Can you give some suggestion about how build a Hacked JDK for The Malformed Certificates tests
Matthew Hall
mhall at mhcomputing.net
Wed Mar 19 19:01:40 UTC 2014
On Wed, Mar 19, 2014 at 07:55:30PM +0800, zaiyao liu wrote:
> I am developing The Malformed Certificates tests, this test exist
> to test JDK's SSL ability to withstand attack in the form of
> deliberately 1.3 million malformed ASN.1-encoded data.
> Detail please refer test plan: http://wiki.se.oracle.com/display/JPG/Malformed+Certificates+Test+Plan
This is a VERY good thing to try. I worked previously on a protocol mutation
system and found several serious bugs in GnuTLS using X.509 field corruptions
which resulted in a security advisory. A competitor later found very similar
issues in OpenSSL.
> I want to use JDK8 as attack JDK, and this JDK should be modified to
> allow use of invalid certificates, I have try to use following code
> to generate invalid certificate:
This simply cannot work via any sort of hack or workaround, because the JDK
trusts the ASN.1 data when creating and allocating X.509 certificate
substructures, such as the values behind all of these getter functions on the
X509Certificate class:
abstract int getBasicConstraints()
List<String> getExtendedKeyUsage()
Collection<List<?>> getIssuerAlternativeNames()
abstract Principal getIssuerDN()
abstract boolean[] getIssuerUniqueID()
X500Principal getIssuerX500Principal()
abstract boolean[] getKeyUsage()
abstract Date getNotAfter()
abstract Date getNotBefore()
abstract BigInteger getSerialNumber()
abstract String getSigAlgName()
abstract String getSigAlgOID()
abstract byte[] getSigAlgParams()
abstract byte[] getSignature()
Collection<List<?>> getSubjectAlternativeNames()
abstract boolean[] getSubjectUniqueID()
X500Principal getSubjectX500Principal()
abstract byte[] getTBSCertificate()
abstract int getVersion()
When the JDK attempts to load a cert, it expects valid ASN.1 encodings for all
of these when allocating the structures.
In order to perform your test, you'll need to make a modified version of JSSE
or a modified version of the Bouncy Castle libraries, which will allow you to
send an arbitrary byte[], *Stream class, or *Buffer class (from NIO),
containing a corrupted X.509 certificate, which will be sent verbatim onto the
Socket or Channel, with no modification.
Good Luck! I think you'll find some fascinating results, and more than a few
potential bugs.
Matthew.
More information about the security-dev
mailing list