# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. # # Licensed under the OpenSSL license (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html use strict; package TLSProxy::ServerHello; use vars '@ISA'; push @ISA, 'TLSProxy::Message'; my $hrrrandom = pack("C*", 0xCF, 0x21, 0xAD, 0x74, 0xE5, 0x9A, 0x61, 0x11, 0xBE, 0x1D, 0x8C, 0x02, 0x1E, 0x65, 0xB8, 0x91, 0xC2, 0xA2, 0x11, 0x16, 0x7A, 0xBB, 0x8C, 0x5E, 0x07, 0x9E, 0x09, 0xE2, 0xC8, 0xA8, 0x33, 0x9C); sub new { my $class = shift; my ($server, $data, $records, $startoffset, $message_frag_lens) = @_; my $self = $class->SUPER::new( $server, TLSProxy::Message::MT_SERVER_HELLO, $data, $records, $startoffset, $message_frag_lens); $self->{server_version} = 0; $self->{random} = []; $self->{session_id_len} = 0; $self->{session} = ""; $self->{ciphersuite} = 0; $self->{comp_meth} = 0; $self->{extension_data} = ""; return $self; } sub parse { my $self = shift; my $ptr = 2; my ($server_version) = unpack('n', $self->data); my $neg_version = $server_version; my $random = substr($self->data, $ptr, 32); $ptr += 32; my $session_id_len = 0; my $session = ""; $session_id_len = unpack('C', substr($self->data, $ptr)); $ptr++; $session = substr($self->data, $ptr, $session_id_len); $ptr += $session_id_len; my $ciphersuite = unpack('n', substr($self->data, $ptr)); $ptr += 2; my $comp_meth = 0; $comp_meth = unpack('C', substr($self->data, $ptr)); $ptr++; my $extensions_len = unpack('n', substr($self->data, $ptr)); if (!defined $extensions_len) { $extensions_len = 0; } else { $ptr += 2; } #For now we just deal with this as a block of data. In the future we will #want to parse this my $extension_data; if ($extensions_len != 0) { $extension_data = substr($self->data, $ptr); if (length($extension_data) != $extensions_len) { die "Invalid extension length\n"; } } else { if (length($self->data) != $ptr) { die "Invalid extension length\n"; } $extension_data = ""; } my %extensions = (); while (length($extension_data) >= 4) { my ($type, $size) = unpack("nn", $extension_data); my $extdata = substr($extension_data, 4, $size); $extension_data = substr($extension_data, 4 + $size); $extensions{$type} = $extdata; if ($type == TLSProxy::Message::EXT_SUPPORTED_VERSIONS) { $neg_version = unpack('n', $extdata); } } if ($random eq $hrrrandom) { TLSProxy::Proxy->is_tls13(1); # TODO(TLS1.3): Replace this reference to draft version before release } elsif ($neg_version == TLSProxy::Record::VERS_TLS_1_3_DRAFT) { $neg_version = TLSProxy::Record::VERS_TLS_1_3; TLSProxy::Proxy->is_tls13(1); TLSProxy::Record->server_encrypting(1); TLSProxy::Record->client_encrypting(1); } $self->server_version($server_version); $self->random($random); $self->session_id_len($session_id_len); $self->session($session); $self->ciphersuite($ciphersuite); TLSProxy::Proxy->ciphersuite($ciphersuite); $self->comp_meth($comp_meth); $self->extension_data(\%extensions); $self->process_data(); print " Server Version:".$server_version."\n"; print " Session ID Len:".$session_id_len."\n"; print " Ciphersuite:".$ciphersuite."\n"; print " Compression Method:".$comp_meth."\n"; print " Extensions Len:".$extensions_len."\n"; } #Perform any actions necessary based on the data we've seen sub process_data { my $self = shift; TLSProxy::Message->ciphersuite($self->ciphersuite); } #Reconstruct the on-the-wire message data following changes sub set_message_contents { my $self = shift; my $data; my $extensions = ""; $data = pack('n', $self->server_version); $data .= $self->random; $data .= pack('C', $self->session_id_len); $data .= $self->session; $data .= pack('n', $self->ciphersuite); $data .= pack('C', $self->comp_meth); foreach my $key (keys %{$self->extension_data}) { my $extdata = ${$self->extension_data}{$key}; $extensions .= pack("n", $key); $extensions .= pack("n", length($extdata)); $extensions .= $extdata; if ($key == TLSProxy::Message::EXT_DUPLICATE_EXTENSION) { $extensions .= pack("n", $key); $extensions .= pack("n", length($extdata)); $extensions .= $extdata; } } $data .= pack('n', length($extensions)); $data .= $extensions; $self->data($data); } #Read/write accessors sub server_version { my $self = shift; if (@_) { $self->{server_version} = shift; } return $self->{server_version}; } sub random { my $self = shift; if (@_) { $self->{random} = shift; } return $self->{random}; } sub session_id_len { my $self = shift; if (@_) { $self->{session_id_len} = shift; } return $self->{session_id_len}; } sub session { my $self = shift; if (@_) { $self->{session} = shift; } return $self->{session}; } sub ciphersuite { my $self = shift; if (@_) { $self->{ciphersuite} = shift; } return $self->{ciphersuite}; } sub comp_meth { my $self = shift; if (@_) { $self->{comp_meth} = shift; } return $self->{comp_meth}; } sub extension_data { my $self = shift; if (@_) { $self->{extension_data} = shift; } return $self->{extension_data}; } sub set_extension { my ($self, $ext_type, $ext_data) = @_; $self->{extension_data}{$ext_type} = $ext_data; } sub delete_extension { my ($self, $ext_type) = @_; delete $self->{extension_data}{$ext_type}; } 1;