private List<CipherSuite> getCbcCiphers() { List<CipherSuite> cbcs = new LinkedList<>(); for (CipherSuite suite : CipherSuite.getImplemented()) { if (suite.isCBC()) { cbcs.add(suite); } } return cbcs; }
/** * Returns true if the cipher suite a TLS 1.3 cipher suite * * @return True if the Ciphersuite is supported in TLS 1.3 */ public boolean isTLS13() { return this.getByteValue()[0] == (byte) 0x13 && this.getByteValue()[1] != (byte) 0x00; }
public boolean isWeak() { return this.isExport() || this.isExportSymmetricCipher() || this.isAnon() || this.isNull(); }
public static CipherSuite getCipherSuite(byte[] value) { return getCipherSuite(valueToInt(value)); }
if (cipherSuiteDelegate.getCipherSuites() == null) { List<CipherSuite> cipherSuites = new LinkedList<>(); for (CipherSuite suite : CipherSuite.getImplemented()) { if (suite.isCBC() && !suite.isPsk() && !suite.isSrp()) { cipherSuites.add(suite); if (!suite.isCBC()) { throw new ConfigurationException("This attack only works with CBC Ciphersuites");
/** * @param cipherSuite * The Ciphersuite for which the CipherType should be selected * @return The CipherType of the Ciphersuite */ public static CipherType getCipherType(CipherSuite cipherSuite) { String cs = cipherSuite.toString().toUpperCase(); if (cipherSuite.isGCM() || cipherSuite.isCCM() || cipherSuite.isOCB()) { return CipherType.AEAD; } else if (cs.contains("AES") || cs.contains("DES") || cs.contains("IDEA") || cs.contains("WITH_FORTEZZA") || cs.contains("CAMELLIA") || cs.contains("WITH_SEED") || cs.contains("WITH_ARIA") || cs.contains("RC2")) { return CipherType.BLOCK; } else if (cs.contains("RC4") || cs.contains("WITH_NULL") || cs.contains("CHACHA") || cs.contains("28147_CNT")) { return CipherType.STREAM; } if (cipherSuite == CipherSuite.TLS_FALLBACK_SCSV || cipherSuite == CipherSuite.TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { throw new UnsupportedOperationException("The CipherSuite:" + cipherSuite.name() + " does not specify a CipherType"); } throw new UnsupportedOperationException("Cipher suite " + cipherSuite + " is not supported yet."); }
List<CipherSuite> ciphers = new LinkedList<>(); if (tlsConfig.getDefaultClientSupportedCiphersuites().isEmpty()) { for (CipherSuite cs : CipherSuite.getImplemented()) { if (cs.isCBC()) { ciphers.add(cs); vulnerable |= executeAttackRound(version, suite); } catch (Throwable t) { LOGGER.warn("Problem while testing " + version.name() + " with Ciphersuite " + suite.name()); LOGGER.debug(t);
} else { CipherSuite selectedCipherSuite = config.getDefaultSelectedCipherSuite(); if (!selectedCipherSuite.isSrpSha() && !selectedCipherSuite.isPskOrDhPsk() && !selectedCipherSuite.isAnon()) { if (connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT) { messages.add(new CertificateMessage()); if (selectedCipherSuite.isEphemeral() || selectedCipherSuite.isSrp()) { addServerKeyExchangeMessage(messages);
result = MacAlgorithm.AEAD; } else { String cipher = cipherSuite.toString(); if (cipher.contains("MD5")) { if (protocolVersion.isSSL()) { } else if (cipher.endsWith("IMIT")) { result = MacAlgorithm.IMIT_GOST28147; } else if (cipherSuite.usesGOSTR3411()) { result = MacAlgorithm.HMAC_GOSTR3411; } else if (cipherSuite.usesGOSTR34112012()) { result = MacAlgorithm.HMAC_GOSTR3411_2012_256; throw new UnsupportedOperationException("The CipherSuite:" + cipherSuite.name() + " does not specify a MAC-Algorithm");
List<CipherSuite> ciphers = CipherSuite.getCiphersuites(ciphersBytes); int origCiphersLength = ciphersBytes.length; ByteArrayOutputStream newCiphersBytes = new ByteArrayOutputStream(); CipherSuite type; for (CipherSuite cs : ciphers) { LOGGER.debug("cipher.name, cipher.val = " + cs.name() + ", " + cs.getValue()); if (!removeCiphers.contains(cs)) { try { newCiphersBytes.write(cs.getByteValue()); } catch (IOException ex) { throw new WorkflowExecutionException("Could not write CipherSuite value to byte[]", ex);
private void adjustSelectedCiphersuite(HelloRetryRequestMessage message) { CipherSuite suite = CipherSuite.getCipherSuite(message.getSelectedCipherSuite().getValue()); tlsContext.setSelectedCipherSuite(suite); if (suite != null) { LOGGER.debug("Set SelectedCipherSuite in Context to " + suite.name()); } else { LOGGER.warn("Could not determine selected CipherSuite. Not Adjusting Context"); } }
trace.addConnection(outboundConnection); List<CipherSuite> removeCiphers = CipherSuite.getImplemented(); removeCiphers.addAll(CipherSuite.getNotImplemented()); List<CipherSuite> keepCiphers = new ArrayList(); for (CipherSuite cs : removeCiphers) { if (cs.name().startsWith("TLS_RSA")) { keepCiphers.add(cs);
public static KeyExchangeAlgorithm getKeyExchangeAlgorithm(CipherSuite cipherSuite) { if (cipherSuite.isTLS13()) { return null; String cipher = cipherSuite.toString().toUpperCase(); if (cipher.contains("TLS_RSA_WITH") || cipher.contains("TLS_RSA_EXPORT")) { return KeyExchangeAlgorithm.RSA; throw new UnsupportedOperationException("The CipherSuite:" + cipherSuite.name() + " does not specify a KeyExchangeAlgorithm"); throw new UnsupportedOperationException("The key exchange algorithm in " + cipherSuite.toString() + " is not supported yet.");
private boolean isEncryptThenMac(CipherSuite cipherSuite) { return context.isExtensionNegotiated(ExtensionType.ENCRYPT_THEN_MAC) && cipherSuite.isCBC() && recordCipher.isUsingMac(); }
public boolean isUsingMac() { if (this.name().contains("NULL")) { String cipher = this.toString(); if (cipher.endsWith("NULL")) { return false; } String[] hashFunctionNames = { "MD5", "SHA", "SHA256", "SHA384", "SHA512", "IMIT", "GOSTR3411" }; for (String hashFunction : hashFunctionNames) { if (cipher.endsWith(hashFunction)) { return true; } } return false; } return (this.name().contains("_CBC") || this.name().contains("RC4") || this.name().contains("CNT")); }
public boolean isImplemented() { return getImplemented().contains(this); }
public static List<CipherSuite> getNotImplemented() { List<CipherSuite> notImplemented = new LinkedList<>(); for (CipherSuite suite : values()) { if (!getImplemented().contains(suite)) { notImplemented.add(suite); } } return notImplemented; }
/** * Summarize the extension data for pretty printing. * * @return a summary of the extension information contained in the CH * message */ public String summarizeCiphers(ClientHelloMessage ch) { StringBuilder sb = new StringBuilder(); sb.append("cipher suite bytes length: ").append(ch.getCipherSuites().getValue().length); sb.append("\ncipher suite bytes:"); sb.append(ArrayConverter.bytesToHexString(ch.getCipherSuites().getValue())); sb.append("\nreadable cipher suite list:\n"); for (CipherSuite cs : CipherSuite.getCiphersuites(ch.getCipherSuites().getValue())) { sb.append(cs.name()).append("\n"); } return sb.toString(); }