search

tls-attacker / TLS-Attacker

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It can be used to manually test TLS clients and servers or as as a software library for more advanced tools.
Apache License 2.0
803 stars 138 forks source link

Implement TLS 1.3 Client Authentication #62

Open dundic987 opened 5 years ago

dundic987 commented 5 years ago

Hello,

I intend to construct a worksflow trace in TLS-Attacker's Java code and send it to a server in order to establish a TLS handshake. However, I have two issues here: 1) How do I demand/specify to use TLS 1.3? 2) How do I (as the client) add a certificate and key (e.g. client-cert.pem and client-key.pem) to the configuration?

For now, my code looks as follows:

Config config = Config.createConfig();
WorkflowTrace trace = new WorkflowTrace();
trace.addTlsAction(new SendAction(new ClientHelloMessage()));
trace.addTlsAction(new ReceiveAction(new ServerHelloMessage()));
trace.addTlsAction(new ReceiveAction(new EncryptedExtensionsMessage()));
trace.addTlsAction(new ReceiveAction(new CertificateRequestMessage()));
trace.addTlsAction(new ReceiveAction(new CertificateMessage()));
trace.addTlsAction(new ReceiveAction(new CertificateVerifyMessage()));
trace.addTlsAction(new ReceiveAction(new FinishedMessage()));
trace.addTlsAction(new SendAction(new CertificateMessage()));
trace.addTlsAction(new SendAction(new CertificateVerifyMessage()));
trace.addTlsAction(new SendAction(new FinishedMessage()));
config.setDefaultClientSupportedCiphersuites(CipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384);
State state = new State(config, trace);
DefaultWorkflowExecutor executor = new DefaultWorkflowExecutor(state);
executor.executeWorkflow();

Thank you!

ic0ns commented 5 years ago

Hey, The problem is in the Config object. TLS-Attacker requires you to explicitly set default values for everything such that TLS-Attacker know how it is supposed to send its messages. Without you explicitly telling TLS-Attacker to send a TLS 1.3 ClientHello message it will just use a ClientHello with default values (found here: https://github.com/RUB-NDS/TLS-Attacker/blob/master/TLS-Core/src/main/resources/default_config.xml). You can can find an example of TLS-Attacker + TLS 1.3 in our TLS-Scanner project: https://github.com/RUB-NDS/TLS-Scanner/blob/master/src/main/java/de/rub/nds/tlsscanner/probe/Tls13Probe.java. Additonally there should be a prepared Config file here: https://github.com/RUB-NDS/TLS-Attacker/blob/master/resources/configs/tls13.config I hope this helps.

You can specify a Certificate and private key yourself by setting the defaultExplicitCertificateKeyPair and setting autoSelectCertificate to false. However I do not think we support TLS 1.3 client authentication as of now. I will put it on the TODO list and try to find a student to implement it. cheers Robert

dundic987 commented 5 years ago

Thank you for the help! But yeah, my intention is to establish a TLS 1.3 handshake with a TLS 1.3 implementation...

ic0ns commented 3 years ago

Update: I think a student of mine implemented this. I will have to check if its actually working before finally closing this issue.

ic0ns commented 2 years ago

This feature will be probably added in TLS-Attacker 4.0