Merge pull request #579 from RUB-NDS/montgomeryCurveFix

Montgomery curve fix

Author: ic0ns

TLS-Core/pom.xml

@@ -73,7 +73,7 @@
             <plugin>
                 <groupId>org.jacoco</groupId>
                 <artifactId>jacoco-maven-plugin</artifactId>
-                <version>0.7.9</version>
+                <version>0.8.4</version>
                 <reportSets>
                     <reportSet>
                         <reports>

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/ec/CurveFactory.java

@@ -18,6 +18,7 @@ public class CurveFactory {
      *
      * @param name
      *            The name of the curve, that should be returned.
+     * @return EllipticCurve for the provided NamedGroup
      */
     public static EllipticCurve getCurve(NamedGroup name) {
         switch (name) {
@@ -78,7 +79,8 @@ public static EllipticCurve getCurve(NamedGroup name) {
             case SECT571R1:
                 return new EllipticCurveSECT571R1();
             default:
-                throw new UnsupportedOperationException("The provided curve '" + name + "' is not supported.");
+                throw new UnsupportedOperationException("The provided group '" + name
+                        + "' is not supported by this method.");
 
         }
     }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/ECDHClientKeyExchangeHandler.java

@@ -9,6 +9,7 @@
 package de.rub.nds.tlsattacker.core.protocol.handler;
 
 import de.rub.nds.tlsattacker.core.constants.NamedGroup;
+import de.rub.nds.tlsattacker.core.crypto.ec.FieldElementF2m;
 import de.rub.nds.tlsattacker.core.crypto.ec.Point;
 import de.rub.nds.tlsattacker.core.crypto.ec.PointFormatter;
 import de.rub.nds.tlsattacker.core.protocol.message.ECDHClientKeyExchangeMessage;
@@ -57,7 +58,10 @@ private void adjustClientPublicKey(ECDHClientKeyExchangeMessage message) {
         NamedGroup usedGroup = tlsContext.getChooser().getSelectedNamedGroup();
         if (usedGroup == NamedGroup.ECDH_X25519 || usedGroup == NamedGroup.ECDH_X448) {
             LOGGER.debug("Adjusting Montgomery EC PublicKey");
-            tlsContext.setClientEcPublicKey(Point.createPoint(new BigInteger(serializedPoint), null, usedGroup));
+            // TODO This is only a temporary solution. Montgomory Curves need to
+            // be integrated into the new EC framework
+            tlsContext.setClientEcPublicKey(new Point(new FieldElementF2m(new BigInteger(serializedPoint), null),
+                    new FieldElementF2m(new BigInteger(serializedPoint), null)));
         } else {
             LOGGER.debug("Adjusting EC Point");
             Point publicKey = PointFormatter.formatFromByteArray(usedGroup, serializedPoint);

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/ECDHEServerKeyExchangeHandler.java

@@ -10,6 +10,7 @@
 
 import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.NamedGroup;
+import de.rub.nds.tlsattacker.core.crypto.ec.FieldElementF2m;
 import de.rub.nds.tlsattacker.core.crypto.ec.Point;
 import de.rub.nds.tlsattacker.core.crypto.ec.PointFormatter;
 import de.rub.nds.tlsattacker.core.protocol.message.ECDHEServerKeyExchangeMessage;
@@ -61,8 +62,11 @@ protected void adjustECParameter(ECDHEServerKeyExchangeMessage message) {
         }
         if (group == NamedGroup.ECDH_X448 || group == NamedGroup.ECDH_X25519) {
             LOGGER.debug("Adjusting Montgomery EC Point");
-            Point publicKey = Point.createPoint(new BigInteger(message.getPublicKey().getValue()), null, group);
-            tlsContext.setServerEcPublicKey(publicKey);
+            // TODO This is only a temporary solution. Montgomory Curves need to
+            // be integrated into the new EC framework
+            tlsContext.setServerEcPublicKey(new Point(new FieldElementF2m(new BigInteger(message.getPublicKey()
+                    .getValue()), null), new FieldElementF2m(new BigInteger(message.getPublicKey().getValue()), null)));
+
         } else if (group != null) {
             LOGGER.debug("Adjusting EC Point");
             Point publicKeyPoint = PointFormatter.formatFromByteArray(group, message.getPublicKey().getValue());

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/extension/SignatureAndHashAlgorithmsExtensionHandler.java

@@ -44,7 +44,7 @@ public void adjustTLSExtensionContext(SignatureAndHashAlgorithmsExtensionMessage
             byte[] algoBytes = Arrays.copyOfRange(signatureAndHashBytes, i, i
                     + HandshakeByteLength.SIGNATURE_HASH_ALGORITHM);
             SignatureAndHashAlgorithm algo = SignatureAndHashAlgorithm.getSignatureAndHashAlgorithm(algoBytes);
-            if (algo.getSignatureAlgorithm() == null || algo.getHashAlgorithm() == null) {
+            if (algo == null || algo.getSignatureAlgorithm() == null || algo.getHashAlgorithm() == null) {
                 LOGGER.warn("Unknown SignatureAndHashAlgorithm:" + ArrayConverter.bytesToHexString(algoBytes));
             } else {
                 algoList.add(algo);

Transport/src/main/java/de/rub/nds/tlsattacker/transport/TransportHandlerFactory.java

@@ -28,15 +28,15 @@ public static TransportHandler createTransportHandler(Connection con) {
         switch (con.getTransportHandlerType()) {
             case TCP:
                 if (localConEndType == ConnectionEndType.CLIENT) {
-                    return new ClientTcpTransportHandler(timeout, con.getHostname(), con.getPort());
+                    return new ClientTcpTransportHandler(timeout, con.getIp(), con.getPort());
                 } else {
                     return new ServerTcpTransportHandler(timeout, con.getPort());
                 }
             case EAP_TLS:
                 throw new UnsupportedOperationException("EAP_TLS is currently not supported");
             case UDP:
                 if (localConEndType == ConnectionEndType.CLIENT) {
-                    return new ClientUdpTransportHandler(timeout, con.getHostname(), con.getPort());
+                    return new ClientUdpTransportHandler(timeout, con.getIp(), con.getPort());
                 } else {
                     return new ServerUdpTransportHandler(timeout, con.getPort());
                 }
@@ -50,26 +50,26 @@ public static TransportHandler createTransportHandler(Connection con) {
                 throw new UnsupportedOperationException("STREAM TransportHandler can only be created manually");
             case TCP_TIMING:
                 if (localConEndType == ConnectionEndType.CLIENT) {
-                    return new TimingClientTcpTransportHandler(timeout, con.getHostname(), con.getPort());
+                    return new TimingClientTcpTransportHandler(timeout, con.getIp(), con.getPort());
                 } else {
                     return new TimingServerTcpTransportHandler(timeout, con.getPort());
                 }
             case UDP_TIMING:
                 if (localConEndType == ConnectionEndType.CLIENT) {
-                    return new TimingClientUdpTransportHandler(timeout, con.getHostname(), con.getPort());
+                    return new TimingClientUdpTransportHandler(timeout, con.getIp(), con.getPort());
                 } else {
                     return new TimingServerUdpTransportHandler(timeout, con.getPort());
                 }
             case TCP_PROXY_TIMING:
                 if (localConEndType == ConnectionEndType.CLIENT) {
-                    return new TimingProxyClientTcpTransportHandler(timeout, con.getHostname(), con.getPort());
+                    return new TimingProxyClientTcpTransportHandler(timeout, con.getIp(), con.getPort());
                 } else {
                     throw new UnsupportedOperationException(
                             "TCP_PROXY_TIMING for server sockets is currently not supported");
                 }
             case TCP_NO_DELAY:
                 if (localConEndType == ConnectionEndType.CLIENT) {
-                    return new ClientTcpNoDelayTransportHandler(timeout, con.getHostname(), con.getPort());
+                    return new ClientTcpNoDelayTransportHandler(timeout, con.getIp(), con.getPort());
                 } else {
                     throw new UnsupportedOperationException(
                             "This transport handler type is only supported in client mode");

Transport/src/main/java/de/rub/nds/tlsattacker/transport/tcp/ClientTcpTransportHandler.java

@@ -29,7 +29,7 @@ public class ClientTcpTransportHandler extends TransportHandler {
 
     public ClientTcpTransportHandler(Connection connection) {
         super(connection.getTimeout(), ConnectionEndType.CLIENT);
-        this.hostname = connection.getHostname();
+        this.hostname = connection.getIp();
         this.port = connection.getPort();
         this.connectionTimeout = 60000;
     }