Update decryptIv when using implicit IVs (e.g. in TLS 1.0) (#385)

jderuiter · ic0ns · commit 74885a57ddb0 · 2017-11-30T16:21:09.000+01:00
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/cipher/RecordBlockCipher.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/cipher/RecordBlockCipher.java
@@ -115,16 +115,17 @@ public EncryptionResult encrypt(EncryptionRequest request) throws CryptoExceptio
                             .getJavaName()), encryptIv);
             ciphertext = encryptCipher.update(request.getPlainText());
             if (!useExplicitIv) {
-                setNextIv(ciphertext);
+                setNextEncryptIv(ciphertext);
             }
+            LOGGER.debug("encryptIv: " + ArrayConverter.bytesToHexString(encryptIv.getIV()));
             return new EncryptionResult(encryptIv.getIV(), ciphertext, useExplicitIv);
 
         } catch (InvalidKeyException | InvalidAlgorithmParameterException ex) {
             throw new CryptoException(ex);
         }
     }
 
-    private void setNextIv(byte[] ciphertext) {
+    private void setNextEncryptIv(byte[] ciphertext) {
         encryptIv = new IvParameterSpec(Arrays.copyOfRange(ciphertext,
                 ciphertext.length - encryptCipher.getBlockSize(), ciphertext.length));
     }
@@ -145,23 +146,35 @@ public byte[] decrypt(byte[] data) throws CryptoException {
             ConnectionEndType localConEndType = context.getConnection().getLocalConnectionEndType();
             if (useExplicitIv) {
                 decryptIv = new IvParameterSpec(Arrays.copyOf(data, decryptCipher.getBlockSize()));
+                LOGGER.debug("decryptionIV: " + ArrayConverter.bytesToHexString(decryptIv.getIV()));
+
                 decryptCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(getKeySet().getReadKey(localConEndType),
                         bulkCipherAlg.getJavaName()), decryptIv);
                 plaintext = decryptCipher.doFinal(Arrays.copyOfRange(data, decryptCipher.getBlockSize(), data.length));
             } else {
                 decryptIv = new IvParameterSpec(getDecryptionIV());
+                LOGGER.debug("decryptionIV: " + ArrayConverter.bytesToHexString(decryptIv.getIV()));
+
                 decryptCipher.init(Cipher.DECRYPT_MODE, new SecretKeySpec(getKeySet().getReadKey(localConEndType),
                         bulkCipherAlg.getJavaName()), decryptIv);
                 plaintext = decryptCipher.doFinal(data);
+
+                // Set next IV
+                setNextDecryptIv(data);
             }
-            LOGGER.debug("decryptionIV: " + ArrayConverter.bytesToHexString(decryptIv.getIV()));
+
             return plaintext;
         } catch (BadPaddingException | IllegalBlockSizeException | InvalidAlgorithmParameterException
                 | InvalidKeyException | UnsupportedOperationException ex) {
             throw new CryptoException(ex);
         }
     }
 
+    private void setNextDecryptIv(byte[] ciphertext) {
+        decryptIv = new IvParameterSpec(Arrays.copyOfRange(ciphertext,
+                ciphertext.length - decryptCipher.getBlockSize(), ciphertext.length));
+    }
+
     @Override
     public int getMacLength() {
         return readMac.getMacLength();
