Merge branch 'master' into ocsp-last3.3.1

Author: ic0ns

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/BleichenbacherAttacker.java

@@ -109,7 +109,7 @@ public State executeTlsFlow(BleichenbacherWorkflowType type, byte[] encryptedPMS
     @Override
     public Boolean isVulnerable() {
         errorType = getEqualityError();
-        if (errorType != EqualityError.NONE) {
+        if (errorType != null && errorType != EqualityError.NONE) {
             vulnerableType = config.getWorkflowType();
             return true;
         }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java

@@ -72,10 +72,7 @@
 import java.math.BigInteger;
 import java.nio.charset.Charset;
 import java.security.PrivateKey;
-import java.util.ArrayList;
-import java.util.Arrays;
-import java.util.LinkedList;
-import java.util.List;
+import java.util.*;
 import javax.xml.bind.annotation.XmlAccessType;
 import javax.xml.bind.annotation.XmlAccessorType;
 import javax.xml.bind.annotation.XmlRootElement;
@@ -517,6 +514,11 @@ public static Config createEmptyConfig() {
      */
     private Boolean addSessionTicketTLSExtension = false;
 
+    /***
+     * If we generate ClientHello with extended Random Extension
+     */
+    private Boolean addExtendedRandomExtension = false;
+
     /**
      * If we generate ClientHello with SignedCertificateTimestamp extension
      */
@@ -883,6 +885,14 @@ public static Config createEmptyConfig() {
     @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultPreMasterSecret = new byte[0];
 
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
+    private byte[] defaultClientExtendedRandom = ArrayConverter
+            .hexStringToByteArray("AABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABB");
+
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
+    private byte[] defaultServerExtendedRandom = ArrayConverter
+            .hexStringToByteArray("AABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABBCCDDEEFFAABB");
+
     @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultClientRandom = ArrayConverter
             .hexStringToByteArray("00112233445566778899AABBCCDDEEFFFFEEDDCCBBAA99887766554433221100");
@@ -891,6 +901,10 @@ public static Config createEmptyConfig() {
     private byte[] defaultServerRandom = ArrayConverter
             .hexStringToByteArray("00112233445566778899AABBCCDDEEFFFFEEDDCCBBAA99887766554433221100");
 
+    // Parse Extensions of Type 40 as key share extension instead of
+    // Extended Random like in TLS13-Drafts 14 - 22.
+    private Boolean parseKeyShareOld = true;
+
     @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultClientSessionId = new byte[0];
 
@@ -1126,6 +1140,13 @@ public static Config createEmptyConfig() {
 
     private ECPointFormat defaultSelectedPointFormat = ECPointFormat.UNCOMPRESSED;
 
+    /**
+     * Private Key of the Client for the EncryptedServerNameIndication
+     * extension.
+     */
+    private BigInteger defaultEsniClientPrivateKey = new BigInteger(
+            "191991257030464195512760799659436374116556484140110877679395918219072292938297573720808302564562486757422301181089761");
+
     /**
      * Supported Ciphersuites for EncryptedServerNameIndication extension.
      */
@@ -1408,6 +1429,14 @@ public void setUseFreshRandom(Boolean useFreshRandom) {
         this.useFreshRandom = useFreshRandom;
     }
 
+    public Boolean isParseKeyShareOld() {
+        return parseKeyShareOld;
+    }
+
+    public void setParseKeyShareOld(boolean parseKeyShareOld) {
+        this.parseKeyShareOld = parseKeyShareOld;
+    }
+
     public Boolean isUseAllProvidedRecords() {
         return useAllProvidedRecords;
     }
@@ -1853,6 +1882,30 @@ public void setDefaultSelectedCompressionMethod(CompressionMethod defaultSelecte
         this.defaultSelectedCompressionMethod = defaultSelectedCompressionMethod;
     }
 
+    public boolean isAddExtendedRandomExtension() {
+        return this.addExtendedRandomExtension;
+    }
+
+    public void setAddExtendedRandomExtension(boolean addExtendedRandomExtension) {
+        this.addExtendedRandomExtension = addExtendedRandomExtension;
+    }
+
+    public byte[] getDefaultClientExtendedRandom() {
+        return Arrays.copyOf(defaultClientExtendedRandom, defaultClientExtendedRandom.length);
+    }
+
+    public byte[] getDefaultServerExtendedRandom() {
+        return Arrays.copyOf(defaultServerExtendedRandom, defaultServerExtendedRandom.length);
+    }
+
+    public void setDefaultClientExtendedRandom(byte[] defaultClientExtendedRandom) {
+        this.defaultClientExtendedRandom = defaultClientExtendedRandom;
+    }
+
+    public void setDefaultServerExtendedRandom(byte[] defaultServerExtendedRandom) {
+        this.defaultServerExtendedRandom = defaultServerExtendedRandom;
+    }
+
     public byte[] getDefaultServerRandom() {
         return Arrays.copyOf(defaultServerRandom, defaultServerRandom.length);
     }
@@ -3599,4 +3652,13 @@ public String getKeylogFilePath() {
     public void setKeylogFilePath(String keylogFilePath) {
         this.keylogFilePath = keylogFilePath;
     }
+
+    public BigInteger getDefaultEsniClientPrivateKey() {
+        return defaultEsniClientPrivateKey;
+    }
+
+    public void setDefaultEsniClientPrivateKey(BigInteger defaultEsniClientPrivateKey) {
+        this.defaultEsniClientPrivateKey = defaultEsniClientPrivateKey;
+    }
+
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/ExtensionByteLength.java

@@ -51,6 +51,10 @@ public class ExtensionByteLength {
      * ServerNameListLength in the ServerNameIndicationExtension
      */
     public static final int SERVER_NAME_LIST = 2;
+    /**
+     * ExtendedRandomLength in the ExtendedRandomExtension
+     */
+    public static final int EXTENDED_RANDOM_LENGTH = 2;
     /**
      * KeyShareGroup length in the KeySahreExtension
      */

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/ExtensionType.java

@@ -46,6 +46,9 @@ public enum ExtensionType {
     PWD_CLEAR(new byte[] { (byte) 0, (byte) 30 }),
     PASSWORD_SALT(new byte[] { (byte) 0, (byte) 31 }),
     SESSION_TICKET(new byte[] { (byte) 0, (byte) 35 }),
+    EXTENDED_RANDOM(new byte[] { (byte) 0, (byte) 40 }), // Shares same IANA ID
+                                                         // as old keyshare
+                                                         // extension.
     KEY_SHARE_OLD(new byte[] { (byte) 0, (byte) 40 }), // This is the keyshare
                                                        // extension before TLS
                                                        // 1.3 Draft 23
@@ -139,6 +142,7 @@ public static List<ExtensionType> getSendable() {
         list.add(EXTENDED_MASTER_SECRET);
         list.add(HEARTBEAT);
         list.add(KEY_SHARE);
+        list.add(EXTENDED_RANDOM);
         list.add(MAX_FRAGMENT_LENGTH);
         list.add(PADDING);
         list.add(PRE_SHARED_KEY);
@@ -177,6 +181,7 @@ public static List<ExtensionType> getReceivable() {
         list.add(EXTENDED_MASTER_SECRET);
         list.add(HEARTBEAT);
         list.add(KEY_SHARE);
+        list.add(EXTENDED_RANDOM);
         list.add(MAX_FRAGMENT_LENGTH);
         list.add(PADDING);
         list.add(PRE_SHARED_KEY);
@@ -217,6 +222,7 @@ public static List<ExtensionType> getImplemented() {
         list.add(TOKEN_BINDING);
         list.add(RENEGOTIATION_INFO);
         list.add(HEARTBEAT);
+        list.add(EXTENDED_RANDOM);
         return list;
     }
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/ProtocolVersion.java

@@ -11,12 +11,8 @@
 
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.tlsattacker.core.exceptions.UnknownProtocolVersionException;
-import java.util.Arrays;
-import java.util.HashMap;
-import java.util.LinkedList;
-import java.util.List;
-import java.util.Map;
-import java.util.Random;
+
+import java.util.*;
 
 public enum ProtocolVersion {
 
@@ -181,4 +177,5 @@ public boolean usesExplicitIv() {
         return this == ProtocolVersion.TLS11 || this == ProtocolVersion.TLS12 || this == ProtocolVersion.DTLS10
                 || this == ProtocolVersion.DTLS12;
     }
+
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/https/HttpsRequestHandler.java

@@ -20,7 +20,8 @@ public HttpsRequestHandler(TlsContext tlsContext) {
 
     @Override
     public HttpsRequestParser getParser(byte[] message, int pointer) {
-        return new HttpsRequestParser(pointer, message, tlsContext.getChooser().getSelectedProtocolVersion());
+        return new HttpsRequestParser(pointer, message, tlsContext.getChooser().getSelectedProtocolVersion(),
+                tlsContext.getConfig());
     }
 
     @Override

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/https/HttpsRequestParser.java

@@ -9,6 +9,7 @@
  */
 package de.rub.nds.tlsattacker.core.https;
 
+import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.exceptions.ParserException;
 import de.rub.nds.tlsattacker.core.https.header.HttpsHeader;
@@ -22,8 +23,8 @@ public class HttpsRequestParser extends ProtocolMessageParser<HttpsRequestMessag
 
     private static final Logger LOGGER = LogManager.getLogger();
 
-    public HttpsRequestParser(int pointer, byte[] array, ProtocolVersion version) {
-        super(pointer, array, version);
+    public HttpsRequestParser(int pointer, byte[] array, ProtocolVersion version, Config config) {
+        super(pointer, array, version, config);
     }
 
     @Override

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/https/HttpsResponseHandler.java

@@ -20,7 +20,8 @@ public HttpsResponseHandler(TlsContext tlsContext) {
 
     @Override
     public HttpsResponseParser getParser(byte[] message, int pointer) {
-        return new HttpsResponseParser(pointer, message, tlsContext.getChooser().getSelectedProtocolVersion());
+        return new HttpsResponseParser(pointer, message, tlsContext.getChooser().getSelectedProtocolVersion(),
+                tlsContext.getConfig());
     }
 
     @Override

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/https/HttpsResponseParser.java

@@ -9,6 +9,7 @@
  */
 package de.rub.nds.tlsattacker.core.https;
 
+import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.exceptions.ParserException;
 import de.rub.nds.tlsattacker.core.https.header.HttpsHeader;
@@ -22,8 +23,8 @@ public class HttpsResponseParser extends ProtocolMessageParser<HttpsResponseMess
 
     private static final Logger LOGGER = LogManager.getLogger();
 
-    public HttpsResponseParser(int pointer, byte[] array, ProtocolVersion version) {
-        super(pointer, array, version);
+    public HttpsResponseParser(int pointer, byte[] array, ProtocolVersion version, Config config) {
+        super(pointer, array, version, config);
     }
 
     @Override

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/AlertHandler.java

@@ -28,7 +28,7 @@ public AlertHandler(TlsContext tlsContext) {
 
     @Override
     public AlertParser getParser(byte[] message, int pointer) {
-        return new AlertParser(pointer, message, tlsContext.getChooser().getLastRecordVersion());
+        return new AlertParser(pointer, message, tlsContext.getChooser().getLastRecordVersion(), tlsContext.getConfig());
     }
 
     @Override