Added requested changes from reviewed pullrequest #734

Author: Patrick Weixler

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/KeyUpdateRequest.java

@@ -17,14 +17,14 @@ public enum KeyUpdateRequest {
     UPDATE_REQUESTED((byte) 1);
 
     @HoldsModifiableVariable
-    private byte request_update;
+    private byte requestUpdate;
 
-    private KeyUpdateRequest(byte request_update) {
-        this.request_update = request_update;
+    private KeyUpdateRequest(byte requestUpdate) {
+        this.requestUpdate = requestUpdate;
     }
 
     public byte getValue() {
-        return request_update;
+        return requestUpdate;
     }
 
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/KeyUpdateHandler.java

@@ -12,7 +12,6 @@
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
-import de.rub.nds.tlsattacker.core.constants.KeyUpdateRequest;
 import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
 import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
 import de.rub.nds.tlsattacker.core.exceptions.AdjustmentException;
@@ -47,35 +46,27 @@ public KeyUpdateHandler(TlsContext tlsContext) {
 
     @Override
     public void adjustTLSContext(KeyUpdateMessage message) {
-
+        if (tlsContext.getChooser().getTalkingConnectionEnd() != tlsContext.getChooser().getConnectionEndType()) {
+            adjustApplicationTrafficSecrets();
+            setRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
+        }
     }
 
     @Override
     public void adjustTlsContextAfterSerialize(KeyUpdateMessage message) {
-
-        if (message.getRequestUpdate() == KeyUpdateRequest.UPDATE_REQUESTED) {
-            adjustApplicationTrafficSecrets();
-        }
+        adjustApplicationTrafficSecrets();
         setRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
-
     }
 
     @Override
     public ProtocolMessageParser getParser(byte[] message, int pointer) {
-
         return new KeyUpdateParser(pointer, message, tlsContext.getChooser().getSelectedProtocolVersion(),
                 tlsContext.getConfig());
 
     }
 
     @Override
     public ProtocolMessagePreparator getPreparator(KeyUpdateMessage message) {
-        if (tlsContext.getChooser().getTalkingConnectionEnd() != tlsContext.getChooser().getConnectionEndType()) {
-            if (message.getRequestUpdate() == KeyUpdateRequest.UPDATE_REQUESTED) {
-                adjustApplicationTrafficSecrets();
-            }
-            setRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
-        }
         return new KeyUpdatePreparator(tlsContext.getChooser(), message);
     }
 
@@ -89,23 +80,29 @@ private void adjustApplicationTrafficSecrets() {
                 .getSelectedCipherSuite());
 
         try {
-
             Mac mac = Mac.getInstance(hkdfAlgortihm.getMacAlgorithm().getJavaName());
-            byte[] clientApplicationTrafficSecret = HKDFunction.expandLabel(hkdfAlgortihm,
-                    tlsContext.getClientApplicationTrafficSecret(), HKDFunction.TRAFFICUPD, new byte[0],
-                    mac.getMacLength());
 
-            tlsContext.setClientApplicationTrafficSecret(clientApplicationTrafficSecret);
-            LOGGER.debug("Set clientApplicationTrafficSecret in Context to "
-                    + ArrayConverter.bytesToHexString(clientApplicationTrafficSecret));
+            if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT) {
+
+                byte[] clientApplicationTrafficSecret = HKDFunction.expandLabel(hkdfAlgortihm,
+                        tlsContext.getClientApplicationTrafficSecret(), HKDFunction.TRAFFICUPD, new byte[0],
+                        mac.getMacLength());
+
+                tlsContext.setClientApplicationTrafficSecret(clientApplicationTrafficSecret);
+                LOGGER.debug("Set clientApplicationTrafficSecret in Context to "
+                        + ArrayConverter.bytesToHexString(clientApplicationTrafficSecret));
 
-            byte[] serverApplicationTrafficSecret = HKDFunction.expandLabel(hkdfAlgortihm,
-                    tlsContext.getServerApplicationTrafficSecret(), HKDFunction.TRAFFICUPD, new byte[0],
-                    mac.getMacLength());
+            } else {
 
-            tlsContext.setServerApplicationTrafficSecret(serverApplicationTrafficSecret);
-            LOGGER.debug("Set serverApplicationTrafficSecret in Context to "
-                    + ArrayConverter.bytesToHexString(serverApplicationTrafficSecret));
+                byte[] serverApplicationTrafficSecret = HKDFunction.expandLabel(hkdfAlgortihm,
+                        tlsContext.getServerApplicationTrafficSecret(), HKDFunction.TRAFFICUPD, new byte[0],
+                        mac.getMacLength());
+
+                tlsContext.setServerApplicationTrafficSecret(serverApplicationTrafficSecret);
+                LOGGER.debug("Set serverApplicationTrafficSecret in Context to "
+                        + ArrayConverter.bytesToHexString(serverApplicationTrafficSecret));
+
+            }
 
         } catch (NoSuchAlgorithmException | CryptoException ex) {
             throw new AdjustmentException(ex);
@@ -127,19 +124,26 @@ private KeySet getKeySet(TlsContext context, Tls13KeySetType keySetType) {
     private void setRecordCipher(Tls13KeySetType keySetType) {
         try {
             int AEAD_IV_LENGTH = 12;
+            KeySet keySet;
             HKDFAlgorithm hkdfAlgortihm = AlgorithmResolver.getHKDFAlgorithm(tlsContext.getChooser()
                     .getSelectedCipherSuite());
 
-            tlsContext.setActiveClientKeySetType(keySetType);
-            LOGGER.debug("Setting cipher for client to use " + keySetType);
-            KeySet keySet = getKeySet(tlsContext, tlsContext.getActiveClientKeySetType());
+            if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT) {
 
-            if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT
-                    || tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.SERVER
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
+                tlsContext.setActiveClientKeySetType(keySetType);
+                LOGGER.debug("Setting cipher for client to use " + keySetType);
+                keySet = getKeySet(tlsContext, tlsContext.getActiveClientKeySetType());
+
+            } else {
+                tlsContext.setActiveServerKeySetType(keySetType);
+                LOGGER.debug("Setting cipher for server to use " + keySetType);
+                keySet = getKeySet(tlsContext, tlsContext.getActiveServerKeySetType());
+            }
+
+            if (tlsContext.getChooser().getTalkingConnectionEnd() == tlsContext.getChooser().getConnectionEndType()) {
 
                 if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT) {
+
                     keySet.setClientWriteIv(HKDFunction.expandLabel(hkdfAlgortihm,
                             tlsContext.getClientApplicationTrafficSecret(), HKDFunction.IV, new byte[0], AEAD_IV_LENGTH));
 
@@ -156,10 +160,8 @@ private void setRecordCipher(Tls13KeySetType keySetType) {
                             AlgorithmResolver.getCipher(tlsContext.getChooser().getSelectedCipherSuite()).getKeySize()));
                 }
 
-            } else if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.SERVER
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT
-                    || tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
+            } else if (tlsContext.getChooser().getTalkingConnectionEnd() != tlsContext.getChooser()
+                    .getConnectionEndType()) {
 
                 if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
 
@@ -186,18 +188,11 @@ private void setRecordCipher(Tls13KeySetType keySetType) {
                     .getChooser().getSelectedCipherSuite());
             tlsContext.getRecordLayer().setRecordCipher(recordCipherClient);
 
-            if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT
-                    || tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.SERVER
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
-
+            if (tlsContext.getChooser().getTalkingConnectionEnd() == tlsContext.getChooser().getConnectionEndType()) {
                 tlsContext.setWriteSequenceNumber(0);
                 tlsContext.getRecordLayer().updateEncryptionCipher();
-            } else if (tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.SERVER
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.CLIENT
-                    || tlsContext.getChooser().getTalkingConnectionEnd() == ConnectionEndType.CLIENT
-                    && tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
-
+            } else if (tlsContext.getChooser().getTalkingConnectionEnd() != tlsContext.getChooser()
+                    .getConnectionEndType()) {
                 tlsContext.setReadSequenceNumber(0);
                 tlsContext.getRecordLayer().updateDecryptionCipher();
             }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/KeyUpdateMessage.java

@@ -9,7 +9,6 @@
  */
 package de.rub.nds.tlsattacker.core.protocol.message;
 
-import de.rub.nds.modifiablevariable.HoldsModifiableVariable;
 import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
 import de.rub.nds.tlsattacker.core.constants.KeyUpdateRequest;
@@ -24,8 +23,7 @@ public class KeyUpdateMessage extends HandshakeMessage {
 
     private static final Logger LOGGER = LogManager.getLogger();
 
-    @HoldsModifiableVariable
-    private KeyUpdateRequest request_update;
+    private KeyUpdateRequest requestUpdate;
 
     @Override
     public ProtocolMessageHandler getHandler(TlsContext context) {
@@ -34,32 +32,28 @@ public ProtocolMessageHandler getHandler(TlsContext context) {
 
     public KeyUpdateMessage() {
         super(HandshakeMessageType.KEY_UPDATE);
-        this.request_update = KeyUpdateRequest.UPDATE_REQUESTED;
+        this.setIncludeInDigest(false);
+        this.requestUpdate = KeyUpdateRequest.UPDATE_NOT_REQUESTED;
     }
 
     public KeyUpdateMessage(Config tlsConfig) {
         super(tlsConfig, HandshakeMessageType.KEY_UPDATE);
-        this.request_update = KeyUpdateRequest.UPDATE_REQUESTED;
+        this.requestUpdate = KeyUpdateRequest.UPDATE_NOT_REQUESTED;
+        this.setIncludeInDigest(false);
     }
 
-    public KeyUpdateMessage(HandshakeMessageType handshakeMessageType, KeyUpdateRequest request_update) {
+    public KeyUpdateMessage(HandshakeMessageType handshakeMessageType, KeyUpdateRequest requestUpdate) {
         super(handshakeMessageType);
-        this.request_update = request_update;
-    }
-
-    public void setRequestUpdate(int keyupdaterequest) {
-        if (keyupdaterequest == 1) {
-            request_update = KeyUpdateRequest.UPDATE_REQUESTED;
-        } else
-            request_update = KeyUpdateRequest.UPDATE_NOT_REQUESTED;
+        this.requestUpdate = requestUpdate;
+        this.setIncludeInDigest(false);
     }
 
     public void setRequestUpdate(KeyUpdateRequest keyupdaterequest) {
-        request_update = KeyUpdateRequest.UPDATE_REQUESTED;
+        requestUpdate = keyupdaterequest;
     }
 
     public KeyUpdateRequest getRequestUpdate() {
-        return this.request_update;
+        return this.requestUpdate;
     }
 
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/parser/KeyUpdateParser.java

@@ -12,7 +12,6 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
-import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.tlsattacker.core.config.Config;
 import de.rub.nds.tlsattacker.core.constants.HandshakeByteLength;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
@@ -39,8 +38,12 @@ protected KeyUpdateMessage createHandshakeMessage() {
     }
 
     private void parseUpdateRequest(KeyUpdateMessage msg) {
-        msg.setRequestUpdate(parseIntField(HandshakeByteLength.KEY_UPDATE_LENGTH));
-        LOGGER.debug("KeyUpdateValue: " + msg.getRequestUpdate().getValue());
+
+        if (parseByteField(HandshakeByteLength.KEY_UPDATE_LENGTH) == KeyUpdateRequest.UPDATE_REQUESTED.getValue()) {
+            msg.setRequestUpdate(KeyUpdateRequest.UPDATE_REQUESTED);
+        } else
+            msg.setRequestUpdate(KeyUpdateRequest.UPDATE_NOT_REQUESTED);
+        LOGGER.debug("KeyUpdateValue: " + msg.getRequestUpdate());
 
     }
 

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/preparator/KeyUpdatePreparator.java

@@ -27,7 +27,7 @@ public KeyUpdatePreparator(Chooser chooser, KeyUpdateMessage message) {
 
     @Override
     protected void prepareHandshakeMessageContents() {
-        msg.setRequestUpdate(KeyUpdateRequest.UPDATE_NOT_REQUESTED);
+        msg.setRequestUpdate(msg.getRequestUpdate());
         LOGGER.debug("Preparing KeyUpdate - MessageContent is: " + msg.getRequestUpdate());
     }
 

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/serializer/KeyUpdateSerializer.java

@@ -44,8 +44,7 @@ public byte[] serializeHandshakeMessageContent() {
 
     private void writeKeyUpdateData(KeyUpdateMessage msg) {
         appendByte(msg.getRequestUpdate().getValue());
-        LOGGER.debug("Serialized KeyUpdate Data: " + msg.getRequestUpdate().getValue() + " ENUM Value: "
-                + msg.getRequestUpdate());
+        LOGGER.debug("Serialized KeyUpdate Value: " + msg.getRequestUpdate());
     }
 
 }