A fix which should make the majority-vote oracle redundant

paulfiterau · paulfiterau · commit bf2254bfa9d9 · 2019-10-16T15:09:05.000+02:00
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
@@ -1114,6 +1114,12 @@ public static Config createEmptyConfig() {
             .hexStringToByteArray("963c77cdc13a2a8d75cdddd1e0449929843711c21d47ce6e6383cdda37e47da3");
 
     private ECPointFormat defaultSelectedPointFormat = ECPointFormat.UNCOMPRESSED;
+    
+    /**
+     * TLS-Attacker will parse encrypted messages with invalid MAC or padding
+     * as unknown if this option is set.
+     */
+    private Boolean doNotParseInvalidMacOrPadMessages = false;
 
     Config() {
         defaultClientConnection = new OutboundConnection("client", 443, "localhost");
@@ -3349,4 +3355,12 @@ public Boolean isAddPWDProtectExtension() {
     public void setAddPWDProtectExtension(Boolean addPWDProtectExtension) {
         this.addPWDProtectExtension = addPWDProtectExtension;
     }
+    
+    public Boolean isDoNotParseInvalidMacOrPadMessages() {
+    	return doNotParseInvalidMacOrPadMessages;
+    }
+    
+    public void setDoNotParseInvalidMacOrPadMessages(Boolean doNotParseInvalidMacOrPadMessages) {
+    	this.doNotParseInvalidMacOrPadMessages = doNotParseInvalidMacOrPadMessages;
+    }
 }
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/ReceiveMessageHelper.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/ReceiveMessageHelper.java
@@ -30,7 +30,10 @@
 import de.rub.nds.tlsattacker.core.protocol.message.HandshakeMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.ProtocolMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.SSL2HandshakeMessage;
+import de.rub.nds.tlsattacker.core.protocol.message.UnknownMessage;
 import de.rub.nds.tlsattacker.core.record.AbstractRecord;
+import de.rub.nds.tlsattacker.core.record.cipher.RecordNullCipher;
+import de.rub.nds.tlsattacker.core.record.layer.RecordLayerType;
 import de.rub.nds.tlsattacker.core.state.TlsContext;
 import de.rub.nds.tlsattacker.transport.ConnectionEndType;
 import java.io.ByteArrayOutputStream;
@@ -224,19 +227,24 @@ private List<AbstractRecord> parseRecords(byte[] recordBytes, TlsContext context
     }
 
     public MessageParsingResult parseMessages(RecordGroup recordGroup, TlsContext context) {
-        byte[] cleanProtocolMessageBytes = recordGroup.getCleanBytes();
+        
         // Due to TLS 1.3 Encrypted Type it might be necessary to look for
         // new groups here
         List<ProtocolMessage> messages = new LinkedList<>();
         List<DtlsHandshakeMessageFragment> messageFragments = new LinkedList<>();
         for (RecordGroup group : RecordGroup.generateRecordGroups(recordGroup.getRecords(), context)) {
+        	boolean parseAsUnknown = false; 
+        	if ( context.getConfig().isDoNotParseInvalidMacOrPadMessages() ) {
+        		parseAsUnknown = group.isMacOrPadInvalid(context);
+        	}
+        	byte[] cleanProtocolMessageBytes = recordGroup.getCleanBytes();
 
             if (context.getChooser().getSelectedProtocolVersion().isDTLS()) {
                 // if the protocol is DTLS, parsing HANDSHAKE messages results
                 // in fragments.
                 if (group.getProtocolMessageType() == ProtocolMessageType.HANDSHAKE) {
                     List<ProtocolMessage> parsedMessages = handleCleanBytes(cleanProtocolMessageBytes,
-                            group.getProtocolMessageType(), context, true, true);
+                            group.getProtocolMessageType(), context, true, true, parseAsUnknown);
                     for (ProtocolMessage parsedMessage : parsedMessages) {
                         // we need this check since there might be
                         // "unknown messages", note, we do not maintain ordering
@@ -258,25 +266,30 @@ public MessageParsingResult parseMessages(RecordGroup recordGroup, TlsContext co
                     boolean onlyParse = isInOrder ? false : context.getConfig().isDtlsUpdateOnOutOfOrder() ? false
                             : true;
                     List<ProtocolMessage> parsedMessages = handleCleanBytes(cleanProtocolMessageBytes,
-                            group.getProtocolMessageType(), context, onlyParse, false);
+                            group.getProtocolMessageType(), context, onlyParse, false, parseAsUnknown);
                     if (isInOrder || !context.getConfig().isDtlsExcludeOutOfOrder()) {
                         messages.addAll(parsedMessages);
                     }
                 }
             } else {
                 List<ProtocolMessage> parsedMessages = handleCleanBytes(cleanProtocolMessageBytes,
-                        group.getProtocolMessageType(), context, false, false);
+                        group.getProtocolMessageType(), context, false, false, parseAsUnknown);
                 messages.addAll(parsedMessages);
             }
         }
         return new MessageParsingResult(messages, messageFragments);
     }
 
     private List<ProtocolMessage> handleCleanBytes(byte[] cleanProtocolMessageBytes,
-            ProtocolMessageType typeFromRecord, TlsContext context, boolean onlyParse,
-            boolean handleHandshakeAsDtlsFragments) {
+            ProtocolMessageType typeFromRecord, TlsContext context, 
+            boolean onlyParse, boolean handleHandshakeAsDtlsFragments, boolean parseAsUnknown) {
         int dataPointer = 0;
         List<ProtocolMessage> receivedMessages = new LinkedList<>();
+        if (parseAsUnknown) {
+            ParserResult result = tryHandleAsUnknownMessage(cleanProtocolMessageBytes, 0, context);
+            receivedMessages.add(result.getMessage());
+            return receivedMessages;
+        }
         while (dataPointer < cleanProtocolMessageBytes.length) {
             ParserResult result = null;
             try {
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/RecordGroup.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/RecordGroup.java
@@ -113,6 +113,17 @@ public void adjustContext(TlsContext context) {
             record.adjustContext(context);
         }
     }
+    
+    public boolean isMacOrPadInvalid(TlsContext context) {
+    	for (AbstractRecord record : getRecords()) {
+    		if (record instanceof Record) {
+    			if (Boolean.FALSE.equals(((Record) record).getComputations().getMacValid())
+    					|| Boolean.FALSE.equals(((Record) record).getComputations().getPaddingValid())) 
+    				return true;
+    		}
+        }
+    	return false;
+    }
 
     private boolean addRecord(AbstractRecord record) {
         boolean isFitting = false;
