added successful pre-handshake injection attacks

2019-08-01 14:58:29 +00:00
parent 179d445778
commit e859b12ad4
4 changed files with 479 additions and 1 deletions
--- a/internal/testutils/testutils.go
+++ b/internal/testutils/testutils.go
@@ -0,0 +1,156 @@
+package testutils
+
+import (
+	"bytes"
+
+	"github.com/lucas-clemente/quic-go/internal/handshake"
+	"github.com/lucas-clemente/quic-go/internal/protocol"
+	"github.com/lucas-clemente/quic-go/internal/wire"
+)
+
+// Utilities for simulating packet injection and man-in-the-middle (MITM) attacker tests.
+// Do not use for non-testing purposes.
+
+// CryptoFrameType types copied from unexported messageType in crypto_setup.go
+type CryptoFrameType uint8
+
+const (
+	//typeClientHello         CryptoFrameType = 1
+	typeServerHello CryptoFrameType = 2
+	//typeNewSessionTicket    CryptoFrameType = 4
+	//typeEncryptedExtensions CryptoFrameType = 8
+	//typeCertificate         CryptoFrameType = 11
+	//typeCertificateRequest  CryptoFrameType = 13
+	//typeCertificateVerify   CryptoFrameType = 15
+	//typeFinished            CryptoFrameType = 20
+)
+
+// getRawPacket returns a new raw packet with the specified header and payload
+func getRawPacket(hdr *wire.ExtendedHeader, data []byte) []byte {
+	buf := &bytes.Buffer{}
+	hdr.Write(buf, protocol.VersionTLS)
+	return append(buf.Bytes(), data...)
+}
+
+// packRawPayload returns a new raw payload containing given frames
+func packRawPayload(version protocol.VersionNumber, frames ...wire.Frame) []byte {
+	buf := new(bytes.Buffer)
+	for _, cf := range frames {
+		cf.Write(buf, version)
+	}
+	return buf.Bytes()
+}
+
+// ComposeCryptoFrame returns a new empty crypto frame of the specified
+// type padded to size bytes with zeroes
+func ComposeCryptoFrame(cft CryptoFrameType, size int) *wire.CryptoFrame {
+	data := make([]byte, size)
+	data[0] = byte(cft)
+	return &wire.CryptoFrame{
+		Offset: 0,
+		Data:   data,
+	}
+}
+
+// ComposeConnCloseFrame returns a new Connection Close frame with a generic error
+func ComposeConnCloseFrame() *wire.ConnectionCloseFrame {
+	return &wire.ConnectionCloseFrame{
+		IsApplicationError: true,
+		ErrorCode:          0,
+		ReasonPhrase:       "mitm attacker",
+	}
+}
+
+// ComposeAckFrame returns a new Ack Frame that ACKs packet 0
+func ComposeAckFrame(smallest protocol.PacketNumber, largest protocol.PacketNumber) *wire.AckFrame {
+	ackRange := wire.AckRange{
+		Smallest: smallest,
+		Largest:  largest,
+	}
+	return &wire.AckFrame{
+		AckRanges: []wire.AckRange{ackRange},
+		DelayTime: 0,
+	}
+}
+
+// InitialContents enumerates possible frames to include in forged Initial packets
+type InitialContents int
+
+const (
+	ServerHelloFrame InitialContents = iota + 1
+	AckFrame
+	ConnectionCloseFrame
+	NoFrame
+)
+
+// ComposeInitialPacket returns an Initial packet encrypted under key
+// (the original destination connection ID)
+// contains frame of specified type
+func ComposeInitialPacket(srcConnID protocol.ConnectionID, destConnID protocol.ConnectionID, version protocol.VersionNumber, key protocol.ConnectionID, frameType InitialContents) []byte {
+	sealer, _, _ := handshake.NewInitialAEAD(key, protocol.PerspectiveServer)
+
+	// compose payload
+	var payload []byte
+	switch frameType {
+	case ServerHelloFrame:
+		cf := ComposeCryptoFrame(typeServerHello, 20)
+		payload = packRawPayload(version, cf)
+	case AckFrame:
+		ack := ComposeAckFrame(2, 2) // ack packet 2
+		payload = packRawPayload(version, ack)
+	case ConnectionCloseFrame:
+		ccf := ComposeConnCloseFrame()
+		payload = packRawPayload(version, ccf)
+	case NoFrame:
+		payload = make([]byte, protocol.MinInitialPacketSize)
+	}
+
+	// compose Initial header
+	payloadSize := len(payload)
+	pnLength := protocol.PacketNumberLen4
+	length := payloadSize + int(pnLength) + sealer.Overhead()
+	hdr := &wire.ExtendedHeader{
+		Header: wire.Header{
+			IsLongHeader:     true,
+			Type:             protocol.PacketTypeInitial,
+			SrcConnectionID:  srcConnID,
+			DestConnectionID: destConnID,
+			Length:           protocol.ByteCount(length),
+			Version:          version,
+		},
+		PacketNumberLen: pnLength,
+		PacketNumber:    0x0,
+	}
+
+	raw := getRawPacket(hdr, payload)
+
+	// encrypt payload and header
+	payloadOffset := len(raw) - payloadSize
+	var encrypted []byte
+	encrypted = sealer.Seal(encrypted, payload, hdr.PacketNumber, raw[:payloadOffset])
+	hdrBytes := raw[0:payloadOffset]
+	encrypted = append(hdrBytes, encrypted...)
+	pnOffset := payloadOffset - int(pnLength) // packet number offset
+	sealer.EncryptHeader(
+		encrypted[payloadOffset:payloadOffset+16], // first 16 bytes of payload (sample)
+		&encrypted[0],                     // first byte of header
+		encrypted[pnOffset:payloadOffset], // packet number bytes
+	)
+	return encrypted
+}
+
+// ComposeRetryPacket returns a new raw Retry Packet
+func ComposeRetryPacket(srcConnID protocol.ConnectionID, destConnID protocol.ConnectionID, origDestConnID protocol.ConnectionID, token []byte, version protocol.VersionNumber) []byte {
+	hdr := &wire.ExtendedHeader{
+		Header: wire.Header{
+			IsLongHeader:         true,
+			Type:                 protocol.PacketTypeRetry,
+			SrcConnectionID:      srcConnID,
+			DestConnectionID:     destConnID,
+			OrigDestConnectionID: origDestConnID,
+			Token:                token,
+			Version:              version,
+		},
+	}
+	return getRawPacket(hdr, nil)
+}