diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
index 56b15ba072..3751e296f7 100644
--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
+++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
@@ -1151,9 +1151,6 @@ public static Config createEmptyConfig() {
@XmlJavaTypeAdapter(IllegalStringAdapter.class)
private String defaultPWDPassword = "barney";
- /** Min iterations for finding the PWD password element */
- private Integer defaultPWDIterations = 40;
-
@XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
private byte[] defaultServerPWDPrivate =
ArrayConverter.hexStringToByteArray(
@@ -3550,14 +3547,6 @@ public void setDefaultPWDPassword(String password) {
this.defaultPWDPassword = password;
}
- public Integer getDefaultPWDIterations() {
- return defaultPWDIterations;
- }
-
- public void setDefaultPWDIterations(Integer defaultPWDIterations) {
- this.defaultPWDIterations = defaultPWDIterations;
- }
-
public byte[] getDefaultServerPWDPrivate() {
return Arrays.copyOf(defaultServerPWDPrivate, defaultServerPWDPrivate.length);
}
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java
index 4ab92aedca..45e65d0de1 100644
--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java
+++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java
@@ -39,6 +39,8 @@
public class PWDComputations extends KeyExchangeComputations {
+ public static final int MAX_HASH_ITERATIONS = 1000;
+
private static final Logger LOGGER = LogManager.getLogger();
/**
@@ -108,21 +110,19 @@ public static Point computePasswordElement(Chooser chooser, CyclicGroup group
new BigInteger(1, tmp)
.mod(curve.getModulus().subtract(BigInteger.ONE))
.add(BigInteger.ONE);
- Point tempPoint = curve.createAPointOnCurve(tmpX);
-
- if (!found && curve.isOnCurve(tempPoint)) {
+ Point tempPoint = curve.createAPointOnCurve(tmpX, false);
+ if (tempPoint != null) {
createdPoint = tempPoint;
- savedSeed = seed.clone();
found = true;
chooser.getContext().getTlsContext().getBadSecureRandom().nextBytes(base);
}
- if (counter > 1000) {
- savedSeed = seed.clone();
- createdPoint = tempPoint;
- LOGGER.warn("Could not find a useful pwd point");
- break;
- }
- } while (!found || counter < chooser.getConfig().getDefaultPWDIterations());
+ savedSeed = seed.clone();
+ } while (!found && counter < MAX_HASH_ITERATIONS);
+
+ if (createdPoint == null) {
+ LOGGER.warn("Could not find a useful pwd point. Falling back to base point of curve.");
+ createdPoint = curve.getBasePoint();
+ }
// use the lsb of the saved seed and Y to determine which of the two
// possible roots should be used
diff --git a/TLS-Core/src/main/resources/default_config.xml b/TLS-Core/src/main/resources/default_config.xml
index b24cb72afe..f995e051e5 100644
--- a/TLS-Core/src/main/resources/default_config.xml
+++ b/TLS-Core/src/main/resources/default_config.xml
@@ -1400,7 +1400,6 @@
1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
barney
- 40
21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C
0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5
17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B
diff --git a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java
index 555f54df15..ff2c1fc0fa 100644
--- a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java
+++ b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java
@@ -272,7 +272,6 @@ public void generatePwdConfig() {
"528FBF524378A1B13B8D2CBD247090721369F8BFA3CEEB3CFCD85CBFCDD58EAA"));
config.setDefaultClientPWDUsername("fred");
config.setDefaultPWDPassword("barney");
- config.setDefaultPWDIterations(40);
config.setDefaultServerPWDPrivate(
ArrayConverter.hexStringToByteArray(
"21D99D341C9797B3AE72DFD289971F1B74CE9DE68AD4B9ABF54888D8F6C5043C"));
@@ -333,7 +332,6 @@ public void generatePwd13Config() {
"528FBF524378A1B13B8D2CBD247090721369F8BFA3CEEB3CFCD85CBFCDD58EAA"));
config.setDefaultClientPWDUsername("fred");
config.setDefaultPWDPassword("barney");
- config.setDefaultPWDIterations(40);
config.setDefaultServerPWDPrivate(
ArrayConverter.hexStringToByteArray(
"21D99D341C9797B3AE72DFD289971F1B74CE9DE68AD4B9ABF54888D8F6C5043C"));
diff --git a/pom.xml b/pom.xml
index d3cb90acbe..d5663059e6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
de.rub.nds
protocol-toolkit-bom
- 4.1.5
+ 4.1.6
de.rub.nds.tls.attacker
diff --git a/resources/configs/pwd.config b/resources/configs/pwd.config
index 525a3aada3..cacd7f4e7b 100644
--- a/resources/configs/pwd.config
+++ b/resources/configs/pwd.config
@@ -27,7 +27,6 @@
false
fred
barney
- 40
21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C
0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5
17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B
diff --git a/resources/configs/pwd13.config b/resources/configs/pwd13.config
index dddd9b8d1a..aaa8c54367 100644
--- a/resources/configs/pwd13.config
+++ b/resources/configs/pwd13.config
@@ -33,7 +33,6 @@
false
fred
barney
- 40
21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C
0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5
17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B