From 0adb6417403f4be801b8da28cb83efb60f79f66c Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Thu, 2 Feb 2017 16:06:28 +0000 Subject: [PATCH] Update TLSProxy to know about HelloRetryRequest messages Reviewed-by: Richard Levitte (Merged from https://github.com/openssl/openssl/pull/2341) --- util/TLSProxy/HelloRetryRequest.pm | 135 +++++++++++++++++++++++++++++ util/TLSProxy/Message.pm | 9 ++ util/TLSProxy/Proxy.pm | 1 + 3 files changed, 145 insertions(+) create mode 100644 util/TLSProxy/HelloRetryRequest.pm diff --git a/util/TLSProxy/HelloRetryRequest.pm b/util/TLSProxy/HelloRetryRequest.pm new file mode 100644 index 0000000000..a15c05463d --- /dev/null +++ b/util/TLSProxy/HelloRetryRequest.pm @@ -0,0 +1,135 @@ +# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. +# +# Licensed under the OpenSSL license (the "License"). You may not use +# this file except in compliance with the License. You can obtain a copy +# in the file LICENSE in the source distribution or at +# https://www.openssl.org/source/license.html + +use strict; + +package TLSProxy::HelloRetryRequest; + +use vars '@ISA'; +push @ISA, 'TLSProxy::Message'; + +sub new +{ + my $class = shift; + my ($server, + $data, + $records, + $startoffset, + $message_frag_lens) = @_; + + my $self = $class->SUPER::new( + $server, + TLSProxy::Message::MT_HELLO_RETRY_REQUEST, + $data, + $records, + $startoffset, + $message_frag_lens); + + $self->{extension_data} = ""; + + return $self; +} + +sub parse +{ + my $self = shift; + my $ptr = 2; + + TLSProxy::Proxy->is_tls13(1); + + my ($server_version) = unpack('n', $self->data); + # TODO(TLS1.3): Replace this reference to draft version before release + if ($server_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) { + $server_version = TLSProxy::Record::VERS_TLS_1_3; + } + + my $extensions_len = unpack('n', substr($self->data, $ptr)); + if (!defined $extensions_len) { + $extensions_len = 0; + } + + $ptr += 2; + my $extension_data; + if ($extensions_len != 0) { + $extension_data = substr($self->data, $ptr); + + if (length($extension_data) != $extensions_len) { + die "Invalid extension length\n"; + } + } else { + if (length($self->data) != 2) { + die "Invalid extension length\n"; + } + $extension_data = ""; + } + my %extensions = (); + while (length($extension_data) >= 4) { + my ($type, $size) = unpack("nn", $extension_data); + my $extdata = substr($extension_data, 4, $size); + $extension_data = substr($extension_data, 4 + $size); + $extensions{$type} = $extdata; + } + + $self->server_version($server_version); + $self->extension_data(\%extensions); + + print " Extensions Len:".$extensions_len."\n"; +} + +#Reconstruct the on-the-wire message data following changes +sub set_message_contents +{ + my $self = shift; + my $data; + my $extensions = ""; + + foreach my $key (keys %{$self->extension_data}) { + my $extdata = ${$self->extension_data}{$key}; + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { + $extensions .= pack("n", $key); + $extensions .= pack("n", length($extdata)); + $extensions .= $extdata; + } + } + + $data = pack('n', $self->server_version); + $data .= pack('n', length($extensions)); + $data .= $extensions; + $self->data($data); +} + +#Read/write accessors +sub server_version +{ + my $self = shift; + if (@_) { + $self->{server_version} = shift; + } + return $self->{server_version}; +} +sub extension_data +{ + my $self = shift; + if (@_) { + $self->{extension_data} = shift; + } + return $self->{extension_data}; +} +sub set_extension +{ + my ($self, $ext_type, $ext_data) = @_; + $self->{extension_data}{$ext_type} = $ext_data; +} +sub delete_extension +{ + my ($self, $ext_type) = @_; + delete $self->{extension_data}{$ext_type}; +} +1; diff --git a/util/TLSProxy/Message.pm b/util/TLSProxy/Message.pm index d1a5f244ce..ce469c46d0 100644 --- a/util/TLSProxy/Message.pm +++ b/util/TLSProxy/Message.pm @@ -262,6 +262,15 @@ sub create_message [@message_frag_lens] ); $message->parse(); + } elsif ($mt == MT_HELLO_RETRY_REQUEST) { + $message = TLSProxy::HelloRetryRequest->new( + $server, + $data, + [@message_rec_list], + $startoffset, + [@message_frag_lens] + ); + $message->parse(); } elsif ($mt == MT_SERVER_HELLO) { $message = TLSProxy::ServerHello->new( $server, diff --git a/util/TLSProxy/Proxy.pm b/util/TLSProxy/Proxy.pm index cee3bc5199..189bcb8b57 100644 --- a/util/TLSProxy/Proxy.pm +++ b/util/TLSProxy/Proxy.pm @@ -16,6 +16,7 @@ use IO::Select; use TLSProxy::Record; use TLSProxy::Message; use TLSProxy::ClientHello; +use TLSProxy::HelloRetryRequest; use TLSProxy::ServerHello; use TLSProxy::EncryptedExtensions; use TLSProxy::Certificate; -- 2.25.1