Merge pull request #389 from RUB-NDS/Tls13HandshakeFix

ic0ns · web-flow · commit 2148311b7990 · 2017-12-11T12:16:41.000+01:00
Tls13 1-RTT handshake fix
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/FinishedHandler.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/FinishedHandler.java
@@ -11,6 +11,7 @@
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.DigestAlgorithm;
+import de.rub.nds.tlsattacker.core.constants.ExtensionType;
 import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
 import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
 import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
@@ -60,7 +61,8 @@ public void adjustTLSContext(FinishedMessage message) {
                 } else {
                     setClientRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
                 }
-            } else if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {
+            } else if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT
+                    || tlsContext.isExtensionNegotiated(ExtensionType.EARLY_DATA) == false) {
                 setClientRecordCipher(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
             }
         }
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/ClientHelloMessage.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/ClientHelloMessage.java
@@ -131,9 +131,6 @@ public ClientHelloMessage(Config tlsConfig) {
         if (tlsConfig.isAddPSKKeyExchangeModesExtension()) {
             addExtension(new PSKKeyExchangeModesExtensionMessage(tlsConfig));
         }
-        if (tlsConfig.isAddPreSharedKeyExtension()) {
-            addExtension(new PreSharedKeyExtensionMessage(tlsConfig));
-        }
         if (tlsConfig.isAddExtendedMasterSecretExtension()) {
             addExtension(new ExtendedMasterSecretExtensionMessage());
         }
@@ -200,6 +197,10 @@ public ClientHelloMessage(Config tlsConfig) {
         if (tlsConfig.isAddCertificateStatusRequestV2Extension()) {
             addExtension(new CertificateStatusRequestV2ExtensionMessage());
         }
+        if (tlsConfig.isAddPreSharedKeyExtension()) {
+            addExtension(new PreSharedKeyExtensionMessage(tlsConfig));
+        }
+        // In TLS 1.3, the PSK ext has to be the last ClientHello extension
     }
 
     public ModifiableInteger getCompressionLength() {

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`	`import de.rub.nds.modifiablevariable.util.ArrayConverter;`
`12`	`12`	`import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;`
`13`	`13`	`import de.rub.nds.tlsattacker.core.constants.DigestAlgorithm;`
	`14`	`+import de.rub.nds.tlsattacker.core.constants.ExtensionType;`
`14`	`15`	`import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;`
`15`	`16`	`import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;`
`16`	`17`	`import de.rub.nds.tlsattacker.core.crypto.HKDFunction;`
`@@ -60,7 +61,8 @@ public void adjustTLSContext(FinishedMessage message) {`
`60`	`61`	`} else {`
`61`	`62`	`setClientRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);`
`62`	`63`	`}`
`63`		`- } else if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {`
	`64`	`+ } else if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT`
	`65`	`+ \|\| tlsContext.isExtensionNegotiated(ExtensionType.EARLY_DATA) == false) {`
`64`	`66`	`setClientRecordCipher(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);`
`65`	`67`	`}`
`66`	`68`	`}`
Original file line number	Diff line number	Diff line change
`@@ -131,9 +131,6 @@ public ClientHelloMessage(Config tlsConfig) {`
`131`	`131`	`if (tlsConfig.isAddPSKKeyExchangeModesExtension()) {`
`132`	`132`	`addExtension(new PSKKeyExchangeModesExtensionMessage(tlsConfig));`
`133`	`133`	`}`
`134`		`- if (tlsConfig.isAddPreSharedKeyExtension()) {`
`135`		`- addExtension(new PreSharedKeyExtensionMessage(tlsConfig));`
`136`		`- }`
`137`	`134`	`if (tlsConfig.isAddExtendedMasterSecretExtension()) {`
`138`	`135`	`addExtension(new ExtendedMasterSecretExtensionMessage());`
`139`	`136`	`}`
`@@ -200,6 +197,10 @@ public ClientHelloMessage(Config tlsConfig) {`
`200`	`197`	`if (tlsConfig.isAddCertificateStatusRequestV2Extension()) {`
`201`	`198`	`addExtension(new CertificateStatusRequestV2ExtensionMessage());`
`202`	`199`	`}`
	`200`	`+ if (tlsConfig.isAddPreSharedKeyExtension()) {`
	`201`	`+ addExtension(new PreSharedKeyExtensionMessage(tlsConfig));`
	`202`	`+ }`
	`203`	`+ // In TLS 1.3, the PSK ext has to be the last ClientHello extension`
`203`	`204`	`}`
`204`	`205`
`205`	`206`	`public ModifiableInteger getCompressionLength() {`