Merge pull request #1191 from tls-attacker/fix/pwdComputationsToCurve

Fix pwd computations hash to curve
tls-attacker · Oct 8, 2024 · d4cb60b · d4cb60b
2 parents bcc03ea + 3c4222e
commit d4cb60b
Show file tree

Hide file tree

Showing 7 changed files with 12 additions and 28 deletions.
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
@@ -1151,9 +1151,6 @@ public static Config createEmptyConfig() {
     @XmlJavaTypeAdapter(IllegalStringAdapter.class)
     private String defaultPWDPassword = "barney";
 
-    /** Min iterations for finding the PWD password element */
-    private Integer defaultPWDIterations = 40;
-
     @XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
     private byte[] defaultServerPWDPrivate =
             ArrayConverter.hexStringToByteArray(
@@ -3550,14 +3547,6 @@ public void setDefaultPWDPassword(String password) {
         this.defaultPWDPassword = password;
     }
 
-    public Integer getDefaultPWDIterations() {
-        return defaultPWDIterations;
-    }
-
-    public void setDefaultPWDIterations(Integer defaultPWDIterations) {
-        this.defaultPWDIterations = defaultPWDIterations;
-    }
-
     public byte[] getDefaultServerPWDPrivate() {
         return Arrays.copyOf(defaultServerPWDPrivate, defaultServerPWDPrivate.length);
     }

diff --git a/.../main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java b/.../main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java
@@ -39,6 +39,8 @@
 
 public class PWDComputations extends KeyExchangeComputations {
 
+    public static final int MAX_HASH_ITERATIONS = 1000;
+
     private static final Logger LOGGER = LogManager.getLogger();
 
     /**
@@ -108,21 +110,19 @@ public static Point computePasswordElement(Chooser chooser, CyclicGroup<?> group
                     new BigInteger(1, tmp)
                             .mod(curve.getModulus().subtract(BigInteger.ONE))
                             .add(BigInteger.ONE);
-            Point tempPoint = curve.createAPointOnCurve(tmpX);
-
-            if (!found && curve.isOnCurve(tempPoint)) {
+            Point tempPoint = curve.createAPointOnCurve(tmpX, false);
+            if (tempPoint != null) {
                 createdPoint = tempPoint;
-                savedSeed = seed.clone();
                 found = true;
                 chooser.getContext().getTlsContext().getBadSecureRandom().nextBytes(base);
             }
-            if (counter > 1000) {
-                savedSeed = seed.clone();
-                createdPoint = tempPoint;
-                LOGGER.warn("Could not find a useful pwd point");
-                break;
-            }
-        } while (!found || counter < chooser.getConfig().getDefaultPWDIterations());
+            savedSeed = seed.clone();
+        } while (!found && counter < MAX_HASH_ITERATIONS);
+
+        if (createdPoint == null) {
+            LOGGER.warn("Could not find a useful pwd point. Falling back to base point of curve.");
+            createdPoint = curve.getBasePoint();
+        }
 
         // use the lsb of the saved seed and Y to determine which of the two
         // possible roots should be used

diff --git a/TLS-Core/src/main/resources/default_config.xml b/TLS-Core/src/main/resources/default_config.xml
@@ -1400,7 +1400,6 @@
     </defaultServerPWDProtectPublicKey>
     <defaultServerPWDProtectRandomSecret>1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111</defaultServerPWDProtectRandomSecret>
     <defaultPWDPassword>barney</defaultPWDPassword>
-    <defaultPWDIterations>40</defaultPWDIterations>
     <defaultServerPWDPrivate>21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C</defaultServerPWDPrivate>
     <defaultServerPWDMask>0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5</defaultServerPWDMask>
     <defaultClientPWDPrivate>17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B</defaultClientPWDPrivate>

diff --git a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java
@@ -272,7 +272,6 @@ public void generatePwdConfig() {
                         "528FBF524378A1B13B8D2CBD247090721369F8BFA3CEEB3CFCD85CBFCDD58EAA"));
         config.setDefaultClientPWDUsername("fred");
         config.setDefaultPWDPassword("barney");
-        config.setDefaultPWDIterations(40);
         config.setDefaultServerPWDPrivate(
                 ArrayConverter.hexStringToByteArray(
                         "21D99D341C9797B3AE72DFD289971F1B74CE9DE68AD4B9ABF54888D8F6C5043C"));
@@ -333,7 +332,6 @@ public void generatePwd13Config() {
                         "528FBF524378A1B13B8D2CBD247090721369F8BFA3CEEB3CFCD85CBFCDD58EAA"));
         config.setDefaultClientPWDUsername("fred");
         config.setDefaultPWDPassword("barney");
-        config.setDefaultPWDIterations(40);
         config.setDefaultServerPWDPrivate(
                 ArrayConverter.hexStringToByteArray(
                         "21D99D341C9797B3AE72DFD289971F1B74CE9DE68AD4B9ABF54888D8F6C5043C"));

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
     <parent>
         <groupId>de.rub.nds</groupId>
         <artifactId>protocol-toolkit-bom</artifactId>
-        <version>4.1.5</version>
+        <version>4.1.6</version>
     </parent>
 
     <groupId>de.rub.nds.tls.attacker</groupId>

diff --git a/resources/configs/pwd.config b/resources/configs/pwd.config
@@ -27,7 +27,6 @@
     <useFreshRandom>false</useFreshRandom>
     <defaultClientPWDUsername>fred</defaultClientPWDUsername>
     <defaultPWDPassword>barney</defaultPWDPassword>
-    <defaultPWDIterations>40</defaultPWDIterations>
     <defaultServerPWDPrivate>21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C</defaultServerPWDPrivate>
     <defaultServerPWDMask>0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5</defaultServerPWDMask>
     <defaultClientPWDPrivate>17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B</defaultClientPWDPrivate>

diff --git a/resources/configs/pwd13.config b/resources/configs/pwd13.config
@@ -33,7 +33,6 @@
     <tls13BackwardsCompatibilityMode>false</tls13BackwardsCompatibilityMode>
     <defaultClientPWDUsername>fred</defaultClientPWDUsername>
     <defaultPWDPassword>barney</defaultPWDPassword>
-    <defaultPWDIterations>40</defaultPWDIterations>
     <defaultServerPWDPrivate>21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C</defaultServerPWDPrivate>
     <defaultServerPWDMask>0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5</defaultServerPWDMask>
     <defaultClientPWDPrivate>17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B</defaultClientPWDPrivate>