Merge pull request #14 from FAlbertDev/fix/hello-retry-ccs

Fix: CCS in HelloRetryRequest tests

TLS-Testsuite/src/main/java/de/rub/nds/tlstest/suite/tests/server/tls13/rfc8446/HelloRetryRequest.java

@@ -7,6 +7,7 @@
  */
 package de.rub.nds.tlstest.suite.tests.server.tls13.rfc8446;
 
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertTrue;
 
 import de.rub.nds.modifiablevariable.util.Modifiable;
@@ -15,12 +16,15 @@
 import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.ExtensionType;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
+import de.rub.nds.tlsattacker.core.constants.ProtocolMessageType;
+import de.rub.nds.tlsattacker.core.protocol.message.ChangeCipherSpecMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.ClientHelloMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.ServerHelloMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.extension.KeyShareExtensionMessage;
 import de.rub.nds.tlsattacker.core.protocol.message.extension.SupportedVersionsExtensionMessage;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTrace;
 import de.rub.nds.tlsattacker.core.workflow.WorkflowTraceUtil;
+import de.rub.nds.tlsattacker.core.workflow.action.ReceiveAction;
 import de.rub.nds.tlsattacker.core.workflow.factory.WorkflowTraceType;
 import de.rub.nds.tlsscanner.core.constants.TlsAnalyzedProperty;
 import de.rub.nds.tlstest.framework.Validator;
@@ -163,6 +167,7 @@ public void selectsSameCipherSuiteAllAtOnce(
                 .validateFinal(
                         i -> {
                             Validator.executedAsPlanned(i);
+                            checkForDuplicateCcs(workflowTrace);
 
                             ServerHelloMessage helloRetryRequest =
                                     (ServerHelloMessage)
@@ -217,6 +222,7 @@ public void selectsSameCipherSuite(ArgumentsAccessor argumentAccessor, WorkflowR
                 .validateFinal(
                         i -> {
                             Validator.executedAsPlanned(i);
+                            checkForDuplicateCcs(workflowTrace);
 
                             ServerHelloMessage helloRetryRequest =
                                     (ServerHelloMessage)
@@ -268,6 +274,7 @@ public void retainsProtocolVersion(ArgumentsAccessor argumentAccessor, WorkflowR
                 .validateFinal(
                         i -> {
                             Validator.executedAsPlanned(i);
+                            checkForDuplicateCcs(workflowTrace);
 
                             ServerHelloMessage helloRetryRequest =
                                     (ServerHelloMessage)
@@ -351,7 +358,33 @@ private WorkflowTrace getHelloRetryWorkflowTrace(WorkflowRunner runner) {
                 .getFirstSendMessage(ClientHelloMessage.class)
                 .setRandom(Modifiable.explicit(fixedRandom));
 
+        // In middlebox compatibility mode, a CCS message is sent
+        // immediately after a ServerHello/HelloRetryRequest message. Since the
+        // workflow trace considers the CCS message optional, it does not wait
+        // for CCS before executing the SendAction. In this case, the CSS is received
+        // in the second ReceiveAction. Therefore, an optional CCS option must be
+        // allowed in the second receive action. A CCS message after the
+        // second ServerHello is invalid, though.
+        ChangeCipherSpecMessage optionalCCSMessage = new ChangeCipherSpecMessage();
+        optionalCCSMessage.setRequired(false);
+
+        ReceiveAction firstReceive = (ReceiveAction) secondHelloTrace.getFirstReceivingAction();
+        firstReceive.getExpectedMessages().removeIf(msg -> msg instanceof ChangeCipherSpecMessage);
+        firstReceive.getExpectedMessages().add(0, optionalCCSMessage);
+
         workflowTrace.addTlsActions(secondHelloTrace.getTlsActions());
         return workflowTrace;
     }
+
+    private void checkForDuplicateCcs(WorkflowTrace executedTrace) {
+        // due to our workflow structure, CCS may be parsed with the first ServerHello or before the
+        // new
+        // ServerHello but it must not be sent twice by the server
+        assertFalse(
+                "Received more than one compatibility CCS from Server",
+                WorkflowTraceUtil.getAllReceivedMessages(
+                                        executedTrace, ProtocolMessageType.CHANGE_CIPHER_SPEC)
+                                .size()
+                        > 1);
+    }
 }