FIX #718 (added TLS padding to ticketbleed handshake). Also added TLS extension Signature Algorithms

This commit is contained in:
Dirk 2017-05-09 17:29:57 +02:00
parent 23e6209beb
commit 9ed47eaa19

View File

@ -9104,7 +9104,7 @@ get_session_ticket_tls() {
local sessticket_tls="" local sessticket_tls=""
#FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output from a previous handshake) --> would save 1x connect #FIXME: we likely have done this already before (either @ run_server_defaults() or at least the output from a previous handshake) --> would save 1x connect
#ATTENTION: we don't do SNI here as we assume this is a vulnerabilty of the TLS stack. If we do SNI here, we'd also need to do it in the ClientHello #ATTENTION: we DO NOT do SNI here as we assume this is a vulnerabilty of the TLS stack. If we do SNI here, we'd also need to do it in the ClientHello
# of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work! # of run_ticketbleed() otherwise the ticket will be different and the whole thing won't work!
sessticket_tls="$($OPENSSL s_client $BUGS $OPTIMAL_PROTO $PROXY -connect $NODEIP:$PORT </dev/null 2>$ERRFILE | awk '/TLS session ticket:/,/^$/' | awk '!/TLS session ticket/')" sessticket_tls="$($OPENSSL s_client $BUGS $OPTIMAL_PROTO $PROXY -connect $NODEIP:$PORT </dev/null 2>$ERRFILE | awk '/TLS session ticket:/,/^$/' | awk '!/TLS session ticket/')"
sessticket_tls="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_tls" | tr '\n' ',')" sessticket_tls="$(sed -e 's/^.* - /x/g' -e 's/ .*$//g' <<< "$sessticket_tls" | tr '\n' ',')"
@ -9115,7 +9115,7 @@ get_session_ticket_tls() {
# see https://blog.filippo.io/finding-ticketbleed/ | http://ticketbleed.com/ # see https://blog.filippo.io/finding-ticketbleed/ | http://ticketbleed.com/
run_ticketbleed() { run_ticketbleed() {
local session_tckt_tls="" local session_tckt_tls=""
local -i len_ch=216 # fixed len of clienthello below local -i len_ch=300 # fixed len of prepared clienthello below
local sid="x00,x0B,xAD,xC0,xDE,x00," # some abitratry bytes local sid="x00,x0B,xAD,xC0,xDE,x00," # some abitratry bytes
local len_sid="$(( ${#sid} / 4))" local len_sid="$(( ${#sid} / 4))"
local xlen_sid="$(dec02hex $len_sid)" local xlen_sid="$(dec02hex $len_sid)"
@ -9181,12 +9181,12 @@ run_ticketbleed() {
client_hello=" client_hello="
# TLS header (5 bytes) # TLS header (5 bytes)
,x16, # Content type (x16 for handshake) ,x16, # Content type (x16 for handshake)
x03, x01, # TLS version record layer x03,x01, # TLS version record layer
# Length Secure Socket Layer follows: # Length Secure Socket Layer follows:
$xlen_handshake_ssl_layer, $xlen_handshake_ssl_layer,
# Handshake header # Handshake header
x01, # Type (x01 for ClientHello) x01, # Type (x01 for ClientHello)
# Length of client hello follows: # Length of ClientHello follows:
x00, $xlen_handshake_record_layer, x00, $xlen_handshake_record_layer,
$tls_hexcode, # TLS Version $tls_hexcode, # TLS Version
# Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html # Random (32 byte) Unix time etc, see www.moserware.com/2009/06/first-few-milliseconds-of-https.html
@ -9196,39 +9196,63 @@ run_ticketbleed() {
x03, x90, x9f, x77, x04, x33, xff, xff, x03, x90, x9f, x77, x04, x33, xff, xff,
$xlen_sid, # Session ID length $xlen_sid, # Session ID length
$sid $sid
x00, x66, # Cipher suites length
# Cipher suites (51 suites) x00, x6a, # Cipher suites length 106
xc0, x14, xc0, x0a, xc0, x22, xc0, x21, # 53 Cipher suites
x00, x39, x00, x38, x00, x88, x00, x87, xc0,x14, xc0,x13, xc0,x0a, xc0,x21,
xc0, x0f, xc0, x05, x00, x35, x00, x84, x00,x39, x00,x38, x00,x88, x00,x87,
xc0, x12, xc0, x08, xc0, x1c, xc0, x1b, xc0,x0f, xc0,x05, x00,x35, x00,x84,
x00, x16, x00, x13, xc0, x0d, xc0, x03, xc0,x12, xc0,x08, xc0,x1c, xc0,x1b,
x00, x0a, xc0, x13, xc0, x09, xc0, x1f, x00,x16, x00,x13, xc0,x0d, xc0,x03,
xc0, x1e, x00, x33, x00, x32, x00, x9a, x00,x0a, xc0,x13, xc0,x09, xc0,x1f,
x00, x99, x00, x45, x00, x44, xc0, x0e, xc0,x1e, x00,x33, x00,x32, x00,x9a,
xc0, x04, x00, x2f, x00, x96, x00, x41, x00,x99, x00,x45, x00,x44, xc0,x0e,
xc0, x11, xc0, x07, xc0, x0c, xc0, x02, xc0,x04, x00,x2f, x00,x96, x00,x41,
x00, x05, x00, x04, x00, x15, x00, x12, xc0,x11, xc0,x07, xc0,x0c, xc0,x02,
x00, x09, x00, x14, x00, x11, x00, x08, x00,x05, x00,x04, x00,x15, x00,x12,
x00, x06, x00, x03, x00, xff, xc0,x30, xc0,x2f, x00,x9d, x00,x9c,
x00,x3d, x00,x3c, x00,x9f, x00,x9e,
x00,xff,
x01, # Compression methods length x01, # Compression methods length
x00, # Compression method (x00 for NULL) x00, # Compression method (x00 for NULL)
x01, x0b, # Extensions length x01,x5b, # Extensions length ####### 10b + x14 + x3c
# Extension Padding
x00,x15,
# length:
x00,x38,
x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00,
x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00,
x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00, x00,x00,
# Extension: ec_point_formats # Extension: ec_point_formats
x00, x0b, x00, x04, x03, x00, x01, x02, x00,x0b,
# length:
x00,x04,
# data:
x03,x00, x01,x02,
# Extension: elliptic_curves # Extension: elliptic_curves
x00, x0a, x00, x34, x00, x32, x00, x0e, x00,x0a,
x00, x0d, x00, x19, x00, x0b, x00, x0c, # length
x00, x18, x00, x09, x00, x0a, x00, x16, x00,x34,
x00, x17, x00, x08, x00, x06, x00, x07, x00,x32,
x00, x14, x00, x15, x00, x04, x00, x05, # data:
x00, x12, x00, x13, x00, x01, x00, x02, x00,x0e, x00,x0d, x00,x19, x00,x0b, x00,x0c,
x00, x03, x00, x0f, x00, x10, x00, x11, x00,x18, x00,x09, x00,x0a, x00,x16,
x00,x17, x00,x08, x00,x06, x00,x07,
x00,x14, x00,x15, x00,x04, x00,x05,
x00,x12, x00,x13, x00,x01, x00,x02,
x00,x03, x00,x0f, x00,x10, x00,x11,
# Extension: Signature Algorithms
x00,x0d,
# length:
x00,x10,
# data:
x00,x0e ,x04,x01, x05,x01 ,x02,x01, x04,x03, x05,x03,
x02,x03, x02,x02,
# Extension: SessionTicket TLS # Extension: SessionTicket TLS
x00, x23, x00, x23,
# length of SessionTicket TLS # length of SessionTicket TLS
x00, $xlen_tckt_tls, x00, $xlen_tckt_tls,
# Session Ticket # data, Session Ticket
$session_tckt_tls # here we have the comma already $session_tckt_tls # here we have the comma already
# Extension: Heartbeat # Extension: Heartbeat
x00, x0f, x00, x01, x01" x00, x0f, x00, x01, x01"