Merge pull request #565 from RUB-NDS/rsaVersionField

ic0ns · web-flow · commit 8e40553c9f47 · 2019-05-19T21:34:48.000+02:00
added rsa pms protocol version field as modifiable variable
diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # TLS-Attacker
 
-[![release](https://img.shields.io/badge/Release-v2.9-blue.svg)](https://github.com/RUB-NDS/TLS-Attacker/releases)
+[![release](https://img.shields.io/badge/Release-v3.0-blue.svg)](https://github.com/RUB-NDS/TLS-Attacker/releases)
 ![licence](https://img.shields.io/badge/License-Apachev2-brightgreen.svg)
 [![travis](https://travis-ci.org/RUB-NDS/TLS-Attacker.svg?branch=master)](https://travis-ci.org/RUB-NDS/TLS-Attacker)
 
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/RSAClientComputations.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/RSAClientComputations.java
@@ -19,6 +19,9 @@ public class RSAClientComputations extends KeyExchangeComputations {
 
     private static final Logger LOGGER = LogManager.getLogger();
 
+    @ModifiableVariableProperty(type = ModifiableVariableProperty.Type.KEY_MATERIAL)
+    private ModifiableByteArray premasterSecretProtocolVersion;
+
     @ModifiableVariableProperty(format = ModifiableVariableProperty.Format.PKCS1, type = ModifiableVariableProperty.Type.KEY_MATERIAL)
     private ModifiableByteArray plainPaddedPremasterSecret;
 
@@ -53,6 +56,19 @@ public void setPadding(byte[] padding) {
         this.padding = ModifiableVariableFactory.safelySetValue(this.padding, padding);
     }
 
+    public ModifiableByteArray getPremasterSecretProtocolVersion() {
+        return premasterSecretProtocolVersion;
+    }
+
+    public void setPremasterSecretProtocolVersion(ModifiableByteArray premasterSecretProtocolVersion) {
+        this.premasterSecretProtocolVersion = premasterSecretProtocolVersion;
+    }
+
+    public void setPremasterSecretProtocolVersion(byte[] premasterSecretProtocolVersion) {
+        this.premasterSecretProtocolVersion = ModifiableVariableFactory.safelySetValue(
+                this.premasterSecretProtocolVersion, premasterSecretProtocolVersion);
+    }
+
     @Override
     public void setSecretsInConfig(Config config) {
         LOGGER.debug("Nothing to do here, since the client has no private key");
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/RSAClientKeyExchangePreparator.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/RSAClientKeyExchangePreparator.java
@@ -52,11 +52,16 @@ protected byte[] generatePremasterSecret() {
             LOGGER.debug("Using preset PreMasterSecret from context.");
             return tempPremasterSecret;
         }
-        tempPremasterSecret = new byte[HandshakeByteLength.PREMASTER_SECRET];
-        chooser.getContext().getRandom().nextBytes(tempPremasterSecret);
-        tempPremasterSecret[0] = chooser.getHighestClientProtocolVersion().getMajor();
-        tempPremasterSecret[1] = chooser.getHighestClientProtocolVersion().getMinor();
-        return tempPremasterSecret;
+        msg.getComputations().setPremasterSecretProtocolVersion(chooser.getHighestClientProtocolVersion().getValue());
+        if (msg.getComputations().getPremasterSecretProtocolVersion().getValue().length > HandshakeByteLength.PREMASTER_SECRET) {
+            return msg.getComputations().getPlainPaddedPremasterSecret().getValue();
+        } else {
+            tempPremasterSecret = new byte[HandshakeByteLength.PREMASTER_SECRET
+                    - msg.getComputations().getPremasterSecretProtocolVersion().getValue().length];
+            chooser.getContext().getRandom().nextBytes(tempPremasterSecret);
+            return ArrayConverter.concatenate(msg.getComputations().getPremasterSecretProtocolVersion().getValue(),
+                    tempPremasterSecret);
+        }
     }
 
     protected RSAPublicKey generateFreshKey() {
@@ -158,6 +163,11 @@ public void prepareAfterParse(boolean clientMode) {
                         paddedPremasterSecret.length);
                 premasterSecret = manipulatePremasterSecret(premasterSecret);
                 preparePremasterSecret(msg);
+                if (premasterSecret.length > 2) {
+                    msg.getComputations().setPremasterSecretProtocolVersion(Arrays.copyOfRange(premasterSecret, 0, 2));
+                } else {
+                    LOGGER.warn("Decrypted PMS is not long enough to contain protocol version bytes");
+                }
             } else {
                 LOGGER.warn("RandomByteLength too short! Using empty premasterSecret!");
                 premasterSecret = new byte[0];
