diff options
author | Richard Levitte <levitte@openssl.org> | 2017-08-01 22:10:39 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2017-08-15 11:30:47 +0200 |
commit | cb6afcd6ee0c0d66fae62e13fe5966171992f81c (patch) | |
tree | 5b793c0d2a0e92233919fcaaa314c70cf32430d2 /util/TLSProxy | |
parent | c4d2e483a39176a476c56d35879423fe6e33c0cd (diff) |
Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
Diffstat (limited to 'util/TLSProxy')
-rw-r--r-- | util/TLSProxy/Certificate.pm | 219 | ||||
-rw-r--r-- | util/TLSProxy/CertificateVerify.pm | 96 | ||||
-rw-r--r-- | util/TLSProxy/ClientHello.pm | 261 | ||||
-rw-r--r-- | util/TLSProxy/EncryptedExtensions.pm | 115 | ||||
-rw-r--r-- | util/TLSProxy/HelloRetryRequest.pm | 150 | ||||
-rw-r--r-- | util/TLSProxy/Message.pm | 570 | ||||
-rw-r--r-- | util/TLSProxy/NewSessionTicket.pm | 81 | ||||
-rw-r--r-- | util/TLSProxy/Proxy.pm | 603 | ||||
-rw-r--r-- | util/TLSProxy/Record.pm | 398 | ||||
-rw-r--r-- | util/TLSProxy/ServerHello.pm | 234 | ||||
-rw-r--r-- | util/TLSProxy/ServerKeyExchange.pm | 157 |
11 files changed, 0 insertions, 2884 deletions
diff --git a/util/TLSProxy/Certificate.pm b/util/TLSProxy/Certificate.pm deleted file mode 100644 index d3bf7f2180..0000000000 --- a/util/TLSProxy/Certificate.pm +++ /dev/null @@ -1,219 +0,0 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; - -package TLSProxy::Certificate; - -use vars '@ISA'; -push @ISA, 'TLSProxy::Message'; - -sub new -{ - my $class = shift; - my ($server, - $data, - $records, - $startoffset, - $message_frag_lens) = @_; - - my $self = $class->SUPER::new( - $server, - TLSProxy::Message::MT_CERTIFICATE, - $data, - $records, - $startoffset, - $message_frag_lens); - - $self->{first_certificate} = ""; - $self->{extension_data} = ""; - $self->{remaining_certdata} = ""; - - return $self; -} - -sub parse -{ - my $self = shift; - - if (TLSProxy::Proxy->is_tls13()) { - my $context_len = unpack('C', $self->data); - my $context = substr($self->data, 1, $context_len); - - my $remdata = substr($self->data, 1 + $context_len); - - my ($hicertlistlen, $certlistlen) = unpack('Cn', $remdata); - $certlistlen += ($hicertlistlen << 16); - - $remdata = substr($remdata, 3); - - die "Invalid Certificate List length" - if length($remdata) != $certlistlen; - - my ($hicertlen, $certlen) = unpack('Cn', $remdata); - $certlen += ($hicertlen << 16); - - die "Certificate too long" if ($certlen + 3) > $certlistlen; - - $remdata = substr($remdata, 3); - - my $certdata = substr($remdata, 0, $certlen); - - $remdata = substr($remdata, $certlen); - - my $extensions_len = unpack('n', $remdata); - $remdata = substr($remdata, 2); - - die "Extensions too long" - if ($certlen + 3 + $extensions_len + 2) > $certlistlen; - - my $extension_data = ""; - if ($extensions_len != 0) { - $extension_data = substr($remdata, 0, $extensions_len); - - if (length($extension_data) != $extensions_len) { - die "Invalid extension length\n"; - } - } - my %extensions = (); - while (length($extension_data) >= 4) { - my ($type, $size) = unpack("nn", $extension_data); - my $extdata = substr($extension_data, 4, $size); - $extension_data = substr($extension_data, 4 + $size); - $extensions{$type} = $extdata; - } - $remdata = substr($remdata, $extensions_len); - - $self->context($context); - $self->first_certificate($certdata); - $self->extension_data(\%extensions); - $self->remaining_certdata($remdata); - - print " Context:".$context."\n"; - print " Certificate List Len:".$certlistlen."\n"; - print " Certificate Len:".$certlen."\n"; - print " Extensions Len:".$extensions_len."\n"; - } else { - my ($hicertlistlen, $certlistlen) = unpack('Cn', $self->data); - $certlistlen += ($hicertlistlen << 16); - - my $remdata = substr($self->data, 3); - - die "Invalid Certificate List length" - if length($remdata) != $certlistlen; - - my ($hicertlen, $certlen) = unpack('Cn', $remdata); - $certlen += ($hicertlen << 16); - - die "Certificate too long" if ($certlen + 3) > $certlistlen; - - $remdata = substr($remdata, 3); - - my $certdata = substr($remdata, 0, $certlen); - - $remdata = substr($remdata, $certlen); - - $self->first_certificate($certdata); - $self->remaining_certdata($remdata); - - print " Certificate List Len:".$certlistlen."\n"; - print " Certificate Len:".$certlen."\n"; - } -} - -#Reconstruct the on-the-wire message data following changes -sub set_message_contents -{ - my $self = shift; - my $data; - my $extensions = ""; - - if (TLSProxy::Proxy->is_tls13()) { - foreach my $key (keys %{$self->extension_data}) { - my $extdata = ${$self->extension_data}{$key}; - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - } - } - $data = pack('C', length($self->context())); - $data .= $self->context; - my $certlen = length($self->first_certificate); - my $certlistlen = $certlen + length($extensions) - + length($self->remaining_certdata); - my $hi = $certlistlen >> 16; - $certlistlen = $certlistlen & 0xffff; - $data .= pack('Cn', $hi, $certlistlen); - $hi = $certlen >> 16; - $certlen = $certlen & 0xffff; - $data .= pack('Cn', $hi, $certlen); - $data .= pack('n', length($extensions)); - $data .= $extensions; - $data .= $self->remaining_certdata(); - $self->data($data); - } else { - my $certlen = length($self->first_certificate); - my $certlistlen = $certlen + length($self->remaining_certdata); - my $hi = $certlistlen >> 16; - $certlistlen = $certlistlen & 0xffff; - $data .= pack('Cn', $hi, $certlistlen); - $hi = $certlen >> 16; - $certlen = $certlen & 0xffff; - $data .= pack('Cn', $hi, $certlen); - $data .= $self->remaining_certdata(); - $self->data($data); - } -} - -#Read/write accessors -sub context -{ - my $self = shift; - if (@_) { - $self->{context} = shift; - } - return $self->{context}; -} -sub first_certificate -{ - my $self = shift; - if (@_) { - $self->{first_certificate} = shift; - } - return $self->{first_certificate}; -} -sub remaining_certdata -{ - my $self = shift; - if (@_) { - $self->{remaining_certdata} = shift; - } - return $self->{remaining_certdata}; -} -sub extension_data -{ - my $self = shift; - if (@_) { - $self->{extension_data} = shift; - } - return $self->{extension_data}; -} -sub set_extension -{ - my ($self, $ext_type, $ext_data) = @_; - $self->{extension_data}{$ext_type} = $ext_data; -} -sub delete_extension -{ - my ($self, $ext_type) = @_; - delete $self->{extension_data}{$ext_type}; -} -1; diff --git a/util/TLSProxy/CertificateVerify.pm b/util/TLSProxy/CertificateVerify.pm deleted file mode 100644 index 8bf969fba1..0000000000 --- a/util/TLSProxy/CertificateVerify.pm +++ /dev/null @@ -1,96 +0,0 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; - -package TLSProxy::CertificateVerify; - -use vars '@ISA'; -push @ISA, 'TLSProxy::Message'; - -sub new -{ - my $class = shift; - my ($server, - $data, - $records, - $startoffset, - $message_frag_lens) = @_; - - my $self = $class->SUPER::new( - $server, - TLSProxy::Message::MT_CERTIFICATE_VERIFY, - $data, - $records, - $startoffset, - $message_frag_lens); - - $self->{sigalg} = -1; - $self->{signature} = ""; - - return $self; -} - -sub parse -{ - my $self = shift; - - my $sigalg = -1; - my $remdata = $self->data; - my $record = ${$self->records}[0]; - - if (TLSProxy::Proxy->is_tls13() - || $record->version() == TLSProxy::Record::VERS_TLS_1_2) { - $sigalg = unpack('n', $remdata); - $remdata = substr($remdata, 2); - } - - my $siglen = unpack('n', substr($remdata, 0, 2)); - my $sig = substr($remdata, 2); - - die "Invalid CertificateVerify signature length" if length($sig) != $siglen; - - print " SigAlg:".$sigalg."\n"; - print " Signature Len:".$siglen."\n"; - - $self->sigalg($sigalg); - $self->signature($sig); -} - -#Reconstruct the on-the-wire message data following changes -sub set_message_contents -{ - my $self = shift; - my $data = ""; - my $sig = $self->signature(); - my $olddata = $self->data(); - - $data .= pack("n", $self->sigalg()) if ($self->sigalg() != -1); - $data .= pack("n", length($sig)); - $data .= $sig; - - $self->data($data); -} - -#Read/write accessors -sub sigalg -{ - my $self = shift; - if (@_) { - $self->{sigalg} = shift; - } - return $self->{sigalg}; -} -sub signature -{ - my $self = shift; - if (@_) { - $self->{signature} = shift; - } - return $self->{signature}; -} -1; diff --git a/util/TLSProxy/ClientHello.pm b/util/TLSProxy/ClientHello.pm deleted file mode 100644 index 2ae9d6f55d..0000000000 --- a/util/TLSProxy/ClientHello.pm +++ /dev/null @@ -1,261 +0,0 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; - -package TLSProxy::ClientHello; - -use vars '@ISA'; -push @ISA, 'TLSProxy::Message'; - -sub new -{ - my $class = shift; - my ($server, - $data, - $records, - $startoffset, - $message_frag_lens) = @_; - - my $self = $class->SUPER::new( - $server, - 1, - $data, - $records, - $startoffset, - $message_frag_lens); - - $self->{client_version} = 0; - $self->{random} = []; - $self->{session_id_len} = 0; - $self->{session} = ""; - $self->{ciphersuite_len} = 0; - $self->{ciphersuites} = []; - $self->{comp_meth_len} = 0; - $self->{comp_meths} = []; - $self->{extensions_len} = 0; - $self->{extension_data} = ""; - - return $self; -} - -sub parse -{ - my $self = shift; - my $ptr = 2; - my ($client_version) = unpack('n', $self->data); - my $random = substr($self->data, $ptr, 32); - $ptr += 32; - my $session_id_len = unpack('C', substr($self->data, $ptr)); - $ptr++; - my $session = substr($self->data, $ptr, $session_id_len); - $ptr += $session_id_len; - my $ciphersuite_len = unpack('n', substr($self->data, $ptr)); - $ptr += 2; - my @ciphersuites = unpack('n*', substr($self->data, $ptr, - $ciphersuite_len)); - $ptr += $ciphersuite_len; - my $comp_meth_len = unpack('C', substr($self->data, $ptr)); - $ptr++; - my @comp_meths = unpack('C*', substr($self->data, $ptr, $comp_meth_len)); - $ptr += $comp_meth_len; - my $extensions_len = unpack('n', substr($self->data, $ptr)); - $ptr += 2; - #For now we just deal with this as a block of data. In the future we will - #want to parse this - my $extension_data = substr($self->data, $ptr); - - if (length($extension_data) != $extensions_len) { - die "Invalid extension length\n"; - } - my %extensions = (); - while (length($extension_data) >= 4) { - my ($type, $size) = unpack("nn", $extension_data); - my $extdata = substr($extension_data, 4, $size); - $extension_data = substr($extension_data, 4 + $size); - $extensions{$type} = $extdata; - } - - $self->client_version($client_version); - $self->random($random); - $self->session_id_len($session_id_len); - $self->session($session); - $self->ciphersuite_len($ciphersuite_len); - $self->ciphersuites(\@ciphersuites); - $self->comp_meth_len($comp_meth_len); - $self->comp_meths(\@comp_meths); - $self->extensions_len($extensions_len); - $self->extension_data(\%extensions); - - $self->process_extensions(); - - print " Client Version:".$client_version."\n"; - print " Session ID Len:".$session_id_len."\n"; - print " Ciphersuite len:".$ciphersuite_len."\n"; - print " Compression Method Len:".$comp_meth_len."\n"; - print " Extensions Len:".$extensions_len."\n"; -} - -#Perform any actions necessary based on the extensions we've seen -sub process_extensions -{ - my $self = shift; - my %extensions = %{$self->extension_data}; - - #Clear any state from a previous run - TLSProxy::Record->etm(0); - - if (exists $extensions{TLSProxy::Message::EXT_ENCRYPT_THEN_MAC}) { - TLSProxy::Record->etm(1); - } -} - -sub extension_contents -{ - my $self = shift; - my $key = shift; - my $extension = ""; - - my $extdata = ${$self->extension_data}{$key}; - $extension .= pack("n", $key); - $extension .= pack("n", length($extdata)); - $extension .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extension .= pack("n", $key); - $extension .= pack("n", length($extdata)); - $extension .= $extdata; - } - return $extension; -} - -#Reconstruct the on-the-wire message data following changes -sub set_message_contents -{ - my $self = shift; - my $data; - my $extensions = ""; - - $data = pack('n', $self->client_version); - $data .= $self->random; - $data .= pack('C', $self->session_id_len); - $data .= $self->session; - $data .= pack('n', $self->ciphersuite_len); - $data .= pack("n*", @{$self->ciphersuites}); - $data .= pack('C', $self->comp_meth_len); - $data .= pack("C*", @{$self->comp_meths}); - - foreach my $key (keys %{$self->extension_data}) { - next if ($key == TLSProxy::Message::EXT_PSK); - $extensions .= $self->extension_contents($key); - } - #PSK extension always goes last... - if (defined ${$self->extension_data}{TLSProxy::Message::EXT_PSK}) { - $extensions .= $self->extension_contents(TLSProxy::Message::EXT_PSK); - } - #unless we have EXT_FORCE_LAST - if (defined ${$self->extension_data}{TLSProxy::Message::EXT_FORCE_LAST}) { - $extensions .= $self->extension_contents(TLSProxy::Message::EXT_FORCE_LAST); - } - - $data .= pack('n', length($extensions)); - $data .= $extensions; - - $self->data($data); -} - -#Read/write accessors -sub client_version -{ - my $self = shift; - if (@_) { - $self->{client_version} = shift; - } - return $self->{client_version}; -} -sub random -{ - my $self = shift; - if (@_) { - $self->{random} = shift; - } - return $self->{random}; -} -sub session_id_len -{ - my $self = shift; - if (@_) { - $self->{session_id_len} = shift; - } - return $self->{session_id_len}; -} -sub session -{ - my $self = shift; - if (@_) { - $self->{session} = shift; - } - return $self->{session}; -} -sub ciphersuite_len -{ - my $self = shift; - if (@_) { - $self->{ciphersuite_len} = shift; - } - return $self->{ciphersuite_len}; -} -sub ciphersuites -{ - my $self = shift; - if (@_) { - $self->{ciphersuites} = shift; - } - return $self->{ciphersuites}; -} -sub comp_meth_len -{ - my $self = shift; - if (@_) { - $self->{comp_meth_len} = shift; - } - return $self->{comp_meth_len}; -} -sub comp_meths -{ - my $self = shift; - if (@_) { - $self->{comp_meths} = shift; - } - return $self->{comp_meths}; -} -sub extensions_len -{ - my $self = shift; - if (@_) { - $self->{extensions_len} = shift; - } - return $self->{extensions_len}; -} -sub extension_data -{ - my $self = shift; - if (@_) { - $self->{extension_data} = shift; - } - return $self->{extension_data}; -} -sub set_extension -{ - my ($self, $ext_type, $ext_data) = @_; - $self->{extension_data}{$ext_type} = $ext_data; -} -sub delete_extension -{ - my ($self, $ext_type) = @_; - delete $self->{extension_data}{$ext_type}; -} -1; diff --git a/util/TLSProxy/EncryptedExtensions.pm b/util/TLSProxy/EncryptedExtensions.pm deleted file mode 100644 index 81242e29ff..0000000000 --- a/util/TLSProxy/EncryptedExtensions.pm +++ /dev/null @@ -1,115 +0,0 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; - -package TLSProxy::EncryptedExtensions; - -use vars '@ISA'; -push @ISA, 'TLSProxy::Message'; - -sub new -{ - my $class = shift; - my ($server, - $data, - $records, - $startoffset, - $message_frag_lens) = @_; - - my $self = $class->SUPER::new( - $server, - TLSProxy::Message::MT_ENCRYPTED_EXTENSIONS, - $data, - $records, - $startoffset, - $message_frag_lens); - - $self->{extension_data} = ""; - - return $self; -} - -sub parse -{ - my $self = shift; - - my $extensions_len = unpack('n', $self->data); - if (!defined $extensions_len) { - $extensions_len = 0; - } - - my $extension_data; - if ($extensions_len != 0) { - $extension_data = substr($self->data, 2); - - if (length($extension_data) != $extensions_len) { - die "Invalid extension length\n"; - } - } else { - if (length($self->data) != 2) { - die "Invalid extension length\n"; - } - $extension_data = ""; - } - my %extensions = (); - while (length($extension_data) >= 4) { - my ($type, $size) = unpack("nn", $extension_data); - my $extdata = substr($extension_data, 4, $size); - $extension_data = substr($extension_data, 4 + $size); - $extensions{$type} = $extdata; - } - - $self->extension_data(\%extensions); - - print " Extensions Len:".$extensions_len."\n"; -} - -#Reconstruct the on-the-wire message data following changes -sub set_message_contents -{ - my $self = shift; - my $data; - my $extensions = ""; - - foreach my $key (keys %{$self->extension_data}) { - my $extdata = ${$self->extension_data}{$key}; - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - } - } - - $data = pack('n', length($extensions)); - $data .= $extensions; - $self->data($data); -} - -#Read/write accessors -sub extension_data -{ - my $self = shift; - if (@_) { - $self->{extension_data} = shift; - } - return $self->{extension_data}; -} -sub set_extension -{ - my ($self, $ext_type, $ext_data) = @_; - $self->{extension_data}{$ext_type} = $ext_data; -} -sub delete_extension -{ - my ($self, $ext_type) = @_; - delete $self->{extension_data}{$ext_type}; -} -1; diff --git a/util/TLSProxy/HelloRetryRequest.pm b/util/TLSProxy/HelloRetryRequest.pm deleted file mode 100644 index c4125b7a16..0000000000 --- a/util/TLSProxy/HelloRetryRequest.pm +++ /dev/null @@ -1,150 +0,0 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; - -package TLSProxy::HelloRetryRequest; - -use vars '@ISA'; -push @ISA, 'TLSProxy::Message'; - -sub new -{ - my $class = shift; - my ($server, - $data, - $records, - $startoffset, - $message_frag_lens) = @_; - - my $self = $class->SUPER::new( - $server, - TLSProxy::Message::MT_HELLO_RETRY_REQUEST, - $data, - $records, - $startoffset, - $message_frag_lens); - - $self->{extension_data} = ""; - - return $self; -} - -sub parse -{ - my $self = shift; - my $ptr = 2; - - TLSProxy::Proxy->is_tls13(1); - - my ($server_version) = unpack('n', $self->data); - # TODO(TLS1.3): Replace this reference to draft version before release - if ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) { - $server_version = TLSProxy::Record::VERS_TLS_1_3; - } - - my $ciphersuite = unpack('n', substr($self->data, $ptr)); - $ptr += 2; - - my $extensions_len = unpack('n', substr($self->data, $ptr)); - if (!defined $extensions_len) { - $extensions_len = 0; - } - - $ptr += 2; - my $extension_data; - if ($extensions_len != 0) { - $extension_data = substr($self->data, $ptr); - - if (length($extension_data) != $extensions_len) { - die "Invalid extension length\n"; - } - } else { - if (length($self->data) != 2) { - die "Invalid extension length\n"; - } - $extension_data = ""; - } - my %extensions = (); - while (length($extension_data) >= 4) { - my ($type, $size) = unpack("nn", $extension_data); - my $extdata = substr($extension_data, 4, $size); - $extension_data = substr($extension_data, 4 + $size); - $extensions{$type} = $extdata; - } - - $self->server_version($server_version); - $self->ciphersuite($ciphersuite); - $self->extension_data(\%extensions); - - print " Server Version:".$server_version."\n"; - print " Ciphersuite:".$ciphersuite."\n"; - print " Extensions Len:".$extensions_len."\n"; -} - -#Reconstruct the on-the-wire message data following changes -sub set_message_contents -{ - my $self = shift; - my $data; - my $extensions = ""; - - foreach my $key (keys %{$self->extension_data}) { - my $extdata = ${$self->extension_data}{$key}; - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { - $extensions .= pack("n", $key); - $extensions .= pack("n", length($extdata)); - $extensions .= $extdata; - } - } - - $data = pack('n', $self->server_version); - $data .= pack('n', $self->ciphersuite); - $data .= pack('n', length($extensions)); - $data .= $extensions; - $self->data($data); -} - -#Read/write accessors -sub server_version -{ - my $self = shift; - if (@_) { - $self->{server_version} = shift; - } - return $self->{server_version}; -} -sub ciphersuite -{ - my $self = shift; - if (@_) { - $self->{ciphersuite} = shift; - } - return $self->{ciphersuite}; -} -sub extension_data -{ - my $self = shift; - if (@_) { - $self->{extension_data} = shift; - } - return $self->{extension_data}; -} -sub set_extension -{ - my ($self, $ext_type, $ext_data) = @_; - $self->{extension_data}{$ext_type} = $ext_data; -} -sub delete_extension -{ - my ($self, $ext_type) = @_; - delete $self->{extension_data}{$ext_type}; -} -1; diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm deleted file mode 100644 index a9002ec654..0000000000 --- a/util/TLSProxy/Message.pm +++ /dev/null @@ -1,570 +0,0 @@ -# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -# -# Licensed under the OpenSSL license (the "License"). You may not use -# this file except in compliance with the License. You can obtain a copy -# in the file LICENSE in the source distribution or at -# https://www.openssl.org/source/license.html - -use strict; - -package TLSProxy::Message; - -use constant TLS_MESSAGE_HEADER_LENGTH => 4; - -#Message types -use constant { - MT_HELLO_REQUEST => 0, - MT_CLIENT_HELLO => 1, - MT_SERVER_HELLO => 2, - MT_NEW_SESSION_TICKET => 4, - MT_HELLO_RETRY_REQUEST => 6, - MT_ENCRYPTED_EXTENSIONS => 8, - MT_CERTIFICATE => 11, - MT_SERVER_KEY_EXCHANGE => 12, - MT_CERTIFICATE_REQUEST => 13, - MT_SERVER_HELLO_DONE => 14, - MT_CERTIFICATE_VERIFY => 15, - MT_CLIENT_KEY_EXCHANGE => 16, - MT_FINISHED => 20, - MT_CERTIFICATE_STATUS => 22, - MT_NEXT_PROTO => 67 -}; - -#Alert levels -use constant { - AL_LEVEL_WARN => 1, - AL_LEVEL_FATAL => 2 -}; - -#Alert descriptions -use constant { - AL_DESC_CLOSE_NOTIFY => 0, - AL_DESC_UNEXPECTED_MESSAGE => 10, - AL_DESC_NO_RENEGOTIATION => 100 -}; - -my %message_type = ( - MT_HELLO_REQUEST, "HelloRequest", - MT_CLIENT_HELLO, "ClientHello", - MT_SERVER_HELLO, "ServerHello", - MT_NEW_SESSION_TICKET, "NewSessionTicket", - MT_HELLO_RETRY_REQUEST, "HelloRetryRequest", - MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions", - MT_CERTIFICATE, "Certificate", - MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange", - MT_CERTIFICATE_REQUEST, "CertificateRequest", - MT_SERVER_HELLO_DONE, "ServerHelloDone", - MT_CERTIFICATE_VERIFY, "CertificateVerify", - MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange", - MT_FINISHED, "Finished", - MT_CERTIFICATE_STATUS, "CertificateStatus", - MT_NEXT_PROTO, "NextProto" -); - -use constant { - EXT_SERVER_NAME => 0, - EXT_STATUS_REQUEST => 5, - EXT_SUPPORTED_GROUPS => 10, - EXT_EC_POINT_FORMATS => 11, - EXT_SRP => 12, - EXT_SIG_ALGS => 13, - EXT_USE_SRTP => 14, - EXT_ALPN => 16, - EXT_SCT => 18, - EXT_PADDING => 21, - EXT_ENCRYPT_THEN_MAC => 22, - EXT_EXTENDED_MASTER_SECRET => 23, - EXT_SESSION_TICKET => 35, - EXT_KEY_SHARE => 40, - EXT_PSK => 41, - EXT_SUPPORTED_VERSIONS => 43, - EXT_COOKIE => 44, - EXT_PSK_KEX_MODES => 45, - EXT_RENEGOTIATE => 65281, - EXT_NPN => 13172, - # This extension is an unofficial extension only ever written by OpenSSL - # (i.e. not read), and even then only when enabled. We use it to test - # handling of duplicate extensions. - EXT_DUPLICATE_EXTENSION => 0xfde8, - EXT_UNKNOWN => 0xfffe, - #Unknown extension that should appear last - EXT_FORCE_LAST => 0xffff -}; - -# SignatureScheme of TLS 1.3, from -# https://tools.ietf.org/html/draft-ietf-tls-tls13-20#appendix-B.3.1.3 -# TODO(TLS1.3) update link to IANA registry after publication -# We have to manually grab the SHA224 equivalents from the old registry -use constant { - SIG_ALG_RSA_PKCS1_SHA256 => 0x0401, - SIG_ALG_RSA_PKCS1_SHA384 => 0x0501, - SIG_ALG_RSA_PKCS1_SHA512 => 0x0601, - SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403, - SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503, - SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603, - SIG_ALG_RSA_PSS_SHA256 => 0x0804, - SIG_ALG_RSA_PSS_SHA384 => 0x0805, - SIG_ALG_RSA_PSS_SHA512 => 0x0806, - SIG_ALG_ED25519 => 0x0807, - SIG_ALG_ED448 => 0x0808, - SIG_ALG_RSA_PKCS1_SHA1 => 0x0201, - SIG_ALG_ECDSA_SHA1 => 0x0203, - SIG_ALG_DSA_SHA1 => 0x0202, - SIG_ALG_DSA_SHA256 => 0x0402, - SIG_ALG_DSA_SHA384 => 0x0502, - SIG_ALG_DSA_SHA512 => 0x0602, - OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301, - OSSL_SIG_ALG_DSA_SHA224 => 0x0302, - OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303 -}; - -use constant { - CIPHER_DHE_RSA_AES_128_SHA => 0x0033, - CIPHER_ADH_AES_128_SHA => 0x0034, - CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301, - CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302 -}; - -my $payload = ""; -my $messlen = -1; -my $mt; -my $startoffset = -1; -my $server = 0; -my $success = 0; -my $end = 0; -my @message_rec_list = (); -my @message_frag_lens = (); -my $ciphersuite = 0; -my $successondata = 0; - -sub clear -{ - $payload = ""; - $messlen = -1; - $startoffset = -1; - $server = 0; - $success = 0; - $end = 0; - $successondata = 0; - @message_rec_list = (); - @message_frag_lens = (); -} - -#Class method to extract messages from a record -sub get_messages -{ - my $class = shift; - my $serverin = shift; - my $record = shift; - my @me |