- Increased the default value of invalid curve handshake loops

jurajsomorovsky · jurajsomorovsky · commit 01dcd144b255 · 2017-11-27T19:47:27.000+01:00
- Set Secure Renegotiation to true as default
diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/InvalidCurveAttackConfig.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/InvalidCurveAttackConfig.java
@@ -49,7 +49,7 @@ public class InvalidCurveAttackConfig extends AttackConfig {
     private int curveFieldSize = 32;
 
     @Parameter(names = "-protocol_flows", description = "Number of Protocol flows")
-    private int protocolFlows = 5;
+    private int protocolFlows = 15;
 
     // These are for scanning only
     @Parameter(names = "-premaster_secret", description = "Premaster Secret String (use 0x at the beginning for a hex value)", hidden = true, converter = BigIntegerConverter.class)
diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/ec/oracles/RealDirectMessageECOracle.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/ec/oracles/RealDirectMessageECOracle.java
@@ -87,6 +87,7 @@ public boolean checkSecretCorrectnes(Point ecPoint, BigInteger secret) {
         ModifiableByteArray pms = ModifiableVariableFactory.createByteArrayModifiableVariable();
         byte[] explicitePMS = BigIntegers.asUnsignedByteArray(curve.getKeyBits() / 8, secret);
         pms.setModification(ByteArrayModificationFactory.explicitValue(explicitePMS));
+        message.prepareComputations();
         message.getComputations().setPremasterSecret(pms);
 
         if (numberOfQueries % 100 == 0) {
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
@@ -481,7 +481,7 @@ public static Config mergeWithDefaultValues(Config c) {
     /**
      * If we generate ClientHello with RenegotiationInfo extension
      */
-    private Boolean addRenegotiationInfoExtension = false;
+    private Boolean addRenegotiationInfoExtension = true;
 
     /**
      * If we generate ClientHello with TokenBinding extension.
diff --git a/TLS-Core/src/main/resources/default_config.xml b/TLS-Core/src/main/resources/default_config.xml
@@ -209,7 +209,7 @@
     <addExtendedMasterSecretExtension>false</addExtendedMasterSecretExtension>
     <addSessionTicketTLSExtension>false</addSessionTicketTLSExtension>
     <addSignedCertificateTimestampExtension>false</addSignedCertificateTimestampExtension>
-    <addRenegotiationInfoExtension>false</addRenegotiationInfoExtension>
+    <addRenegotiationInfoExtension>true</addRenegotiationInfoExtension>
     <addTokenBindingExtension>false</addTokenBindingExtension>
     <addCertificateStatusRequestExtension>false</addCertificateStatusRequestExtension>
     <addAlpnExtension>false</addAlpnExtension>
diff --git a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/workflow/WorkflowTraceSerializerTest.java b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/workflow/WorkflowTraceSerializerTest.java
@@ -129,6 +129,7 @@ public void serializeWithSingleConnectionTest() {
             sb.append("                <extensions>\n");
             sb.append("                    <ECPointFormat/>\n");
             sb.append("                    <EllipticCurves/>\n");
+            sb.append("                    <RenegotiationInfoExtension/>\n");
             sb.append("                </extensions>\n");
             sb.append("            </ClientHello>\n");
             sb.append("        </messages>\n");
@@ -175,6 +176,7 @@ public void serializeWithSingleCustomConnectionTest() {
             sb.append("                <extensions>\n");
             sb.append("                    <ECPointFormat/>\n");
             sb.append("                    <EllipticCurves/>\n");
+            sb.append("                    <RenegotiationInfoExtension/>\n");
             sb.append("                </extensions>\n");
             sb.append("            </ClientHello>\n");
             sb.append("        </messages>\n");
@@ -233,6 +235,7 @@ public void serializeWithMultipleCustomConnectionTest() {
             sb.append("                <extensions>\n");
             sb.append("                    <ECPointFormat/>\n");
             sb.append("                    <EllipticCurves/>\n");
+            sb.append("                    <RenegotiationInfoExtension/>\n");
             sb.append("                </extensions>\n");
             sb.append("            </ClientHello>\n");
             sb.append("        </messages>\n");
diff --git a/TLS-Core/src/test/resources/test_good_workflow_trace_defaullt_alias.xml b/TLS-Core/src/test/resources/test_good_workflow_trace_defaullt_alias.xml
@@ -6,6 +6,7 @@
                 <extensions>
                     <ECPointFormat/>
                     <EllipticCurves/>
+                    <RenegotiationInfoExtension/>
                 </extensions>
             </ClientHello>
         </messages>
