DH_ANON cipher suite now working not accidentally :-)

Still some reworking required around DHEServerKeyExchangeParser c'tor.

.gitignore

@@ -41,3 +41,4 @@ Utils/.project
 Utils/.settings/org.eclipse.core.resources.prefs
 Utils/.settings/org.eclipse.jdt.core.prefs
 .project
+test.sh

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/constants/KeyExchangeAlgorithm.java

@@ -41,4 +41,8 @@ public enum KeyExchangeAlgorithm {
     public boolean isEC() {
         return this.name().contains("EC");
     }
+
+    public boolean isAnon() {
+        return this.name().contains("ANON");
+    }
 }

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/handler/DHEServerKeyExchangeHandler.java

@@ -8,6 +8,7 @@
  */
 package de.rub.nds.tlsattacker.core.protocol.handler;
 
+import de.rub.nds.tlsattacker.core.constants.AlgorithmResolver;
 import de.rub.nds.tlsattacker.core.protocol.message.DHEServerKeyExchangeMessage;
 import de.rub.nds.tlsattacker.core.protocol.parser.DHEServerKeyExchangeParser;
 import de.rub.nds.tlsattacker.core.protocol.preparator.DHEServerKeyExchangePreparator;
@@ -23,7 +24,8 @@ public DHEServerKeyExchangeHandler(TlsContext tlsContext) {
 
     @Override
     public DHEServerKeyExchangeParser getParser(byte[] message, int pointer) {
-        return new DHEServerKeyExchangeParser(pointer, message, tlsContext.getChooser().getLastRecordVersion());
+        return new DHEServerKeyExchangeParser(pointer, message, tlsContext.getChooser().getLastRecordVersion(),
+                AlgorithmResolver.getKeyExchangeAlgorithm(tlsContext.getSelectedCipherSuite()));
     }
 
     @Override

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/parser/DHEServerKeyExchangeParser.java

@@ -8,16 +8,22 @@
  */
 package de.rub.nds.tlsattacker.core.protocol.parser;
 
+import org.bouncycastle.util.Arrays;
+
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
+import de.rub.nds.tlsattacker.core.constants.CipherSuite;
 import de.rub.nds.tlsattacker.core.constants.HandshakeByteLength;
 import de.rub.nds.tlsattacker.core.constants.HandshakeMessageType;
+import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.protocol.message.DHEServerKeyExchangeMessage;
 
 public class DHEServerKeyExchangeParser<T extends DHEServerKeyExchangeMessage> extends ServerKeyExchangeParser<T> {
 
     private final ProtocolVersion version;
 
+    private final KeyExchangeAlgorithm keyExchangeAlgorithm;
+
     /**
      * Constructor for the Parser class
      *
@@ -29,10 +35,21 @@ public class DHEServerKeyExchangeParser<T extends DHEServerKeyExchangeMessage> e
      *            parse
      * @param version
      *            Version of the Protocol
+     * @param keyExchangeAlgorithm
+     *            The selected key exchange algorithm (affects which fields are
+     *            present).
      */
-    public DHEServerKeyExchangeParser(int pointer, byte[] array, ProtocolVersion version) {
+    public DHEServerKeyExchangeParser(int pointer, byte[] array, ProtocolVersion version,
+            KeyExchangeAlgorithm keyExchangeAlgorithm) {
         super(pointer, array, HandshakeMessageType.SERVER_KEY_EXCHANGE, version);
         this.version = version;
+        this.keyExchangeAlgorithm = keyExchangeAlgorithm;
+
+    }
+
+    public DHEServerKeyExchangeParser(int pointer, byte[] array, ProtocolVersion version) {
+        // TODO: Delete when done
+        this(pointer, array, version, null);
     }
 
     @Override
@@ -44,11 +61,15 @@ protected void parseHandshakeMessageContent(DHEServerKeyExchangeMessage msg) {
         parseG(msg);
         parseSerializedPublicKeyLength(msg);
         parseSerializedPublicKey(msg);
-        if (isTLS12() || isDTLS12()) {
-            parseSignatureAndHashAlgorithm(msg);
+        // TODO: this.keyExchangeAlgorithm can currently be null, only for test
+        // code that needs to be reworked.
+        if (this.keyExchangeAlgorithm == null || !this.keyExchangeAlgorithm.isAnon()) {
+            if (isTLS12() || isDTLS12()) {
+                parseSignatureAndHashAlgorithm(msg);
+            }
+            parseSignatureLength(msg);
+            parseSignature(msg);
         }
-        parseSignatureLength(msg);
-        parseSignature(msg);
     }
 
     protected void parseDheParams(T msg) {

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/protocol/parser/PskDheServerKeyExchangeParser.java

@@ -10,6 +10,7 @@
 
 import de.rub.nds.modifiablevariable.util.ArrayConverter;
 import de.rub.nds.tlsattacker.core.constants.HandshakeByteLength;
+import de.rub.nds.tlsattacker.core.constants.KeyExchangeAlgorithm;
 import de.rub.nds.tlsattacker.core.constants.ProtocolVersion;
 import de.rub.nds.tlsattacker.core.protocol.message.PskDheServerKeyExchangeMessage;
 import static de.rub.nds.tlsattacker.core.protocol.parser.Parser.LOGGER;
@@ -31,7 +32,7 @@ public class PskDheServerKeyExchangeParser extends DHEServerKeyExchangeParser<Ps
      *            Version of the Protocol
      */
     public PskDheServerKeyExchangeParser(int pointer, byte[] array, ProtocolVersion version) {
-        super(pointer, array, version);
+        super(pointer, array, version, KeyExchangeAlgorithm.DHE_PSK);
         this.version = version;
     }
 

TLS-Core/src/main/java/de/rub/nds/tlsattacker/core/workflow/factory/WorkflowConfigurationFactory.java

@@ -227,10 +227,7 @@ private WorkflowTrace createHelloWorkflow(AliasedConnection connection) {
                 CertificateRequestMessage certRequest = new CertificateRequestMessage(config);
                 messages.add(certRequest);
             }
-            if (!selectedCipherSuite.isAnon()) {
-                // Anon ciphersuites don't use ServerHelloDone for some reason.
-                messages.add(new ServerHelloDoneMessage(config));
-            }
+            messages.add(new ServerHelloDoneMessage(config));
         }
         workflowTrace.addTlsAction(MessageActionFactory.createAction(connection, ConnectionEndType.SERVER, messages));