Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed wrong key usage for finish message when using early data #171

Closed
wants to merge 1 commit into from
Closed

Fixed wrong key usage for finish message when using early data #171

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 18 additions & 0 deletions TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/layer/context/TlsContext.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@
import de.rub.nds.tlsattacker.core.protocol.message.extension.trustedauthority.TrustedAuthority;
import de.rub.nds.tlsattacker.core.record.Record;
import de.rub.nds.tlsattacker.core.record.cipher.RecordNullCipher;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySet;
import de.rub.nds.tlsattacker.core.state.Context;
import de.rub.nds.tlsattacker.core.state.Keylogfile;
import de.rub.nds.tlsattacker.core.state.session.IdSession;
Expand Down Expand Up @@ -71,6 +72,9 @@ public class TlsContext extends LayerContext {
/** Early traffic secret used to encrypt early data. */
private byte[] clientEarlyTrafficSecret;

/** Handshake traffic secret in case it needs to be precalculated during early data * */
private KeySet keySetHandshake;

/** CipherSuite used for early data. */
private CipherSuite earlyDataCipherSuite;

Expand Down Expand Up @@ -1747,6 +1751,20 @@ public void setUseExtendedMasterSecret(boolean useExtendedMasterSecret) {
this.useExtendedMasterSecret = useExtendedMasterSecret;
}

/**
* @return the keySetHandshake
*/
public KeySet getkeySetHandshake() {
return keySetHandshake;
}

/**
* @param keySetHandshake the keySetHandshake to set
*/
public void setkeySetHandshake(KeySet keySetHandshake) {
this.keySetHandshake = keySetHandshake;
}

/**
* @return the clientEarlyTrafficSecret
*/
Expand Down
59 changes: 38 additions & 21 deletions ...ore/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/EndOfEarlyDataHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,16 +9,11 @@
package de.rub.nds.tlsattacker.core.protocol.handler;

import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
import de.rub.nds.tlsattacker.core.exceptions.WorkflowExecutionException;
import de.rub.nds.tlsattacker.core.layer.context.TlsContext;
import de.rub.nds.tlsattacker.core.protocol.message.EndOfEarlyDataMessage;
import de.rub.nds.tlsattacker.core.record.cipher.RecordCipher;
import de.rub.nds.tlsattacker.core.record.cipher.RecordCipherFactory;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySet;
import de.rub.nds.tlsattacker.core.record.cipher.cryptohelper.KeySetGenerator;
import de.rub.nds.tlsattacker.transport.ConnectionEndType;
import java.security.NoSuchAlgorithmException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;

Expand All @@ -32,26 +27,48 @@ public EndOfEarlyDataHandler(TlsContext tlsContext) {

@Override
public void adjustContext(EndOfEarlyDataMessage message) {
// nothing to adjust
}

@Override
public void adjustContextAfterSerialize(EndOfEarlyDataMessage message) {
if (tlsContext.getChooser().getSelectedProtocolVersion().isTLS13()) {
setClientRecordCipher();
setServertRecordCipher();
}
}

private void setClientRecordCipher() {
tlsContext.setActiveClientKeySetType(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
KeySet keySet = tlsContext.getkeySetHandshake();

if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
adjustClientCipherAfterEarly();
tlsContext
.getRecordLayer()
.updateDecryptionCipher(
RecordCipherFactory.getRecordCipher(tlsContext, keySet, false));
} else {
tlsContext
.getRecordLayer()
.updateEncryptionCipher(
RecordCipherFactory.getRecordCipher(tlsContext, keySet, true));
}
}

private void adjustClientCipherAfterEarly() {
try {
tlsContext.setActiveClientKeySetType(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
LOGGER.debug("Setting cipher for client to use handshake secrets");
KeySet clientKeySet =
KeySetGenerator.generateKeySet(
tlsContext,
tlsContext.getChooser().getSelectedProtocolVersion(),
tlsContext.getActiveClientKeySetType());
RecordCipher recordCipherClient =
RecordCipherFactory.getRecordCipher(tlsContext, clientKeySet, false);
tlsContext.getRecordLayer().updateDecryptionCipher(recordCipherClient);
} catch (CryptoException | NoSuchAlgorithmException ex) {
LOGGER.error("Generating KeySet failed", ex);
throw new WorkflowExecutionException(ex);
private void setServertRecordCipher() {
tlsContext.setActiveClientKeySetType(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
KeySet keySet = tlsContext.getkeySetHandshake();

if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
tlsContext
.getRecordLayer()
.updateDecryptionCipher(
RecordCipherFactory.getRecordCipher(tlsContext, keySet, true));
} else {
tlsContext
.getRecordLayer()
.updateEncryptionCipher(
RecordCipherFactory.getRecordCipher(tlsContext, keySet, false));
}
}
}
26 changes: 21 additions & 5 deletions TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/FinishedHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,11 @@
package de.rub.nds.tlsattacker.core.protocol.handler;

import de.rub.nds.modifiablevariable.util.ArrayConverter;
import de.rub.nds.tlsattacker.core.constants.*;
import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
import de.rub.nds.tlsattacker.core.constants.DigestAlgorithm;
import de.rub.nds.tlsattacker.core.constants.ExtensionType;
import de.rub.nds.tlsattacker.core.constants.HKDFAlgorithm;
import de.rub.nds.tlsattacker.core.constants.Tls13KeySetType;
import de.rub.nds.tlsattacker.core.crypto.HKDFunction;
import de.rub.nds.tlsattacker.core.exceptions.AdjustmentException;
import de.rub.nds.tlsattacker.core.exceptions.CryptoException;
Expand Down Expand Up @@ -44,6 +48,7 @@ public void adjustContext(FinishedMessage message) {
if (!tlsContext.isExtensionNegotiated(ExtensionType.EARLY_DATA)) {
setClientRecordCipher(Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
}
// in case of EARLY_DATA we stick to the EARLY_TRAFFIC_SECRETS
} else {
setClientRecordCipher(Tls13KeySetType.APPLICATION_TRAFFIC_SECRETS);
}
Expand Down Expand Up @@ -171,19 +176,30 @@ private void setServerRecordCipher(Tls13KeySetType keySetType) {

private void setClientRecordCipher(Tls13KeySetType keySetType) {
tlsContext.setActiveClientKeySetType(keySetType);
LOGGER.debug("Setting cipher for client to use " + keySetType);
KeySet clientKeySet = getKeySet(tlsContext, tlsContext.getActiveClientKeySetType());
KeySet keySet = new KeySet();

switch (keySetType) {
case APPLICATION_TRAFFIC_SECRETS:
keySet = getKeySet(tlsContext, tlsContext.getActiveClientKeySetType());
break;
case HANDSHAKE_TRAFFIC_SECRETS:
keySet = tlsContext.getkeySetHandshake();
break;
default:
throw new Error(
"In this state only application_traffic_secrets handshake_traffic_secrets are valid.");
}

if (tlsContext.getChooser().getConnectionEndType() == ConnectionEndType.SERVER) {
tlsContext
.getRecordLayer()
.updateDecryptionCipher(
RecordCipherFactory.getRecordCipher(tlsContext, clientKeySet, false));
RecordCipherFactory.getRecordCipher(tlsContext, keySet, false));
} else {
tlsContext
.getRecordLayer()
.updateEncryptionCipher(
RecordCipherFactory.getRecordCipher(tlsContext, clientKeySet, true));
RecordCipherFactory.getRecordCipher(tlsContext, keySet, true));
}
}
}
20 changes: 20 additions & 0 deletions TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/ServerHelloHandler.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,6 +81,7 @@ public void adjustContext(ServerHelloMessage message) {
if (tlsContext.getTalkingConnectionEndType()
!= tlsContext.getChooser().getConnectionEndType()) {
setServerRecordCipher();
precalculateHandshakeKeysClient();
}
}
adjustPRF(message);
Expand Down Expand Up @@ -576,4 +577,23 @@ private KeyShareStoreEntry adjustKeyShareStoreEntry() {

return selectedKeyShareStore;
}

private KeySet getKeySet(TlsContext tlsContext, Tls13KeySetType keySetType) {
try {
LOGGER.debug("Generating new KeySet");
KeySet keySet =
KeySetGenerator.generateKeySet(
tlsContext,
tlsContext.getChooser().getSelectedProtocolVersion(),
keySetType);
return keySet;
} catch (NoSuchAlgorithmException | CryptoException ex) {
throw new UnsupportedOperationException("The specified Algorithm is not supported", ex);
}
}

private void precalculateHandshakeKeysClient() {
KeySet keySet = getKeySet(tlsContext, Tls13KeySetType.HANDSHAKE_TRAFFIC_SECRETS);
tlsContext.setkeySetHandshake(keySet);
}
}