[Solved]It is possible that an attacker in MITM attack if he able to copy the client cert and key?

gilcon · May 13, 2017, 5:15am

Hello good day,

I’am here again about TLS communication.

I tried to create test client-server app, communicate over the TLS. the certificate is created using
cfssl.

What I did so far, I created a CA then create the server cert and key, and client cert and key. distribute the cert and key with the CA certificate.

My question is if an attacker able to copy the client certificate and key and the CA certificate, would it be the he can do an MITM attack between the client and the server?

the client and server config on creating the cert is almost identical except on the organization and the organization unit.

here is my server main.go

func main() {
	log.SetFlags(log.LstdFlags | log.Lshortfile)
	cer, err := tls.LoadX509KeyPair("server.pem", "server-key.pem")
	if err != nil {
		log.Println(err)
		return
	}

	certPool := x509.NewCertPool()
	ca, err := ioutil.ReadFile("intermediate.pem")
	if err != nil {
		log.Println(err)
		return
	}

	if ok := certPool.AppendCertsFromPEM(ca); !ok {
		log.Println("failed to append ca certificate")
		return
	}

	tlsC := &tls.Config{
		ClientAuth:   tls.RequireAndVerifyClientCert,
		Certificates: []tls.Certificate{cer},
		ClientCAs:    certPool,
	}
	ln, err := tls.Listen("tcp", ":443", tlsC)
	if err != nil {
		log.Println(err)
		return
	}

	defer ln.Close()
	for {
		conn, err := ln.Accept()
		if err != nil {
			log.Println(err)
			return
		}
		go handleConnection(conn)
	}
}

func handleConnection(conn net.Conn) {
	defer conn.Close()
	r := bufio.NewReader(conn)
	for {
		msg, err := r.ReadString('\n')
		if err != nil {
			log.Println(err)
			return
		}

		println(msg)
		n, err := conn.Write([]byte("world\n"))
		if err != nil {
			log.Println(n, err)
			return
		}
	}
}

and this is my main.go for the client

func main() {
	log.SetFlags(log.LstdFlags | log.Lshortfile)
	cer, err := tls.LoadX509KeyPair("client.pem", "client-key.pem")
	if err != nil {
		log.Println(err)
		return
	}

	certPool := x509.NewCertPool()
	ca, err := ioutil.ReadFile("intermediate.pem")
	if err != nil {
		log.Println(err)
		return
	}

	if ok := certPool.AppendCertsFromPEM(ca); !ok {
		log.Println("failed to append ca certificate")
		return
	}

	tlsC := &tls.Config{
		ServerName:   "localhost",
		Certificates: []tls.Certificate{cer},
		RootCAs:      certPool,
	}

	con, err := tls.Dial("tcp", "192.168.10.1:443", tlsC)
	if err != nil {
		log.Println(err)
		return
	}
	log.Println("192.168.10.1:443")

	defer con.Close()
	n, err := con.Write([]byte("hello\n"))
	if err != nil {
		log.Println(err)
		return
	}

	buf := make([]byte, 100)
	n, err = con.Read(buf)
	if err != nil {
		log.Println(err)
		return
	}
	println(string(buf[:n]))
}

Thanks.

calmh · May 13, 2017, 7:55am

Having the client certificate and key lets the attacker impersonate the client, but not the server. The CA certificate doesn’t help with the impersonation at all. Having the CA private key would of course let the attacker generate new keys and certificates to impersonate anyone.

gilcon · May 13, 2017, 9:31am

@calmh thanks for the reply.

The CA private key will be keep in safe place so no problem with that.

But if the client and the server use grpc for communication, would it be that the impersonation will still fall into failure in attack? I am assuming this because if the server-client talk using grpc, the attacker will also need to know how the client-server talks. am I right? and if the attacker didn’t know the protocol used by the server, the impostor still don’t know how to talk to the server.

calmh · May 13, 2017, 11:32am

If they can do a MITM it’s trivial to figure out the protocol. Especially something as widespread and standard as grpc. But I’m hoping the client verifies the server’s certificate, which would fail in your scenario.

gilcon · May 13, 2017, 2:35pm

@calmh

could you point me out about this? please.

I am still new in golang. And I dont know which part of the code on client, that will cause on failing to verify the certificate.

calmh · May 14, 2017, 3:13pm

Your tls.Dial will fail if the server certificate doesn’t validate.

gilcon · May 15, 2017, 1:29am

@calmh

I am sorry, but I didn’t get it.
Is there a missing validation on the sample server main.go above?

thanks

calmh · May 15, 2017, 5:43am

No, it looks fine to me. Perhaps we are talking around each other? That the tls.Dial will fail if the server certificate is incorrect is a good thing.

gilcon · May 15, 2017, 6:08am

hmmm, if I understand it correctly, you mean that if the certificate on the server is invalid then the client will fail to validate it?

calmh · May 15, 2017, 6:15am

Yes

system · August 13, 2017, 6:27am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.