DTLS fix for decrypting using wrong record

Author: paulfiterau

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/cipher/RecordAEADCipher.java

@@ -176,6 +176,7 @@ private byte[] decryptTLS12(DecryptionRequest decryptionRequest) throws CryptoEx
         byte[] nonce;
         byte[] data;
         if (cipherSuite.usesStrictExplicitIv()) {
+        	// TODO In the case of DTLS, we should get the sequence number from the record
             nonce = ArrayConverter.longToBytes(context.getReadSequenceNumber(), SEQUENCE_NUMBER_LENGTH);
             data = decryptionRequest.getCipherText();
         } else {

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/record/crypto/RecordDecryptor.java

@@ -64,7 +64,11 @@ public void decrypt(Record record) throws CryptoException {
             record.getComputations().setCipherKey(
                     recordCipher.getKeySet().getReadKey(context.getChooser().getConnectionEndType()));
         }
-        record.getComputations().setSequenceNumber(BigInteger.valueOf(context.getReadSequenceNumber()));
+        if (context.getChooser().getSelectedProtocolVersion().isDTLS()) {
+            record.getComputations().setSequenceNumber(record.getSequenceNumber().getValue());
+        } else {
+            record.getComputations().setSequenceNumber(BigInteger.valueOf(context.getReadSequenceNumber()));
+        }
         byte[] encrypted = record.getProtocolMessageBytes().getValue();
         CipherSuite cipherSuite = context.getChooser().getSelectedCipherSuite();
         prepareNonMetaDataMaced(record, encrypted);

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/ReceiveMessageHelper.java

@@ -227,17 +227,17 @@ private List<AbstractRecord> parseRecords(byte[] recordBytes, TlsContext context
     }
 
     public MessageParsingResult parseMessages(RecordGroup recordGroup, TlsContext context) {
-        
+
         // Due to TLS 1.3 Encrypted Type it might be necessary to look for
         // new groups here
         List<ProtocolMessage> messages = new LinkedList<>();
         List<DtlsHandshakeMessageFragment> messageFragments = new LinkedList<>();
         for (RecordGroup group : RecordGroup.generateRecordGroups(recordGroup.getRecords(), context)) {
-        	boolean parseAsUnknown = false; 
-        	if ( context.getConfig().isDoNotParseInvalidMacOrPadMessages() ) {
-        		parseAsUnknown = group.isMacOrPadInvalid(context);
-        	}
-        	byte[] cleanProtocolMessageBytes = recordGroup.getCleanBytes();
+            boolean parseAsUnknown = false;
+            if (context.getConfig().isDoNotParseInvalidMacOrPadMessages()) {
+                parseAsUnknown = group.isMacOrPadInvalid(context);
+            }
+            byte[] cleanProtocolMessageBytes = recordGroup.getCleanBytes();
 
             if (context.getChooser().getSelectedProtocolVersion().isDTLS()) {
                 // if the protocol is DTLS, parsing HANDSHAKE messages results
@@ -281,8 +281,8 @@ public MessageParsingResult parseMessages(RecordGroup recordGroup, TlsContext co
     }
 
     private List<ProtocolMessage> handleCleanBytes(byte[] cleanProtocolMessageBytes,
-            ProtocolMessageType typeFromRecord, TlsContext context, 
-            boolean onlyParse, boolean handleHandshakeAsDtlsFragments, boolean parseAsUnknown) {
+            ProtocolMessageType typeFromRecord, TlsContext context, boolean onlyParse,
+            boolean handleHandshakeAsDtlsFragments, boolean parseAsUnknown) {
         int dataPointer = 0;
         List<ProtocolMessage> receivedMessages = new LinkedList<>();
         if (parseAsUnknown) {

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/action/executor/RecordGroup.java

@@ -113,16 +113,16 @@ public void adjustContext(TlsContext context) {
             record.adjustContext(context);
         }
     }
-    
+
     public boolean isMacOrPadInvalid(TlsContext context) {
-    	for (AbstractRecord record : getRecords()) {
-    		if (record instanceof Record) {
-    			if (Boolean.FALSE.equals(((Record) record).getComputations().getMacValid())
-    					|| Boolean.FALSE.equals(((Record) record).getComputations().getPaddingValid())) 
-    				return true;
-    		}
+        for (AbstractRecord record : getRecords()) {
+            if (record instanceof Record) {
+                if (Boolean.FALSE.equals(((Record) record).getComputations().getMacValid())
+                        || Boolean.FALSE.equals(((Record) record).getComputations().getPaddingValid()))
+                    return true;
+            }
         }
-    	return false;
+        return false;
     }
 
     private boolean addRecord(AbstractRecord record) {