-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2019 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
package TLSProxy::Message;
+use TLSProxy::Alert;
+
use constant TLS_MESSAGE_HEADER_LENGTH => 4;
#Message types
MT_CLIENT_HELLO => 1,
MT_SERVER_HELLO => 2,
MT_NEW_SESSION_TICKET => 4,
- MT_HELLO_RETRY_REQUEST => 6,
MT_ENCRYPTED_EXTENSIONS => 8,
MT_CERTIFICATE => 11,
MT_SERVER_KEY_EXCHANGE => 12,
use constant {
AL_DESC_CLOSE_NOTIFY => 0,
AL_DESC_UNEXPECTED_MESSAGE => 10,
+ AL_DESC_ILLEGAL_PARAMETER => 47,
AL_DESC_NO_RENEGOTIATION => 100
};
MT_CLIENT_HELLO, "ClientHello",
MT_SERVER_HELLO, "ServerHello",
MT_NEW_SESSION_TICKET, "NewSessionTicket",
- MT_HELLO_RETRY_REQUEST, "HelloRetryRequest",
MT_ENCRYPTED_EXTENSIONS, "EncryptedExtensions",
MT_CERTIFICATE, "Certificate",
MT_SERVER_KEY_EXCHANGE, "ServerKeyExchange",
EXT_ENCRYPT_THEN_MAC => 22,
EXT_EXTENDED_MASTER_SECRET => 23,
EXT_SESSION_TICKET => 35,
- EXT_KEY_SHARE => 40,
+ EXT_KEY_SHARE => 51,
EXT_PSK => 41,
EXT_SUPPORTED_VERSIONS => 43,
EXT_COOKIE => 44,
EXT_PSK_KEX_MODES => 45,
+ EXT_POST_HANDSHAKE_AUTH => 49,
+ EXT_SIG_ALGS_CERT => 50,
EXT_RENEGOTIATE => 65281,
EXT_NPN => 13172,
- # This extension is an unofficial extension only ever written by OpenSSL
- # (i.e. not read), and even then only when enabled. We use it to test
- # handling of duplicate extensions.
- EXT_DUPLICATE_EXTENSION => 0xfde8,
+ EXT_CRYPTOPRO_BUG_EXTENSION => 0xfde8,
EXT_UNKNOWN => 0xfffe,
#Unknown extension that should appear last
EXT_FORCE_LAST => 0xffff
};
-# SignatureScheme of TLS 1.3, from
-# https://tools.ietf.org/html/draft-ietf-tls-tls13-20#appendix-B.3.1.3
-# TODO(TLS1.3) update link to IANA registry after publication
+# SignatureScheme of TLS 1.3 from:
+# https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-signaturescheme
# We have to manually grab the SHA224 equivalents from the old registry
use constant {
SIG_ALG_RSA_PKCS1_SHA256 => 0x0401,
SIG_ALG_ECDSA_SECP256R1_SHA256 => 0x0403,
SIG_ALG_ECDSA_SECP384R1_SHA384 => 0x0503,
SIG_ALG_ECDSA_SECP521R1_SHA512 => 0x0603,
- SIG_ALG_RSA_PSS_SHA256 => 0x0804,
- SIG_ALG_RSA_PSS_SHA384 => 0x0805,
- SIG_ALG_RSA_PSS_SHA512 => 0x0806,
+ SIG_ALG_RSA_PSS_RSAE_SHA256 => 0x0804,
+ SIG_ALG_RSA_PSS_RSAE_SHA384 => 0x0805,
+ SIG_ALG_RSA_PSS_RSAE_SHA512 => 0x0806,
SIG_ALG_ED25519 => 0x0807,
SIG_ALG_ED448 => 0x0808,
+ SIG_ALG_RSA_PSS_PSS_SHA256 => 0x0809,
+ SIG_ALG_RSA_PSS_PSS_SHA384 => 0x080a,
+ SIG_ALG_RSA_PSS_PSS_SHA512 => 0x080b,
SIG_ALG_RSA_PKCS1_SHA1 => 0x0201,
SIG_ALG_ECDSA_SHA1 => 0x0203,
SIG_ALG_DSA_SHA1 => 0x0202,
};
use constant {
+ CIPHER_RSA_WITH_AES_128_CBC_SHA => 0x002f,
CIPHER_DHE_RSA_AES_128_SHA => 0x0033,
CIPHER_ADH_AES_128_SHA => 0x0034,
CIPHER_TLS13_AES_128_GCM_SHA256 => 0x1301,
my @message_frag_lens = ();
my $ciphersuite = 0;
my $successondata = 0;
+my $alert;
sub clear
{
$successondata = 0;
@message_rec_list = ();
@message_frag_lens = ();
+ $alert = undef;
}
#Class method to extract messages from a record
#We can't handle this yet
die "CCS received before message data complete\n";
}
- if ($server) {
- TLSProxy::Record->server_encrypting(1);
- } else {
- TLSProxy::Record->client_encrypting(1);
+ if (!TLSProxy::Proxy->is_tls13()) {
+ if ($server) {
+ TLSProxy::Record->server_encrypting(1);
+ } else {
+ TLSProxy::Record->client_encrypting(1);
+ }
}
} elsif ($record->content_type == TLSProxy::Record::RT_HANDSHAKE) {
if ($record->len == 0 || $record->len_real == 0) {
$startoffset = $recoffset;
$recoffset += 4;
$payload = "";
-
+
if ($recoffset <= $record->decrypt_len) {
#Some payload data is present in this record
if ($record->decrypt_len - $recoffset >= $messlen) {
}
} elsif ($record->content_type == TLSProxy::Record::RT_ALERT) {
my ($alertlev, $alertdesc) = unpack('CC', $record->decrypt_data);
+ print " [$alertlev, $alertdesc]\n";
#A CloseNotify from the client indicates we have finished successfully
#(we assume)
if (!$end && !$server && $alertlev == AL_LEVEL_WARN
&& $alertdesc == AL_DESC_CLOSE_NOTIFY) {
$success = 1;
}
- #All alerts end the test
- $end = 1;
+ #Fatal or close notify alerts end the test
+ if ($alertlev == AL_LEVEL_FATAL || $alertdesc == AL_DESC_CLOSE_NOTIFY) {
+ $end = 1;
+ }
+ $alert = TLSProxy::Alert->new(
+ $server,
+ $record->encrypted,
+ $alertlev,
+ $alertdesc);
}
return @messages;
[@message_frag_lens]
);
$message->parse();
- } elsif ($mt == MT_HELLO_RETRY_REQUEST) {
- $message = TLSProxy::HelloRetryRequest->new(
- $server,
- $data,
- [@message_rec_list],
- $startoffset,
- [@message_frag_lens]
- );
- $message->parse();
} elsif ($mt == MT_SERVER_HELLO) {
$message = TLSProxy::ServerHello->new(
$server,
my $class = shift;
return !$success && $end;
}
+
+sub alert
+{
+ return $alert;
+}
+
sub new
{
my $class = shift;
$records,
$startoffset,
$message_frag_lens) = @_;
-
+
my $self = {
server => $server,
data => $data,
records => $records,
mt => $mt,
startoffset => $startoffset,
- message_frag_lens => $message_frag_lens
+ message_frag_lens => $message_frag_lens,
+ dupext => -1
};
return bless $self, $class;
my $self = shift;
return TLS_MESSAGE_HEADER_LENGTH + length($self->data);
}
+sub dupext
+{
+ my $self = shift;
+ if (@_) {
+ $self->{dupext} = shift;
+ }
+ return $self->{dupext};
+}
sub successondata
{
my $class = shift;
projects / openssl.git / blobdiff