/** * CipherSuite filtering based on the key exchange method and on the * ephemeral property. This method is useful for establishing new workflows. * * @param cipherSuites * The CipherSuites that should be filtered */ public static void filterCipherSuites(List<CipherSuite> cipherSuites) { KeyExchangeAlgorithm algorithm = AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuites.get(0)); boolean ephemeral = cipherSuites.get(0).isEphemeral(); for (int i = cipherSuites.size() - 1; i > 0; i--) { CipherSuite cs = cipherSuites.get(i); if (AlgorithmResolver.getKeyExchangeAlgorithm(cs) != algorithm || cs.isEphemeral() != ephemeral) { cipherSuites.remove(i); } } }
public void addClientKeyExchangeMessage(List<ProtocolMessage> messages) { CipherSuite cs = config.getDefaultSelectedCipherSuite(); ClientKeyExchangeMessage message = createClientKeyExchangeMessage(AlgorithmResolver.getKeyExchangeAlgorithm(cs)); messages.add(message); }
public static byte[] generateSignature(PrivateKey key, byte[] toBeSigned, SignatureAndHashAlgorithm algorithm, BadRandom random, Chooser chooser) throws CryptoException { String algoName; if (chooser.getSelectedProtocolVersion() == ProtocolVersion.SSL3 || chooser.getSelectedProtocolVersion() == ProtocolVersion.TLS10 || chooser.getSelectedProtocolVersion() == ProtocolVersion.TLS11) { if (AlgorithmResolver.getKeyExchangeAlgorithm(chooser.getSelectedCipherSuite()).name().contains("RSA")) { algoName = "NONEwithRSA"; toBeSigned = ArrayConverter.concatenate(MD5Utils.MD5(toBeSigned), SHA1Utils.sha1(toBeSigned)); } else if (AlgorithmResolver.getKeyExchangeAlgorithm(chooser.getSelectedCipherSuite()).name() .contains("ECDSA")) { algoName = "SHA1withECDSA"; } else { throw new UnsupportedOperationException("Ciphersuite not supported - Check Debug Log"); } } else { algoName = algorithm.getJavaName(); } try { LOGGER.trace("Creating Signature with " + algoName + " over " + ArrayConverter.bytesToHexString(toBeSigned) + " with the PrivateKey:" + key.toString()); Signature instance = Signature.getInstance(algoName); instance.initSign(key, random); instance.update(toBeSigned); return instance.sign(); } catch (SignatureException | InvalidKeyException | NoSuchAlgorithmException ex) { throw new CryptoException("Could not sign Data", ex); } }
public void addServerKeyExchangeMessage(List<ProtocolMessage> messages) { CipherSuite cs = config.getDefaultSelectedCipherSuite(); if (cs.isEphemeral()) { switch (AlgorithmResolver.getKeyExchangeAlgorithm(cs)) { case ECDHE_ECDSA: case ECDHE_RSA: break; default: LOGGER.warn("Unsupported key exchange algorithm: " + AlgorithmResolver.getKeyExchangeAlgorithm(cs) + ", not adding ServerKeyExchange Message"); break;
@Override public DHEServerKeyExchangeParser getParser(byte[] message, int pointer) { return new DHEServerKeyExchangeParser(pointer, message, tlsContext.getChooser().getLastRecordVersion(), AlgorithmResolver.getKeyExchangeAlgorithm(tlsContext.getChooser().getSelectedCipherSuite())); }
@Override public ECDHEServerKeyExchangeParser getParser(byte[] message, int pointer) { return new ECDHEServerKeyExchangeParser(pointer, message, tlsContext.getChooser().getLastRecordVersion(), AlgorithmResolver.getKeyExchangeAlgorithm(tlsContext.getChooser().getSelectedCipherSuite())); }
@Override public ProtocolMessagePreparator getPreparator(GOSTClientKeyExchangeMessage message) { CipherSuite cipherSuite = tlsContext.getChooser().getSelectedCipherSuite(); KeyExchangeAlgorithm exchangeAlg = AlgorithmResolver.getKeyExchangeAlgorithm(cipherSuite); if (exchangeAlg == KeyExchangeAlgorithm.VKO_GOST12) { return new GOST12ClientKeyExchangePreparator(tlsContext.getChooser(), message); } else { return new GOST01ClientKeyExchangePreparator(tlsContext.getChooser(), message); } }
@Override public void execute(State state) throws WorkflowExecutionException { TlsContext tlsContext = state.getTlsContext(connectionAlias); if (isExecuted()) { throw new WorkflowExecutionException("Action already executed!"); } messages = new LinkedList<>(); messages.add(new WorkflowConfigurationFactory(state.getConfig()) .createClientKeyExchangeMessage(AlgorithmResolver.getKeyExchangeAlgorithm(tlsContext.getChooser() .getSelectedCipherSuite()))); String sending = getReadableString(messages); if (hasDefaultAlias()) { LOGGER.info("Sending DynamicKeyExchange: " + sending); } else { LOGGER.info("Sending DynamicKeyExchange (" + connectionAlias + "): " + sending); } try { MessageActionResult result = sendMessageHelper.sendMessages(messages, records, tlsContext); messages = new ArrayList<>(result.getMessageList()); records = new ArrayList<>(result.getRecordList()); setExecuted(true); } catch (IOException E) { tlsContext.setReceivedTransportHandlerException(true); LOGGER.debug(E); setExecuted(false); } }
/** * * @return */ @Override public Config createConfig() { Config config = super.createConfig(); if (ciphersuiteDelegate.getCipherSuites() == null) { List<CipherSuite> cipherSuites = new LinkedList<>(); for (CipherSuite suite : CipherSuite.getImplemented()) { if (AlgorithmResolver.getKeyExchangeAlgorithm(suite) == KeyExchangeAlgorithm.RSA || AlgorithmResolver.getKeyExchangeAlgorithm(suite) == KeyExchangeAlgorithm.PSK_RSA) { cipherSuites.add(suite); } } config.setDefaultClientSupportedCiphersuites(cipherSuites); } config.setQuickReceive(true); config.setEarlyStop(true); config.setAddRenegotiationInfoExtension(true); config.setAddServerNameIndicationExtension(true); config.setAddSignatureAndHashAlgorithmsExtension(true); config.setStopActionsAfterFatal(true); config.setAddECPointFormatExtension(false); config.setAddEllipticCurveExtension(false); config.setWorkflowExecutorShouldClose(false); return config; }
return chooser.getConfig().getDefaultExplicitCertificateKeyPair(); KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(chooser .getSelectedCipherSuite()); NamedGroup namedGroup = chooser.getSelectedNamedGroup();
boolean containsEc = false; for (CipherSuite suite : config.getDefaultClientSupportedCiphersuites()) { KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(suite); if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) { containsEc = true;
boolean containsEc = false; for (CipherSuite suite : config.getDefaultClientSupportedCiphersuites()) { KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(suite); if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) { containsEc = true;
/** * * @return */ @Override public Config createConfig() { Config config = super.createConfig(); config.setAddRenegotiationInfoExtension(true); config.setAddServerNameIndicationExtension(true); config.setAddSignatureAndHashAlgorithmsExtension(true); config.setQuickReceive(true); config.setStopActionsAfterFatal(true); config.setStopRecievingAfterFatal(true); config.setEarlyStop(true); boolean containsEc = false; for (CipherSuite suite : config.getDefaultClientSupportedCiphersuites()) { KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(suite); if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) { containsEc = true; break; } } config.setAddECPointFormatExtension(containsEc); config.setAddEllipticCurveExtension(containsEc); return config; }
KeyExchangeAlgorithm algorithm = AlgorithmResolver.getKeyExchangeAlgorithm(cs); switch (algorithm) { case ECDHE_ECDSA:
if (!AlgorithmResolver.getKeyExchangeAlgorithm(getTlsConfig().getDefaultSelectedCipherSuite()).isEC()) { LOGGER.info("The CipherSuite that should be tested is not an Ec one:" + getTlsConfig().getDefaultSelectedCipherSuite().name());
/** * * @return */ @Override public Config createConfig() { Config config = super.createConfig(); config.setAddHeartbeatExtension(true); config.setHeartbeatMode(HeartbeatMode.PEER_ALLOWED_TO_SEND); config.setAddRenegotiationInfoExtension(true); config.setAddServerNameIndicationExtension(true); config.setAddSignatureAndHashAlgorithmsExtension(true); config.setQuickReceive(true); config.setStopActionsAfterFatal(true); config.setStopRecievingAfterFatal(true); config.setEarlyStop(true); boolean containsEc = false; for (CipherSuite suite : config.getDefaultClientSupportedCiphersuites()) { KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(suite); if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) { containsEc = true; break; } } config.setAddECPointFormatExtension(containsEc); config.setAddEllipticCurveExtension(containsEc); return config; } }
tlsConfig.setDefaultSelectedCipherSuite(suite); tlsConfig.setDefaultClientSupportedCiphersuites(suite); KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(suite); if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) { tlsConfig.setAddECPointFormatExtension(true);
private static ClientKeyExchangeHandler getClientKeyExchangeHandler(TlsContext context) { CipherSuite cs = context.getChooser().getSelectedCipherSuite(); KeyExchangeAlgorithm algorithm = AlgorithmResolver.getKeyExchangeAlgorithm(cs); switch (algorithm) { case RSA:
boolean containsEc = false; for (CipherSuite suite : config.getDefaultClientSupportedCiphersuites()) { KeyExchangeAlgorithm keyExchangeAlgorithm = AlgorithmResolver.getKeyExchangeAlgorithm(suite); if (keyExchangeAlgorithm != null && keyExchangeAlgorithm.name().toUpperCase().contains("EC")) { containsEc = true;
WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(state.getConfig()); ClientKeyExchangeMessage message = factory.createClientKeyExchangeMessage(AlgorithmResolver .getKeyExchangeAlgorithm(state.getTlsContext().getChooser().getSelectedCipherSuite())); ModifiableBoolean modifiableBoolean = new ModifiableBoolean(); modifiableBoolean.setModification(new BooleanExplicitValueModification(false));