From b62d0556640adb8c904587a3a52ef3576c6bf36d Mon Sep 17 00:00:00 2001
From: mmaehren <32199075+mmaehren@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:14:34 +0200
Subject: [PATCH 1/2] Fixed hash to curve, deleted dummy iterations code
---
.../nds/tlsattacker/core/config/Config.java | 11 ----------
.../message/computations/PWDComputations.java | 22 +++++++++----------
.../src/main/resources/default_config.xml | 1 -
.../tlsattacker/core/config/ConfigTest.java | 2 --
resources/configs/pwd.config | 1 -
resources/configs/pwd13.config | 1 -
6 files changed, 11 insertions(+), 27 deletions(-)
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
index 56b15ba072..3751e296f7 100644
--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
+++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/config/Config.java
@@ -1151,9 +1151,6 @@ public static Config createEmptyConfig() {
@XmlJavaTypeAdapter(IllegalStringAdapter.class)
private String defaultPWDPassword = "barney";
- /** Min iterations for finding the PWD password element */
- private Integer defaultPWDIterations = 40;
-
@XmlJavaTypeAdapter(UnformattedByteArrayAdapter.class)
private byte[] defaultServerPWDPrivate =
ArrayConverter.hexStringToByteArray(
@@ -3550,14 +3547,6 @@ public void setDefaultPWDPassword(String password) {
this.defaultPWDPassword = password;
}
- public Integer getDefaultPWDIterations() {
- return defaultPWDIterations;
- }
-
- public void setDefaultPWDIterations(Integer defaultPWDIterations) {
- this.defaultPWDIterations = defaultPWDIterations;
- }
-
public byte[] getDefaultServerPWDPrivate() {
return Arrays.copyOf(defaultServerPWDPrivate, defaultServerPWDPrivate.length);
}
diff --git a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java
index 4ab92aedca..45e65d0de1 100644
--- a/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java
+++ b/TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/message/computations/PWDComputations.java
@@ -39,6 +39,8 @@
public class PWDComputations extends KeyExchangeComputations {
+ public static final int MAX_HASH_ITERATIONS = 1000;
+
private static final Logger LOGGER = LogManager.getLogger();
/**
@@ -108,21 +110,19 @@ public static Point computePasswordElement(Chooser chooser, CyclicGroup group
new BigInteger(1, tmp)
.mod(curve.getModulus().subtract(BigInteger.ONE))
.add(BigInteger.ONE);
- Point tempPoint = curve.createAPointOnCurve(tmpX);
-
- if (!found && curve.isOnCurve(tempPoint)) {
+ Point tempPoint = curve.createAPointOnCurve(tmpX, false);
+ if (tempPoint != null) {
createdPoint = tempPoint;
- savedSeed = seed.clone();
found = true;
chooser.getContext().getTlsContext().getBadSecureRandom().nextBytes(base);
}
- if (counter > 1000) {
- savedSeed = seed.clone();
- createdPoint = tempPoint;
- LOGGER.warn("Could not find a useful pwd point");
- break;
- }
- } while (!found || counter < chooser.getConfig().getDefaultPWDIterations());
+ savedSeed = seed.clone();
+ } while (!found && counter < MAX_HASH_ITERATIONS);
+
+ if (createdPoint == null) {
+ LOGGER.warn("Could not find a useful pwd point. Falling back to base point of curve.");
+ createdPoint = curve.getBasePoint();
+ }
// use the lsb of the saved seed and Y to determine which of the two
// possible roots should be used
diff --git a/TLS-Core/src/main/resources/default_config.xml b/TLS-Core/src/main/resources/default_config.xml
index b24cb72afe..f995e051e5 100644
--- a/TLS-Core/src/main/resources/default_config.xml
+++ b/TLS-Core/src/main/resources/default_config.xml
@@ -1400,7 +1400,6 @@
1111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111111
barney
- 40
21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C
0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5
17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B
diff --git a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java
index 555f54df15..ff2c1fc0fa 100644
--- a/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java
+++ b/TLS-Core/src/test/java/de/rub/nds/tlsattacker/core/config/ConfigTest.java
@@ -272,7 +272,6 @@ public void generatePwdConfig() {
"528FBF524378A1B13B8D2CBD247090721369F8BFA3CEEB3CFCD85CBFCDD58EAA"));
config.setDefaultClientPWDUsername("fred");
config.setDefaultPWDPassword("barney");
- config.setDefaultPWDIterations(40);
config.setDefaultServerPWDPrivate(
ArrayConverter.hexStringToByteArray(
"21D99D341C9797B3AE72DFD289971F1B74CE9DE68AD4B9ABF54888D8F6C5043C"));
@@ -333,7 +332,6 @@ public void generatePwd13Config() {
"528FBF524378A1B13B8D2CBD247090721369F8BFA3CEEB3CFCD85CBFCDD58EAA"));
config.setDefaultClientPWDUsername("fred");
config.setDefaultPWDPassword("barney");
- config.setDefaultPWDIterations(40);
config.setDefaultServerPWDPrivate(
ArrayConverter.hexStringToByteArray(
"21D99D341C9797B3AE72DFD289971F1B74CE9DE68AD4B9ABF54888D8F6C5043C"));
diff --git a/resources/configs/pwd.config b/resources/configs/pwd.config
index 525a3aada3..cacd7f4e7b 100644
--- a/resources/configs/pwd.config
+++ b/resources/configs/pwd.config
@@ -27,7 +27,6 @@
false
fred
barney
- 40
21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C
0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5
17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B
diff --git a/resources/configs/pwd13.config b/resources/configs/pwd13.config
index dddd9b8d1a..aaa8c54367 100644
--- a/resources/configs/pwd13.config
+++ b/resources/configs/pwd13.config
@@ -33,7 +33,6 @@
false
fred
barney
- 40
21 D9 9D 34 1C 97 97 B3 AE 72 DF D2 89 97 1F 1B 74 CE 9D E6 8A D4 B9 AB F5 48 88 D8 F6 C5 04 3C
0D 96 AB 62 4D 08 2C 71 25 5B E3 64 8D CD 30 3F 6A B0 CA 61 A9 50 34 A5 53 E3 30 8D 1D 37 44 E5
17 1D E8 CA A5 35 2D 36 EE 96 A3 99 79 B5 B7 2F A1 89 AE 7A 6A 09 C7 7F 7B 43 8A F1 6D F4 A8 8B
From 3c4222ebfca774bdf58acbda5be1570921870dbb Mon Sep 17 00:00:00 2001
From: mmaehren <32199075+mmaehren@users.noreply.github.com>
Date: Tue, 8 Oct 2024 14:16:25 +0200
Subject: [PATCH 2/2] Set new BOM version
---
pom.xml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/pom.xml b/pom.xml
index d3cb90acbe..d5663059e6 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
de.rub.nds
protocol-toolkit-bom
- 4.1.5
+ 4.1.6
de.rub.nds.tls.attacker