().sendData(prepareRecords);
+        setExecuted(true);
+    }
+
+    @Override
+    public void reset() {
+        // nothing to do;
+    }
+
+    @Override
+    public boolean executedAsPlanned() {
+        return isExecuted();
+    }
+
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/bruteforce/GuessProvider.java

@@ -0,0 +1,24 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.bruteforce;
+
+public abstract class GuessProvider {
+
+    private final GuessProviderType type;
+
+    public GuessProvider(GuessProviderType type) {
+        this.type = type;
+    }
+
+    public abstract byte[] getGuess();
+
+    public GuessProviderType getType() {
+        return type;
+    }
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/bruteforce/GuessProviderFactory.java

@@ -0,0 +1,25 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.bruteforce;
+
+import java.io.InputStream;
+
+public class GuessProviderFactory {
+
+    public static GuessProvider createGuessProvider(GuessProviderType type, InputStream guessSource) {
+        switch (type) {
+            case INCREMENTING:
+                return new IncrementingGuessProvider();
+            case WORDLIST:
+                return new WordListGuessProvider(guessSource);
+            default:
+                throw new UnsupportedOperationException("Guess provider \"" + type + "\" is not supported");
+        }
+    }
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/bruteforce/GuessProviderType.java

@@ -0,0 +1,14 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.bruteforce;
+
+public enum GuessProviderType {
+    INCREMENTING,
+    WORDLIST
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/bruteforce/IncrementingGuessProvider.java

@@ -0,0 +1,51 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.bruteforce;
+
+public class IncrementingGuessProvider extends GuessProvider {
+
+    private byte[] lastGuess = null;
+
+    private int size = 0;
+
+    public IncrementingGuessProvider() {
+        super(GuessProviderType.INCREMENTING);
+    }
+
+    @Override
+    public byte[] getGuess() {
+        byte[] guess = getIncrementedGuess();
+        return guess;
+    }
+
+    public byte[] getIncrementedGuess() {
+        if (lastGuess == null) {
+            lastGuess = new byte[size];
+        } else {
+            lastGuess = createdIncrementedAtPosition(lastGuess, 0);
+            if (lastGuess == null) {
+                size++;
+                lastGuess = new byte[size];
+            }
+        }
+        return lastGuess;
+    }
+
+    public byte[] createdIncrementedAtPosition(byte[] array, int position) {
+        if (array.length > position) {
+            array[position] = (byte) (array[position] + 1);
+            if (array[position] == 0) {
+                return createdIncrementedAtPosition(array, position + 1);
+            }
+            return array;
+        } else {
+            return null;
+        }
+    }
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/bruteforce/WordListGuessProvider.java

@@ -0,0 +1,38 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2017 Ruhr University Bochum / Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+package de.rub.nds.tlsattacker.attacks.bruteforce;
+
+import de.rub.nds.modifiablevariable.util.ArrayConverter;
+import java.io.BufferedReader;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.InputStreamReader;
+
+public class WordListGuessProvider extends GuessProvider {
+
+    private final BufferedReader bufferedReader;
+
+    public WordListGuessProvider(InputStream stream) {
+        super(GuessProviderType.WORDLIST);
+        bufferedReader = new BufferedReader(new InputStreamReader(stream));
+    }
+
+    @Override
+    public byte[] getGuess() {
+        try {
+            String line = bufferedReader.readLine();
+            if (line == null) {
+                return null;
+            }
+            return ArrayConverter.hexStringToByteArray(line);
+        } catch (IOException ex) {
+            return null;
+        }
+    }
+}

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/BleichenbacherCommandConfig.java

@@ -90,7 +90,7 @@ public Config createConfig() {
         }
         config.setQuickReceive(true);
         config.setEarlyStop(true);
-        config.setAddSignatureAndHashAlgrorithmsExtension(true);
+        config.setAddSignatureAndHashAlgorithmsExtension(true);
         config.setStopActionsAfterFatal(true);
         config.setAddECPointFormatExtension(false);
         config.setAddEllipticCurveExtension(false);

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/Cve20162107CommandConfig.java

@@ -19,7 +19,6 @@
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
-import de.rub.nds.tlsattacker.transport.TransportHandlerType;
 import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;