Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Steps for extending the ciphersuite of the statelearner #7

Open
Archer6621 opened this issue Apr 13, 2019 · 2 comments
Open

Steps for extending the ciphersuite of the statelearner #7

Archer6621 opened this issue Apr 13, 2019 · 2 comments

Comments

@Archer6621
Copy link

Hello @jderuiter, I would like to use the statelearner on some of the newer TLS libraries/implementations out there to compare their state machines to some of the ones tested in your paper (Protocol state fuzzing of TLS implementations), one of them being rustls. One problem is that there doesn't seem to be any overlap in the ciphersuites either of them use, namely:

Ciphersuites used by statelearner:

	TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
	TLS_RSA_WITH_AES_128_CBC_SHA
	TLS_DHE_RSA_WITH_AES_128_CBC_SHA
	TLS_RSA_WITH_3DES_EDE_CBC_SHA

Ciphersuites used by rustls:

    // TLS1.3 suites
     TLS13_CHACHA20_POLY1305_SHA256
     TLS13_AES_256_GCM_SHA384
     TLS13_AES_128_GCM_SHA256

     // TLS1.2 suites
     TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
     TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
     TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

I would like to add the TLS1.2 suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 to statelearner, but is not clear to me what steps are necessary for doing this. So far I found the byte values that should go in the ClientHello for indicating usage of this suite, namely {0xC0, 0x2F}. I know the Java 8 security package has support for this ciphersuite as well, but from the code it is not clear to me how I can make use of this to extend statelearner.

Any ideas?
@jderuiter
Copy link
Owner

Thanks for your interest in the project. There will be a bit more changes required than just the couple of bytes in the ClientHello message. However, the TLS part of this tool is not actively maintained at the moment anymore. Instead you could use another project TLSAttackerConnector to connect to StateLearner and construct and send the TLS messages using TLS-Attacker. This gives you more flexibility in the messages and algorithms that you can use. It was also used for TLS 1.3, but I'm not sure that code is already included. When using this approach you use the socket module of StateLearner to connect to TLSAttackerConnector.

@Archer6621
Copy link
Author

@jderuiter Thanks a lot for the response, I'll check it out :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Archer6621 @jderuiter