[thirdparty/openssl.git] / util / perl / TLSProxy / Message.pm

# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;

package TLSProxy::Message;

use constant TLS_MESSAGE_HEADER_LENGTH => 4;

#Message types
use constant {
    MT_HELLO_REQUEST => 0,
    MT_CLIENT_HELLO => 1,
    MT_SERVER_HELLO => 2,
    MT_NEW_SESSION_TICKET => 4,
    MT_ENCRYPTED_EXTENSIONS => 8,
    MT_CERTIFICATE => 11,
    MT_SERVER_KEY_EXCHANGE => 12,
    MT_CERTIFICATE_REQUEST => 13,
    MT_SERVER_HELLO_DONE => 14,
    MT_CERTIFICATE_VERIFY => 15,
    MT_CLIENT_KEY_EXCHANGE => 16,
    MT_FINISHED => 20,
    MT_CERTIFICATE_STATUS => 22,
    MT_NEXT_PROTO => 67
};

#Alert levels
use constant {
    AL_LEVEL_WARN => 1,
    AL_LEVEL_FATAL => 2
};

#Alert descriptions
use constant {
    AL_DESC_CLOSE_NOTIFY => 0,
    AL_DESC_UNEXPECTED_MESSAGE => 10,
    AL_DESC_NO_RENEGOTIATION => 100
};

my %message_type = (
    MT_HELLO_REQUEST, "HelloRequest",
    MT_CLIENT_HELLO, "ClientHello",
    MT_SERVER_HELLO, "ServerHello",
    MT_NEW_SESSION_TICKET, "NewSessionTicket",
    MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions",
    MT_CERTIFICATE, "Certificate",
    MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
    MT_CERTIFICATE_REQUEST, "CertificateRequest",
    MT_SERVER_HELLO_DONE, "ServerHelloDone",
    MT_CERTIFICATE_VERIFY, "CertificateVerify",
    MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
    MT_FINISHED, "Finished",
    MT_CERTIFICATE_STATUS, "CertificateStatus",
    MT_NEXT_PROTO, "NextProto"
);

use constant {
    EXT_SERVER_NAME => 0,
    EXT_MAX_FRAGMENT_LENGTH => 1,
    EXT_STATUS_REQUEST => 5,
    EXT_SUPPORTED_GROUPS => 10,
    EXT_EC_POINT_FORMATS => 11,
    EXT_SRP => 12,
    EXT_SIG_ALGS => 13,
    EXT_USE_SRTP => 14,
    EXT_ALPN => 16,
    EXT_SCT => 18,
    EXT_PADDING => 21,
    EXT_ENCRYPT_THEN_MAC => 22,
    EXT_EXTENDED_MASTER_SECRET => 23,
    EXT_SESSION_TICKET => 35,
    EXT_KEY_SHARE => 40,
    EXT_PSK => 41,
    EXT_SUPPORTED_VERSIONS => 43,
    EXT_COOKIE => 44,
    EXT_PSK_KEX_MODES => 45,
    EXT_RENEGOTIATE => 65281,
    EXT_NPN => 13172,
    # This extension is an unofficial extension only ever written by OpenSSL
    # (i.e. not read), and even then only when enabled. We use it to test
    # handling of duplicate extensions.
    EXT_DUPLICATE_EXTENSION => 0xfde8,
    EXT_UNKNOWN => 0xfffe,
    #Unknown extension that should appear last
    EXT_FORCE_LAST => 0xffff
};

# SignatureScheme of TLS 1.3, from
# https://tools.ietf.org/html/draft-ietf-tls-tls13-20#appendix-B.3.1.3
# TODO(TLS1.3) update link to IANA registry after publication
# We have to manually grab the SHA224 equivalents from the old registry
use constant {
    SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
    SIG_ALG_RSA_PKCS1_SHA384 => 0x0501,
    SIG_ALG_RSA_PKCS1_SHA512 => 0x0601,
    SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403,
    SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503,
    SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603,
    SIG_ALG_RSA_PSS_SHA256 => 0x0804,
    SIG_ALG_RSA_PSS_SHA384 => 0x0805,
    SIG_ALG_RSA_PSS_SHA512 => 0x0806,
    SIG_ALG_ED25519 => 0x0807,
    SIG_ALG_ED448 => 0x0808,
    SIG_ALG_RSA_PKCS1_SHA1 => 0x0201,
    SIG_ALG_ECDSA_SHA1 => 0x0203,
    SIG_ALG_DSA_SHA1 => 0x0202,
    SIG_ALG_DSA_SHA256 => 0x0402,
    SIG_ALG_DSA_SHA384 => 0x0502,
    SIG_ALG_DSA_SHA512 => 0x0602,
    OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301,
    OSSL_SIG_ALG_DSA_SHA224 => 0x0302,
    OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303
};

use constant {
    CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
    CIPHER_ADH_AES_128_SHA => 0x0034,
    CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,
    CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
};

my $payload = "";
my $messlen = -1;
my $mt;
my $startoffset = -1;
my $server = 0;
my $success = 0;
my $end = 0;
my @message_rec_list = ();
my @message_frag_lens = ();
my $ciphersuite = 0;
my $successondata = 0;

sub clear
{
    $payload = "";
    $messlen = -1;
    $startoffset = -1;
    $server = 0;
    $success = 0;
    $end = 0;
    $successondata = 0;
    @message_rec_list = ();
    @message_frag_lens = ();
}

#Class method to extract messages from a record
sub get_messages
{
    my $class = shift;
    my $serverin = shift;
    my $record = shift;
    my @messages = ();
    my $message;

    @message_frag_lens = ();

    if ($serverin != $server && length($payload) != 0) {
        die "Changed peer, but we still have fragment data\n";
    }
    $server = $serverin;

    if ($record->content_type == TLSProxy::Record::RT_CCS) {
        if ($payload ne "") {
            #We can't handle this yet
            die "CCS received before message data complete\n";
        }
        if ($server) {
            TLSProxy::Record->server_encrypting(1);
        } else {
            TLSProxy::Record->client_encrypting(1);
        }
    } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
        if ($record->len == 0 || $record->len_real == 0) {
            print "  Message truncated\n";
        } else {
            my $recoffset = 0;

            if (length $payload > 0) {
                #We are continuing processing a message started in a previous
                #record. Add this record to the list associated with this
                #message
                push @message_rec_list, $record;

                if ($messlen <= length($payload)) {
                    #Shouldn't happen
                    die "Internal error: invalid messlen: ".$messlen
                        ." payload length:".length($payload)."\n";
                }
                if (length($payload) + $record->decrypt_len >= $messlen) {
                    #We can complete the message with this record
                    $recoffset = $messlen - length($payload);
                    $payload .= substr($record->decrypt_data, 0, $recoffset);
                    push @message_frag_lens, $recoffset;
                    $message = create_message($server, $mt, $payload,
                                              $startoffset);
                    push @messages, $message;

                    $payload = "";
                } else {
                    #This is just part of the total message
                    $payload .= $record->decrypt_data;
                    $recoffset = $record->decrypt_len;
                    push @message_frag_lens, $record->decrypt_len;
                }
                print "  Partial message data read: ".$recoffset." bytes\n";
            }

            while ($record->decrypt_len > $recoffset) {
                #We are at the start of a new message
                if ($record->decrypt_len - $recoffset < 4) {
                    #Whilst technically probably valid we can't cope with this
                    die "End of record in the middle of a message header\n";
                }
                @message_rec_list = ($record);
                my $lenhi;
                my $lenlo;
                ($mt, $lenhi, $lenlo) = unpack('CnC',
                                               substr($record->decrypt_data,
                                                      $recoffset));
                $messlen = ($lenhi << 8) | $lenlo;
                print "  Message type: $message_type{$mt}\n";
                print "  Message Length: $messlen\n";
                $startoffset = $recoffset;
                $recoffset += 4;
                $payload = "";
                
                if ($recoffset <= $record->decrypt_len) {
                    #Some payload data is present in this record
                    if ($record->decrypt_len - $recoffset >= $messlen) {
                        #We can complete the message with this record
                        $payload .= substr($record->decrypt_data, $recoffset,
                                           $messlen);
                        $recoffset += $messlen;
                        push @message_frag_lens, $messlen;
                        $message = create_message($server, $mt, $payload,
                                                  $startoffset);
                        push @messages, $message;

                        $payload = "";
                    } else {
                        #This is just part of the total message
                        $payload .= substr($record->decrypt_data, $recoffset,
                                           $record->decrypt_len - $recoffset);
                        $recoffset = $record->decrypt_len;
                        push @message_frag_lens, $recoffset;
                    }
                }
            }
        }
    } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
        print "  [ENCRYPTED APPLICATION DATA]\n";
        print "  [".$record->decrypt_data."]\n";

        if ($successondata) {
            $success = 1;
            $end = 1;
        }
    } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
        my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
        #A CloseNotify from the client indicates we have finished successfully
        #(we assume)
        if (!$end && !$server && $alertlev == AL_LEVEL_WARN
            && $alertdesc == AL_DESC_CLOSE_NOTIFY) {
            $success = 1;
        }
        #All alerts end the test
        $end = 1;
    }

    return @messages;
}

#Function to work out which sub-class we need to create and then
#construct it
sub create_message
{
    my ($server, $mt, $data, $startoffset) = @_;
    my $message;

    #We only support ClientHello in this version...needs to be extended for
    #others
    if ($mt == MT_CLIENT_HELLO) {
        $message = TLSProxy::ClientHello->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_SERVER_HELLO) {
        $message = TLSProxy::ServerHello->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) {
        $message = TLSProxy::EncryptedExtensions->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_CERTIFICATE) {
        $message = TLSProxy::Certificate->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_CERTIFICATE_VERIFY) {
        $message = TLSProxy::CertificateVerify->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
        $message = TLSProxy::ServerKeyExchange->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_NEW_SESSION_TICKET) {
        $message = TLSProxy::NewSessionTicket->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } else {
        #Unknown message type
        $message = TLSProxy::Message->new(
            $server,
            $mt,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
    }

    return $message;
}

sub end
{
    my $class = shift;
    return $end;
}
sub success
{
    my $class = shift;
    return $success;
}
sub fail
{
    my $class = shift;
    return !$success && $end;
}
sub new
{
    my $class = shift;
    my ($server,
        $mt,
        $data,
        $records,
        $startoffset,
        $message_frag_lens) = @_;
    
    my $self = {
        server => $server,
        data => $data,
        records => $records,
        mt => $mt,
        startoffset => $startoffset,
        message_frag_lens => $message_frag_lens
    };

    return bless $self, $class;
}

sub ciphersuite
{
    my $class = shift;
    if (@_) {
      $ciphersuite = shift;
    }
    return $ciphersuite;
}

#Update all the underlying records with the modified data from this message
#Note: Only supports re-encrypting for TLSv1.3
sub repack
{
    my $self = shift;
    my $msgdata;

    my $numrecs = $#{$self->records};

    $self->set_message_contents();

    my $lenhi;
    my $lenlo;

    $lenlo = length($self->data) & 0xff;
    $lenhi = length($self->data) >> 8;
    $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;

    if ($numrecs == 0) {
        #The message is fully contained within one record
        my ($rec) = @{$self->records};
        my $recdata = $rec->decrypt_data;

        my $old_length;

        # We use empty message_frag_lens to indicates that pre-repacking,
        # the message wasn't present. The first fragment length doesn't include
        # the TLS header, so we need to check and compute the right length.
        if (@{$self->message_frag_lens}) {
            $old_length = ${$self->message_frag_lens}[0] +
              TLS_MESSAGE_HEADER_LENGTH;
        } else {
            $old_length = 0;
        }

        my $prefix = substr($recdata, 0, $self->startoffset);
        my $suffix = substr($recdata, $self->startoffset + $old_length);

        $rec->decrypt_data($prefix.($msgdata).($suffix));
        # TODO(openssl-team): don't keep explicit lengths.
        # (If a length override is ever needed to construct invalid packets,
        #  use an explicit override field instead.)
        $rec->decrypt_len(length($rec->decrypt_data));
        $rec->len($rec->len + length($msgdata) - $old_length);
        # Only support re-encryption for TLSv1.3.
        if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
            #Add content type (1 byte) and 16 tag bytes
            $rec->data($rec->decrypt_data
                .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
        } else {
            $rec->data($rec->decrypt_data);
        }

        #Update the fragment len in case we changed it above
        ${$self->message_frag_lens}[0] = length($msgdata)
                                         - TLS_MESSAGE_HEADER_LENGTH;
        return;
    }

    #Note we don't currently support changing a fragmented message length
    my $recctr = 0;
    my $datadone = 0;
    foreach my $rec (@{$self->records}) {
        my $recdata = $rec->decrypt_data;
        if ($recctr == 0) {
            #This is the first record
            my $remainlen = length($recdata) - $self->startoffset;
            $rec->data(substr($recdata, 0, $self->startoffset)
                       .substr(($msgdata), 0, $remainlen));
            $datadone += $remainlen;
        } elsif ($recctr + 1 == $numrecs) {
            #This is the last record
            $rec->data(substr($msgdata, $datadone));
        } else {
            #This is a middle record
            $rec->data(substr($msgdata, $datadone, length($rec->data)));
            $datadone += length($rec->data);
        }
        $recctr++;
    }
}

#To be overridden by sub-classes
sub set_message_contents
{
}

#Read only accessors
sub server
{
    my $self = shift;
    return $self->{server};
}

#Read/write accessors
sub mt
{
    my $self = shift;
    if (@_) {
      $self->{mt} = shift;
    }
    return $self->{mt};
}
sub data
{
    my $self = shift;
    if (@_) {
      $self->{data} = shift;
    }
    return $self->{data};
}
sub records
{
    my $self = shift;
    if (@_) {
      $self->{records} = shift;
    }
    return $self->{records};
}
sub startoffset
{
    my $self = shift;
    if (@_) {
      $self->{startoffset} = shift;
    }
    return $self->{startoffset};
}
sub message_frag_lens
{
    my $self = shift;
    if (@_) {
      $self->{message_frag_lens} = shift;
    }
    return $self->{message_frag_lens};
}
sub encoded_length
{
    my $self = shift;
    return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
}
sub successondata
{
    my $class = shift;
    if (@_) {
        $successondata = shift;
    }
    return $successondata;
}
1;
Commit	Line	Data
ac3d0e13	1	# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
631c1206	2	#
ac3d0e13 RS	3	# Licensed under the OpenSSL license (the "License"). You may not use
	4	# this file except in compliance with the License. You can obtain a copy
	5	# in the file LICENSE in the source distribution or at
	6	# https://www.openssl.org/source/license.html
631c1206 MC	7
	8	use strict;
	9
	10	package TLSProxy::Message;
	11
	12	use constant TLS_MESSAGE_HEADER_LENGTH => 4;
	13
	14	#Message types
	15	use constant {
	16	MT_HELLO_REQUEST => 0,
	17	MT_CLIENT_HELLO => 1,
	18	MT_SERVER_HELLO => 2,
	19	MT_NEW_SESSION_TICKET => 4,
e46f2334	20	MT_ENCRYPTED_EXTENSIONS => 8,
631c1206 MC	21	MT_CERTIFICATE => 11,
	22	MT_SERVER_KEY_EXCHANGE => 12,
	23	MT_CERTIFICATE_REQUEST => 13,
	24	MT_SERVER_HELLO_DONE => 14,
	25	MT_CERTIFICATE_VERIFY => 15,
	26	MT_CLIENT_KEY_EXCHANGE => 16,
	27	MT_FINISHED => 20,
	28	MT_CERTIFICATE_STATUS => 22,
	29	MT_NEXT_PROTO => 67
	30	};
8af538e5 MC	31
	32	#Alert levels
	33	use constant {
	34	AL_LEVEL_WARN => 1,
	35	AL_LEVEL_FATAL => 2
	36	};
	37
	38	#Alert descriptions
	39	use constant {
c3fd55d4	40	AL_DESC_CLOSE_NOTIFY => 0,
a2a0c86b MC	41	AL_DESC_UNEXPECTED_MESSAGE => 10,
a2a0c86b MC	42	AL_DESC_NO_RENEGOTIATION => 100
8af538e5 MC	43	};
8af538e5 MC	44
631c1206 MC	45	my %message_type = (
	46	MT_HELLO_REQUEST, "HelloRequest",
	47	MT_CLIENT_HELLO, "ClientHello",
	48	MT_SERVER_HELLO, "ServerHello",
	49	MT_NEW_SESSION_TICKET, "NewSessionTicket",
e46f2334	50	MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions",
631c1206 MC	51	MT_CERTIFICATE, "Certificate",
	52	MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
	53	MT_CERTIFICATE_REQUEST, "CertificateRequest",
	54	MT_SERVER_HELLO_DONE, "ServerHelloDone",
	55	MT_CERTIFICATE_VERIFY, "CertificateVerify",
	56	MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
	57	MT_FINISHED, "Finished",
	58	MT_CERTIFICATE_STATUS, "CertificateStatus",
	59	MT_NEXT_PROTO, "NextProto"
	60	);
	61
aa474d1f	62	use constant {
9ce3ed2a	63	EXT_SERVER_NAME => 0,
cf72c757	64	EXT_MAX_FRAGMENT_LENGTH => 1,
aa474d1f	65	EXT_STATUS_REQUEST => 5,
5a8e54d9	66	EXT_SUPPORTED_GROUPS => 10,
9ce3ed2a MC	67	EXT_EC_POINT_FORMATS => 11,
	68	EXT_SRP => 12,
	69	EXT_SIG_ALGS => 13,
	70	EXT_USE_SRTP => 14,
	71	EXT_ALPN => 16,
	72	EXT_SCT => 18,
	73	EXT_PADDING => 21,
aa474d1f EK	74	EXT_ENCRYPT_THEN_MAC => 22,
	75	EXT_EXTENDED_MASTER_SECRET => 23,
	76	EXT_SESSION_TICKET => 35,
5a8e54d9	77	EXT_KEY_SHARE => 40,
1c361b4a	78	EXT_PSK => 41,
9ce3ed2a	79	EXT_SUPPORTED_VERSIONS => 43,
ee700226	80	EXT_COOKIE => 44,
b2f7e8c0	81	EXT_PSK_KEX_MODES => 45,
9ce3ed2a MC	82	EXT_RENEGOTIATE => 65281,
9ce3ed2a MC	83	EXT_NPN => 13172,
70af3d8e MC	84	# This extension is an unofficial extension only ever written by OpenSSL
	85	# (i.e. not read), and even then only when enabled. We use it to test
	86	# handling of duplicate extensions.
717afd93	87	EXT_DUPLICATE_EXTENSION => 0xfde8,
5e3766e2	88	EXT_UNKNOWN => 0xfffe,
717afd93 MC	89	#Unknown extension that should appear last
717afd93 MC	90	EXT_FORCE_LAST => 0xffff
aa474d1f EK	91	};
aa474d1f EK	92
d499a3e1 BK	93	# SignatureScheme of TLS 1.3, from
	94	# https://tools.ietf.org/html/draft-ietf-tls-tls13-20#appendix-B.3.1.3
	95	# TODO(TLS1.3) update link to IANA registry after publication
	96	# We have to manually grab the SHA224 equivalents from the old registry
	97	use constant {
	98	SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
	99	SIG_ALG_RSA_PKCS1_SHA384 => 0x0501,
	100	SIG_ALG_RSA_PKCS1_SHA512 => 0x0601,
	101	SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403,
	102	SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503,
	103	SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603,
	104	SIG_ALG_RSA_PSS_SHA256 => 0x0804,
	105	SIG_ALG_RSA_PSS_SHA384 => 0x0805,
	106	SIG_ALG_RSA_PSS_SHA512 => 0x0806,
	107	SIG_ALG_ED25519 => 0x0807,
	108	SIG_ALG_ED448 => 0x0808,
	109	SIG_ALG_RSA_PKCS1_SHA1 => 0x0201,
	110	SIG_ALG_ECDSA_SHA1 => 0x0203,
	111	SIG_ALG_DSA_SHA1 => 0x0202,
	112	SIG_ALG_DSA_SHA256 => 0x0402,
	113	SIG_ALG_DSA_SHA384 => 0x0502,
	114	SIG_ALG_DSA_SHA512 => 0x0602,
	115	OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301,
	116	OSSL_SIG_ALG_DSA_SHA224 => 0x0302,
	117	OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303
	118	};
	119
397f4f78	120	use constant {
79d8c167	121	CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
c35cb287 MC	122	CIPHER_ADH_AES_128_SHA => 0x0034,
	123	CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,
	124	CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
397f4f78 MC	125	};
397f4f78 MC	126
631c1206 MC	127	my $payload = "";
	128	my $messlen = -1;
	129	my $mt;
	130	my $startoffset = -1;
	131	my $server = 0;
	132	my $success = 0;
	133	my $end = 0;
	134	my @message_rec_list = ();
	135	my @message_frag_lens = ();
a1accbb1	136	my $ciphersuite = 0;
1c361b4a	137	my $successondata = 0;
631c1206 MC	138
	139	sub clear
	140	{
	141	$payload = "";
	142	$messlen = -1;
	143	$startoffset = -1;
	144	$server = 0;
	145	$success = 0;
	146	$end = 0;
1c361b4a	147	$successondata = 0;
631c1206 MC	148	@message_rec_list = ();
	149	@message_frag_lens = ();
	150	}
	151
	152	#Class method to extract messages from a record
	153	sub get_messages
	154	{
	155	my $class = shift;
	156	my $serverin = shift;
	157	my $record = shift;
	158	my @messages = ();
	159	my $message;
	160
a1accbb1 MC	161	@message_frag_lens = ();
a1accbb1 MC	162
631c1206 MC	163	if ($serverin != $server && length($payload) != 0) {
	164	die "Changed peer, but we still have fragment data\n";
	165	}
	166	$server = $serverin;
	167
	168	if ($record->content_type == TLSProxy::Record::RT_CCS) {
	169	if ($payload ne "") {
	170	#We can't handle this yet
	171	die "CCS received before message data complete\n";
	172	}
	173	if ($server) {
9970290e	174	TLSProxy::Record->server_encrypting(1);
631c1206	175	} else {
9970290e	176	TLSProxy::Record->client_encrypting(1);
631c1206 MC	177	}
	178	} elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
	179	if ($record->len == 0 \|\| $record->len_real == 0) {
	180	print " Message truncated\n";
	181	} else {
	182	my $recoffset = 0;
	183
	184	if (length $payload > 0) {
	185	#We are continuing processing a message started in a previous
	186	#record. Add this record to the list associated with this
	187	#message
	188	push @message_rec_list, $record;
	189
	190	if ($messlen <= length($payload)) {
	191	#Shouldn't happen
	192	die "Internal error: invalid messlen: ".$messlen
	193	." payload length:".length($payload)."\n";
	194	}
	195	if (length($payload) + $record->decrypt_len >= $messlen) {
	196	#We can complete the message with this record
	197	$recoffset = $messlen - length($payload);
	198	$payload .= substr($record->decrypt_data, 0, $recoffset);
	199	push @message_frag_lens, $recoffset;
	200	$message = create_message($server, $mt, $payload,
	201	$startoffset);
	202	push @messages, $message;
	203
631c1206 MC	204	$payload = "";
	205	} else {
	206	#This is just part of the total message
	207	$payload .= $record->decrypt_data;
	208	$recoffset = $record->decrypt_len;
	209	push @message_frag_lens, $record->decrypt_len;
	210	}
	211	print " Partial message data read: ".$recoffset." bytes\n";
	212	}
	213
	214	while ($record->decrypt_len > $recoffset) {
	215	#We are at the start of a new message
	216	if ($record->decrypt_len - $recoffset < 4) {
	217	#Whilst technically probably valid we can't cope with this
	218	die "End of record in the middle of a message header\n";
	219	}
	220	@message_rec_list = ($record);
	221	my $lenhi;
	222	my $lenlo;
	223	($mt, $lenhi, $lenlo) = unpack('CnC',
	224	substr($record->decrypt_data,
	225	$recoffset));
	226	$messlen = ($lenhi << 8) \| $lenlo;
	227	print " Message type: $message_type{$mt}\n";
	228	print " Message Length: $messlen\n";
	229	$startoffset = $recoffset;
	230	$recoffset += 4;
	231	$payload = "";
	232
d70bde88	233	if ($recoffset <= $record->decrypt_len) {
631c1206 MC	234	#Some payload data is present in this record
	235	if ($record->decrypt_len - $recoffset >= $messlen) {
	236	#We can complete the message with this record
	237	$payload .= substr($record->decrypt_data, $recoffset,
	238	$messlen);
	239	$recoffset += $messlen;
	240	push @message_frag_lens, $messlen;
	241	$message = create_message($server, $mt, $payload,
	242	$startoffset);
	243	push @messages, $message;
	244
631c1206 MC	245	$payload = "";
	246	} else {
	247	#This is just part of the total message
	248	$payload .= substr($record->decrypt_data, $recoffset,
	249	$record->decrypt_len - $recoffset);
	250	$recoffset = $record->decrypt_len;
	251	push @message_frag_lens, $recoffset;
	252	}
	253	}
	254	}
	255	}
	256	} elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
	257	print " [ENCRYPTED APPLICATION DATA]\n";
	258	print " [".$record->decrypt_data."]\n";
1c361b4a MC	259
	260	if ($successondata) {
	261	$success = 1;
	262	$end = 1;
	263	}
631c1206	264	} elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
8af538e5	265	my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
8af538e5 MC	266	#A CloseNotify from the client indicates we have finished successfully
8af538e5 MC	267	#(we assume)
8523288e	268	if (!$end && !$server && $alertlev == AL_LEVEL_WARN
8af538e5 MC	269	&& $alertdesc == AL_DESC_CLOSE_NOTIFY) {
	270	$success = 1;
	271	}
8523288e DB	272	#All alerts end the test
8523288e DB	273	$end = 1;
631c1206 MC	274	}
	275
	276	return @messages;
	277	}
	278
	279	#Function to work out which sub-class we need to create and then
	280	#construct it
	281	sub create_message
	282	{
	283	my ($server, $mt, $data, $startoffset) = @_;
	284	my $message;
	285
	286	#We only support ClientHello in this version...needs to be extended for
	287	#others
	288	if ($mt == MT_CLIENT_HELLO) {
	289	$message = TLSProxy::ClientHello->new(
	290	$server,
	291	$data,
	292	[@message_rec_list],
	293	$startoffset,
	294	[@message_frag_lens]
	295	);
	296	$message->parse();
a1accbb1 MC	297	} elsif ($mt == MT_SERVER_HELLO) {
	298	$message = TLSProxy::ServerHello->new(
	299	$server,
	300	$data,
	301	[@message_rec_list],
	302	$startoffset,
	303	[@message_frag_lens]
	304	);
9ce3ed2a MC	305	$message->parse();
	306	} elsif ($mt == MT_ENCRYPTED_EXTENSIONS) {
	307	$message = TLSProxy::EncryptedExtensions->new(
	308	$server,
	309	$data,
	310	[@message_rec_list],
	311	$startoffset,
	312	[@message_frag_lens]
	313	);
e96e0f8e MC	314	$message->parse();
	315	} elsif ($mt == MT_CERTIFICATE) {
	316	$message = TLSProxy::Certificate->new(
	317	$server,
	318	$data,
	319	[@message_rec_list],
	320	$startoffset,
	321	[@message_frag_lens]
	322	);
adb403de MC	323	$message->parse();
	324	} elsif ($mt == MT_CERTIFICATE_VERIFY) {
	325	$message = TLSProxy::CertificateVerify->new(
	326	$server,
	327	$data,
	328	[@message_rec_list],
	329	$startoffset,
	330	[@message_frag_lens]
	331	);
a1accbb1 MC	332	$message->parse();
	333	} elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
	334	$message = TLSProxy::ServerKeyExchange->new(
	335	$server,
	336	$data,
	337	[@message_rec_list],
	338	$startoffset,
	339	[@message_frag_lens]
7f6d90ac EK	340	);
	341	$message->parse();
	342	} elsif ($mt == MT_NEW_SESSION_TICKET) {
	343	$message = TLSProxy::NewSessionTicket->new(
	344	$server,
	345	$data,
	346	[@message_rec_list],
	347	$startoffset,
	348	[@message_frag_lens]
a1accbb1 MC	349	);
a1accbb1 MC	350	$message->parse();
631c1206 MC	351	} else {
	352	#Unknown message type
	353	$message = TLSProxy::Message->new(
	354	$server,
	355	$mt,
	356	$data,
	357	[@message_rec_list],
	358	$startoffset,
	359	[@message_frag_lens]
	360	);
	361	}
	362
	363	return $message;
	364	}
	365
	366	sub end
	367	{
	368	my $class = shift;
	369	return $end;
	370	}
	371	sub success
	372	{
	373	my $class = shift;
	374	return $success;
	375	}
a1accbb1 MC	376	sub fail
	377	{
	378	my $class = shift;
	379	return !$success && $end;
	380	}
631c1206 MC	381	sub new
	382	{
	383	my $class = shift;
	384	my ($server,
	385	$mt,
	386	$data,
	387	$records,
	388	$startoffset,
	389	$message_frag_lens) = @_;
	390
	391	my $self = {
	392	server => $server,
	393	data => $data,
	394	records => $records,
	395	mt => $mt,
	396	startoffset => $startoffset,
	397	message_frag_lens => $message_frag_lens
	398	};
	399
	400	return bless $self, $class;
	401	}
	402
a1accbb1 MC	403	sub ciphersuite
	404	{
	405	my $class = shift;
	406	if (@_) {
	407	$ciphersuite = shift;
	408	}
	409	return $ciphersuite;
	410	}
	411
631c1206	412	#Update all the underlying records with the modified data from this message
357d096a	413	#Note: Only supports re-encrypting for TLSv1.3
631c1206 MC	414	sub repack
	415	{
	416	my $self = shift;
	417	my $msgdata;
	418
	419	my $numrecs = $#{$self->records};
	420
	421	$self->set_message_contents();
	422
	423	my $lenhi;
	424	my $lenlo;
	425
	426	$lenlo = length($self->data) & 0xff;
	427	$lenhi = length($self->data) >> 8;
4deefd65	428	$msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;
631c1206	429
631c1206 MC	430	if ($numrecs == 0) {
	431	#The message is fully contained within one record
	432	my ($rec) = @{$self->records};
	433	my $recdata = $rec->decrypt_data;
	434
cf7f8592 EK	435	my $old_length;
	436
	437	# We use empty message_frag_lens to indicates that pre-repacking,
	438	# the message wasn't present. The first fragment length doesn't include
	439	# the TLS header, so we need to check and compute the right length.
	440	if (@{$self->message_frag_lens}) {
	441	$old_length = ${$self->message_frag_lens}[0] +
	442	TLS_MESSAGE_HEADER_LENGTH;
	443	} else {
	444	$old_length = 0;
631c1206 MC	445	}
631c1206 MC	446
cf7f8592 EK	447	my $prefix = substr($recdata, 0, $self->startoffset);
	448	my $suffix = substr($recdata, $self->startoffset + $old_length);
	449
	450	$rec->decrypt_data($prefix.($msgdata).($suffix));
	451	# TODO(openssl-team): don't keep explicit lengths.
	452	# (If a length override is ever needed to construct invalid packets,
	453	# use an explicit override field instead.)
	454	$rec->decrypt_len(length($rec->decrypt_data));
	455	$rec->len($rec->len + length($msgdata) - $old_length);
357d096a MC	456	# Only support re-encryption for TLSv1.3.
	457	if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
	458	#Add content type (1 byte) and 16 tag bytes
	459	$rec->data($rec->decrypt_data
	460	.pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
	461	} else {
	462	$rec->data($rec->decrypt_data);
	463	}
631c1206 MC	464
	465	#Update the fragment len in case we changed it above
	466	${$self->message_frag_lens}[0] = length($msgdata)
	467	- TLS_MESSAGE_HEADER_LENGTH;
	468	return;
	469	}
	470
	471	#Note we don't currently support changing a fragmented message length
	472	my $recctr = 0;
	473	my $datadone = 0;
	474	foreach my $rec (@{$self->records}) {
	475	my $recdata = $rec->decrypt_data;
	476	if ($recctr == 0) {
	477	#This is the first record
	478	my $remainlen = length($recdata) - $self->startoffset;
	479	$rec->data(substr($recdata, 0, $self->startoffset)
	480	.substr(($msgdata), 0, $remainlen));
	481	$datadone += $remainlen;
	482	} elsif ($recctr + 1 == $numrecs) {
	483	#This is the last record
	484	$rec->data(substr($msgdata, $datadone));
	485	} else {
	486	#This is a middle record
	487	$rec->data(substr($msgdata, $datadone, length($rec->data)));
	488	$datadone += length($rec->data);
	489	}
	490	$recctr++;
	491	}
	492	}
	493
	494	#To be overridden by sub-classes
	495	sub set_message_contents
	496	{
	497	}
	498
	499	#Read only accessors
	500	sub server
	501	{
	502	my $self = shift;
	503	return $self->{server};
	504	}
	505
	506	#Read/write accessors
	507	sub mt
	508	{
	509	my $self = shift;
	510	if (@_) {
	511	$self->{mt} = shift;
	512	}
	513	return $self->{mt};
	514	}
	515	sub data
	516	{
	517	my $self = shift;
	518	if (@_) {
	519	$self->{data} = shift;
	520	}
	521	return $self->{data};
	522	}
	523	sub records
	524	{
	525	my $self = shift;
	526	if (@_) {
	527	$self->{records} = shift;
528	}
529	return $self->{records};
530	}
531	sub startoffset
532	{
533	my $self = shift;
534	if (@_) {
535	$self->{startoffset} = shift;
536	}
537	return $self->{startoffset};
538	}
539	sub message_frag_lens
540	{
541	my $self = shift;
542	if (@_) {
543	$self->{message_frag_lens} = shift;
544	}
545	return $self->{message_frag_lens};
546	}
cf7f8592 EK	547	sub encoded_length
	548	{
	549	my $self = shift;
	550	return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
	551	}
1c361b4a MC	552	sub successondata
	553	{
	554	my $class = shift;
	555	if (@_) {
	556	$successondata = shift;
	557	}
	558	return $successondata;
	559	}
631c1206	560	1;