use TLSProxy::Record;
use TLSProxy::Message;
use TLSProxy::ClientHello;
+use TLSProxy::ServerHello;
+use TLSProxy::ServerKeyExchange;
sub new
{
execute => $execute,
cert => $cert,
debug => $debug,
+ cipherc => "AES128-SHA",
+ ciphers => "",
flight => 0,
record_list => [],
message_list => [],
{
my $self = shift;
+ $self->{cipherc} = "AES128-SHA";
+ $self->{ciphers} = "";
$self->{flight} = 0;
$self->{record_list} = [];
$self->{message_list} = [];
open(STDOUT, ">", File::Spec->devnull())
or die "Failed to redirect stdout";
open(STDERR, ">&STDOUT");
- exec($self->execute." s_server -testmode -accept ".($self->server_port)
- ." -cert ".$self->cert." -naccept 1");
+ my $execcmd = $self->execute." s_server -testmode -accept "
+ .($self->server_port)
+ ." -cert ".$self->cert." -naccept 1";
+ if ($self->ciphers ne "") {
+ $execcmd .= " -cipher ".$self->ciphers;
+ }
+ exec($execcmd);
}
my $oldstdout;
open(STDOUT, ">", File::Spec->devnull())
or die "Failed to redirect stdout";
open(STDERR, ">&STDOUT");
- exec($self->execute
- ." s_client -cipher AES128-SHA -testmode -connect "
- .($self->proxy_addr).":".($self->proxy_port));
+ my $execcmd = $self->execute
+ ." s_client -testmode -connect "
+ .($self->proxy_addr).":".($self->proxy_port);
+ if ($self->cipherc ne "") {
+ $execcmd .= " -cipher ".$self->cipherc;
+ }
+ exec($execcmd);
}
}
}
return $self->{filter};
}
-
+sub cipherc
+{
+ my $self = shift;
+ if (@_) {
+ $self->{cipherc} = shift;
+ }
+ return $self->{cipherc};
+}
+sub ciphers
+{
+ my $self = shift;
+ if (@_) {
+ $self->{ciphers} = shift;
+ }
+ return $self->{ciphers};
+}
1;
--- /dev/null
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openssl-core@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (eay@cryptsoft.com). This product includes software written by Tim
+# Hudson (tjh@cryptsoft.com).
+
+use strict;
+
+package TLSProxy::ServerHello;
+
+use parent 'TLSProxy::Message';
+
+sub new
+{
+ my $class = shift;
+ my ($server,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens) = @_;
+
+ my $self = $class->SUPER::new(
+ $server,
+ TLSProxy::Message::MT_SERVER_HELLO,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens);
+
+ $self->{server_version} = 0;
+ $self->{random} = [];
+ $self->{session_id_len} = 0;
+ $self->{session} = "";
+ $self->{ciphersuite} = 0;
+ $self->{comp_meth} = 0;
+ $self->{extensions_len} = 0;
+ $self->{extensions_data} = "";
+
+ return $self;
+}
+
+sub parse
+{
+ my $self = shift;
+ my $ptr = 2;
+ my ($server_version) = unpack('n', $self->data);
+ my $random = substr($self->data, $ptr, 32);
+ $ptr += 32;
+ my $session_id_len = unpack('C', substr($self->data, $ptr));
+ $ptr++;
+ my $session = substr($self->data, $ptr, $session_id_len);
+ $ptr += $session_id_len;
+ my $ciphersuite = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $comp_meth = unpack('C', substr($self->data, $ptr));
+ $ptr++;
+ my $extensions_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ #For now we just deal with this as a block of data. In the future we will
+ #want to parse this
+ my $extension_data = substr($self->data, $ptr);
+
+ if (length($extension_data) != $extensions_len) {
+ die "Invalid extension length\n";
+ }
+ my %extensions = ();
+ while (length($extension_data) >= 4) {
+ my ($type, $size) = unpack("nn", $extension_data);
+ my $extdata = substr($extension_data, 4, $size);
+ $extension_data = substr($extension_data, 4 + $size);
+ $extensions{$type} = $extdata;
+ }
+
+ $self->server_version($server_version);
+ $self->random($random);
+ $self->session_id_len($session_id_len);
+ $self->session($session);
+ $self->ciphersuite($ciphersuite);
+ $self->comp_meth($comp_meth);
+ $self->extensions_len($extensions_len);
+ $self->extension_data(\%extensions);
+
+ $self->process_data();
+
+ print " Server Version:".$server_version."\n";
+ print " Session ID Len:".$session_id_len."\n";
+ print " Ciphersuite:".$ciphersuite."\n";
+ print " Compression Method:".$comp_meth."\n";
+ print " Extensions Len:".$extensions_len."\n";
+}
+
+#Perform any actions necessary based on the data we've seen
+sub process_data
+{
+ my $self = shift;
+
+ TLSProxy::Message->ciphersuite($self->ciphersuite);
+}
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+ my $self = shift;
+ my $data;
+
+ $data = pack('n', $self->server_version);
+ $data .= $self->random;
+ $data .= pack('C', $self->session_id_len);
+ $data .= $self->session;
+ $data .= pack('n', $self->ciphersuite);
+ $data .= pack('C', $self->comp_meth);
+ $data .= pack('n', $self->extensions_len);
+ foreach my $key (keys %{$self->extension_data}) {
+ my $extdata = ${$self->extension_data}{$key};
+ $data .= pack("n", $key);
+ $data .= pack("n", length($extdata));
+ $data .= $extdata;
+ }
+
+ $self->data($data);
+}
+
+#Read/write accessors
+sub server_version
+{
+ my $self = shift;
+ if (@_) {
+ $self->{client_version} = shift;
+ }
+ return $self->{client_version};
+}
+sub random
+{
+ my $self = shift;
+ if (@_) {
+ $self->{random} = shift;
+ }
+ return $self->{random};
+}
+sub session_id_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{session_id_len} = shift;
+ }
+ return $self->{session_id_len};
+}
+sub session
+{
+ my $self = shift;
+ if (@_) {
+ $self->{session} = shift;
+ }
+ return $self->{session};
+}
+sub ciphersuite
+{
+ my $self = shift;
+ if (@_) {
+ $self->{ciphersuite} = shift;
+ }
+ return $self->{ciphersuite};
+}
+sub comp_meth
+{
+ my $self = shift;
+ if (@_) {
+ $self->{comp_meth} = shift;
+ }
+ return $self->{comp_meth};
+}
+sub extensions_len
+{
+ my $self = shift;
+ if (@_) {
+ $self->{extensions_len} = shift;
+ }
+ return $self->{extensions_len};
+}
+sub extension_data
+{
+ my $self = shift;
+ if (@_) {
+ $self->{extension_data} = shift;
+ }
+ return $self->{extension_data};
+}
+1;
--- /dev/null
+# Written by Matt Caswell for the OpenSSL project.
+# ====================================================================
+# Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in
+# the documentation and/or other materials provided with the
+# distribution.
+#
+# 3. All advertising materials mentioning features or use of this
+# software must display the following acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+#
+# 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+# endorse or promote products derived from this software without
+# prior written permission. For written permission, please contact
+# openssl-core@openssl.org.
+#
+# 5. Products derived from this software may not be called "OpenSSL"
+# nor may "OpenSSL" appear in their names without prior written
+# permission of the OpenSSL Project.
+#
+# 6. Redistributions of any form whatsoever must retain the following
+# acknowledgment:
+# "This product includes software developed by the OpenSSL Project
+# for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+#
+# THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+# EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+# ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+# OF THE POSSIBILITY OF SUCH DAMAGE.
+# ====================================================================
+#
+# This product includes cryptographic software written by Eric Young
+# (eay@cryptsoft.com). This product includes software written by Tim
+# Hudson (tjh@cryptsoft.com).
+
+use strict;
+
+package TLSProxy::ServerKeyExchange;
+
+use parent 'TLSProxy::Message';
+
+sub new
+{
+ my $class = shift;
+ my ($server,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens) = @_;
+
+ my $self = $class->SUPER::new(
+ $server,
+ TLSProxy::Message::MT_SERVER_KEY_EXCHANGE,
+ $data,
+ $records,
+ $startoffset,
+ $message_frag_lens);
+
+ #DHE
+ $self->{p} = "";
+ $self->{g} = "";
+ $self->{pub_key} = "";
+ $self->{sig} = "";
+
+ return $self;
+}
+
+sub parse
+{
+ my $self = shift;
+
+ #Minimal SKE parsing. Only supports DHE at the moment (if its not DHE
+ #the parsing data will be trash...which is ok as long as we don't try to
+ #use it)
+
+ my $p_len = unpack('n', $self->data);
+ my $ptr = 2;
+ my $p = substr($self->data, $ptr, $p_len);
+ $ptr += $p_len;
+
+ my $g_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $g = substr($self->data, $ptr, $g_len);
+ $ptr += $g_len;
+
+ my $pub_key_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $pub_key = substr($self->data, $ptr, $pub_key_len);
+ $ptr += $g_len;
+
+ #We assume its signed
+ my $sig_len = unpack('n', substr($self->data, $ptr));
+ $ptr += 2;
+ my $sig = substr($self->data, $ptr, $sig_len);
+ $ptr += $sig_len;
+
+ $self->p($p);
+ $self->g($g);
+ $self->pub_key($pub_key);
+ $self->sig($sig);
+}
+
+
+#Reconstruct the on-the-wire message data following changes
+sub set_message_contents
+{
+ my $self = shift;
+ my $data;
+
+ $data = pack('n', length($self->p));
+ $data .= $self->p;
+ $data .= pack('n', length($self->g));
+ $data .= $self->g;
+ $data .= pack('n', length($self->pub_key));
+ $data .= $self->pub_key;
+ if (length($self->sig) > 0) {
+ $data .= pack('n', length($self->sig));
+ $data .= $self->sig;
+ }
+
+ $self->data($data);
+}
+
+#Read/write accessors
+#DHE
+sub p
+{
+ my $self = shift;
+ if (@_) {
+ $self->{p} = shift;
+ }
+ return $self->{p};
+}
+sub g
+{
+ my $self = shift;
+ if (@_) {
+ $self->{g} = shift;
+ }
+ return $self->{g};
+}
+sub pub_key
+{
+ my $self = shift;
+ if (@_) {
+ $self->{pub_key} = shift;
+ }
+ return $self->{pub_key};
+}
+sub sig
+{
+ my $self = shift;
+ if (@_) {
+ $self->{sig} = shift;
+ }
+ return $self->{sig};
+}
+1;
projects / openssl.git / commitdiff