tls-attacker
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/HandshakeByteLength.java‎
Lines changed: 5 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/HandshakeByteLength.java‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/HandshakeMessageType.java‎
Lines changed: 1 addition & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/HandshakeMessageType.java‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/KeyUpdateRequest.java‎
Lines changed: 31 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/KeyUpdateRequest.java‎
Lines changed: 31 additions & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/HKDFunction.java‎
Lines changed: 2 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/crypto/HKDFunction.java‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/KeyUpdateHandler.java‎
Lines changed: 209 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/KeyUpdateHandler.java‎
Lines changed: 209 additions & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/factory/HandlerFactory.java‎
Lines changed: 3 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/factory/HandlerFactory.java‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/KeyUpdateMessage.java‎
Lines changed: 60 additions & 0 deletions b/‎TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/KeyUpdateMessage.java‎
Lines changed: 60 additions & 0 deletions
@@ -254,6 +254,11 @@ public class HandshakeByteLength {
      */
     public static final int CERTIFICATE_STATUS_RESPONSE_LENGTH = 3;
 
+    /**
+     * KeyUpdate Message Length
+     */
+    public static final int KEY_UPDATE_LENGTH = 1;
+
     private HandshakeByteLength() {
     }
 }
@@ -37,6 +37,7 @@ public enum HandshakeMessageType {
     CERTIFICATE_VERIFY((byte) 15),
     CLIENT_KEY_EXCHANGE((byte) 16),
     FINISHED((byte) 20),
+    KEY_UPDATE((byte) 24),
     CERTIFICATE_STATUS((byte) 22),
     SUPPLEMENTAL_DATA((byte) 23),
     MESSAGE_HASH((byte) 254);
 
@@ -0,0 +1,31 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
+ * and Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+package de.rub.nds.tlsattacker.core.constants;
+
+import de.rub.nds.modifiablevariable.ModifiableVariableFactory;
+import de.rub.nds.modifiablevariable.singlebyte.ModifiableByte;
+
+public enum KeyUpdateRequest {
+
+    UPDATE_NOT_REQUESTED((byte) 0),
+    UPDATE_REQUESTED((byte) 1);
+
+    private ModifiableByte requestUpdate;
+
+    private KeyUpdateRequest(byte requestUpdate) {
+        this.requestUpdate = ModifiableVariableFactory.safelySetValue(this.requestUpdate, requestUpdate);
+    }
+
+    public byte getValue() {
+        return requestUpdate.getValue();
+    }
+
+}
@@ -60,6 +60,8 @@ public class HKDFunction {
 
     public static final String RESUMPTION = "resumption";
 
+    public static final String TRAFFICUPD = "traffic upd";
+
     private HKDFunction() {
     }
 
 
@@ -0,0 +1,209 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
+ * and Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+package de.rub.nds.tlsattacker.core.protocol.handler;
+
+import de.rub.nds.modifiablevariable.util.ArrayConverter;
+import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
+import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
+import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
+import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
+import de.rub.nds.tlsattacker.core.exceptions.AdjustmentException;
+import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
+import de.rub.nds.tlsattacker.core.protocol.message.KeyUpdateMessage;
+import de.rub.nds.tlsattacker.core.protocol.parser.KeyUpdateParser;
+import de.rub.nds.tlsattacker.core.protocol.parser.ProtocolMessageParser;
+import de.rub.nds.tlsattacker.core.protocol.preparator.KeyUpdatePreparator;
+import de.rub.nds.tlsattacker.core.protocol.preparator.ProtocolMessagePreparator;
+import de.rub.nds.tlsattacker.core.protocol.serializer.KeyUpdateSerializer;
+import de.rub.nds.tlsattacker.core.protocol.serializer.ProtocolMessageSerializer;
+import de.rub.nds.tlsattacker.core.record.cipher.RecordCipher;
+import de.rub.nds.tlsattacker.core.record.cipher.RecordCipherFactory;
+import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySet;
+import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySetGenerator;
+import de.rub.nds.tlsattacker.core.state.TlsContext;
+import de.rub.nds.tlsattacker.transport.ConnectionEndType;
+
+import java.security.NoSuchAlgorithmException;
+
+import javax.crypto.Mac;
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+public class KeyUpdateHandler extends HandshakeMessageHandler<KeyUpdateMessage> {
+
+    private static final Logger LOGGER = LogManager.getLogger();
+
+    public KeyUpdateHandler(TlsContext tlsContext) {
+        super(tlsContext);
+    }
+
+    @Override
+    public void adjustTLSContext(KeyUpdateMessage message) {
+        if (tlsContext.getChooser().getTalkingConnectionEnd() != tlsContext.getChooser().getConnectionEndType()) {
+            adjustApplicationTrafficSecrets();
+            setRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
+        }
+    }
+
+    @Override
+    public void adjustTlsContextAfterSerialize(KeyUpdateMessage message) {
+        adjustApplicationTrafficSecrets();
+        setRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
+    }
+
+    @Override
+    public ProtocolMessageParser getParser(byte[] message, int pointer) {
+        return new KeyUpdateParser(pointer, message, tlsContext.getChooser().getSelectedProtocolVersion(),
+            tlsContext.getConfig());
+
+    }
+
+    @Override
+    public ProtocolMessagePreparator getPreparator(KeyUpdateMessage message) {
+        return new KeyUpdatePreparator(tlsContext.getChooser(), message);
+    }
+
+    @Override
+    public ProtocolMessageSerializer getSerializer(KeyUpdateMessage message) {
+        return new KeyUpdateSerializer(message, tlsContext.getChooser().getSelectedProtocolVersion());
+    }
+
+    private void adjustApplicationTrafficSecrets() {
+        HKDFAlgorithm hkdfAlgortihm =
+            AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser().getSelectedCipherSuite());
+
+        try {
+            Mac mac = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName());
+
+            if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT) {
+
+                byte[] clientApplicationTrafficSecret =
+                    HKDFunction.expandLabel(hkdfAlgortihm, tlsContext.getClientApplicationTrafficSecret(),
+                        HKDFunction.TRAFFICUPD, new byte[0], mac.getMacLength());
+
+                tlsContext.setClientApplicationTrafficSecret(clientApplicationTrafficSecret);
+                LOGGER.debug("Set clientApplicationTrafficSecret in Context to "
+                    + ArrayConverter.bytesToHexString(clientApplicationTrafficSecret));
+
+            } else {
+
+                byte[] serverApplicationTrafficSecret =
+                    HKDFunction.expandLabel(hkdfAlgortihm, tlsContext.getServerApplicationTrafficSecret(),
+                        HKDFunction.TRAFFICUPD, new byte[0], mac.getMacLength());
+
+                tlsContext.setServerApplicationTrafficSecret(serverApplicationTrafficSecret);
+                LOGGER.debug("Set serverApplicationTrafficSecret in Context to "
+                    + ArrayConverter.bytesToHexString(serverApplicationTrafficSecret));
+
+            }
+
+        } catch (NoSuchAlgorithmException | CryptoException ex) {
+            throw new AdjustmentException(ex);
+        }
+    }
+
+    private KeySet getKeySet(TlsContext context, Tls13KeySetType keySetType) {
+        try {
+            LOGGER.debug("Generating new KeySet");
+            KeySet keySet =
+                KeySetGenerator.generateKeySet(context, context.getChooser().getSelectedProtocolVersion(), keySetType);
+
+            return keySet;
+        } catch (NoSuchAlgorithmException | CryptoException ex) {
+            throw new UnsupportedOperationException("The specified Algorithm is not supported", ex);
+        }
+    }
+
+    private void setRecordCipher(Tls13KeySetType keySetType) {
+        try {
+            int AEAD_IV_LENGTH = 12;
+            KeySet keySet;
+            HKDFAlgorithm hkdfAlgortihm =
+                AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser().getSelectedCipherSuite());
+
+            if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT) {
+
+                tlsContext.setActiveClientKeySetType(keySetType);
+                LOGGER.debug("Setting cipher for client to use " + keySetType);
+                keySet = getKeySet(tlsContext, tlsContext.getActiveClientKeySetType());
+
+            } else {
+                tlsContext.setActiveServerKeySetType(keySetType);
+                LOGGER.debug("Setting cipher for server to use " + keySetType);
+                keySet = getKeySet(tlsContext, tlsContext.getActiveServerKeySetType());
+            }
+
+            if (tlsContext.getChooser().getTalkingConnectionEnd() == tlsContext.getChooser().getConnectionEndType()) {
+
+                if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {
+
+                    keySet.setClientWriteIv(HKDFunction.expandLabel(hkdfAlgortihm,
+                        tlsContext.getClientApplicationTrafficSecret(), HKDFunction.IV, new byte[0], AEAD_IV_LENGTH));
+
+                    keySet.setClientWriteKey(HKDFunction.expandLabel(hkdfAlgortihm, tlsContext
+                        .getClientApplicationTrafficSecret(), HKDFunction.KEY, new byte[0], AlgorithmResolver
+                        .getCipher(tlsContext.getChooser().getSelectedCipherSuite()).getKeySize()));
+                } else {
+
+                    keySet.setServerWriteIv(HKDFunction.expandLabel(hkdfAlgortihm,
+                        tlsContext.getServerApplicationTrafficSecret(), HKDFunction.IV, new byte[0], AEAD_IV_LENGTH));
+
+                    keySet.setServerWriteKey(HKDFunction.expandLabel(hkdfAlgortihm, tlsContext
+                        .getServerApplicationTrafficSecret(), HKDFunction.KEY, new byte[0], AlgorithmResolver
+                        .getCipher(tlsContext.getChooser().getSelectedCipherSuite()).getKeySize()));
+                }
+
+                RecordCipher recordCipherClient =
+                    RecordCipherFactory.getRecordCipher(tlsContext, keySet, tlsContext.getChooser()
+                        .getSelectedCipherSuite());
+                tlsContext.getRecordLayer().setRecordCipher(recordCipherClient);
+
+                tlsContext.setWriteSequenceNumber(0);
+                tlsContext.getRecordLayer().updateEncryptionCipher();
+
+            } else if (tlsContext.getChooser().getTalkingConnectionEnd() != tlsContext.getChooser()
+                .getConnectionEndType()) {
+
+                if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.SERVER) {
+
+                    keySet.setServerWriteIv(HKDFunction.expandLabel(hkdfAlgortihm,
+                        tlsContext.getServerApplicationTrafficSecret(), HKDFunction.IV, new byte[0], AEAD_IV_LENGTH));
+
+                    keySet.setServerWriteKey(HKDFunction.expandLabel(hkdfAlgortihm, tlsContext
+                        .getServerApplicationTrafficSecret(), HKDFunction.KEY, new byte[0], AlgorithmResolver
+                        .getCipher(tlsContext.getChooser().getSelectedCipherSuite()).getKeySize()));
+
+                } else {
+
+                    keySet.setClientWriteIv(HKDFunction.expandLabel(hkdfAlgortihm,
+                        tlsContext.getClientApplicationTrafficSecret(), HKDFunction.IV, new byte[0], AEAD_IV_LENGTH));
+
+                    keySet.setClientWriteKey(HKDFunction.expandLabel(hkdfAlgortihm, tlsContext
+                        .getClientApplicationTrafficSecret(), HKDFunction.KEY, new byte[0], AlgorithmResolver
+                        .getCipher(tlsContext.getChooser().getSelectedCipherSuite()).getKeySize()));
+                }
+
+                RecordCipher recordCipherClient =
+                    RecordCipherFactory.getRecordCipher(tlsContext, keySet, tlsContext.getChooser()
+                        .getSelectedCipherSuite());
+                tlsContext.getRecordLayer().setRecordCipher(recordCipherClient);
+
+                tlsContext.setReadSequenceNumber(0);
+                tlsContext.getRecordLayer().updateDecryptionCipher();
+
+            }
+
+        } catch (CryptoException ex) {
+            throw new AdjustmentException(ex);
+        }
+
+    }
+}
@@ -37,6 +37,7 @@
 import de.rub.nds.tlsattacker.core.protocol.handler.HelloRequestHandler;
 import de.rub.nds.tlsattacker.core.protocol.handler.HelloRetryRequestHandler;
 import de.rub.nds.tlsattacker.core.protocol.handler.HelloVerifyRequestHandler;
+import de.rub.nds.tlsattacker.core.protocol.handler.KeyUpdateHandler;
 import de.rub.nds.tlsattacker.core.protocol.handler.NewSessionTicketHandler;
 import de.rub.nds.tlsattacker.core.protocol.handler.PWDClientKeyExchangeHandler;
 import de.rub.nds.tlsattacker.core.protocol.handler.PWDServerKeyExchangeHandler;
@@ -163,6 +164,8 @@ public static HandshakeMessageHandler getHandshakeHandler(TlsContext context, Ha
                     return new HelloVerifyRequestHandler(context);
                 case NEW_SESSION_TICKET:
                     return new NewSessionTicketHandler(context);
+                case KEY_UPDATE:
+                    return new KeyUpdateHandler(context);
                 case SERVER_HELLO:
                     return new ServerHelloHandler(context);
                 case SERVER_HELLO_DONE:
 
@@ -0,0 +1,60 @@
+/**
+ * TLS-Attacker - A Modular Penetration Testing Framework for TLS
+ *
+ * Copyright 2014-2020 Ruhr University Bochum, Paderborn University,
+ * and Hackmanit GmbH
+ *
+ * Licensed under Apache License 2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
+ */
+
+package de.rub.nds.tlsattacker.core.protocol.message;
+
+import de.rub.nds.tlsattacker.core.config.Config;
+import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
+import de.rub.nds.tlsattacker.core.constants.KeyUpdateRequest;
+import de.rub.nds.tlsattacker.core.protocol.handler.ProtocolMessageHandler;
+import de.rub.nds.tlsattacker.core.state.TlsContext;
+import de.rub.nds.tlsattacker.core.protocol.handler.KeyUpdateHandler;
+
+import org.apache.logging.log4j.LogManager;
+import org.apache.logging.log4j.Logger;
+
+public class KeyUpdateMessage extends HandshakeMessage {
+
+    private static final Logger LOGGER = LogManager.getLogger();
+
+    private KeyUpdateRequest requestUpdate;
+
+    @Override
+    public ProtocolMessageHandler getHandler(TlsContext context) {
+        return new KeyUpdateHandler(context);
+    }
+
+    public KeyUpdateMessage() {
+        super(HandshakeMessageType.KEY_UPDATE);
+        this.setIncludeInDigest(false);
+        this.requestUpdate = KeyUpdateRequest.UPDATE_NOT_REQUESTED;
+    }
+
+    public KeyUpdateMessage(Config tlsConfig) {
+        super(tlsConfig, HandshakeMessageType.KEY_UPDATE);
+        this.requestUpdate = KeyUpdateRequest.UPDATE_NOT_REQUESTED;
+        this.setIncludeInDigest(false);
+    }
+
+    public KeyUpdateMessage(HandshakeMessageType handshakeMessageType, KeyUpdateRequest requestUpdate) {
+        super(handshakeMessageType);
+        this.requestUpdate = requestUpdate;
+        this.setIncludeInDigest(false);
+    }
+
+    public void setRequestUpdate(KeyUpdateRequest keyupdaterequest) {
+        requestUpdate = keyupdaterequest;
+    }
+
+    public KeyUpdateRequest getRequestUpdate() {
+        return this.requestUpdate;
+    }
+
+}
Original file line number	Diff line number	Diff line change
`@@ -254,6 +254,11 @@ public class HandshakeByteLength {`
`254`	`254`	`*/`
`255`	`255`	`public static final int CERTIFICATE_STATUS_RESPONSE_LENGTH = 3;`
`256`	`256`
	`257`	`+ /**`
	`258`	`+ * KeyUpdate Message Length`
	`259`	`+ */`
	`260`	`+ public static final int KEY_UPDATE_LENGTH = 1;`
	`261`	`+`
`257`	`262`	`private HandshakeByteLength() {`
`258`	`263`	`}`
`259`	`264`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,6 +60,8 @@ public class HKDFunction {`
`60`	`60`
`61`	`61`	`public static final String RESUMPTION = "resumption";`
`62`	`62`
	`63`	`+ public static final String TRAFFICUPD = "traffic upd";`
	`64`	`+`
`63`	`65`	`private HKDFunction() {`
`64`	`66`	`}`
`65`	`67`