Skip to content

Commit c9579fa

Browse files
chbttchbtt
authored
fix Client-/ServerCertificateTypeExtension handling on server side (#908)
The ServerCertificateTypeExtension was encoded wrongly. This PR fixes this.
1 parent 62a4f09 commit c9579fa

File tree

4 files changed

+18
-6
lines changed

4 files changed

+18
-6
lines changed

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/extension/ClientCertificateTypeExtensionPreparator.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
import de.rub.nds.tlsattacker.core.protocol.message.extension.ClientCertificateTypeExtensionMessage;
1414
import de.rub.nds.tlsattacker.core.protocol.serializer.extension.ExtensionSerializer;
1515
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
16+
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
1617

1718
public class ClientCertificateTypeExtensionPreparator
1819
extends ExtensionPreparator<ClientCertificateTypeExtensionMessage> {
@@ -30,7 +31,12 @@ public void prepareExtensionContent() {
3031
msg.setCertificateTypes(
3132
CertificateType.toByteArray(chooser.getConfig().getClientCertificateTypeDesiredTypes()));
3233
msg.setCertificateTypesLength(msg.getCertificateTypes().getValue().length);
33-
msg.setIsClientMessage(chooser.getConfig().isClientCertificateTypeExtensionMessageState());
34+
35+
if (chooser.getTalkingConnectionEnd() == ConnectionEndType.CLIENT) {
36+
msg.setIsClientMessage(true);
37+
} else {
38+
msg.setIsClientMessage(false);
39+
}
3440
}
3541

3642
}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/extension/ServerCertificateTypeExtensionPreparator.java

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
import de.rub.nds.tlsattacker.core.protocol.message.extension.ServerCertificateTypeExtensionMessage;
1414
import de.rub.nds.tlsattacker.core.protocol.serializer.extension.ExtensionSerializer;
1515
import de.rub.nds.tlsattacker.core.workflow.chooser.Chooser;
16+
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
1617

1718
public class ServerCertificateTypeExtensionPreparator
1819
extends ExtensionPreparator<ServerCertificateTypeExtensionMessage> {
@@ -30,7 +31,12 @@ public void prepareExtensionContent() {
3031
msg.setCertificateTypes(
3132
CertificateType.toByteArray(chooser.getConfig().getServerCertificateTypeDesiredTypes()));
3233
msg.setCertificateTypesLength(msg.getCertificateTypes().getValue().length);
33-
msg.setIsClientMessage(chooser.getConfig().isClientCertificateTypeExtensionMessageState());
34+
35+
if (chooser.getTalkingConnectionEnd() == ConnectionEndType.CLIENT) {
36+
msg.setIsClientMessage(true);
37+
} else {
38+
msg.setIsClientMessage(false);
39+
}
3440
}
3541

3642
}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/serializer/extension/ClientCertificateTypeExtensionSerializer.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
import de.rub.nds.tlsattacker.core.constants.ExtensionByteLength;
1313
import de.rub.nds.tlsattacker.core.protocol.message.extension.ClientCertificateTypeExtensionMessage;
14+
import java.util.Objects;
1415

1516
public class ClientCertificateTypeExtensionSerializer
1617
extends ExtensionSerializer<ClientCertificateTypeExtensionMessage> {
@@ -24,12 +25,11 @@ public ClientCertificateTypeExtensionSerializer(ClientCertificateTypeExtensionMe
2425

2526
@Override
2627
public byte[] serializeExtensionContent() {
27-
if (msg.getCertificateTypesLength() != null) {
28+
if (Objects.equals(msg.getIsClientMessage().getValue(), Boolean.TRUE)) {
2829
appendInt(msg.getCertificateTypesLength().getValue(), ExtensionByteLength.CERTIFICATE_TYPE_TYPE_LENGTH);
2930
}
3031
appendBytes(msg.getCertificateTypes().getValue());
3132

3233
return getAlreadySerialized();
3334
}
34-
3535
}

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/serializer/extension/ServerCertificateTypeExtensionSerializer.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@
1111

1212
import de.rub.nds.tlsattacker.core.constants.ExtensionByteLength;
1313
import de.rub.nds.tlsattacker.core.protocol.message.extension.ServerCertificateTypeExtensionMessage;
14+
import java.util.Objects;
1415

1516
public class ServerCertificateTypeExtensionSerializer
1617
extends ExtensionSerializer<ServerCertificateTypeExtensionMessage> {
@@ -24,12 +25,11 @@ public ServerCertificateTypeExtensionSerializer(ServerCertificateTypeExtensionMe
2425

2526
@Override
2627
public byte[] serializeExtensionContent() {
27-
if (msg.getCertificateTypesLength() != null) {
28+
if (Objects.equals(msg.getIsClientMessage().getValue(), Boolean.TRUE)) {
2829
appendInt(msg.getCertificateTypesLength().getValue(), ExtensionByteLength.CERTIFICATE_TYPE_TYPE_LENGTH);
2930
}
3031
appendBytes(msg.getCertificateTypes().getValue());
3132

3233
return getAlreadySerialized();
3334
}
34-
3535
}

0 commit comments

Comments
 (0)