On Wed, Mar 19, 2014 at 07:55:30PM +0800, zaiyao liu wrote: > I am developing The Malformed Certificates tests, this test exist > to test JDK's SSL ability to withstand attack in the form of > deliberately 1.3 million malformed ASN.1-encoded data. > Detail please refer test plan: > http://wiki.se.oracle.com/display/JPG/Malformed+Certificates+Test+Plan
This is a VERY good thing to try. I worked previously on a protocol mutation system and found several serious bugs in GnuTLS using X.509 field corruptions which resulted in a security advisory. A competitor later found very similar issues in OpenSSL. > I want to use JDK8 as attack JDK, and this JDK should be modified to > allow use of invalid certificates, I have try to use following code > to generate invalid certificate: This simply cannot work via any sort of hack or workaround, because the JDK trusts the ASN.1 data when creating and allocating X.509 certificate substructures, such as the values behind all of these getter functions on the X509Certificate class: abstract int getBasicConstraints() List<String> getExtendedKeyUsage() Collection<List<?>> getIssuerAlternativeNames() abstract Principal getIssuerDN() abstract boolean[] getIssuerUniqueID() X500Principal getIssuerX500Principal() abstract boolean[] getKeyUsage() abstract Date getNotAfter() abstract Date getNotBefore() abstract BigInteger getSerialNumber() abstract String getSigAlgName() abstract String getSigAlgOID() abstract byte[] getSigAlgParams() abstract byte[] getSignature() Collection<List<?>> getSubjectAlternativeNames() abstract boolean[] getSubjectUniqueID() X500Principal getSubjectX500Principal() abstract byte[] getTBSCertificate() abstract int getVersion() When the JDK attempts to load a cert, it expects valid ASN.1 encodings for all of these when allocating the structures. In order to perform your test, you'll need to make a modified version of JSSE or a modified version of the Bouncy Castle libraries, which will allow you to send an arbitrary byte[], *Stream class, or *Buffer class (from NIO), containing a corrupted X.509 certificate, which will be sent verbatim onto the Socket or Channel, with no modification. Good Luck! I think you'll find some fascinating results, and more than a few potential bugs. Matthew.
