]>
Commit | Line | Data |
---|---|---|
ac3d0e13 | 1 | # Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. |
631c1206 | 2 | # |
ac3d0e13 RS |
3 | # Licensed under the OpenSSL license (the "License"). You may not use |
4 | # this file except in compliance with the License. You can obtain a copy | |
5 | # in the file LICENSE in the source distribution or at | |
6 | # https://www.openssl.org/source/license.html | |
631c1206 MC |
7 | |
8 | use strict; | |
9 | ||
10 | package TLSProxy::Message; | |
11 | ||
12 | use constant TLS_MESSAGE_HEADER_LENGTH => 4; | |
13 | ||
14 | #Message types | |
15 | use constant { | |
16 | MT_HELLO_REQUEST => 0, | |
17 | MT_CLIENT_HELLO => 1, | |
18 | MT_SERVER_HELLO => 2, | |
19 | MT_NEW_SESSION_TICKET => 4, | |
38f5c30b | 20 | MT_HELLO_RETRY_REQUEST => 6, |
e46f2334 | 21 | MT_ENCRYPTED_EXTENSIONS => 8, |
631c1206 MC |
22 | MT_CERTIFICATE => 11, |
23 | MT_SERVER_KEY_EXCHANGE => 12, | |
24 | MT_CERTIFICATE_REQUEST => 13, | |
25 | MT_SERVER_HELLO_DONE => 14, | |
26 | MT_CERTIFICATE_VERIFY => 15, | |
27 | MT_CLIENT_KEY_EXCHANGE => 16, | |
28 | MT_FINISHED => 20, | |
29 | MT_CERTIFICATE_STATUS => 22, | |
30 | MT_NEXT_PROTO => 67 | |
31 | }; | |
8af538e5 MC |
32 | |
33 | #Alert levels | |
34 | use constant { | |
35 | AL_LEVEL_WARN => 1, | |
36 | AL_LEVEL_FATAL => 2 | |
37 | }; | |
38 | ||
39 | #Alert descriptions | |
40 | use constant { | |
c3fd55d4 | 41 | AL_DESC_CLOSE_NOTIFY => 0, |
a2a0c86b MC |
42 | AL_DESC_UNEXPECTED_MESSAGE => 10, |
43 | AL_DESC_NO_RENEGOTIATION => 100 | |
8af538e5 MC |
44 | }; |
45 | ||
631c1206 MC |
46 | my %message_type = ( |
47 | MT_HELLO_REQUEST, "HelloRequest", | |
48 | MT_CLIENT_HELLO, "ClientHello", | |
49 | MT_SERVER_HELLO, "ServerHello", | |
50 | MT_NEW_SESSION_TICKET, "NewSessionTicket", | |
38f5c30b | 51 | MT_HELLO_RETRY_REQUEST, "HelloRetryRequest", |
e46f2334 | 52 | MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions", |
631c1206 MC |
53 | MT_CERTIFICATE, "Certificate", |
54 | MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange", | |
55 | MT_CERTIFICATE_REQUEST, "CertificateRequest", | |
56 | MT_SERVER_HELLO_DONE, "ServerHelloDone", | |
57 | MT_CERTIFICATE_VERIFY, "CertificateVerify", | |
58 | MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange", | |
59 | MT_FINISHED, "Finished", | |
60 | MT_CERTIFICATE_STATUS, "CertificateStatus", | |
61 | MT_NEXT_PROTO, "NextProto" | |
62 | ); | |
63 | ||
aa474d1f | 64 | use constant { |
9ce3ed2a | 65 | EXT_SERVER_NAME => 0, |
aa474d1f | 66 | EXT_STATUS_REQUEST => 5, |
5a8e54d9 | 67 | EXT_SUPPORTED_GROUPS => 10, |
9ce3ed2a MC |
68 | EXT_EC_POINT_FORMATS => 11, |
69 | EXT_SRP => 12, | |
70 | EXT_SIG_ALGS => 13, | |
71 | EXT_USE_SRTP => 14, | |
72 | EXT_ALPN => 16, | |
73 | EXT_SCT => 18, | |
74 | EXT_PADDING => 21, | |
aa474d1f EK |
75 | EXT_ENCRYPT_THEN_MAC => 22, |
76 | EXT_EXTENDED_MASTER_SECRET => 23, | |
77 | EXT_SESSION_TICKET => 35, | |
5a8e54d9 | 78 | EXT_KEY_SHARE => 40, |
1c361b4a | 79 | EXT_PSK => 41, |
9ce3ed2a | 80 | EXT_SUPPORTED_VERSIONS => 43, |
ee700226 | 81 | EXT_COOKIE => 44, |
b2f7e8c0 | 82 | EXT_PSK_KEX_MODES => 45, |
9ce3ed2a MC |
83 | EXT_RENEGOTIATE => 65281, |
84 | EXT_NPN => 13172, | |
70af3d8e MC |
85 | # This extension is an unofficial extension only ever written by OpenSSL |
86 | # (i.e. not read), and even then only when enabled. We use it to test | |
87 | # handling of duplicate extensions. | |
88 | EXT_DUPLICATE_EXTENSION => 0xfde8 | |
aa474d1f EK |
89 | }; |
90 | ||
397f4f78 | 91 | use constant { |
79d8c167 MC |
92 | CIPHER_DHE_RSA_AES_128_SHA => 0x0033, |
93 | CIPHER_ADH_AES_128_SHA => 0x0034 | |
397f4f78 MC |
94 | }; |
95 | ||
631c1206 MC |
96 | my $payload = ""; |
97 | my $messlen = -1; | |
98 | my $mt; | |
99 | my $startoffset = -1; | |
100 | my $server = 0; | |
101 | my $success = 0; | |
102 | my $end = 0; | |
103 | my @message_rec_list = (); | |
104 | my @message_frag_lens = (); | |
a1accbb1 | 105 | my $ciphersuite = 0; |
1c361b4a | 106 | my $successondata = 0; |
631c1206 MC |
107 | |
108 | sub clear | |
109 | { | |
110 | $payload = ""; | |
111 | $messlen = -1; | |
112 | $startoffset = -1; | |
113 | $server = 0; | |
114 | $success = 0; | |
115 | $end = 0; | |
1c361b4a | 116 | $successondata = 0; |
631c1206 MC |
117 | @message_rec_list = (); |
118 | @message_frag_lens = (); | |
119 | } | |
120 | ||
121 | #Class method to extract messages from a record | |
122 | sub get_messages | |
123 | { | |
124 | my $class = shift; | |
125 | my $serverin = shift; | |
126 | my $record = shift; | |
127 | my @messages = (); | |
128 | my $message; | |
129 | ||
a1accbb1 MC |
130 | @message_frag_lens = (); |
131 | ||
631c1206 MC |
132 | if ($serverin != $server && length($payload) != 0) { |
133 | die "Changed peer, but we still have fragment data\n"; | |
134 | } | |
135 | $server = $serverin; | |
136 | ||
137 | if ($record->content_type == TLSProxy::Record::RT_CCS) { | |
138 | if ($payload ne "") { | |
139 | #We can't handle this yet | |
140 | die "CCS received before message data complete\n"; | |
141 | } | |
142 | if ($server) { | |
9970290e | 143 | TLSProxy::Record->server_encrypting(1); |
631c1206 | 144 | } else { |
9970290e | 145 | TLSProxy::Record->client_encrypting(1); |
631c1206 MC |
146 | } |
147 | } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) { | |
148 | if ($record->len == 0 || $record->len_real == 0) { | |
149 | print " Message truncated\n"; | |
150 | } else { | |
151 | my $recoffset = 0; | |
152 | ||
153 | if (length $payload > 0) { | |
154 | #We are continuing processing a message started in a previous | |
155 | #record. Add this record to the list associated with this | |
156 | #message | |
157 | push @message_rec_list, $record; | |
158 | ||
159 | if ($messlen <= length($payload)) { | |
160 | #Shouldn't happen | |
161 | die "Internal error: invalid messlen: ".$messlen | |
162 | ." payload length:".length($payload)."\n"; | |
163 | } | |
164 | if (length($payload) + $record->decrypt_len >= $messlen) { | |
165 | #We can complete the message with this record | |
166 | $recoffset = $messlen - length($payload); | |
167 | $payload .= substr($record->decrypt_data, 0, $recoffset); | |
168 | push @message_frag_lens, $recoffset; | |
169 | $message = create_message($server, $mt, $payload, | |
170 | $startoffset); | |
171 | push @messages, $message; | |
172 | ||
631c1206 MC |
173 | $payload = ""; |
174 | } else { | |
175 | #This is just part of the total message | |
176 | $payload .= $record->decrypt_data; | |
177 | $recoffset = $record->decrypt_len; | |
178 | push @message_frag_lens, $record->decrypt_len; | |
179 | } | |
180 | print " Partial message data read: ".$recoffset." bytes\n"; | |
181 | } | |
182 | ||
183 | while ($record->decrypt_len > $recoffset) { | |
184 | #We are at the start of a new message | |
185 | if ($record->decrypt_len - $recoffset < 4) { | |
186 | #Whilst technically probably valid we can't cope with this | |
187 | die "End of record in the middle of a message header\n"; | |
188 | } | |
189 | @message_rec_list = ($record); | |
190 | my $lenhi; | |
191 | my $lenlo; | |
192 | ($mt, $lenhi, $lenlo) = unpack('CnC', | |
193 | substr($record->decrypt_data, | |
194 | $recoffset)); | |
195 | $messlen = ($lenhi << 8) | $lenlo; | |
196 | print " Message type: $message_type{$mt}\n"; | |
197 | print " Message Length: $messlen\n"; | |
198 | $startoffset = $recoffset; | |
199 | $recoffset += 4; | |
200 | $payload = ""; | |
201 | ||
d70bde88 | 202 | if ($recoffset <= $record->decrypt_len) { |
631c1206 MC |
203 | #Some payload data is present in this record |
204 | if ($record->decrypt_len - $recoffset >= $messlen) { | |
205 | #We can complete the message with this record | |
206 | $payload .= substr($record->decrypt_data, $recoffset, | |
207 | $messlen); | |
208 | $recoffset += $messlen; | |
209 | push @message_frag_lens, $messlen; | |
210 | $message = create_message($server, $mt, $payload, | |
211 | $startoffset); | |
212 | push @messages, $message; | |
213 | ||
631c1206 MC |
214 | $payload = ""; |
215 | } else { | |
216 | #This is just part of the total message | |
217 | $payload .= substr($record->decrypt_data, $recoffset, | |
218 | $record->decrypt_len - $recoffset); | |
219 | $recoffset = $record->decrypt_len; | |
220 | push @message_frag_lens, $recoffset; | |
221 | } | |
222 | } | |
223 | } | |
224 | } | |
225 | } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) { | |
226 | print " [ENCRYPTED APPLICATION DATA]\n"; | |
227 | print " [".$record->decrypt_data."]\n"; | |
1c361b4a MC |
228 | |
229 | if ($successondata) { | |
230 | $success = 1; | |
231 | $end = 1; | |
232 | } | |
631c1206 | 233 | } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) { |
8af538e5 | 234 | my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data); |
8af538e5 MC |
235 | #A CloseNotify from the client indicates we have finished successfully |
236 | #(we assume) | |
8523288e | 237 | if (!$end && !$server && $alertlev == AL_LEVEL_WARN |
8af538e5 MC |
238 | && $alertdesc == AL_DESC_CLOSE_NOTIFY) { |
239 | $success = 1; | |
240 | } | |
8523288e DB |
241 | #All alerts end the test |
242 | $end = 1; | |
631c1206 MC |
243 | } |
244 | ||
245 | return @messages; | |
246 | } | |
247 | ||
248 | #Function to work out which sub-class we need to create and then | |
249 | #construct it | |
250 | sub create_message | |
251 | { | |
252 | my ($server, $mt, $data, $startoffset) = @_; | |
253 | my $message; | |
254 | ||
255 | #We only support ClientHello in this version...needs to be extended for | |
256 | #others | |
257 | if ($mt == MT_CLIENT_HELLO) { | |
258 | $message = TLSProxy::ClientHello->new( | |
259 | $server, | |
260 | $data, | |
261 | [@message_rec_list], | |
262 | $startoffset, | |
263 | [@message_frag_lens] | |
264 | ); | |
265 | $message->parse(); | |
0adb6417 MC |
266 | } elsif ($mt == MT_HELLO_RETRY_REQUEST) { |
267 | $message = TLSProxy::HelloRetryRequest->new( | |
268 | $server, | |
269 | $data, | |
270 | [@message_rec_list], | |
271 | $startoffset, | |
272 | [@message_frag_lens] | |
273 | ); | |
274 | $message->parse(); | |
a1accbb1 MC |
275 | } elsif ($mt == MT_SERVER_HELLO) { |
276 | $message = TLSProxy::ServerHello->new( | |
277 | $server, | |
278 | $data, | |
279 | [@message_rec_list], | |
280 | $startoffset, | |
281 | [@message_frag_lens] | |
282 | ); | |
9ce3ed2a MC |
283 | $message->parse(); |
284 | } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) { | |
285 | $message = TLSProxy::EncryptedExtensions->new( | |
286 | $server, | |
287 | $data, | |
288 | [@message_rec_list], | |
289 | $startoffset, | |
290 | [@message_frag_lens] | |
291 | ); | |
e96e0f8e MC |
292 | $message->parse(); |
293 | } elsif ($mt == MT_CERTIFICATE) { | |
294 | $message = TLSProxy::Certificate->new( | |
295 | $server, | |
296 | $data, | |
297 | [@message_rec_list], | |
298 | $startoffset, | |
299 | [@message_frag_lens] | |
300 | ); | |
adb403de MC |
301 | $message->parse(); |
302 | } elsif ($mt == MT_CERTIFICATE_VERIFY) { | |
303 | $message = TLSProxy::CertificateVerify->new( | |
304 | $server, | |
305 | $data, | |
306 | [@message_rec_list], | |
307 | $startoffset, | |
308 | [@message_frag_lens] | |
309 | ); | |
a1accbb1 MC |
310 | $message->parse(); |
311 | } elsif ($mt == MT_SERVER_KEY_EXCHANGE) { | |
312 | $message = TLSProxy::ServerKeyExchange->new( | |
313 | $server, | |
314 | $data, | |
315 | [@message_rec_list], | |
316 | $startoffset, | |
317 | [@message_frag_lens] | |
7f6d90ac EK |
318 | ); |
319 | $message->parse(); | |
320 | } elsif ($mt == MT_NEW_SESSION_TICKET) { | |
321 | $message = TLSProxy::NewSessionTicket->new( | |
322 | $server, | |
323 | $data, | |
324 | [@message_rec_list], | |
325 | $startoffset, | |
326 | [@message_frag_lens] | |
a1accbb1 MC |
327 | ); |
328 | $message->parse(); | |
631c1206 MC |
329 | } else { |
330 | #Unknown message type | |
331 | $message = TLSProxy::Message->new( | |
332 | $server, | |
333 | $mt, | |
334 | $data, | |
335 | [@message_rec_list], | |
336 | $startoffset, | |
337 | [@message_frag_lens] | |
338 | ); | |
339 | } | |
340 | ||
341 | return $message; | |
342 | } | |
343 | ||
344 | sub end | |
345 | { | |
346 | my $class = shift; | |
347 | return $end; | |
348 | } | |
349 | sub success | |
350 | { | |
351 | my $class = shift; | |
352 | return $success; | |
353 | } | |
a1accbb1 MC |
354 | sub fail |
355 | { | |
356 | my $class = shift; | |
357 | return !$success && $end; | |
358 | } | |
631c1206 MC |
359 | sub new |
360 | { | |
361 | my $class = shift; | |
362 | my ($server, | |
363 | $mt, | |
364 | $data, | |
365 | $records, | |
366 | $startoffset, | |
367 | $message_frag_lens) = @_; | |
368 | ||
369 | my $self = { | |
370 | server => $server, | |
371 | data => $data, | |
372 | records => $records, | |
373 | mt => $mt, | |
374 | startoffset => $startoffset, | |
375 | message_frag_lens => $message_frag_lens | |
376 | }; | |
377 | ||
378 | return bless $self, $class; | |
379 | } | |
380 | ||
a1accbb1 MC |
381 | sub ciphersuite |
382 | { | |
383 | my $class = shift; | |
384 | if (@_) { | |
385 | $ciphersuite = shift; | |
386 | } | |
387 | return $ciphersuite; | |
388 | } | |
389 | ||
631c1206 | 390 | #Update all the underlying records with the modified data from this message |
357d096a | 391 | #Note: Only supports re-encrypting for TLSv1.3 |
631c1206 MC |
392 | sub repack |
393 | { | |
394 | my $self = shift; | |
395 | my $msgdata; | |
396 | ||
397 | my $numrecs = $#{$self->records}; | |
398 | ||
399 | $self->set_message_contents(); | |
400 | ||
401 | my $lenhi; | |
402 | my $lenlo; | |
403 | ||
404 | $lenlo = length($self->data) & 0xff; | |
405 | $lenhi = length($self->data) >> 8; | |
4deefd65 | 406 | $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data; |
631c1206 | 407 | |
631c1206 MC |
408 | if ($numrecs == 0) { |
409 | #The message is fully contained within one record | |
410 | my ($rec) = @{$self->records}; | |
411 | my $recdata = $rec->decrypt_data; | |
412 | ||
cf7f8592 EK |
413 | my $old_length; |
414 | ||
415 | # We use empty message_frag_lens to indicates that pre-repacking, | |
416 | # the message wasn't present. The first fragment length doesn't include | |
417 | # the TLS header, so we need to check and compute the right length. | |
418 | if (@{$self->message_frag_lens}) { | |
419 | $old_length = ${$self->message_frag_lens}[0] + | |
420 | TLS_MESSAGE_HEADER_LENGTH; | |
421 | } else { | |
422 | $old_length = 0; | |
631c1206 MC |
423 | } |
424 | ||
cf7f8592 EK |
425 | my $prefix = substr($recdata, 0, $self->startoffset); |
426 | my $suffix = substr($recdata, $self->startoffset + $old_length); | |
427 | ||
428 | $rec->decrypt_data($prefix.($msgdata).($suffix)); | |
429 | # TODO(openssl-team): don't keep explicit lengths. | |
430 | # (If a length override is ever needed to construct invalid packets, | |
431 | # use an explicit override field instead.) | |
432 | $rec->decrypt_len(length($rec->decrypt_data)); | |
433 | $rec->len($rec->len + length($msgdata) - $old_length); | |
357d096a MC |
434 | # Only support re-encryption for TLSv1.3. |
435 | if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) { | |
436 | #Add content type (1 byte) and 16 tag bytes | |
437 | $rec->data($rec->decrypt_data | |
438 | .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16)); | |
439 | } else { | |
440 | $rec->data($rec->decrypt_data); | |
441 | } | |
631c1206 MC |
442 | |
443 | #Update the fragment len in case we changed it above | |
444 | ${$self->message_frag_lens}[0] = length($msgdata) | |
445 | - TLS_MESSAGE_HEADER_LENGTH; | |
446 | return; | |
447 | } | |
448 | ||
449 | #Note we don't currently support changing a fragmented message length | |
450 | my $recctr = 0; | |
451 | my $datadone = 0; | |
452 | foreach my $rec (@{$self->records}) { | |
453 | my $recdata = $rec->decrypt_data; | |
454 | if ($recctr == 0) { | |
455 | #This is the first record | |
456 | my $remainlen = length($recdata) - $self->startoffset; | |
457 | $rec->data(substr($recdata, 0, $self->startoffset) | |
458 | .substr(($msgdata), 0, $remainlen)); | |
459 | $datadone += $remainlen; | |
460 | } elsif ($recctr + 1 == $numrecs) { | |
461 | #This is the last record | |
462 | $rec->data(substr($msgdata, $datadone)); | |
463 | } else { | |
464 | #This is a middle record | |
465 | $rec->data(substr($msgdata, $datadone, length($rec->data))); | |
466 | $datadone += length($rec->data); | |
467 | } | |
468 | $recctr++; | |
469 | } | |
470 | } | |
471 | ||
472 | #To be overridden by sub-classes | |
473 | sub set_message_contents | |
474 | { | |
475 | } | |
476 | ||
477 | #Read only accessors | |
478 | sub server | |
479 | { | |
480 | my $self = shift; | |
481 | return $self->{server}; | |
482 | } | |
483 | ||
484 | #Read/write accessors | |
485 | sub mt | |
486 | { | |
487 | my $self = shift; | |
488 | if (@_) { | |
489 | $self->{mt} = shift; | |
490 | } | |
491 | return $self->{mt}; | |
492 | } | |
493 | sub data | |
494 | { | |
495 | my $self = shift; | |
496 | if (@_) { | |
497 | $self->{data} = shift; | |
498 | } | |
499 | return $self->{data}; | |
500 | } | |
501 | sub records | |
502 | { | |
503 | my $self = shift; | |
504 | if (@_) { | |
505 | $self->{records} = shift; | |
506 | } | |
507 | return $self->{records}; | |
508 | } | |
509 | sub startoffset | |
510 | { | |
511 | my $self = shift; | |
512 | if (@_) { | |
513 | $self->{startoffset} = shift; | |
514 | } | |
515 | return $self->{startoffset}; | |
516 | } | |
517 | sub message_frag_lens | |
518 | { | |
519 | my $self = shift; | |
520 | if (@_) { | |
521 | $self->{message_frag_lens} = shift; | |
522 | } | |
523 | return $self->{message_frag_lens}; | |
524 | } | |
cf7f8592 EK |
525 | sub encoded_length |
526 | { | |
527 | my $self = shift; | |
528 | return TLS_MESSAGE_HEADER_LENGTH + length($self->data); | |
529 | } | |
1c361b4a MC |
530 | sub successondata |
531 | { | |
532 | my $class = shift; | |
533 | if (@_) { | |
534 | $successondata = shift; | |
535 | } | |
536 | return $successondata; | |
537 | } | |
631c1206 | 538 | 1; |