Expand description
This module contains Trace
s consisting of several Step
s, of which each has either an
OutputAction
or InputAction
. This is a declarative way of modeling communication between
Agent
s. The TraceContext
holds data, also known as VariableData
, which is created by
Agent
s during the concrete execution of the Trace. It also holds the Agent
s with
the references to concrete PUT.
Serializability of Traces
Each trace is serializable to JSON or even binary data. This helps at reproducing discovered security vulnerabilities during fuzzing. If a trace triggers a security vulnerability we can store it on disk and replay it when investigating the case. As traces depend on concrete implementations as discussed in the next section we need to link serialized data like strings or numerical IDs to functions implemented in Rust.
Structs
InputAction
evaluates the recipe term and injects the newly produced message
into the inbound channel of the Agent
referenced through the corresponding Step
s
by calling add_to_inbound(...)
and then drives the state machine forward.crate::protocol::ExtractKnowledge::extract_knowledge
function
Knowledge is made of the data, the source of the output, the
TLS message type and the internal type.OutputAction
first forwards the state machine and then extracts knowledge from the
TLS messages produced by the underlying stream by calling take_message_from_outbound(...)
.
An output action is automatically called after each input step.TraceContext
contains a list of VariableData
, which is known as the knowledge
of the attacker. VariableData
can contain data of various types like for example
client and server extensions, cipher suits or session ID It also holds the concrete
references to the Agent
s and the underlying streams, which contain the messages
which have need exchanged and are not yet processed by an output step.Enums
OutputAction
and InputAction
differ.
Both actions drive the internal state machine of an Agent
forward by calling next_state()
.
The OutputAction
first forwards the state machine and then extracts knowledge from the
TLS messages produced by the underlying stream by calling take_message_from_outbound(...)
.
The InputAction
evaluates the recipe term and injects the newly produced message
into the inbound channel of the Agent
referenced through the corresponding Step
s
by calling add_to_inbound(...)
and then drives the state machine forward.
Therefore, the difference is that one step increases the knowledge of the attacker,
whereas the other action uses the available knowledge.