diff options
author | Matt Caswell <matt@openssl.org> | 2021-03-18 15:25:42 +0000 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2021-03-25 09:43:33 +0000 |
commit | 46d81bcabe2d36055bdd37079ed6acf976d967a7 (patch) | |
tree | 2397f82c7a0ad595d37501b225977f0833891a81 | |
parent | 2a40b7bc7b94dd7de897a74571e7024f0cf0d63b (diff) |
Teach TLSProxy how to encrypt <= TLSv1.2 ETM records
Previously TLSProxy only knew how to "repack" messages for TLSv1.3.
Most of the handshake in <= TLSv1.2 is unencrypted so this hasn't been
too much of restriction. However we now want to modify reneg handshakes
which are encrypted so we need to add that capability.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
-rw-r--r-- | util/perl/TLSProxy/Message.pm | 37 |
1 files changed, 30 insertions, 7 deletions
diff --git a/util/perl/TLSProxy/Message.pm b/util/perl/TLSProxy/Message.pm index 10b6156074..3d0266e48f 100644 --- a/util/perl/TLSProxy/Message.pm +++ b/util/perl/TLSProxy/Message.pm @@ -448,7 +448,7 @@ sub ciphersuite } #Update all the underlying records with the modified data from this message -#Note: Only supports re-encrypting for TLSv1.3 +#Note: Only supports TLSv1.3 and ETM encryption sub repack { my $self = shift; @@ -490,15 +490,38 @@ sub repack # (If a length override is ever needed to construct invalid packets, # use an explicit override field instead.) $rec->decrypt_len(length($rec->decrypt_data)); - $rec->len($rec->len + length($msgdata) - $old_length); - # Only support re-encryption for TLSv1.3. - if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { - #Add content type (1 byte) and 16 tag bytes - $rec->data($rec->decrypt_data - .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + # Only support re-encryption for TLSv1.3 and ETM. + if ($rec->encrypted()) { + if (TLSProxy::Proxy->is_tls13()) { + #Add content type (1 byte) and 16 tag bytes + $rec->data($rec->decrypt_data + .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); + } elsif ($rec->etm()) { + my $data = $rec->decrypt_data; + #Add padding + my $padval = length($data) % 16; + $padval = 15 - $padval; + for (0..$padval) { + $data .= pack("C", $padval); + } + + #Add MAC. Assumed to be 20 bytes + foreach my $macval (0..19) { + $data .= pack("C", $macval); + } + + if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) { + #Explicit IV + $data = ("\0"x16).$data; + } + $rec->data($data); + } else { + die "Unsupported encryption: No ETM"; + } } else { $rec->data($rec->decrypt_data); } + $rec->len(length($rec->data)); #Update the fragment len in case we changed it above ${$self->message_frag_lens}[0] = length($msgdata) |