[thirdparty/openssl.git] / util / perl / TLSProxy / Message.pm

# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

use strict;

package TLSProxy::Message;

use TLSProxy::Alert;

use constant TLS_MESSAGE_HEADER_LENGTH => 4;

#Message types
use constant {
    MT_HELLO_REQUEST => 0,
    MT_CLIENT_HELLO => 1,
    MT_SERVER_HELLO => 2,
    MT_NEW_SESSION_TICKET => 4,
    MT_ENCRYPTED_EXTENSIONS => 8,
    MT_CERTIFICATE => 11,
    MT_SERVER_KEY_EXCHANGE => 12,
    MT_CERTIFICATE_REQUEST => 13,
    MT_SERVER_HELLO_DONE => 14,
    MT_CERTIFICATE_VERIFY => 15,
    MT_CLIENT_KEY_EXCHANGE => 16,
    MT_FINISHED => 20,
    MT_CERTIFICATE_STATUS => 22,
    MT_NEXT_PROTO => 67
};

#Alert levels
use constant {
    AL_LEVEL_WARN => 1,
    AL_LEVEL_FATAL => 2
};

#Alert descriptions
use constant {
    AL_DESC_CLOSE_NOTIFY => 0,
    AL_DESC_UNEXPECTED_MESSAGE => 10,
    AL_DESC_ILLEGAL_PARAMETER => 47,
    AL_DESC_NO_RENEGOTIATION => 100
};

my %message_type = (
    MT_HELLO_REQUEST, "HelloRequest",
    MT_CLIENT_HELLO, "ClientHello",
    MT_SERVER_HELLO, "ServerHello",
    MT_NEW_SESSION_TICKET, "NewSessionTicket",
    MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions",
    MT_CERTIFICATE, "Certificate",
    MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
    MT_CERTIFICATE_REQUEST, "CertificateRequest",
    MT_SERVER_HELLO_DONE, "ServerHelloDone",
    MT_CERTIFICATE_VERIFY, "CertificateVerify",
    MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
    MT_FINISHED, "Finished",
    MT_CERTIFICATE_STATUS, "CertificateStatus",
    MT_NEXT_PROTO, "NextProto"
);

use constant {
    EXT_SERVER_NAME => 0,
    EXT_MAX_FRAGMENT_LENGTH => 1,
    EXT_STATUS_REQUEST => 5,
    EXT_SUPPORTED_GROUPS => 10,
    EXT_EC_POINT_FORMATS => 11,
    EXT_SRP => 12,
    EXT_SIG_ALGS => 13,
    EXT_USE_SRTP => 14,
    EXT_ALPN => 16,
    EXT_SCT => 18,
    EXT_PADDING => 21,
    EXT_ENCRYPT_THEN_MAC => 22,
    EXT_EXTENDED_MASTER_SECRET => 23,
    EXT_SESSION_TICKET => 35,
    EXT_KEY_SHARE => 51,
    EXT_PSK => 41,
    EXT_SUPPORTED_VERSIONS => 43,
    EXT_COOKIE => 44,
    EXT_PSK_KEX_MODES => 45,
    EXT_POST_HANDSHAKE_AUTH => 49,
    EXT_SIG_ALGS_CERT => 50,
    EXT_RENEGOTIATE => 65281,
    EXT_NPN => 13172,
    EXT_CRYPTOPRO_BUG_EXTENSION => 0xfde8,
    EXT_UNKNOWN => 0xfffe,
    #Unknown extension that should appear last
    EXT_FORCE_LAST => 0xffff
};

# SignatureScheme of TLS 1.3 from:
# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
# We have to manually grab the SHA224 equivalents from the old registry
use constant {
    SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
    SIG_ALG_RSA_PKCS1_SHA384 => 0x0501,
    SIG_ALG_RSA_PKCS1_SHA512 => 0x0601,
    SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403,
    SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503,
    SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603,
    SIG_ALG_RSA_PSS_RSAE_SHA256 => 0x0804,
    SIG_ALG_RSA_PSS_RSAE_SHA384 => 0x0805,
    SIG_ALG_RSA_PSS_RSAE_SHA512 => 0x0806,
    SIG_ALG_ED25519 => 0x0807,
    SIG_ALG_ED448 => 0x0808,
    SIG_ALG_RSA_PSS_PSS_SHA256 => 0x0809,
    SIG_ALG_RSA_PSS_PSS_SHA384 => 0x080a,
    SIG_ALG_RSA_PSS_PSS_SHA512 => 0x080b,
    SIG_ALG_RSA_PKCS1_SHA1 => 0x0201,
    SIG_ALG_ECDSA_SHA1 => 0x0203,
    SIG_ALG_DSA_SHA1 => 0x0202,
    SIG_ALG_DSA_SHA256 => 0x0402,
    SIG_ALG_DSA_SHA384 => 0x0502,
    SIG_ALG_DSA_SHA512 => 0x0602,
    OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301,
    OSSL_SIG_ALG_DSA_SHA224 => 0x0302,
    OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303
};

use constant {
    CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f,
    CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
    CIPHER_ADH_AES_128_SHA => 0x0034,
    CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,
    CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
};

my $payload = "";
my $messlen = -1;
my $mt;
my $startoffset = -1;
my $server = 0;
my $success = 0;
my $end = 0;
my @message_rec_list = ();
my @message_frag_lens = ();
my $ciphersuite = 0;
my $successondata = 0;
my $alert;

sub clear
{
    $payload = "";
    $messlen = -1;
    $startoffset = -1;
    $server = 0;
    $success = 0;
    $end = 0;
    $successondata = 0;
    @message_rec_list = ();
    @message_frag_lens = ();
    $alert = undef;
}

#Class method to extract messages from a record
sub get_messages
{
    my $class = shift;
    my $serverin = shift;
    my $record = shift;
    my @messages = ();
    my $message;

    @message_frag_lens = ();

    if ($serverin != $server && length($payload) != 0) {
        die "Changed peer, but we still have fragment data\n";
    }
    $server = $serverin;

    if ($record->content_type == TLSProxy::Record::RT_CCS) {
        if ($payload ne "") {
            #We can't handle this yet
            die "CCS received before message data complete\n";
        }
        if (!TLSProxy::Proxy->is_tls13()) {
            if ($server) {
                TLSProxy::Record->server_encrypting(1);
            } else {
                TLSProxy::Record->client_encrypting(1);
            }
        }
    } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
        if ($record->len == 0 || $record->len_real == 0) {
            print "  Message truncated\n";
        } else {
            my $recoffset = 0;

            if (length $payload > 0) {
                #We are continuing processing a message started in a previous
                #record. Add this record to the list associated with this
                #message
                push @message_rec_list, $record;

                if ($messlen <= length($payload)) {
                    #Shouldn't happen
                    die "Internal error: invalid messlen: ".$messlen
                        ." payload length:".length($payload)."\n";
                }
                if (length($payload) + $record->decrypt_len >= $messlen) {
                    #We can complete the message with this record
                    $recoffset = $messlen - length($payload);
                    $payload .= substr($record->decrypt_data, 0, $recoffset);
                    push @message_frag_lens, $recoffset;
                    $message = create_message($server, $mt, $payload,
                                              $startoffset);
                    push @messages, $message;

                    $payload = "";
                } else {
                    #This is just part of the total message
                    $payload .= $record->decrypt_data;
                    $recoffset = $record->decrypt_len;
                    push @message_frag_lens, $record->decrypt_len;
                }
                print "  Partial message data read: ".$recoffset." bytes\n";
            }

            while ($record->decrypt_len > $recoffset) {
                #We are at the start of a new message
                if ($record->decrypt_len - $recoffset < 4) {
                    #Whilst technically probably valid we can't cope with this
                    die "End of record in the middle of a message header\n";
                }
                @message_rec_list = ($record);
                my $lenhi;
                my $lenlo;
                ($mt, $lenhi, $lenlo) = unpack('CnC',
                                               substr($record->decrypt_data,
                                                      $recoffset));
                $messlen = ($lenhi << 8) | $lenlo;
                print "  Message type: $message_type{$mt}\n";
                print "  Message Length: $messlen\n";
                $startoffset = $recoffset;
                $recoffset += 4;
                $payload = "";
                
                if ($recoffset <= $record->decrypt_len) {
                    #Some payload data is present in this record
                    if ($record->decrypt_len - $recoffset >= $messlen) {
                        #We can complete the message with this record
                        $payload .= substr($record->decrypt_data, $recoffset,
                                           $messlen);
                        $recoffset += $messlen;
                        push @message_frag_lens, $messlen;
                        $message = create_message($server, $mt, $payload,
                                                  $startoffset);
                        push @messages, $message;

                        $payload = "";
                    } else {
                        #This is just part of the total message
                        $payload .= substr($record->decrypt_data, $recoffset,
                                           $record->decrypt_len - $recoffset);
                        $recoffset = $record->decrypt_len;
                        push @message_frag_lens, $recoffset;
                    }
                }
            }
        }
    } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
        print "  [ENCRYPTED APPLICATION DATA]\n";
        print "  [".$record->decrypt_data."]\n";

        if ($successondata) {
            $success = 1;
            $end = 1;
        }
    } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
        my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
        print "  [$alertlev, $alertdesc]\n";
        #A CloseNotify from the client indicates we have finished successfully
        #(we assume)
        if (!$end && !$server && $alertlev == AL_LEVEL_WARN
            && $alertdesc == AL_DESC_CLOSE_NOTIFY) {
            $success = 1;
        }
        #Fatal or close notify alerts end the test
        if ($alertlev == AL_LEVEL_FATAL || $alertdesc == AL_DESC_CLOSE_NOTIFY) {
            $end = 1;
        }
        $alert = TLSProxy::Alert->new(
            $server,
            $record->encrypted,
            $alertlev,
            $alertdesc);
    }

    return @messages;
}

#Function to work out which sub-class we need to create and then
#construct it
sub create_message
{
    my ($server, $mt, $data, $startoffset) = @_;
    my $message;

    #We only support ClientHello in this version...needs to be extended for
    #others
    if ($mt == MT_CLIENT_HELLO) {
        $message = TLSProxy::ClientHello->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_SERVER_HELLO) {
        $message = TLSProxy::ServerHello->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) {
        $message = TLSProxy::EncryptedExtensions->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_CERTIFICATE) {
        $message = TLSProxy::Certificate->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_CERTIFICATE_VERIFY) {
        $message = TLSProxy::CertificateVerify->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
        $message = TLSProxy::ServerKeyExchange->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } elsif ($mt == MT_NEW_SESSION_TICKET) {
        $message = TLSProxy::NewSessionTicket->new(
            $server,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
        $message->parse();
    } else {
        #Unknown message type
        $message = TLSProxy::Message->new(
            $server,
            $mt,
            $data,
            [@message_rec_list],
            $startoffset,
            [@message_frag_lens]
        );
    }

    return $message;
}

sub end
{
    my $class = shift;
    return $end;
}
sub success
{
    my $class = shift;
    return $success;
}
sub fail
{
    my $class = shift;
    return !$success && $end;
}

sub alert
{
    return $alert;
}

sub new
{
    my $class = shift;
    my ($server,
        $mt,
        $data,
        $records,
        $startoffset,
        $message_frag_lens) = @_;
    
    my $self = {
        server => $server,
        data => $data,
        records => $records,
        mt => $mt,
        startoffset => $startoffset,
        message_frag_lens => $message_frag_lens,
        dupext => -1
    };

    return bless $self, $class;
}

sub ciphersuite
{
    my $class = shift;
    if (@_) {
      $ciphersuite = shift;
    }
    return $ciphersuite;
}

#Update all the underlying records with the modified data from this message
#Note: Only supports re-encrypting for TLSv1.3
sub repack
{
    my $self = shift;
    my $msgdata;

    my $numrecs = $#{$self->records};

    $self->set_message_contents();

    my $lenhi;
    my $lenlo;

    $lenlo = length($self->data) & 0xff;
    $lenhi = length($self->data) >> 8;
    $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;

    if ($numrecs == 0) {
        #The message is fully contained within one record
        my ($rec) = @{$self->records};
        my $recdata = $rec->decrypt_data;

        my $old_length;

        # We use empty message_frag_lens to indicates that pre-repacking,
        # the message wasn't present. The first fragment length doesn't include
        # the TLS header, so we need to check and compute the right length.
        if (@{$self->message_frag_lens}) {
            $old_length = ${$self->message_frag_lens}[0] +
              TLS_MESSAGE_HEADER_LENGTH;
        } else {
            $old_length = 0;
        }

        my $prefix = substr($recdata, 0, $self->startoffset);
        my $suffix = substr($recdata, $self->startoffset + $old_length);

        $rec->decrypt_data($prefix.($msgdata).($suffix));
        # TODO(openssl-team): don't keep explicit lengths.
        # (If a length override is ever needed to construct invalid packets,
        #  use an explicit override field instead.)
        $rec->decrypt_len(length($rec->decrypt_data));
        $rec->len($rec->len + length($msgdata) - $old_length);
        # Only support re-encryption for TLSv1.3.
        if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
            #Add content type (1 byte) and 16 tag bytes
            $rec->data($rec->decrypt_data
                .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
        } else {
            $rec->data($rec->decrypt_data);
        }

        #Update the fragment len in case we changed it above
        ${$self->message_frag_lens}[0] = length($msgdata)
                                         - TLS_MESSAGE_HEADER_LENGTH;
        return;
    }

    #Note we don't currently support changing a fragmented message length
    my $recctr = 0;
    my $datadone = 0;
    foreach my $rec (@{$self->records}) {
        my $recdata = $rec->decrypt_data;
        if ($recctr == 0) {
            #This is the first record
            my $remainlen = length($recdata) - $self->startoffset;
            $rec->data(substr($recdata, 0, $self->startoffset)
                       .substr(($msgdata), 0, $remainlen));
            $datadone += $remainlen;
        } elsif ($recctr + 1 == $numrecs) {
            #This is the last record
            $rec->data(substr($msgdata, $datadone));
        } else {
            #This is a middle record
            $rec->data(substr($msgdata, $datadone, length($rec->data)));
            $datadone += length($rec->data);
        }
        $recctr++;
    }
}

#To be overridden by sub-classes
sub set_message_contents
{
}

#Read only accessors
sub server
{
    my $self = shift;
    return $self->{server};
}

#Read/write accessors
sub mt
{
    my $self = shift;
    if (@_) {
      $self->{mt} = shift;
    }
    return $self->{mt};
}
sub data
{
    my $self = shift;
    if (@_) {
      $self->{data} = shift;
    }
    return $self->{data};
}
sub records
{
    my $self = shift;
    if (@_) {
      $self->{records} = shift;
    }
    return $self->{records};
}
sub startoffset
{
    my $self = shift;
    if (@_) {
      $self->{startoffset} = shift;
    }
    return $self->{startoffset};
}
sub message_frag_lens
{
    my $self = shift;
    if (@_) {
      $self->{message_frag_lens} = shift;
    }
    return $self->{message_frag_lens};
}
sub encoded_length
{
    my $self = shift;
    return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
}
sub dupext
{
    my $self = shift;
    if (@_) {
        $self->{dupext} = shift;
    }
    return $self->{dupext};
}
sub successondata
{
    my $class = shift;
    if (@_) {
        $successondata = shift;
    }
    return $successondata;
}
1;
Commit	Line	Data
6738bf14	1	# Copyright 2016-2018 The OpenSSL Project Authors. All Rights Reserved.
631c1206	2	#
9059ab42	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
ac3d0e13 RS	4	# this file except in compliance with the License. You can obtain a copy
	5	# in the file LICENSE in the source distribution or at
	6	# https://www.openssl.org/source/license.html
631c1206 MC	7
	8	use strict;
	9
	10	package TLSProxy::Message;
	11
f460e839 MC	12	use TLSProxy::Alert;
f460e839 MC	13
631c1206 MC	14	use constant TLS_MESSAGE_HEADER_LENGTH => 4;
	15
	16	#Message types
	17	use constant {
	18	MT_HELLO_REQUEST => 0,
	19	MT_CLIENT_HELLO => 1,
	20	MT_SERVER_HELLO => 2,
	21	MT_NEW_SESSION_TICKET => 4,
e46f2334	22	MT_ENCRYPTED_EXTENSIONS => 8,
631c1206 MC	23	MT_CERTIFICATE => 11,
	24	MT_SERVER_KEY_EXCHANGE => 12,
	25	MT_CERTIFICATE_REQUEST => 13,
	26	MT_SERVER_HELLO_DONE => 14,
	27	MT_CERTIFICATE_VERIFY => 15,
	28	MT_CLIENT_KEY_EXCHANGE => 16,
	29	MT_FINISHED => 20,
	30	MT_CERTIFICATE_STATUS => 22,
	31	MT_NEXT_PROTO => 67
	32	};
8af538e5 MC	33
	34	#Alert levels
	35	use constant {
	36	AL_LEVEL_WARN => 1,
	37	AL_LEVEL_FATAL => 2
	38	};
	39
	40	#Alert descriptions
	41	use constant {
c3fd55d4	42	AL_DESC_CLOSE_NOTIFY => 0,
a2a0c86b	43	AL_DESC_UNEXPECTED_MESSAGE => 10,
9b287d53	44	AL_DESC_ILLEGAL_PARAMETER => 47,
a2a0c86b	45	AL_DESC_NO_RENEGOTIATION => 100
8af538e5 MC	46	};
8af538e5 MC	47
631c1206 MC	48	my %message_type = (
	49	MT_HELLO_REQUEST, "HelloRequest",
	50	MT_CLIENT_HELLO, "ClientHello",
	51	MT_SERVER_HELLO, "ServerHello",
	52	MT_NEW_SESSION_TICKET, "NewSessionTicket",
e46f2334	53	MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions",
631c1206 MC	54	MT_CERTIFICATE, "Certificate",
	55	MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
	56	MT_CERTIFICATE_REQUEST, "CertificateRequest",
	57	MT_SERVER_HELLO_DONE, "ServerHelloDone",
	58	MT_CERTIFICATE_VERIFY, "CertificateVerify",
	59	MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
	60	MT_FINISHED, "Finished",
	61	MT_CERTIFICATE_STATUS, "CertificateStatus",
	62	MT_NEXT_PROTO, "NextProto"
	63	);
	64
aa474d1f	65	use constant {
9ce3ed2a	66	EXT_SERVER_NAME => 0,
cf72c757	67	EXT_MAX_FRAGMENT_LENGTH => 1,
aa474d1f	68	EXT_STATUS_REQUEST => 5,
5a8e54d9	69	EXT_SUPPORTED_GROUPS => 10,
9ce3ed2a MC	70	EXT_EC_POINT_FORMATS => 11,
	71	EXT_SRP => 12,
	72	EXT_SIG_ALGS => 13,
	73	EXT_USE_SRTP => 14,
	74	EXT_ALPN => 16,
	75	EXT_SCT => 18,
	76	EXT_PADDING => 21,
aa474d1f EK	77	EXT_ENCRYPT_THEN_MAC => 22,
	78	EXT_EXTENDED_MASTER_SECRET => 23,
	79	EXT_SESSION_TICKET => 35,
f27f5cd4	80	EXT_KEY_SHARE => 51,
1c361b4a	81	EXT_PSK => 41,
9ce3ed2a	82	EXT_SUPPORTED_VERSIONS => 43,
ee700226	83	EXT_COOKIE => 44,
b2f7e8c0	84	EXT_PSK_KEX_MODES => 45,
9d75dce3	85	EXT_POST_HANDSHAKE_AUTH => 49,
3e524bf2	86	EXT_SIG_ALGS_CERT => 50,
9ce3ed2a MC	87	EXT_RENEGOTIATE => 65281,
9ce3ed2a MC	88	EXT_NPN => 13172,
9effc496	89	EXT_CRYPTOPRO_BUG_EXTENSION => 0xfde8,
5e3766e2	90	EXT_UNKNOWN => 0xfffe,
717afd93 MC	91	#Unknown extension that should appear last
717afd93 MC	92	EXT_FORCE_LAST => 0xffff
aa474d1f EK	93	};
aa474d1f EK	94
35e742ec MC	95	# SignatureScheme of TLS 1.3 from:
35e742ec MC	96	# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
d499a3e1 BK	97	# We have to manually grab the SHA224 equivalents from the old registry
	98	use constant {
	99	SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
	100	SIG_ALG_RSA_PKCS1_SHA384 => 0x0501,
	101	SIG_ALG_RSA_PKCS1_SHA512 => 0x0601,
	102	SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403,
	103	SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503,
	104	SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603,
9e6a3202 MC	105	SIG_ALG_RSA_PSS_RSAE_SHA256 => 0x0804,
	106	SIG_ALG_RSA_PSS_RSAE_SHA384 => 0x0805,
	107	SIG_ALG_RSA_PSS_RSAE_SHA512 => 0x0806,
d499a3e1 BK	108	SIG_ALG_ED25519 => 0x0807,
d499a3e1 BK	109	SIG_ALG_ED448 => 0x0808,
9e6a3202 MC	110	SIG_ALG_RSA_PSS_PSS_SHA256 => 0x0809,
	111	SIG_ALG_RSA_PSS_PSS_SHA384 => 0x080a,
	112	SIG_ALG_RSA_PSS_PSS_SHA512 => 0x080b,
d499a3e1 BK	113	SIG_ALG_RSA_PKCS1_SHA1 => 0x0201,
	114	SIG_ALG_ECDSA_SHA1 => 0x0203,
	115	SIG_ALG_DSA_SHA1 => 0x0202,
	116	SIG_ALG_DSA_SHA256 => 0x0402,
	117	SIG_ALG_DSA_SHA384 => 0x0502,
	118	SIG_ALG_DSA_SHA512 => 0x0602,
	119	OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301,
	120	OSSL_SIG_ALG_DSA_SHA224 => 0x0302,
	121	OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303
	122	};
	123
397f4f78	124	use constant {
9b287d53	125	CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f,
79d8c167	126	CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
c35cb287 MC	127	CIPHER_ADH_AES_128_SHA => 0x0034,
	128	CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,
	129	CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
397f4f78 MC	130	};
397f4f78 MC	131
631c1206 MC	132	my $payload = "";
	133	my $messlen = -1;
	134	my $mt;
	135	my $startoffset = -1;
	136	my $server = 0;
	137	my $success = 0;
	138	my $end = 0;
	139	my @message_rec_list = ();
	140	my @message_frag_lens = ();
a1accbb1	141	my $ciphersuite = 0;
1c361b4a	142	my $successondata = 0;
f460e839	143	my $alert;
631c1206 MC	144
	145	sub clear
	146	{
	147	$payload = "";
	148	$messlen = -1;
	149	$startoffset = -1;
	150	$server = 0;
	151	$success = 0;
	152	$end = 0;
1c361b4a	153	$successondata = 0;
631c1206 MC	154	@message_rec_list = ();
631c1206 MC	155	@message_frag_lens = ();
f460e839	156	$alert = undef;
631c1206 MC	157	}
	158
	159	#Class method to extract messages from a record
	160	sub get_messages
	161	{
	162	my $class = shift;
	163	my $serverin = shift;
	164	my $record = shift;
	165	my @messages = ();
	166	my $message;
	167
a1accbb1 MC	168	@message_frag_lens = ();
a1accbb1 MC	169
631c1206 MC	170	if ($serverin != $server && length($payload) != 0) {
	171	die "Changed peer, but we still have fragment data\n";
	172	}
	173	$server = $serverin;
	174
	175	if ($record->content_type == TLSProxy::Record::RT_CCS) {
	176	if ($payload ne "") {
	177	#We can't handle this yet
	178	die "CCS received before message data complete\n";
	179	}
be60b10a MC	180	if (!TLSProxy::Proxy->is_tls13()) {
	181	if ($server) {
	182	TLSProxy::Record->server_encrypting(1);
	183	} else {
	184	TLSProxy::Record->client_encrypting(1);
	185	}
631c1206 MC	186	}
	187	} elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
	188	if ($record->len == 0 \|\| $record->len_real == 0) {
	189	print " Message truncated\n";
	190	} else {
	191	my $recoffset = 0;
	192
	193	if (length $payload > 0) {
	194	#We are continuing processing a message started in a previous
	195	#record. Add this record to the list associated with this
	196	#message
	197	push @message_rec_list, $record;
	198
	199	if ($messlen <= length($payload)) {
	200	#Shouldn't happen
	201	die "Internal error: invalid messlen: ".$messlen
	202	." payload length:".length($payload)."\n";
	203	}
	204	if (length($payload) + $record->decrypt_len >= $messlen) {
	205	#We can complete the message with this record
	206	$recoffset = $messlen - length($payload);
	207	$payload .= substr($record->decrypt_data, 0, $recoffset);
	208	push @message_frag_lens, $recoffset;
	209	$message = create_message($server, $mt, $payload,
	210	$startoffset);
	211	push @messages, $message;
	212
631c1206 MC	213	$payload = "";
	214	} else {
	215	#This is just part of the total message
	216	$payload .= $record->decrypt_data;
	217	$recoffset = $record->decrypt_len;
	218	push @message_frag_lens, $record->decrypt_len;
	219	}
	220	print " Partial message data read: ".$recoffset." bytes\n";
	221	}
	222
	223	while ($record->decrypt_len > $recoffset) {
	224	#We are at the start of a new message
	225	if ($record->decrypt_len - $recoffset < 4) {
	226	#Whilst technically probably valid we can't cope with this
	227	die "End of record in the middle of a message header\n";
	228	}
	229	@message_rec_list = ($record);
	230	my $lenhi;
	231	my $lenlo;
	232	($mt, $lenhi, $lenlo) = unpack('CnC',
	233	substr($record->decrypt_data,
	234	$recoffset));
	235	$messlen = ($lenhi << 8) \| $lenlo;
	236	print " Message type: $message_type{$mt}\n";
	237	print " Message Length: $messlen\n";
	238	$startoffset = $recoffset;
	239	$recoffset += 4;
	240	$payload = "";
	241
d70bde88	242	if ($recoffset <= $record->decrypt_len) {
631c1206 MC	243	#Some payload data is present in this record
	244	if ($record->decrypt_len - $recoffset >= $messlen) {
	245	#We can complete the message with this record
	246	$payload .= substr($record->decrypt_data, $recoffset,
	247	$messlen);
	248	$recoffset += $messlen;
	249	push @message_frag_lens, $messlen;
	250	$message = create_message($server, $mt, $payload,
	251	$startoffset);
	252	push @messages, $message;
	253
631c1206 MC	254	$payload = "";
	255	} else {
	256	#This is just part of the total message
	257	$payload .= substr($record->decrypt_data, $recoffset,
	258	$record->decrypt_len - $recoffset);
	259	$recoffset = $record->decrypt_len;
	260	push @message_frag_lens, $recoffset;
	261	}
	262	}
	263	}
	264	}
	265	} elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
	266	print " [ENCRYPTED APPLICATION DATA]\n";
	267	print " [".$record->decrypt_data."]\n";
1c361b4a MC	268
	269	if ($successondata) {
	270	$success = 1;
	271	$end = 1;
	272	}
631c1206	273	} elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
8af538e5	274	my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
3f473b93	275	print " [$alertlev, $alertdesc]\n";
8af538e5 MC	276	#A CloseNotify from the client indicates we have finished successfully
8af538e5 MC	277	#(we assume)
8523288e	278	if (!$end && !$server && $alertlev == AL_LEVEL_WARN
8af538e5 MC	279	&& $alertdesc == AL_DESC_CLOSE_NOTIFY) {
	280	$success = 1;
	281	}
3f473b93 AP	282	#Fatal or close notify alerts end the test
	283	if ($alertlev == AL_LEVEL_FATAL \|\| $alertdesc == AL_DESC_CLOSE_NOTIFY) {
	284	$end = 1;
	285	}
f460e839 MC	286	$alert = TLSProxy::Alert->new(
	287	$server,
	288	$record->encrypted,
	289	$alertlev,
	290	$alertdesc);
631c1206 MC	291	}
	292
	293	return @messages;
	294	}
	295
	296	#Function to work out which sub-class we need to create and then
	297	#construct it
	298	sub create_message
	299	{
	300	my ($server, $mt, $data, $startoffset) = @_;
	301	my $message;
	302
	303	#We only support ClientHello in this version...needs to be extended for
	304	#others
	305	if ($mt == MT_CLIENT_HELLO) {
	306	$message = TLSProxy::ClientHello->new(
	307	$server,
	308	$data,
	309	[@message_rec_list],
	310	$startoffset,
	311	[@message_frag_lens]
	312	);
	313	$message->parse();
a1accbb1 MC	314	} elsif ($mt == MT_SERVER_HELLO) {
	315	$message = TLSProxy::ServerHello->new(
	316	$server,
	317	$data,
	318	[@message_rec_list],
	319	$startoffset,
	320	[@message_frag_lens]
	321	);
9ce3ed2a MC	322	$message->parse();
	323	} elsif ($mt == MT_ENCRYPTED_EXTENSIONS) {
	324	$message = TLSProxy::EncryptedExtensions->new(
	325	$server,
	326	$data,
	327	[@message_rec_list],
	328	$startoffset,
	329	[@message_frag_lens]
	330	);
e96e0f8e MC	331	$message->parse();
	332	} elsif ($mt == MT_CERTIFICATE) {
	333	$message = TLSProxy::Certificate->new(
	334	$server,
	335	$data,
	336	[@message_rec_list],
	337	$startoffset,
	338	[@message_frag_lens]
	339	);
adb403de MC	340	$message->parse();
	341	} elsif ($mt == MT_CERTIFICATE_VERIFY) {
	342	$message = TLSProxy::CertificateVerify->new(
	343	$server,
	344	$data,
	345	[@message_rec_list],
	346	$startoffset,
	347	[@message_frag_lens]
	348	);
a1accbb1 MC	349	$message->parse();
	350	} elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
	351	$message = TLSProxy::ServerKeyExchange->new(
	352	$server,
	353	$data,
	354	[@message_rec_list],
	355	$startoffset,
	356	[@message_frag_lens]
7f6d90ac EK	357	);
	358	$message->parse();
	359	} elsif ($mt == MT_NEW_SESSION_TICKET) {
	360	$message = TLSProxy::NewSessionTicket->new(
	361	$server,
	362	$data,
	363	[@message_rec_list],
	364	$startoffset,
	365	[@message_frag_lens]
a1accbb1 MC	366	);
a1accbb1 MC	367	$message->parse();
631c1206 MC	368	} else {
	369	#Unknown message type
	370	$message = TLSProxy::Message->new(
	371	$server,
	372	$mt,
	373	$data,
	374	[@message_rec_list],
	375	$startoffset,
	376	[@message_frag_lens]
	377	);
	378	}
	379
	380	return $message;
	381	}
	382
	383	sub end
	384	{
	385	my $class = shift;
	386	return $end;
	387	}
	388	sub success
	389	{
	390	my $class = shift;
	391	return $success;
	392	}
a1accbb1 MC	393	sub fail
	394	{
	395	my $class = shift;
	396	return !$success && $end;
	397	}
f460e839 MC	398
	399	sub alert
	400	{
	401	return $alert;
	402	}
	403
631c1206 MC	404	sub new
	405	{
	406	my $class = shift;
	407	my ($server,
	408	$mt,
	409	$data,
	410	$records,
	411	$startoffset,
	412	$message_frag_lens) = @_;
	413
	414	my $self = {
	415	server => $server,
	416	data => $data,
	417	records => $records,
	418	mt => $mt,
	419	startoffset => $startoffset,
9effc496 MC	420	message_frag_lens => $message_frag_lens,
9effc496 MC	421	dupext => -1
631c1206 MC	422	};
	423
	424	return bless $self, $class;
	425	}
	426
a1accbb1 MC	427	sub ciphersuite
	428	{
	429	my $class = shift;
	430	if (@_) {
	431	$ciphersuite = shift;
	432	}
	433	return $ciphersuite;
	434	}
	435
631c1206	436	#Update all the underlying records with the modified data from this message
357d096a	437	#Note: Only supports re-encrypting for TLSv1.3
631c1206 MC	438	sub repack
	439	{
	440	my $self = shift;
	441	my $msgdata;
	442
	443	my $numrecs = $#{$self->records};
	444
	445	$self->set_message_contents();
	446
	447	my $lenhi;
	448	my $lenlo;
	449
	450	$lenlo = length($self->data) & 0xff;
	451	$lenhi = length($self->data) >> 8;
4deefd65	452	$msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;
631c1206	453
631c1206 MC	454	if ($numrecs == 0) {
	455	#The message is fully contained within one record
	456	my ($rec) = @{$self->records};
	457	my $recdata = $rec->decrypt_data;
	458
cf7f8592 EK	459	my $old_length;
	460
	461	# We use empty message_frag_lens to indicates that pre-repacking,
	462	# the message wasn't present. The first fragment length doesn't include
	463	# the TLS header, so we need to check and compute the right length.
	464	if (@{$self->message_frag_lens}) {
	465	$old_length = ${$self->message_frag_lens}[0] +
	466	TLS_MESSAGE_HEADER_LENGTH;
	467	} else {
	468	$old_length = 0;
631c1206 MC	469	}
631c1206 MC	470
cf7f8592 EK	471	my $prefix = substr($recdata, 0, $self->startoffset);
	472	my $suffix = substr($recdata, $self->startoffset + $old_length);
	473
	474	$rec->decrypt_data($prefix.($msgdata).($suffix));
	475	# TODO(openssl-team): don't keep explicit lengths.
	476	# (If a length override is ever needed to construct invalid packets,
	477	# use an explicit override field instead.)
	478	$rec->decrypt_len(length($rec->decrypt_data));
	479	$rec->len($rec->len + length($msgdata) - $old_length);
357d096a MC	480	# Only support re-encryption for TLSv1.3.
	481	if (TLSProxy::Proxy->is_tls13() && $rec->encrypted()) {
	482	#Add content type (1 byte) and 16 tag bytes
	483	$rec->data($rec->decrypt_data
	484	.pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
	485	} else {
	486	$rec->data($rec->decrypt_data);
	487	}
631c1206 MC	488
	489	#Update the fragment len in case we changed it above
	490	${$self->message_frag_lens}[0] = length($msgdata)
	491	- TLS_MESSAGE_HEADER_LENGTH;
	492	return;
	493	}
	494
	495	#Note we don't currently support changing a fragmented message length
	496	my $recctr = 0;
	497	my $datadone = 0;
	498	foreach my $rec (@{$self->records}) {
	499	my $recdata = $rec->decrypt_data;
	500	if ($recctr == 0) {
	501	#This is the first record
	502	my $remainlen = length($recdata) - $self->startoffset;
	503	$rec->data(substr($recdata, 0, $self->startoffset)
	504	.substr(($msgdata), 0, $remainlen));
	505	$datadone += $remainlen;
	506	} elsif ($recctr + 1 == $numrecs) {
	507	#This is the last record
	508	$rec->data(substr($msgdata, $datadone));
	509	} else {
	510	#This is a middle record
	511	$rec->data(substr($msgdata, $datadone, length($rec->data)));
	512	$datadone += length($rec->data);
	513	}
	514	$recctr++;
	515	}
	516	}
	517
	518	#To be overridden by sub-classes
	519	sub set_message_contents
	520	{
	521	}
	522
	523	#Read only accessors
	524	sub server
	525	{
	526	my $self = shift;
	527	return $self->{server};
	528	}
	529
	530	#Read/write accessors
	531	sub mt
	532	{
	533	my $self = shift;
	534	if (@_) {
	535	$self->{mt} = shift;
	536	}
	537	return $self->{mt};
	538	}
	539	sub data
	540	{
	541	my $self = shift;
	542	if (@_) {
	543	$self->{data} = shift;
	544	}
	545	return $self->{data};
	546	}
	547	sub records
	548	{
	549	my $self = shift;
	550	if (@_) {
	551	$self->{records} = shift;
552	}
553	return $self->{records};
554	}
555	sub startoffset
556	{
557	my $self = shift;
558	if (@_) {
559	$self->{startoffset} = shift;
560	}
561	return $self->{startoffset};
562	}
563	sub message_frag_lens
564	{
565	my $self = shift;
566	if (@_) {
567	$self->{message_frag_lens} = shift;
568	}
569	return $self->{message_frag_lens};
570	}
cf7f8592 EK	571	sub encoded_length
	572	{
	573	my $self = shift;
	574	return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
	575	}
9effc496 MC	576	sub dupext
	577	{
	578	my $self = shift;
	579	if (@_) {
	580	$self->{dupext} = shift;
	581	}
	582	return $self->{dupext};
	583	}
1c361b4a MC	584	sub successondata
	585	{
	586	my $class = shift;
	587	if (@_) {
	588	$successondata = shift;
	589	}
	590	return $successondata;
	591	}
631c1206	592	1;