123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629 |
- # Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
- #
- # Licensed under the OpenSSL license (the "License"). You may not use
- # this file except in compliance with the License. You can obtain a copy
- # in the file LICENSE in the source distribution or at
- # https://www.openssl.org/source/license.html
- use strict;
- package TLSProxy::Message;
- use TLSProxy::Alert;
- use constant TLS_MESSAGE_HEADER_LENGTH => 4;
- #Message types
- use constant {
- MT_HELLO_REQUEST => 0,
- MT_CLIENT_HELLO => 1,
- MT_SERVER_HELLO => 2,
- MT_NEW_SESSION_TICKET => 4,
- MT_ENCRYPTED_EXTENSIONS => 8,
- MT_CERTIFICATE => 11,
- MT_SERVER_KEY_EXCHANGE => 12,
- MT_CERTIFICATE_REQUEST => 13,
- MT_SERVER_HELLO_DONE => 14,
- MT_CERTIFICATE_VERIFY => 15,
- MT_CLIENT_KEY_EXCHANGE => 16,
- MT_FINISHED => 20,
- MT_CERTIFICATE_STATUS => 22,
- MT_NEXT_PROTO => 67
- };
- #Alert levels
- use constant {
- AL_LEVEL_WARN => 1,
- AL_LEVEL_FATAL => 2
- };
- #Alert descriptions
- use constant {
- AL_DESC_CLOSE_NOTIFY => 0,
- AL_DESC_UNEXPECTED_MESSAGE => 10,
- AL_DESC_ILLEGAL_PARAMETER => 47,
- AL_DESC_NO_RENEGOTIATION => 100
- };
- my %message_type = (
- MT_HELLO_REQUEST, "HelloRequest",
- MT_CLIENT_HELLO, "ClientHello",
- MT_SERVER_HELLO, "ServerHello",
- MT_NEW_SESSION_TICKET, "NewSessionTicket",
- MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions",
- MT_CERTIFICATE, "Certificate",
- MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
- MT_CERTIFICATE_REQUEST, "CertificateRequest",
- MT_SERVER_HELLO_DONE, "ServerHelloDone",
- MT_CERTIFICATE_VERIFY, "CertificateVerify",
- MT_CLIENT_KEY_EXCHANGE, "ClientKeyExchange",
- MT_FINISHED, "Finished",
- MT_CERTIFICATE_STATUS, "CertificateStatus",
- MT_NEXT_PROTO, "NextProto"
- );
- use constant {
- EXT_SERVER_NAME => 0,
- EXT_MAX_FRAGMENT_LENGTH => 1,
- EXT_STATUS_REQUEST => 5,
- EXT_SUPPORTED_GROUPS => 10,
- EXT_EC_POINT_FORMATS => 11,
- EXT_SRP => 12,
- EXT_SIG_ALGS => 13,
- EXT_USE_SRTP => 14,
- EXT_ALPN => 16,
- EXT_SCT => 18,
- EXT_PADDING => 21,
- EXT_ENCRYPT_THEN_MAC => 22,
- EXT_EXTENDED_MASTER_SECRET => 23,
- EXT_SESSION_TICKET => 35,
- EXT_KEY_SHARE => 51,
- EXT_PSK => 41,
- EXT_SUPPORTED_VERSIONS => 43,
- EXT_COOKIE => 44,
- EXT_PSK_KEX_MODES => 45,
- EXT_POST_HANDSHAKE_AUTH => 49,
- EXT_SIG_ALGS_CERT => 50,
- EXT_RENEGOTIATE => 65281,
- EXT_NPN => 13172,
- EXT_CRYPTOPRO_BUG_EXTENSION => 0xfde8,
- EXT_UNKNOWN => 0xfffe,
- #Unknown extension that should appear last
- EXT_FORCE_LAST => 0xffff
- };
- # SignatureScheme of TLS 1.3 from:
- # https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
- # We have to manually grab the SHA224 equivalents from the old registry
- use constant {
- SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
- SIG_ALG_RSA_PKCS1_SHA384 => 0x0501,
- SIG_ALG_RSA_PKCS1_SHA512 => 0x0601,
- SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403,
- SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503,
- SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603,
- SIG_ALG_RSA_PSS_RSAE_SHA256 => 0x0804,
- SIG_ALG_RSA_PSS_RSAE_SHA384 => 0x0805,
- SIG_ALG_RSA_PSS_RSAE_SHA512 => 0x0806,
- SIG_ALG_ED25519 => 0x0807,
- SIG_ALG_ED448 => 0x0808,
- SIG_ALG_RSA_PSS_PSS_SHA256 => 0x0809,
- SIG_ALG_RSA_PSS_PSS_SHA384 => 0x080a,
- SIG_ALG_RSA_PSS_PSS_SHA512 => 0x080b,
- SIG_ALG_RSA_PKCS1_SHA1 => 0x0201,
- SIG_ALG_ECDSA_SHA1 => 0x0203,
- SIG_ALG_DSA_SHA1 => 0x0202,
- SIG_ALG_DSA_SHA256 => 0x0402,
- SIG_ALG_DSA_SHA384 => 0x0502,
- SIG_ALG_DSA_SHA512 => 0x0602,
- OSSL_SIG_ALG_RSA_PKCS1_SHA224 => 0x0301,
- OSSL_SIG_ALG_DSA_SHA224 => 0x0302,
- OSSL_SIG_ALG_ECDSA_SHA224 => 0x0303
- };
- use constant {
- CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f,
- CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
- CIPHER_ADH_AES_128_SHA => 0x0034,
- CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,
- CIPHER_TLS13_AES_256_GCM_SHA384 => 0x1302
- };
- use constant {
- CLIENT => 0,
- SERVER => 1
- };
- my $payload = "";
- my $messlen = -1;
- my $mt;
- my $startoffset = -1;
- my $server = 0;
- my $success = 0;
- my $end = 0;
- my @message_rec_list = ();
- my @message_frag_lens = ();
- my $ciphersuite = 0;
- my $successondata = 0;
- my $alert;
- sub clear
- {
- $payload = "";
- $messlen = -1;
- $startoffset = -1;
- $server = 0;
- $success = 0;
- $end = 0;
- $successondata = 0;
- @message_rec_list = ();
- @message_frag_lens = ();
- $alert = undef;
- }
- #Class method to extract messages from a record
- sub get_messages
- {
- my $class = shift;
- my $serverin = shift;
- my $record = shift;
- my @messages = ();
- my $message;
- @message_frag_lens = ();
- if ($serverin != $server && length($payload) != 0) {
- die "Changed peer, but we still have fragment data\n";
- }
- $server = $serverin;
- if ($record->content_type == TLSProxy::Record::RT_CCS) {
- if ($payload ne "") {
- #We can't handle this yet
- die "CCS received before message data complete\n";
- }
- if (!TLSProxy::Proxy->is_tls13()) {
- if ($server) {
- TLSProxy::Record->server_encrypting(1);
- } else {
- TLSProxy::Record->client_encrypting(1);
- }
- }
- } elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
- if ($record->len == 0 || $record->len_real == 0) {
- print " Message truncated\n";
- } else {
- my $recoffset = 0;
- if (length $payload > 0) {
- #We are continuing processing a message started in a previous
- #record. Add this record to the list associated with this
- #message
- push @message_rec_list, $record;
- if ($messlen <= length($payload)) {
- #Shouldn't happen
- die "Internal error: invalid messlen: ".$messlen
- ." payload length:".length($payload)."\n";
- }
- if (length($payload) + $record->decrypt_len >= $messlen) {
- #We can complete the message with this record
- $recoffset = $messlen - length($payload);
- $payload .= substr($record->decrypt_data, 0, $recoffset);
- push @message_frag_lens, $recoffset;
- $message = create_message($server, $mt, $payload,
- $startoffset);
- push @messages, $message;
- $payload = "";
- } else {
- #This is just part of the total message
- $payload .= $record->decrypt_data;
- $recoffset = $record->decrypt_len;
- push @message_frag_lens, $record->decrypt_len;
- }
- print " Partial message data read: ".$recoffset." bytes\n";
- }
- while ($record->decrypt_len > $recoffset) {
- #We are at the start of a new message
- if ($record->decrypt_len - $recoffset < 4) {
- #Whilst technically probably valid we can't cope with this
- die "End of record in the middle of a message header\n";
- }
- @message_rec_list = ($record);
- my $lenhi;
- my $lenlo;
- ($mt, $lenhi, $lenlo) = unpack('CnC',
- substr($record->decrypt_data,
- $recoffset));
- $messlen = ($lenhi << 8) | $lenlo;
- print " Message type: $message_type{$mt}\n";
- print " Message Length: $messlen\n";
- $startoffset = $recoffset;
- $recoffset += 4;
- $payload = "";
- if ($recoffset <= $record->decrypt_len) {
- #Some payload data is present in this record
- if ($record->decrypt_len - $recoffset >= $messlen) {
- #We can complete the message with this record
- $payload .= substr($record->decrypt_data, $recoffset,
- $messlen);
- $recoffset += $messlen;
- push @message_frag_lens, $messlen;
- $message = create_message($server, $mt, $payload,
- $startoffset);
- push @messages, $message;
- $payload = "";
- } else {
- #This is just part of the total message
- $payload .= substr($record->decrypt_data, $recoffset,
- $record->decrypt_len - $recoffset);
- $recoffset = $record->decrypt_len;
- push @message_frag_lens, $recoffset;
- }
- }
- }
- }
- } elsif ($record->content_type == TLSProxy::Record::RT_APPLICATION_DATA) {
- print " [ENCRYPTED APPLICATION DATA]\n";
- print " [".$record->decrypt_data."]\n";
- if ($successondata) {
- $success = 1;
- $end = 1;
- }
- } elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
- my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
- print " [$alertlev, $alertdesc]\n";
- #A CloseNotify from the client indicates we have finished successfully
- #(we assume)
- if (!$end && !$server && $alertlev == AL_LEVEL_WARN
- && $alertdesc == AL_DESC_CLOSE_NOTIFY) {
- $success = 1;
- }
- #Fatal or close notify alerts end the test
- if ($alertlev == AL_LEVEL_FATAL || $alertdesc == AL_DESC_CLOSE_NOTIFY) {
- $end = 1;
- }
- $alert = TLSProxy::Alert->new(
- $server,
- $record->encrypted,
- $alertlev,
- $alertdesc);
- }
- return @messages;
- }
- #Function to work out which sub-class we need to create and then
- #construct it
- sub create_message
- {
- my ($server, $mt, $data, $startoffset) = @_;
- my $message;
- #We only support ClientHello in this version...needs to be extended for
- #others
- if ($mt == MT_CLIENT_HELLO) {
- $message = TLSProxy::ClientHello->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } elsif ($mt == MT_SERVER_HELLO) {
- $message = TLSProxy::ServerHello->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } elsif ($mt == MT_ENCRYPTED_EXTENSIONS) {
- $message = TLSProxy::EncryptedExtensions->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } elsif ($mt == MT_CERTIFICATE) {
- $message = TLSProxy::Certificate->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } elsif ($mt == MT_CERTIFICATE_REQUEST) {
- $message = TLSProxy::CertificateRequest->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } elsif ($mt == MT_CERTIFICATE_VERIFY) {
- $message = TLSProxy::CertificateVerify->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
- $message = TLSProxy::ServerKeyExchange->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } elsif ($mt == MT_NEW_SESSION_TICKET) {
- $message = TLSProxy::NewSessionTicket->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
- } else {
- #Unknown message type
- $message = TLSProxy::Message->new(
- $server,
- $mt,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- }
- return $message;
- }
- sub end
- {
- my $class = shift;
- return $end;
- }
- sub success
- {
- my $class = shift;
- return $success;
- }
- sub fail
- {
- my $class = shift;
- return !$success && $end;
- }
- sub alert
- {
- return $alert;
- }
- sub new
- {
- my $class = shift;
- my ($server,
- $mt,
- $data,
- $records,
- $startoffset,
- $message_frag_lens) = @_;
- my $self = {
- server => $server,
- data => $data,
- records => $records,
- mt => $mt,
- startoffset => $startoffset,
- message_frag_lens => $message_frag_lens,
- dupext => -1
- };
- return bless $self, $class;
- }
- sub ciphersuite
- {
- my $class = shift;
- if (@_) {
- $ciphersuite = shift;
- }
- return $ciphersuite;
- }
- #Update all the underlying records with the modified data from this message
- #Note: Only supports TLSv1.3 and ETM encryption
- sub repack
- {
- my $self = shift;
- my $msgdata;
- my $numrecs = $#{$self->records};
- $self->set_message_contents();
- my $lenhi;
- my $lenlo;
- $lenlo = length($self->data) & 0xff;
- $lenhi = length($self->data) >> 8;
- $msgdata = pack('CnC', $self->mt, $lenhi, $lenlo).$self->data;
- if ($numrecs == 0) {
- #The message is fully contained within one record
- my ($rec) = @{$self->records};
- my $recdata = $rec->decrypt_data;
- my $old_length;
- # We use empty message_frag_lens to indicates that pre-repacking,
- # the message wasn't present. The first fragment length doesn't include
- # the TLS header, so we need to check and compute the right length.
- if (@{$self->message_frag_lens}) {
- $old_length = ${$self->message_frag_lens}[0] +
- TLS_MESSAGE_HEADER_LENGTH;
- } else {
- $old_length = 0;
- }
- my $prefix = substr($recdata, 0, $self->startoffset);
- my $suffix = substr($recdata, $self->startoffset + $old_length);
- $rec->decrypt_data($prefix.($msgdata).($suffix));
- # TODO(openssl-team): don't keep explicit lengths.
- # (If a length override is ever needed to construct invalid packets,
- # use an explicit override field instead.)
- $rec->decrypt_len(length($rec->decrypt_data));
- # Only support re-encryption for TLSv1.3 and ETM.
- if ($rec->encrypted()) {
- if (TLSProxy::Proxy->is_tls13()) {
- #Add content type (1 byte) and 16 tag bytes
- $rec->data($rec->decrypt_data
- .pack("C", TLSProxy::Record::RT_HANDSHAKE).("\0"x16));
- } elsif ($rec->etm()) {
- my $data = $rec->decrypt_data;
- #Add padding
- my $padval = length($data) % 16;
- $padval = 15 - $padval;
- for (0..$padval) {
- $data .= pack("C", $padval);
- }
- #Add MAC. Assumed to be 20 bytes
- foreach my $macval (0..19) {
- $data .= pack("C", $macval);
- }
- if ($rec->version() >= TLSProxy::Record::VERS_TLS_1_1) {
- #Explicit IV
- $data = ("\0"x16).$data;
- }
- $rec->data($data);
- } else {
- die "Unsupported encryption: No ETM";
- }
- } else {
- $rec->data($rec->decrypt_data);
- }
- $rec->len(length($rec->data));
- #Update the fragment len in case we changed it above
- ${$self->message_frag_lens}[0] = length($msgdata)
- - TLS_MESSAGE_HEADER_LENGTH;
- return;
- }
- #Note we don't currently support changing a fragmented message length
- my $recctr = 0;
- my $datadone = 0;
- foreach my $rec (@{$self->records}) {
- my $recdata = $rec->decrypt_data;
- if ($recctr == 0) {
- #This is the first record
- my $remainlen = length($recdata) - $self->startoffset;
- $rec->data(substr($recdata, 0, $self->startoffset)
- .substr(($msgdata), 0, $remainlen));
- $datadone += $remainlen;
- } elsif ($recctr + 1 == $numrecs) {
- #This is the last record
- $rec->data(substr($msgdata, $datadone));
- } else {
- #This is a middle record
- $rec->data(substr($msgdata, $datadone, length($rec->data)));
- $datadone += length($rec->data);
- }
- $recctr++;
- }
- }
- #To be overridden by sub-classes
- sub set_message_contents
- {
- }
- #Read only accessors
- sub server
- {
- my $self = shift;
- return $self->{server};
- }
- #Read/write accessors
- sub mt
- {
- my $self = shift;
- if (@_) {
- $self->{mt} = shift;
- }
- return $self->{mt};
- }
- sub data
- {
- my $self = shift;
- if (@_) {
- $self->{data} = shift;
- }
- return $self->{data};
- }
- sub records
- {
- my $self = shift;
- if (@_) {
- $self->{records} = shift;
- }
- return $self->{records};
- }
- sub startoffset
- {
- my $self = shift;
- if (@_) {
- $self->{startoffset} = shift;
- }
- return $self->{startoffset};
- }
- sub message_frag_lens
- {
- my $self = shift;
- if (@_) {
- $self->{message_frag_lens} = shift;
- }
- return $self->{message_frag_lens};
- }
- sub encoded_length
- {
- my $self = shift;
- return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
- }
- sub dupext
- {
- my $self = shift;
- if (@_) {
- $self->{dupext} = shift;
- }
- return $self->{dupext};
- }
- sub successondata
- {
- my $class = shift;
- if (@_) {
- $successondata = shift;
- }
- return $successondata;
- }
- 1;
|