From 042303dd7e8891ee2f50845e71c645225e4d2740 Mon Sep 17 00:00:00 2001 From: serega6531 Date: Tue, 21 Apr 2020 00:40:24 +0300 Subject: [PATCH] =?UTF-8?q?=D0=94=D0=BE=D0=B1=D0=B0=D0=B2=D0=BB=D0=B5?= =?UTF-8?q?=D0=BD=20=D1=80=D0=B0=D0=B7=D0=B1=D0=BE=D1=80=20DH=20=D0=B8=20R?= =?UTF-8?q?SA=20=D0=BA=D0=BB=D1=8E=D1=87=D0=B5=D0=B9?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../optimization/tls/keys/DhClientParams.java | 50 +++++++++++++++++ .../tls/keys/EcdheServerParams.java | 12 ++--- .../tls/keys/RsaServerParams.java | 22 ++++++++ .../optimization/tls/keys/TlsKeyUtils.java | 54 ++++++++++++++++++- .../tls/keys/enums/CurveType.java | 2 +- .../enums/SignatureHashAlgorithmHash.java | 3 +- .../SignatureHashAlgorithmSignature.java | 3 +- 7 files changed, 136 insertions(+), 10 deletions(-) create mode 100644 src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/DhClientParams.java create mode 100644 src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/RsaServerParams.java diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/DhClientParams.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/DhClientParams.java new file mode 100644 index 0000000..2eba420 --- /dev/null +++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/DhClientParams.java @@ -0,0 +1,50 @@ +package ru.serega6531.packmate.service.optimization.tls.keys; + +import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmHash; +import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmSignature; + +public class DhClientParams { + + private final byte[] p; + private final byte[] g; + private final byte[] pubkey; + private final SignatureHashAlgorithmHash signatureHashAlgorithmHash; + private final SignatureHashAlgorithmSignature signatureHashAlgorithmSignature; + private final byte[] signature; + + public DhClientParams(byte[] p, byte[] g, byte[] pubkey, + SignatureHashAlgorithmHash signatureHashAlgorithmHash, + SignatureHashAlgorithmSignature signatureHashAlgorithmSignature, + byte[] signature) { + this.p = p; + this.g = g; + this.pubkey = pubkey; + this.signatureHashAlgorithmHash = signatureHashAlgorithmHash; + this.signatureHashAlgorithmSignature = signatureHashAlgorithmSignature; + this.signature = signature; + } + + public byte[] getP() { + return p; + } + + public byte[] getG() { + return g; + } + + public byte[] getPubkey() { + return pubkey; + } + + public SignatureHashAlgorithmHash getSignatureHashAlgorithmHash() { + return signatureHashAlgorithmHash; + } + + public SignatureHashAlgorithmSignature getSignatureHashAlgorithmSignature() { + return signatureHashAlgorithmSignature; + } + + public byte[] getSignature() { + return signature; + } +} diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/EcdheServerParams.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/EcdheServerParams.java index 4d60b95..762b08b 100644 --- a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/EcdheServerParams.java +++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/EcdheServerParams.java @@ -7,12 +7,12 @@ import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashA public class EcdheServerParams { - private CurveType curveType; - private NamedCurve namedCurve; - private byte[] pubkey; - private SignatureHashAlgorithmHash signatureHashAlgorithmHash; - private SignatureHashAlgorithmSignature signatureHashAlgorithmSignature; - private byte[] signature; + private final CurveType curveType; + private final NamedCurve namedCurve; + private final byte[] pubkey; + private final SignatureHashAlgorithmHash signatureHashAlgorithmHash; + private final SignatureHashAlgorithmSignature signatureHashAlgorithmSignature; + private final byte[] signature; public EcdheServerParams(CurveType curveType, NamedCurve namedCurve, byte[] pubkey, SignatureHashAlgorithmHash signatureHashAlgorithmHash, diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/RsaServerParams.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/RsaServerParams.java new file mode 100644 index 0000000..920a87f --- /dev/null +++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/RsaServerParams.java @@ -0,0 +1,22 @@ +package ru.serega6531.packmate.service.optimization.tls.keys; + +import ru.serega6531.packmate.service.optimization.tls.numbers.TlsVersion; + +public class RsaServerParams { + + private final TlsVersion version; + private final byte[] encryptedPreMasterSecret; + + public RsaServerParams(TlsVersion version, byte[] encryptedPreMasterSecret) { + this.version = version; + this.encryptedPreMasterSecret = encryptedPreMasterSecret; + } + + public TlsVersion getVersion() { + return version; + } + + public byte[] getEncryptedPreMasterSecret() { + return encryptedPreMasterSecret; + } +} diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/TlsKeyUtils.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/TlsKeyUtils.java index da0379f..e7548d0 100644 --- a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/TlsKeyUtils.java +++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/TlsKeyUtils.java @@ -4,11 +4,50 @@ import ru.serega6531.packmate.service.optimization.tls.keys.enums.CurveType; import ru.serega6531.packmate.service.optimization.tls.keys.enums.NamedCurve; import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmHash; import ru.serega6531.packmate.service.optimization.tls.keys.enums.SignatureHashAlgorithmSignature; +import ru.serega6531.packmate.service.optimization.tls.numbers.TlsVersion; import java.nio.ByteBuffer; +/** + * It is impossible to determine key format just by KeyExchange record, + * so you can use this class when analyzing tls traffic. + */ public final class TlsKeyUtils { + // https://wiki.osdev.org/TLS_Handshake + + public static DhClientParams parseServerDH(byte[] rawData, int offset) { + ByteBuffer bb = ByteBuffer.wrap(rawData).position(offset); + + short pLength = bb.getShort(); + byte[] p = new byte[pLength]; + bb.get(p); + + short gLength = bb.getShort(); + byte[] g = new byte[gLength]; + bb.get(g); + + short pubKeyLength = bb.getShort(); + byte[] pubKey = new byte[pubKeyLength]; // aka Ys + bb.get(pubKey); + + SignatureHashAlgorithmHash signatureHashAlgorithmHash = + SignatureHashAlgorithmHash.findByValue(bb.getShort()); + SignatureHashAlgorithmSignature signatureHashAlgorithmSignature = + SignatureHashAlgorithmSignature.findByValue(bb.getShort()); + + if (signatureHashAlgorithmHash == null || signatureHashAlgorithmSignature == null) { + throw new IllegalArgumentException("Unknown signature data"); + } + + short signatureLength = bb.getShort(); + byte[] signature = new byte[signatureLength]; + + bb.get(signature); + + return new DhClientParams(p, g, pubKey, signatureHashAlgorithmHash, signatureHashAlgorithmSignature, signature); + } + /** * @param rawData Handshake record content */ @@ -49,10 +88,13 @@ public final class TlsKeyUtils { signatureHashAlgorithmHash, signatureHashAlgorithmSignature, signature); } + // https://ldapwiki.com/wiki/ClientKeyExchange + /** + * Suitable for both DH and ECDHE * @param rawData Handshake record content */ - public static byte[] getServerECDHEPubkey(byte[] rawData, int offset) { + public static byte[] getClientDHPubkey(byte[] rawData, int offset) { ByteBuffer bb = ByteBuffer.wrap(rawData).position(offset); byte length = bb.get(); @@ -62,4 +104,14 @@ public final class TlsKeyUtils { return pubkey; } + public static RsaServerParams parseClientRsa(byte[] rawData, int offset) { + ByteBuffer bb = ByteBuffer.wrap(rawData).position(offset); + + TlsVersion version = TlsVersion.getInstance(bb.getShort()); + byte[] encryptedPreMasterSecret = new byte[46]; + bb.get(encryptedPreMasterSecret); + + return new RsaServerParams(version, encryptedPreMasterSecret); + } + } diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/CurveType.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/CurveType.java index 4908b5e..3eb2602 100644 --- a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/CurveType.java +++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/CurveType.java @@ -4,7 +4,7 @@ public enum CurveType { NAMED((byte) 0x03); - private byte value; + private final byte value; CurveType(byte value) { this.value = value; diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmHash.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmHash.java index 910e08b..599a590 100644 --- a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmHash.java +++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmHash.java @@ -5,7 +5,8 @@ import java.util.Map; public enum SignatureHashAlgorithmHash { - SHA256((byte) 4); + SHA256((byte) 4), + SHA512((byte) 6); private final byte value; diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmSignature.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmSignature.java index 12ef5b5..b84a9eb 100644 --- a/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmSignature.java +++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/keys/enums/SignatureHashAlgorithmSignature.java @@ -5,7 +5,8 @@ import java.util.Map; public enum SignatureHashAlgorithmSignature { - RSA((byte) 1); + RSA((byte) 1), + ECDSA((byte) 3); private final byte value;