Added duplicate detection functionality

paulfiterau · paulfiterau · commit 16631fe72733 · 2019-10-27T14:49:06.000+01:00
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
@@ -789,6 +789,11 @@ public static Config createEmptyConfig() {
      */
     private boolean dtlsUpdateOnOutOfOrder = false;
 
+    /**
+     * Exclude messages with same
+     */
+    private boolean dtlsExcludeDuplicates = false;
+
     private WorkflowExecutorType workflowExecutorType = WorkflowExecutorType.DEFAULT;
 
     /**
@@ -1755,6 +1760,14 @@ public void setDtlsExcludeOutOfOrder(boolean dtlsDtlsExcludeOutOfOrder) {
         this.dtlsExcludeOutOfOrder = dtlsDtlsExcludeOutOfOrder;
     }
 
+    public boolean isDtlsExcludeDuplicates() {
+        return dtlsExcludeDuplicates;
+    }
+
+    public void setDtlsExcludeDuplicates(boolean dtlsExcludeDuplicates) {
+        this.dtlsExcludeDuplicates = dtlsExcludeDuplicates;
+    }
+
     public boolean isDtlsUpdateOnOutOfOrder() {
         return dtlsUpdateOnOutOfOrder;
     }
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/MessageCache.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/dtls/MessageCache.java
@@ -0,0 +1,71 @@
+package de.rub.nds.tlsattacker.core.dtls;
+
+import java.util.Arrays;
+import java.util.HashSet;
+import java.util.Set;
+
+import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage;
+import de.rub.nds.tlsattacker.core.workflow.action.executor.DtlsMessageInformation;
+
+public class MessageCache {
+
+    private Set<MessageKey> keys = new HashSet<>();
+
+    public MessageCache() {
+    }
+
+    public void addMessage(ProtocolMessage message, DtlsMessageInformation info) {
+        keys.add(new MessageKey(message, info));
+    }
+
+    public boolean hasMessage(ProtocolMessage message, DtlsMessageInformation info) {
+        return keys.contains(new MessageKey(message, info));
+    }
+
+    static class MessageKey {
+
+        private byte[] messageBytes;
+        private Integer messageSequence;
+        private Integer epochNumber;
+
+        public MessageKey(ProtocolMessage message, DtlsMessageInformation info) {
+            messageBytes = message.getCompleteResultingMessage().getValue();
+            messageSequence = info.getMessageSequence();
+            epochNumber = info.getEpoch();
+        }
+
+        @Override
+        public int hashCode() {
+            final int prime = 31;
+            int result = 1;
+            result = prime * result + ((epochNumber == null) ? 0 : epochNumber.hashCode());
+            result = prime * result + Arrays.hashCode(messageBytes);
+            result = prime * result + ((messageSequence == null) ? 0 : messageSequence.hashCode());
+            return result;
+        }
+
+        @Override
+        public boolean equals(Object obj) {
+            if (this == obj)
+                return true;
+            if (obj == null)
+                return false;
+            if (getClass() != obj.getClass())
+                return false;
+            MessageKey other = (MessageKey) obj;
+            if (epochNumber == null) {
+                if (other.epochNumber != null)
+                    return false;
+            } else if (!epochNumber.equals(other.epochNumber))
+                return false;
+            if (!Arrays.equals(messageBytes, other.messageBytes))
+                return false;
+            if (messageSequence == null) {
+                if (other.messageSequence != null)
+                    return false;
+            } else if (!messageSequence.equals(other.messageSequence))
+                return false;
+            return true;
+        }
+    }
+}
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/state/TlsContext.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/state/TlsContext.java
@@ -37,6 +37,7 @@
 import de.rub.nds.tlsattacker.core.crypto.MessageDigestCollector;
 import de.rub.nds.tlsattacker.core.crypto.ec.Point;
 import de.rub.nds.tlsattacker.core.dtls.FragmentManager;
+import de.rub.nds.tlsattacker.core.dtls.MessageCache;
 import de.rub.nds.tlsattacker.core.exceptions.ConfigurationException;
 import de.rub.nds.tlsattacker.core.exceptions.TransportHandlerConnectException;
 import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage;
@@ -483,6 +484,11 @@ public class TlsContext {
      */
     private FragmentManager dtlsFragmentManager;
 
+    /**
+     * message cache used for duplication detection;
+     */
+    private MessageCache dtlsMessageCache;
+
     /**
      * supported protocol versions
      */
@@ -659,6 +665,7 @@ private void init(Config config, AliasedConnection connection) {
         messageBuffer = new LinkedList<>();
         recordBuffer = new LinkedList<>();
         dtlsFragmentManager = new FragmentManager(config);
+        dtlsMessageCache = new MessageCache();
     }
 
     public Chooser getChooser() {
@@ -1300,6 +1307,10 @@ public FragmentManager getDtlsFragmentManager() {
         return dtlsFragmentManager;
     }
 
+    public MessageCache getDtlsMessageCache() {
+        return dtlsMessageCache;
+    }
+
     public void increaseDtlsNextReceiveSequenceNumber() {
         dtlsNextReceiveSequenceNumber++;
     }
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/ReceiveMessageHelper.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/ReceiveMessageHelper.java
@@ -470,8 +470,11 @@ private List<ProtocolMessage> processDtlsFragments(List<DtlsHandshakeMessageFrag
                         && fragment.getMessageSeq().getValue() == context.getDtlsNextReceiveSequenceNumber()) {
                     manager.clearFragmentedMessage(fragmentedMessage.getMessageSeq().getValue(), epoch);
                     HandshakeMessage message = processFragmentedMessage(fragmentedMessage, context, true);
+                    DtlsMessageInformation info = new DtlsMessageInformation(epoch, fragmentedMessage.getMessageSeq()
+                            .getValue());
+                    context.getDtlsMessageCache().addMessage(message, info);
                     messages.add(message);
-                    dtlsInfos.add(new DtlsMessageInformation(epoch, fragmentedMessage.getMessageSeq().getValue()));
+                    dtlsInfos.add(info);
                     if (message.getHandshakeMessageType() == HandshakeMessageType.FINISHED) {
                         context.setDtlsNextReceiveSequenceNumber(0);
                     } else {
@@ -489,8 +492,18 @@ private List<ProtocolMessage> processDtlsFragments(List<DtlsHandshakeMessageFrag
                             .isDtlsUpdateOnOutOfOrder());
                     manager.clearFragmentedMessage(fragmentedMessage.getMessageSeq().getValue(), epoch);
                     if (!context.getConfig().isDtlsExcludeOutOfOrder()) {
-                        messages.add(message);
-                        dtlsInfos.add(new DtlsMessageInformation(epoch, fragmentedMessage.getMessageSeq().getValue()));
+                        DtlsMessageInformation info = new DtlsMessageInformation(epoch, fragmentedMessage
+                                .getMessageSeq().getValue());
+
+                        // if the exclude duplicate option is disabled, or the
+                        // message is not a duplicate
+                        // w.r.t. bytes, epoch and sequence number
+                        if (!context.getConfig().isDtlsExcludeDuplicates()
+                                || !context.getDtlsMessageCache().hasMessage(message, info)) {
+                            context.getDtlsMessageCache().addMessage(message, info);
+                            messages.add(message);
+                            dtlsInfos.add(info);
+                        }
                     }
                 }
             }
