From 6302a2d7ccc8a83552ad47bc027610ffabf51ebf Mon Sep 17 00:00:00 2001
From: serega6531 <S.Shkurov@bssys.com>
Date: Thu, 23 Apr 2020 00:19:37 +0300
Subject: [PATCH] =?UTF-8?q?=D0=A0=D0=B0=D0=B1=D0=BE=D1=82=D0=B0=20=D0=BD?=
 =?UTF-8?q?=D0=B0=D0=B4=20=D1=80=D0=B0=D1=81=D1=88=D0=B8=D1=84=D1=80=D0=BE?=
 =?UTF-8?q?=D0=B2=D0=BA=D0=BE=D0=B9=20TLS?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../service/optimization/TlsDecryptor.java    | 51 ++++++++++++++++---
 .../tls/records/ApplicationDataRecord.java    |  4 ++
 2 files changed, 48 insertions(+), 7 deletions(-)

diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java b/src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java
index 3fe886f..7bd6af0 100644
--- a/src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java
+++ b/src/main/java/ru/serega6531/packmate/service/optimization/TlsDecryptor.java
@@ -18,8 +18,11 @@ import ru.serega6531.packmate.utils.PRF;
 import ru.serega6531.packmate.utils.TlsUtils;
 
 import javax.crypto.Cipher;
+import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.SecretKeySpec;
 import javax.net.ssl.X509KeyManager;
 import java.io.File;
+import java.nio.ByteBuffer;
 import java.security.cert.X509Certificate;
 import java.security.interfaces.RSAPrivateKey;
 import java.util.*;
@@ -67,14 +70,48 @@ public class TlsDecryptor {
 
             byte[] encryptedPreMaster = TlsKeyUtils.getClientRsaPreMaster(clientKeyExchange.getContent(), 0);
 
-            Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
-            cipher.init(Cipher.DECRYPT_MODE, privateKey);
-            byte[] preMaster = cipher.doFinal(encryptedPreMaster);
-            byte[] seed1 = ArrayUtils.addAll(clientRandom, serverRandom);
-            byte[] seed2 = ArrayUtils.addAll(serverRandom, clientRandom);
+            Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
+            rsa.init(Cipher.DECRYPT_MODE, privateKey);
+            byte[] preMaster = rsa.doFinal(encryptedPreMaster);
+            byte[] randomCS = ArrayUtils.addAll(clientRandom, serverRandom);
+            byte[] randomSC = ArrayUtils.addAll(serverRandom, clientRandom);
 
-            byte[] masterSecret = PRF.getBytes(preMaster, "master secret", seed1, 48);
-            byte[] expanded = PRF.getBytes(masterSecret, "key expansion", seed2, 136);
+            byte[] masterSecret = PRF.getBytes(preMaster, "master secret", randomCS, 48);
+            byte[] expanded = PRF.getBytes(masterSecret, "key expansion", randomSC, 136);
+
+            byte[] clientMacKey = new byte[20];
+            byte[] serverMacKey = new byte[20];
+            byte[] clientEncryptionKey = new byte[32];
+            byte[] serverEncryptionKey = new byte[32];
+            byte[] clientIV = new byte[16];
+            byte[] serverIV = new byte[16];
+
+            ByteBuffer bb = ByteBuffer.wrap(expanded);
+            bb.get(clientMacKey);
+            bb.get(serverMacKey);
+            bb.get(clientEncryptionKey);
+            bb.get(serverEncryptionKey);
+            bb.get(clientIV);
+            bb.get(serverIV);
+
+            Cipher aes = Cipher.getInstance("AES/CBC/NoPadding");  // TLS_RSA_WITH_AES_256_CBC_SHA
+            SecretKeySpec skeySpec = new SecretKeySpec(clientEncryptionKey, "AES");
+            IvParameterSpec ivParameterSpec = new IvParameterSpec(clientIV);
+            aes.init(Cipher.DECRYPT_MODE, skeySpec, ivParameterSpec);
+
+            byte[] data = tlsPackets.entrySet().stream()
+                    .filter(ent -> ent.getKey().isIncoming())
+                    .map(Map.Entry::getValue)
+                    .flatMap(Collection::stream)
+                    .filter(p -> p.getContentType() == ContentType.HANDSHAKE)
+                    .map(p -> ((HandshakeRecord) p.getRecord()))
+                    .filter(r -> r.getHandshakeType() == HandshakeType.ENCRYPTED_HANDSHAKE_MESSAGE)
+                    .map(r -> ((BasicRecordContent) r.getContent()))
+                    .findFirst()
+                    .orElseThrow()
+                    .getContent();
+
+            byte[] decrypt = aes.doFinal(data);
             System.out.println();
         }
 
diff --git a/src/main/java/ru/serega6531/packmate/service/optimization/tls/records/ApplicationDataRecord.java b/src/main/java/ru/serega6531/packmate/service/optimization/tls/records/ApplicationDataRecord.java
index 3403038..69bfa96 100644
--- a/src/main/java/ru/serega6531/packmate/service/optimization/tls/records/ApplicationDataRecord.java
+++ b/src/main/java/ru/serega6531/packmate/service/optimization/tls/records/ApplicationDataRecord.java
@@ -21,6 +21,10 @@ public class ApplicationDataRecord implements TlsRecord {
         System.arraycopy(rawData, offset, data, 0, length);
     }
 
+    public byte[] getData() {
+        return data;
+    }
+
     @Override
     public String toString() {
         return "  Encrypted data: [" + data.length + " bytes]";