Merge pull request #597 from RUB-NDS/invalidCruveFix

Fixes and improvements to the invalid curve attack
tls-attacker · Nov 7, 2019 · b4642c8 · b4642c8
2 parents 509c740 + 655ffb1
commit b4642c8
Show file tree

Hide file tree

Showing 13 changed files with 33 additions and 24 deletions.
diff --git a/Attacks/pom.xml b/Attacks/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>Attacks</artifactId>
     <packaging>jar</packaging>

diff --git a/...ks/src/main/java/de/rub/nds/tlsattacker/attacks/ec/oracles/RealDirectMessageECOracle.java b/...ks/src/main/java/de/rub/nds/tlsattacker/attacks/ec/oracles/RealDirectMessageECOracle.java
@@ -76,6 +76,7 @@ public boolean checkSecretCorrectnes(Point ecPoint, BigInteger secret) {
 
         ECDHClientKeyExchangeMessage message = (ECDHClientKeyExchangeMessage) WorkflowTraceUtil.getFirstSendMessage(
                 HandshakeMessageType.CLIENT_KEY_EXCHANGE, trace);
+        message.prepareComputations();
 
         // modify public point base X coordinate
         ModifiableBigInteger x = ModifiableVariableFactory.createBigIntegerModifiableVariable();
@@ -92,7 +93,6 @@ public boolean checkSecretCorrectnes(Point ecPoint, BigInteger secret) {
         ModifiableByteArray pms = ModifiableVariableFactory.createByteArrayModifiableVariable();
         byte[] explicitePMS = BigIntegers.asUnsignedByteArray(curve.getModulus().bitLength() / 8, secret);
         pms.setModification(ByteArrayModificationFactory.explicitValue(explicitePMS));
-        message.prepareComputations();
         message.getComputations().setPremasterSecret(pms);
 
         if (numberOfQueries % 100 == 0) {

diff --git a/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/InvalidCurveAttacker.java b/Attacks/src/main/java/de/rub/nds/tlsattacker/attacks/impl/InvalidCurveAttacker.java
@@ -85,22 +85,18 @@ public Boolean isVulnerable() {
         EllipticCurve curve = CurveFactory.getCurve(config.getNamedGroup());
         Point point = Point.createPoint(config.getPublicPointBaseX(), config.getPublicPointBaseY(),
                 config.getNamedGroup());
-        for (int i = 0; i < getConfig().getProtocolFlows(); i++) {
-            if (config.getPremasterSecret() != null) {
-                premasterSecret = config.getPremasterSecret();
-            } else {
-                Point sharedPoint = curve.mult(new BigInteger("" + i + 1), point);
-                premasterSecret = sharedPoint.getX().getData();
-                if (premasterSecret == null) {
-                    premasterSecret = BigInteger.ZERO;
-                }
-                LOGGER.debug("PMS: " + premasterSecret.toString());
-            }
+
+        int protocolFlows = getConfig().getProtocolFlows();
+        if (config.getPremasterSecret() != null) {
+            protocolFlows = 1;
+        }
+
+        for (int i = 0; i < protocolFlows; i++) {
+            setPremasterSecret(curve, i, point);
             try {
                 WorkflowTrace trace = executeProtocolFlow();
                 if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.SERVER_HELLO, trace)) {
                     LOGGER.info("Did not receive ServerHello. Check your config");
-
                     return null;
                 }
                 if (!WorkflowTraceUtil.didReceiveMessage(HandshakeMessageType.FINISHED, trace)) {
@@ -116,6 +112,19 @@ public Boolean isVulnerable() {
         return false;
     }
 
+    private void setPremasterSecret(EllipticCurve curve, int i, Point point) {
+        if (config.getPremasterSecret() != null) {
+            premasterSecret = config.getPremasterSecret();
+        } else {
+            Point sharedPoint = curve.mult(new BigInteger("" + (i + 1)), point);
+            premasterSecret = sharedPoint.getX().getData();
+            if (premasterSecret == null) {
+                premasterSecret = BigInteger.ZERO;
+            }
+            LOGGER.debug("PMS: " + premasterSecret.toString());
+        }
+    }
+
     private WorkflowTrace executeProtocolFlow() {
         Config tlsConfig = getTlsConfig();
         WorkflowTrace trace = new WorkflowConfigurationFactory(tlsConfig).createWorkflowTrace(WorkflowTraceType.HELLO,

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # TLS-Attacker
 
-[![release](https://img.shields.io/badge/Release-v3.0-blue.svg)](https://github.com/RUB-NDS/TLS-Attacker/releases)
+[![release](https://img.shields.io/badge/Release-v3.3.0-blue.svg)](https://github.com/RUB-NDS/TLS-Attacker/releases)
 ![licence](https://img.shields.io/badge/License-Apachev2-brightgreen.svg)
 [![travis](https://travis-ci.org/RUB-NDS/TLS-Attacker.svg?branch=master)](https://travis-ci.org/RUB-NDS/TLS-Attacker)
 

diff --git a/TLS-Client/pom.xml b/TLS-Client/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <name>TLS-Client</name>
     <artifactId>TLS-Client</artifactId>

diff --git a/TLS-Core/pom.xml b/TLS-Core/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>TLS-Core</artifactId>
     <packaging>jar</packaging>

diff --git a/TLS-Forensics/pom.xml b/TLS-Forensics/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>TLS-Forensics</artifactId>
     <packaging>jar</packaging>

diff --git a/TLS-Mitm/pom.xml b/TLS-Mitm/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>TLS-Mitm</artifactId>
     <packaging>jar</packaging>

diff --git a/TLS-Server/pom.xml b/TLS-Server/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>TLS-Server</artifactId>
     <packaging>jar</packaging>

diff --git a/TraceTool/pom.xml b/TraceTool/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>TraceTool</artifactId>
     <packaging>jar</packaging>

diff --git a/Transport/pom.xml b/Transport/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>Transport</artifactId>
     <packaging>jar</packaging>

diff --git a/Utils/pom.xml b/Utils/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds.tlsattacker</groupId>
         <artifactId>TLS-Attacker</artifactId>
-        <version>3.2</version>
+        <version>3.3.0</version>
     </parent>
     <artifactId>Utils</artifactId>
     <packaging>jar</packaging>

diff --git a/pom.xml b/pom.xml
@@ -3,7 +3,7 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>de.rub.nds.tlsattacker</groupId>
     <artifactId>TLS-Attacker</artifactId>
-    <version>3.2</version>
+    <version>3.3.0</version>
     <packaging>pom</packaging>
     <inceptionYear>2015</inceptionYear>
     <name>TLS-Attacker</name>