Merge pull request #608 from RUB-NDS/isRequiredFix

Optional messages fix

Author: ic0ns

Attacks/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.3.1</version>
+        <version>3.4.0</version>
     </parent>
     <artifactId>Attacks</artifactId>
     <packaging>jar</packaging>

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/config/InvalidCurveAttackConfig.java

@@ -345,6 +345,7 @@ public Config createConfig() {
         config.setStopActionsAfterFatal(true);
         config.setStopReceivingAfterFatal(true);
         config.setEarlyStop(true);
+        config.setStopActionsAfterIOException(true);
         config.setAddECPointFormatExtension(true);
         config.setAddEllipticCurveExtension(true);
         config.setAddServerNameIndicationExtension(true);

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/ec/TwistedCurvePoint.java

@@ -106,15 +106,13 @@ public enum TwistedCurvePoint {
                     16)),
     // X-Curves use point of order 4 for evaluation of server behavior
     X25519Twist(
-            new BigInteger("2AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD2450", 16),
+            new BigInteger("7fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffec", 16),
             new BigInteger("5B8545C0F22DFADE38855A5CD1228352F134A9E655D637C03704BDE426506941", 16),
             new BigInteger("4"),
             NamedGroup.ECDH_X25519,
             new BigInteger("CA6648A697DC4F37B1BB5C5809E9F265332D9C6138371C0809B54D69C303AC7", 16)),
     X448Twist(
-            new BigInteger(
-                    "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0000000000000000000000000000000000000000000000000000CB8D",
-                    16),
+            new BigInteger("1", 16),
             new BigInteger(
                     "9A6A7C05A0FA5E28F5804F2A40D7E9D4411FAA289AD9C54ACEFA9D5EAD8C5E1A0041CFBCA155921E66D4BDEC85414FFE42C18EFFEF918CB5",
                     16),

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/InvalidCurveAttacker.java

@@ -162,9 +162,6 @@ public Boolean isVulnerable() {
         for (int i = 1; i <= protocolFlows; i++) {
             setPremasterSecret(curve, i, point);
             InvalidCurveTask taskToAdd = new InvalidCurveTask(buildState(), executor.getReexecutions(), i);
-            if (config.isAttackInRenegotiation() && getTlsConfig().getHighestProtocolVersion() == ProtocolVersion.TLS13) {
-                taskToAdd.setResolveTls13CCSdiscrepancy(true);
-            }
             taskList.add(taskToAdd);
         }
         executor.bulkExecuteTasks(taskList);
@@ -175,9 +172,12 @@ private void setPremasterSecret(EllipticCurve curve, int i, Point point) {
         if (config.getPremasterSecret() != null) {
             premasterSecret = config.getPremasterSecret();
         } else {
-            // note that we're testing the congruences of the DECODED scalar
-            // for RFC7748 curves
-            Point sharedPoint = curve.mult(new BigInteger("" + i), point);
+            BigInteger secret = new BigInteger("" + i);
+            if (config.getNamedGroup() == NamedGroup.ECDH_X25519 || config.getNamedGroup() == NamedGroup.ECDH_X448) {
+                RFC7748Curve rfcCurve = (RFC7748Curve) CurveFactory.getCurve(config.getNamedGroup());
+                secret = rfcCurve.decodeScalar(secret);
+            }
+            Point sharedPoint = curve.mult(secret, point);
             if (sharedPoint.getX() == null) {
                 premasterSecret = BigInteger.ZERO;
             } else {

Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/task/InvalidCurveTask.java

@@ -41,8 +41,6 @@ public class InvalidCurveTask extends TlsTask {
 
     private Point receivedEcKey;
 
-    private boolean resolveTls13CCSdiscrepancy;
-
     public InvalidCurveTask(State state, int reexecutions, int appliedSecret) {
         super(reexecutions);
         this.appliedSecret = appliedSecret;
@@ -60,10 +58,6 @@ public void execute() {
             WorkflowExecutor executor = new DefaultWorkflowExecutor(getState());
             executor.executeWorkflow();
 
-            if (resolveTls13CCSdiscrepancy) {
-                allowTls13CCS(getState());
-            }
-
             if (getState().getTlsContext().getServerEcPublicKey() != null) {
                 receivedEcKey = getState().getTlsContext().getServerEcPublicKey();
             }
@@ -93,41 +87,6 @@ public Point getReceivedEcKey() {
         return receivedEcKey;
     }
 
-    /**
-     * @return the resolveTls13CCSdiscrepancy
-     */
-    public boolean isResolveTls13CCSdiscrepancy() {
-        return resolveTls13CCSdiscrepancy;
-    }
-
-    /**
-     * @param resolveTls13CCSdiscrepancy
-     *            the resolveTls13CCSdiscrepancy to set
-     */
-    public void setResolveTls13CCSdiscrepancy(boolean resolveTls13CCSdiscrepancy) {
-        this.resolveTls13CCSdiscrepancy = resolveTls13CCSdiscrepancy;
-    }
-
-    /**
-     * Tries to resolve a Workflow Trace conflict when a server sent a CCS
-     * message to maintain backward compatibility in a TLS 1.3 handshake
-     */
-    private void allowTls13CCS(State state) {
-        ReceiveAction firstServerMessages = null;
-        WorkflowTrace trace = state.getWorkflowTrace();
-        for (TlsAction action : trace.getTlsActions()) {
-            if (action instanceof ReceiveAction) {
-                firstServerMessages = (ReceiveAction) action;
-                break;
-            }
-        }
-        if (firstServerMessages != null && !firstServerMessages.executedAsPlanned()
-                && firstServerMessages.getReceivedMessages().get(1) instanceof ChangeCipherSpecMessage) {
-            firstServerMessages.getExpectedMessages().add(1, new ChangeCipherSpecMessage());
-            LOGGER.debug("Tried to resolve workflow trace discrepancy for unexpected CCS in TLS 1.3 handshake");
-        }
-    }
-
     /**
      * @return the state
      */

TLS-Client/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.3.1</version>
+        <version>3.4.0</version>
     </parent>
     <name>TLS-Client</name>
     <artifactId>TLS-Client</artifactId>

TLS-Core/pom.xml

@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.3.1</version>
+        <version>3.4.0</version>
     </parent>
     <artifactId>TLS-Core</artifactId>
     <packaging>jar</packaging>

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java

@@ -10,6 +10,7 @@
 
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.modifiablevariable.util.ByteArrayAdapter;
+import de.rub.nds.modifiablevariable.util.UnformattedByteArrayAdapter;
 import de.rub.nds.tlsattacker.core.certificate.CertificateKeyPair;
 import de.rub.nds.tlsattacker.core.connection.InboundConnection;
 import de.rub.nds.tlsattacker.core.connection.OutboundConnection;
@@ -134,7 +135,7 @@ public static Config createEmptyConfig() {
         return c;
     }
 
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultHandshakeSecret = new byte[32];
 
     private CertificateKeyType preferedCertificateSignatureType = CertificateKeyType.RSA;
@@ -260,28 +261,28 @@ public static Config createEmptyConfig() {
      * SessionTLSTicket for the SessionTLSTicketExtension. It's an empty session
      * ticket since we initiate a new connection.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] tlsSessionTicket = new byte[0];
 
     /**
      * Renegotiation info for the RenegotiationInfo extension for the Client.
      * It's an empty info since we initiate a new connection.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultClientRenegotiationInfo = new byte[0];
 
     /**
      * Renegotiation info for the RenegotiationInfo extension for the Client.
      * It's an empty info since we initiate a new connection.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultServerRenegotiationInfo = new byte[0];
 
     /**
      * SignedCertificateTimestamp for the SignedCertificateTimestampExtension.
      * It's an emty timestamp, since the server sends it.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultSignedCertificateTimestamp = new byte[0];
 
     /**
@@ -302,24 +303,24 @@ public static Config createEmptyConfig() {
     /**
      * This is the responder ID list of the CertificateStatusRequest extension
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] certificateStatusRequestExtensionResponderIDList = new byte[0];
 
     /**
      * This is the request extension of the CertificateStatusRequest extension
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] certificateStatusRequestExtensionRequestExtension = new byte[0];
 
     /**
      * Default ALPN announced protocols
      */
-    private String[] alpnAnnouncedProtocols = new String[]{"h2"};
+    private String[] alpnAnnouncedProtocols = new String[] { "h2" };
 
     /**
      * Default SRP Identifier
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] secureRemotePasswordExtensionIdentifier = "UserName".getBytes(Charset.forName("UTF-8"));
 
     /**
@@ -331,7 +332,7 @@ public static Config createEmptyConfig() {
     /**
      * Default SRTP extension master key identifier
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] secureRealTimeTransportProtocolMasterKeyIdentifier = new byte[0];
 
     /**
@@ -623,19 +624,19 @@ public static Config createEmptyConfig() {
     /**
      * The PSK to use.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] psk = new byte[0];
 
     /**
      * The client's early traffic secret.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] clientEarlyTrafficSecret = new byte[128];
 
     /**
      * The early secret of the session.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] earlySecret = new byte[256];
 
     /**
@@ -646,7 +647,7 @@ public static Config createEmptyConfig() {
     /**
      * The psk used for early data (!= earlySecret or earlyTrafficSecret).
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] earlyDataPsk = new byte[256];
 
     /**
@@ -662,10 +663,10 @@ public static Config createEmptyConfig() {
     /**
      * Early data to be sent.
      */
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] earlyData = ArrayConverter.hexStringToByteArray("544c532d41747461636b65720a");
 
-    @XmlJavaTypeAdapter(ByteArrayAdapter.class)
+    @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] distinguishedNames = new byte[0];
 
     private Boolean enforceSettings = false;
@@ -763,7 +764,7 @@ public static Config createEmptyConfig() {
      * How much padding bytes should be send by default
      */
     @XmlJavaTypeAdapter(ByteArrayAdapter.class)
-    private byte[] defaultPaddingExtensionBytes = new byte[]{0, 0, 0, 0, 0, 0};
+    private byte[] defaultPaddingExtensionBytes = new byte[] { 0, 0, 0, 0, 0, 0 };
 
     /**
      * How long should our DTLSCookies be by default
@@ -2886,7 +2887,8 @@ public byte[] getEarlyData() {
     }
 
     /**
-     * @param earlyData the earlyData to set
+     * @param earlyData
+     *            the earlyData to set
      */
     public void setEarlyData(byte[] earlyData) {
         this.earlyData = earlyData;
@@ -2900,7 +2902,8 @@ public List<PskSet> getDefaultPskSets() {
     }
 
     /**
-     * @param defaultPskSets the defaultPskSets to set
+     * @param defaultPskSets
+     *            the defaultPskSets to set
      */
     public void setDefaultPskSets(List<PskSet> defaultPskSets) {
         this.defaultPskSets = defaultPskSets;
@@ -2914,7 +2917,8 @@ public byte[] getPsk() {
     }
 
     /**
-     * @param psk the psk to set
+     * @param psk
+     *            the psk to set
      */
     public void setPsk(byte[] psk) {
         this.psk = psk;
@@ -2928,7 +2932,8 @@ public byte[] getDefaultSessionTicketAgeAdd() {
     }
 
     /**
-     * @param defaultSessionTicketAgeAdd the defaultSessionTicketAgeAdd to set
+     * @param defaultSessionTicketAgeAdd
+     *            the defaultSessionTicketAgeAdd to set
      */
     public void setDefaultSessionTicketAgeAdd(byte[] defaultSessionTicketAgeAdd) {
         this.defaultSessionTicketAgeAdd = defaultSessionTicketAgeAdd;
@@ -2942,7 +2947,8 @@ public byte[] getDefaultSessionTicketNonce() {
     }
 
     /**
-     * @param defaultSessionTicketNonce the defaultSessionTicketNonce to set
+     * @param defaultSessionTicketNonce
+     *            the defaultSessionTicketNonce to set
      */
     public void setDefaultSessionTicketNonce(byte[] defaultSessionTicketNonce) {
         this.defaultSessionTicketNonce = defaultSessionTicketNonce;
@@ -2956,8 +2962,8 @@ public byte[] getDefaultSessionTicketIdentity() {
     }
 
     /**
-     * @param defaultSessionTicketIdentity the defaultSessionTicketIdentity to
-     * set
+     * @param defaultSessionTicketIdentity
+     *            the defaultSessionTicketIdentity to set
      */
     public void setDefaultSessionTicketIdentity(byte[] defaultSessionTicketIdentity) {
         this.defaultSessionTicketIdentity = defaultSessionTicketIdentity;
@@ -2971,7 +2977,8 @@ public byte[] getClientEarlyTrafficSecret() {
     }
 
     /**
-     * @param clientEarlyTrafficSecret the clientEarlyTrafficSecret to set
+     * @param clientEarlyTrafficSecret
+     *            the clientEarlyTrafficSecret to set
      */
     public void setClientEarlyTrafficSecret(byte[] clientEarlyTrafficSecret) {
         this.clientEarlyTrafficSecret = clientEarlyTrafficSecret;
@@ -2985,7 +2992,8 @@ public byte[] getEarlySecret() {
     }
 
     /**
-     * @param earlySecret the earlySecret to set
+     * @param earlySecret
+     *            the earlySecret to set
      */
     public void setEarlySecret(byte[] earlySecret) {
         this.earlySecret = earlySecret;
@@ -2999,7 +3007,8 @@ public CipherSuite getEarlyDataCipherSuite() {
     }
 
     /**
-     * @param earlyDataCipherSuite the earlyDataCipherSuite to set
+     * @param earlyDataCipherSuite
+     *            the earlyDataCipherSuite to set
      */
     public void setEarlyDataCipherSuite(CipherSuite earlyDataCipherSuite) {
         this.earlyDataCipherSuite = earlyDataCipherSuite;
@@ -3013,7 +3022,8 @@ public byte[] getEarlyDataPsk() {
     }
 
     /**
-     * @param earlyDataPsk the earlyDataPsk to set
+     * @param earlyDataPsk
+     *            the earlyDataPsk to set
      */
     public void setEarlyDataPsk(byte[] earlyDataPsk) {
         this.earlyDataPsk = earlyDataPsk;
@@ -3027,7 +3037,8 @@ public Boolean isUsePsk() {
     }
 
     /**
-     * @param usePsk the usePsk to set
+     * @param usePsk
+     *            the usePsk to set
      */
     public void setUsePsk(Boolean usePsk) {
         this.usePsk = usePsk;