use secp256r1 if FFDHE named group is negotiated (#913)

mmaehren · web-flow · commit 62a4f09bc655 · 2022-07-06T09:21:38.000+02:00
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/ECDHClientKeyExchangePreparator.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/ECDHClientKeyExchangePreparator.java
@@ -88,7 +88,7 @@ protected void prepareClientServerRandom(T msg) {
     public void prepareAfterParse(boolean clientMode) {
         msg.prepareComputations();
         prepareClientServerRandom(msg);
-        NamedGroup usedGroup = chooser.getSelectedNamedGroup();
+        NamedGroup usedGroup = getSuitableNamedGroup();
         LOGGER.debug("PMS used Group: " + usedGroup.name());
         if (msg.getComputations().getPrivateKey() == null) {
             setComputationPrivateKey(msg, clientMode);
@@ -106,7 +106,7 @@ public void prepareAfterParse(boolean clientMode) {
     }
 
     private void setSerializedPublicKey() {
-        NamedGroup usedGroup = chooser.getSelectedNamedGroup();
+        NamedGroup usedGroup = getSuitableNamedGroup();
         LOGGER.debug("PublicKey used Group: " + usedGroup.name());
         ECPointFormat pointFormat = chooser.getConfig().getDefaultSelectedPointFormat();
         LOGGER.debug("EC Point format: " + pointFormat.name());
@@ -128,6 +128,16 @@ private void setSerializedPublicKey() {
         msg.setPublicKey(publicKeyBytes);
     }
 
+    private NamedGroup getSuitableNamedGroup() {
+        NamedGroup usedGroup = chooser.getSelectedNamedGroup();
+        if (!usedGroup.isCurve() || usedGroup.isGost()) {
+            usedGroup = NamedGroup.SECP256R1;
+            LOGGER.warn("Selected NamedGroup {} is not suitable for ECDHClientKeyExchange message. Using {} instead.",
+                chooser.getSelectedNamedGroup(), usedGroup);
+        }
+        return usedGroup;
+    }
+
     protected void setComputationPrivateKey(T msg, boolean clientMode) {
         if (clientMode) {
             LOGGER.debug("Using Client PrivateKey");
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/ECDHEServerKeyExchangePreparator.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/ECDHEServerKeyExchangePreparator.java
@@ -143,6 +143,12 @@ protected NamedGroup selectNamedGroup(T msg) {
                 }
             }
         }
+        if (!namedGroup.isCurve() || namedGroup.isGost()) {
+            NamedGroup previousNamedGroup = namedGroup;
+            namedGroup = NamedGroup.SECP256R1;
+            LOGGER.warn("NamedGroup {} is not suitable for ECDHEServerKeyExchange message. Using {} instead.",
+                previousNamedGroup, namedGroup);
+        }
         return namedGroup;
     }
 

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,12 @@ protected NamedGroup selectNamedGroup(T msg) {`
`143`	`143`	`}`
`144`	`144`	`}`
`145`	`145`	`}`
	`146`	`+ if (!namedGroup.isCurve() \|\| namedGroup.isGost()) {`
	`147`	`+ NamedGroup previousNamedGroup = namedGroup;`
	`148`	`+ namedGroup = NamedGroup.SECP256R1;`
	`149`	`+ LOGGER.warn("NamedGroup {} is not suitable for ECDHEServerKeyExchange message. Using {} instead.",`
	`150`	`+ previousNamedGroup, namedGroup);`
	`151`	`+ }`
`146`	`152`	`return namedGroup;`
`147`	`153`	`}`
`148`	`154`