2
0

ClientHello.pm 8.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284
  1. # Written by Matt Caswell for the OpenSSL project.
  2. # ====================================================================
  3. # Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved.
  4. #
  5. # Redistribution and use in source and binary forms, with or without
  6. # modification, are permitted provided that the following conditions
  7. # are met:
  8. #
  9. # 1. Redistributions of source code must retain the above copyright
  10. # notice, this list of conditions and the following disclaimer.
  11. #
  12. # 2. Redistributions in binary form must reproduce the above copyright
  13. # notice, this list of conditions and the following disclaimer in
  14. # the documentation and/or other materials provided with the
  15. # distribution.
  16. #
  17. # 3. All advertising materials mentioning features or use of this
  18. # software must display the following acknowledgment:
  19. # "This product includes software developed by the OpenSSL Project
  20. # for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
  21. #
  22. # 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  23. # endorse or promote products derived from this software without
  24. # prior written permission. For written permission, please contact
  25. # openssl-core@openssl.org.
  26. #
  27. # 5. Products derived from this software may not be called "OpenSSL"
  28. # nor may "OpenSSL" appear in their names without prior written
  29. # permission of the OpenSSL Project.
  30. #
  31. # 6. Redistributions of any form whatsoever must retain the following
  32. # acknowledgment:
  33. # "This product includes software developed by the OpenSSL Project
  34. # for use in the OpenSSL Toolkit (http://www.openssl.org/)"
  35. #
  36. # THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  37. # EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  38. # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  39. # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
  40. # ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  41. # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  42. # NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  43. # LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  44. # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  45. # STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  46. # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  47. # OF THE POSSIBILITY OF SUCH DAMAGE.
  48. # ====================================================================
  49. #
  50. # This product includes cryptographic software written by Eric Young
  51. # (eay@cryptsoft.com). This product includes software written by Tim
  52. # Hudson (tjh@cryptsoft.com).
  53. use strict;
  54. package TLSProxy::ClientHello;
  55. use parent 'TLSProxy::Message';
  56. use constant {
  57. EXT_STATUS_REQUEST => 5,
  58. EXT_ENCRYPT_THEN_MAC => 22,
  59. EXT_EXTENDED_MASTER_SECRET => 23,
  60. EXT_SESSION_TICKET => 35
  61. };
  62. sub new
  63. {
  64. my $class = shift;
  65. my ($server,
  66. $data,
  67. $records,
  68. $startoffset,
  69. $message_frag_lens) = @_;
  70. my $self = $class->SUPER::new(
  71. $server,
  72. 1,
  73. $data,
  74. $records,
  75. $startoffset,
  76. $message_frag_lens);
  77. $self->{client_version} = 0;
  78. $self->{random} = [];
  79. $self->{session_id_len} = 0;
  80. $self->{session} = "";
  81. $self->{ciphersuite_len} = 0;
  82. $self->{ciphersuites} = [];
  83. $self->{comp_meth_len} = 0;
  84. $self->{comp_meths} = [];
  85. $self->{extensions_len} = 0;
  86. $self->{extensions_data} = "";
  87. return $self;
  88. }
  89. sub parse
  90. {
  91. my $self = shift;
  92. my $ptr = 2;
  93. my ($client_version) = unpack('n', $self->data);
  94. my $random = substr($self->data, $ptr, 32);
  95. $ptr += 32;
  96. my $session_id_len = unpack('C', substr($self->data, $ptr));
  97. $ptr++;
  98. my $session = substr($self->data, $ptr, $session_id_len);
  99. $ptr += $session_id_len;
  100. my $ciphersuite_len = unpack('n', substr($self->data, $ptr));
  101. $ptr += 2;
  102. my @ciphersuites = unpack('n*', substr($self->data, $ptr,
  103. $ciphersuite_len));
  104. $ptr += $ciphersuite_len;
  105. my $comp_meth_len = unpack('C', substr($self->data, $ptr));
  106. $ptr++;
  107. my @comp_meths = unpack('C*', substr($self->data, $ptr, $comp_meth_len));
  108. $ptr += $comp_meth_len;
  109. my $extensions_len = unpack('n', substr($self->data, $ptr));
  110. $ptr += 2;
  111. #For now we just deal with this as a block of data. In the future we will
  112. #want to parse this
  113. my $extension_data = substr($self->data, $ptr);
  114. if (length($extension_data) != $extensions_len) {
  115. die "Invalid extension length\n";
  116. }
  117. my %extensions = ();
  118. while (length($extension_data) >= 4) {
  119. my ($type, $size) = unpack("nn", $extension_data);
  120. my $extdata = substr($extension_data, 4, $size);
  121. $extension_data = substr($extension_data, 4 + $size);
  122. $extensions{$type} = $extdata;
  123. }
  124. $self->client_version($client_version);
  125. $self->random($random);
  126. $self->session_id_len($session_id_len);
  127. $self->session($session);
  128. $self->ciphersuite_len($ciphersuite_len);
  129. $self->ciphersuites(\@ciphersuites);
  130. $self->comp_meth_len($comp_meth_len);
  131. $self->comp_meths(\@comp_meths);
  132. $self->extensions_len($extensions_len);
  133. $self->extension_data(\%extensions);
  134. $self->process_extensions();
  135. print " Client Version:".$client_version."\n";
  136. print " Session ID Len:".$session_id_len."\n";
  137. print " Ciphersuite len:".$ciphersuite_len."\n";
  138. print " Compression Method Len:".$comp_meth_len."\n";
  139. print " Extensions Len:".$extensions_len."\n";
  140. }
  141. #Perform any actions necessary based on the extensions we've seen
  142. sub process_extensions
  143. {
  144. my $self = shift;
  145. my %extensions = %{$self->extension_data};
  146. #Clear any state from a previous run
  147. TLSProxy::Record->etm(0);
  148. if (exists $extensions{&EXT_ENCRYPT_THEN_MAC}) {
  149. TLSProxy::Record->etm(1);
  150. }
  151. }
  152. #Reconstruct the on-the-wire message data following changes
  153. sub set_message_contents
  154. {
  155. my $self = shift;
  156. my $data;
  157. my $extensions = "";
  158. $data = pack('n', $self->client_version);
  159. $data .= $self->random;
  160. $data .= pack('C', $self->session_id_len);
  161. $data .= $self->session;
  162. $data .= pack('n', $self->ciphersuite_len);
  163. $data .= pack("n*", @{$self->ciphersuites});
  164. $data .= pack('C', $self->comp_meth_len);
  165. $data .= pack("C*", @{$self->comp_meths});
  166. foreach my $key (keys %{$self->extension_data}) {
  167. my $extdata = ${$self->extension_data}{$key};
  168. $extensions .= pack("n", $key);
  169. $extensions .= pack("n", length($extdata));
  170. $extensions .= $extdata;
  171. }
  172. $data .= pack('n', length($extensions));
  173. $data .= $extensions;
  174. $self->data($data);
  175. }
  176. #Read/write accessors
  177. sub client_version
  178. {
  179. my $self = shift;
  180. if (@_) {
  181. $self->{client_version} = shift;
  182. }
  183. return $self->{client_version};
  184. }
  185. sub random
  186. {
  187. my $self = shift;
  188. if (@_) {
  189. $self->{random} = shift;
  190. }
  191. return $self->{random};
  192. }
  193. sub session_id_len
  194. {
  195. my $self = shift;
  196. if (@_) {
  197. $self->{session_id_len} = shift;
  198. }
  199. return $self->{session_id_len};
  200. }
  201. sub session
  202. {
  203. my $self = shift;
  204. if (@_) {
  205. $self->{session} = shift;
  206. }
  207. return $self->{session};
  208. }
  209. sub ciphersuite_len
  210. {
  211. my $self = shift;
  212. if (@_) {
  213. $self->{ciphersuite_len} = shift;
  214. }
  215. return $self->{ciphersuite_len};
  216. }
  217. sub ciphersuites
  218. {
  219. my $self = shift;
  220. if (@_) {
  221. $self->{ciphersuites} = shift;
  222. }
  223. return $self->{ciphersuites};
  224. }
  225. sub comp_meth_len
  226. {
  227. my $self = shift;
  228. if (@_) {
  229. $self->{comp_meth_len} = shift;
  230. }
  231. return $self->{comp_meth_len};
  232. }
  233. sub comp_meths
  234. {
  235. my $self = shift;
  236. if (@_) {
  237. $self->{comp_meths} = shift;
  238. }
  239. return $self->{comp_meths};
  240. }
  241. sub extensions_len
  242. {
  243. my $self = shift;
  244. if (@_) {
  245. $self->{extensions_len} = shift;
  246. }
  247. return $self->{extensions_len};
  248. }
  249. sub extension_data
  250. {
  251. my $self = shift;
  252. if (@_) {
  253. $self->{extension_data} = shift;
  254. }
  255. return $self->{extension_data};
  256. }
  257. sub delete_extension
  258. {
  259. my ($self, $ext_type) = @_;
  260. delete $self->{extension_data}{$ext_type};
  261. }
  262. 1;