line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Protocol::TLS::Handshake; |
2
|
2
|
|
|
2
|
|
10
|
use strict; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
78
|
|
3
|
2
|
|
|
2
|
|
11
|
use warnings; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
53
|
|
4
|
2
|
|
|
2
|
|
11
|
use Carp; |
|
2
|
|
|
|
|
2
|
|
|
2
|
|
|
|
|
131
|
|
5
|
2
|
|
|
2
|
|
11
|
use Protocol::TLS::Trace qw(tracer); |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
115
|
|
6
|
|
|
|
|
|
|
use Protocol::TLS::Constants |
7
|
2
|
|
|
2
|
|
11
|
qw(const_name :versions :hs_types :c_types :alert_desc); |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
4714
|
|
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
my %handshake_types = ( |
10
|
|
|
|
|
|
|
&HSTYPE_HELLO_REQUEST => 'hello_request', |
11
|
|
|
|
|
|
|
&HSTYPE_CLIENT_HELLO => 'client_hello', |
12
|
|
|
|
|
|
|
&HSTYPE_SERVER_HELLO => 'server_hello', |
13
|
|
|
|
|
|
|
&HSTYPE_CERTIFICATE => 'certificate', |
14
|
|
|
|
|
|
|
&HSTYPE_SERVER_KEY_EXCHANGE => 'server_key_exchange', |
15
|
|
|
|
|
|
|
&HSTYPE_CERTIFICATE_REQUEST => 'certificate_request', |
16
|
|
|
|
|
|
|
&HSTYPE_SERVER_HELLO_DONE => 'server_hello_done', |
17
|
|
|
|
|
|
|
&HSTYPE_CERTIFICATE_VERIFY => 'certificate_verify', |
18
|
|
|
|
|
|
|
&HSTYPE_CLIENT_KEY_EXCHANGE => 'client_key_exchange', |
19
|
|
|
|
|
|
|
&HSTYPE_FINISHED => 'finished', |
20
|
|
|
|
|
|
|
); |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
my %decoder = |
23
|
|
|
|
|
|
|
map { $_ => \&{ $handshake_types{$_} . '_decode' } } |
24
|
|
|
|
|
|
|
keys %handshake_types; |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
my %encoder = |
27
|
|
|
|
|
|
|
map { $_ => \&{ $handshake_types{$_} . '_encode' } } |
28
|
|
|
|
|
|
|
keys %handshake_types; |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
sub decode { |
31
|
11
|
|
|
11
|
0
|
14
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
32
|
11
|
50
|
|
|
|
31
|
return 0 if length($$buf_ref) - $buf_offset < 4; |
33
|
11
|
|
|
|
|
44
|
my ( $type, $length_high, $length_low ) = unpack "x${buf_offset}CCn", |
34
|
|
|
|
|
|
|
$$buf_ref; |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
# Incorrect handshake record length |
37
|
11
|
50
|
|
|
|
44
|
if ( $length_high * 256**3 + $length_low != $length - 4 ) { |
38
|
0
|
|
|
|
|
0
|
tracer->debug( "Incorrect handshake record length: " |
39
|
|
|
|
|
|
|
. ( $length_high * 256**3 + $length_low ) |
40
|
|
|
|
|
|
|
. " (expected $length)\n" ); |
41
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
42
|
0
|
|
|
|
|
0
|
return undef; |
43
|
|
|
|
|
|
|
} |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
# Unknown handshake type |
46
|
11
|
50
|
|
|
|
32
|
if ( !exists $handshake_types{$type} ) { |
47
|
0
|
|
|
|
|
0
|
tracer->debug("Unknown handshake type: $type\n"); |
48
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
49
|
0
|
|
|
|
|
0
|
return undef; |
50
|
|
|
|
|
|
|
} |
51
|
11
|
|
|
|
|
31
|
tracer->debug( 'Got ' . const_name( 'hs_types', $type ) . "\n" ); |
52
|
|
|
|
|
|
|
|
53
|
11
|
|
|
|
|
60
|
my $len = $decoder{$type}->( $ctx, $buf_ref, $buf_offset + 4, $length - 4 ); |
54
|
11
|
50
|
|
|
|
29
|
return undef unless defined $len; |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
# Save handshake data |
57
|
11
|
50
|
|
|
|
25
|
push @{ $ctx->{pending}->{hs_messages} }, substr $$buf_ref, $buf_offset, |
|
11
|
|
|
|
|
40
|
|
58
|
|
|
|
|
|
|
$length |
59
|
|
|
|
|
|
|
if $type != HSTYPE_HELLO_REQUEST; |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
# Arrived record may change state of stream |
62
|
11
|
|
|
|
|
41
|
$ctx->state_machine( 'recv', CTYPE_HANDSHAKE, $type ); |
63
|
|
|
|
|
|
|
|
64
|
11
|
|
|
|
|
46
|
return $length; |
65
|
|
|
|
|
|
|
} |
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
sub encode { |
68
|
11
|
|
|
11
|
0
|
23
|
my ( $ctx, $type ) = splice @_, 0, 2; |
69
|
11
|
|
|
|
|
81
|
my $encoded = pack 'CC n/a*', $type, 0, $encoder{$type}->( $ctx, @_ ); |
70
|
11
|
50
|
|
|
|
46
|
push @{ $ctx->{pending}->{hs_messages} }, $encoded |
|
11
|
|
|
|
|
34
|
|
71
|
|
|
|
|
|
|
if $type != HSTYPE_HELLO_REQUEST; |
72
|
11
|
|
|
|
|
69
|
$encoded; |
73
|
|
|
|
|
|
|
} |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
sub hello_request_decode { |
76
|
0
|
|
|
0
|
0
|
0
|
0; |
77
|
|
|
|
|
|
|
} |
78
|
|
|
|
|
|
|
|
79
|
|
|
|
|
|
|
sub hello_request_encode { |
80
|
0
|
|
|
0
|
0
|
0
|
''; |
81
|
|
|
|
|
|
|
} |
82
|
|
|
|
|
|
|
|
83
|
|
|
|
|
|
|
sub client_hello_decode { |
84
|
1
|
|
|
1
|
0
|
3
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
85
|
1
|
|
|
|
|
9
|
my ( $tls_version, $random, $session_id, $ciphers_l ) = |
86
|
|
|
|
|
|
|
unpack "x$buf_offset na32 C/a n", $$buf_ref; |
87
|
|
|
|
|
|
|
|
88
|
1
|
|
50
|
|
|
5
|
my $sess_l = length($session_id) || 0; |
89
|
|
|
|
|
|
|
|
90
|
|
|
|
|
|
|
# Length error |
91
|
1
|
50
|
|
|
|
5
|
if ( $sess_l > 32 ) { |
92
|
0
|
|
|
|
|
0
|
tracer->debug("Session_id length error: $sess_l\n"); |
93
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
94
|
0
|
|
|
|
|
0
|
return undef; |
95
|
|
|
|
|
|
|
} |
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
# Ciphers error |
98
|
1
|
50
|
33
|
|
|
10
|
if ( !$ciphers_l || $ciphers_l % 2 ) { |
99
|
0
|
|
|
|
|
0
|
tracer->debug("Cipher suites length error\n"); |
100
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
101
|
0
|
|
|
|
|
0
|
return undef; |
102
|
|
|
|
|
|
|
} |
103
|
|
|
|
|
|
|
|
104
|
1
|
|
|
|
|
3
|
my $offset = 37 + $sess_l; |
105
|
|
|
|
|
|
|
|
106
|
1
|
|
|
|
|
24
|
my @ciphers = unpack 'x' . ( $buf_offset + $offset ) . 'n' . $ciphers_l / 2, |
107
|
|
|
|
|
|
|
$$buf_ref; |
108
|
|
|
|
|
|
|
|
109
|
1
|
|
|
|
|
2
|
$offset += $ciphers_l; |
110
|
|
|
|
|
|
|
|
111
|
1
|
|
|
|
|
7
|
my @compr = unpack 'x' . ( $buf_offset + $offset ) . 'C/C*', $$buf_ref; |
112
|
|
|
|
|
|
|
|
113
|
|
|
|
|
|
|
# Compression length error |
114
|
1
|
50
|
|
|
|
5
|
if ( !@compr ) { |
115
|
0
|
|
|
|
|
0
|
tracer->debug("Compression methods not defined\n"); |
116
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
117
|
0
|
|
|
|
|
0
|
return undef; |
118
|
|
|
|
|
|
|
} |
119
|
1
|
|
|
|
|
4
|
$offset += 1 + @compr; |
120
|
|
|
|
|
|
|
|
121
|
|
|
|
|
|
|
# Extensions |
122
|
1
|
|
|
|
|
1
|
my $ext_result; |
123
|
1
|
50
|
|
|
|
6
|
if ( $length > $offset ) { |
124
|
1
|
|
|
|
|
16
|
my $len = $ctx->ext_decode( |
125
|
|
|
|
|
|
|
\$ext_result, $buf_ref, |
126
|
|
|
|
|
|
|
$buf_offset + $offset, |
127
|
|
|
|
|
|
|
$length - $offset |
128
|
|
|
|
|
|
|
); |
129
|
1
|
50
|
|
|
|
4
|
return undef unless defined $len; |
130
|
1
|
|
|
|
|
3
|
$offset += $len; |
131
|
|
|
|
|
|
|
} |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
# TODO: need sane result handling |
134
|
1
|
|
|
|
|
11
|
my $res = $ctx->validate_client_hello( |
135
|
|
|
|
|
|
|
ciphers => \@ciphers, |
136
|
|
|
|
|
|
|
compression => \@compr, |
137
|
|
|
|
|
|
|
session_id => $session_id, |
138
|
|
|
|
|
|
|
tls_version => $tls_version, |
139
|
|
|
|
|
|
|
random => $random, |
140
|
|
|
|
|
|
|
extensions => $ext_result, |
141
|
|
|
|
|
|
|
); |
142
|
|
|
|
|
|
|
|
143
|
1
|
50
|
|
|
|
9
|
return $res ? $offset : undef; |
144
|
|
|
|
|
|
|
} |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
sub client_hello_encode { |
147
|
3
|
|
|
3
|
0
|
5
|
my ( $ctx, $data_ref ) = @_; |
148
|
|
|
|
|
|
|
|
149
|
3
|
|
|
|
|
13
|
my $ext = ''; |
150
|
3
|
50
|
|
|
|
11
|
if ( exists $data_ref->{extensions} ) { |
151
|
|
|
|
|
|
|
|
152
|
|
|
|
|
|
|
# TODO extenions |
153
|
|
|
|
|
|
|
} |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
pack( |
156
|
3
|
|
|
|
|
16
|
'na32 C/a* n' |
157
|
3
|
|
|
|
|
12
|
. ( @{ $data_ref->{ciphers} } + 1 ) . 'C' |
158
|
3
|
|
|
|
|
7
|
. ( @{ $data_ref->{compression} } + 1 ), |
159
|
|
|
|
|
|
|
$data_ref->{tls_version}, |
160
|
|
|
|
|
|
|
$ctx->{pending}->{securityParameters}->{client_random}, |
161
|
|
|
|
|
|
|
$data_ref->{session_id}, |
162
|
3
|
|
|
|
|
5
|
2 * @{ $data_ref->{ciphers} }, |
163
|
3
|
|
|
|
|
5
|
@{ $data_ref->{ciphers} }, |
164
|
3
|
|
|
|
|
34
|
scalar @{ $data_ref->{compression} }, |
165
|
3
|
|
|
|
|
6
|
@{ $data_ref->{compression} } |
166
|
|
|
|
|
|
|
) . $ext; |
167
|
|
|
|
|
|
|
} |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
sub server_hello_decode { |
170
|
3
|
|
|
3
|
0
|
5
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
171
|
3
|
|
|
|
|
19
|
my ( $version, $rand, $sess_id, $cipher, $compr ) = |
172
|
|
|
|
|
|
|
unpack "x$buf_offset n a32 C/a n C", $$buf_ref; |
173
|
|
|
|
|
|
|
|
174
|
3
|
|
|
|
|
9
|
my $offset = 35 + length($sess_id) + 2 + 1; |
175
|
|
|
|
|
|
|
|
176
|
|
|
|
|
|
|
# Extensions |
177
|
3
|
|
|
|
|
3
|
my $ext_result; |
178
|
3
|
50
|
|
|
|
9
|
if ( $length > $offset ) { |
179
|
0
|
|
|
|
|
0
|
my $len = $ctx->ext_decode( |
180
|
|
|
|
|
|
|
\$ext_result, $buf_ref, |
181
|
|
|
|
|
|
|
$buf_offset + $offset, |
182
|
|
|
|
|
|
|
$length - $offset |
183
|
|
|
|
|
|
|
); |
184
|
0
|
0
|
|
|
|
0
|
return undef unless defined $len; |
185
|
0
|
|
|
|
|
0
|
$offset += $len; |
186
|
|
|
|
|
|
|
} |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
# TODO: need sane result handling |
189
|
3
|
|
|
|
|
64
|
my $res = $ctx->validate_server_hello( |
190
|
|
|
|
|
|
|
cipher => $cipher, |
191
|
|
|
|
|
|
|
compression => $compr, |
192
|
|
|
|
|
|
|
session_id => $sess_id, |
193
|
|
|
|
|
|
|
version => $version, |
194
|
|
|
|
|
|
|
random => $rand, |
195
|
|
|
|
|
|
|
extensions => $ext_result, |
196
|
|
|
|
|
|
|
); |
197
|
|
|
|
|
|
|
|
198
|
3
|
50
|
|
|
|
10
|
return $res ? $offset : undef; |
199
|
|
|
|
|
|
|
} |
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
sub server_hello_encode { |
202
|
1
|
|
|
1
|
0
|
14
|
my ( $ctx, $data_ref ) = @_; |
203
|
|
|
|
|
|
|
|
204
|
1
|
|
|
|
|
4
|
my $ext = ''; |
205
|
1
|
50
|
|
|
|
17
|
if ( exists $data_ref->{extensions} ) { |
206
|
|
|
|
|
|
|
|
207
|
|
|
|
|
|
|
# TODO extenions |
208
|
|
|
|
|
|
|
} |
209
|
|
|
|
|
|
|
|
210
|
1
|
|
|
|
|
15
|
pack( "n a32 C/a* n C", |
211
|
|
|
|
|
|
|
$data_ref->{tls_version}, $data_ref->{server_random}, |
212
|
|
|
|
|
|
|
$data_ref->{session_id}, $data_ref->{cipher}, |
213
|
|
|
|
|
|
|
$data_ref->{compression} ) |
214
|
|
|
|
|
|
|
. $ext; |
215
|
|
|
|
|
|
|
} |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
sub certificate_decode { |
218
|
2
|
|
|
2
|
0
|
4
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
219
|
2
|
|
|
|
|
9
|
my $list_len = unpack 'N', "\0" . substr $$buf_ref, $buf_offset, 3; |
220
|
2
|
|
|
|
|
3
|
my $offset = 3; |
221
|
|
|
|
|
|
|
|
222
|
2
|
50
|
|
|
|
7
|
if ( $list_len > $length - $offset ) { |
223
|
0
|
|
|
|
|
0
|
tracer->debug("list too long: $list_len\n"); |
224
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
225
|
0
|
|
|
|
|
0
|
return undef; |
226
|
|
|
|
|
|
|
} |
227
|
|
|
|
|
|
|
|
228
|
2
|
|
|
|
|
7
|
while ( $offset < $list_len ) { |
229
|
2
|
|
|
|
|
6
|
my $cert_len = unpack 'N', "\0" . substr $$buf_ref, |
230
|
|
|
|
|
|
|
$buf_offset + $offset, 3; |
231
|
2
|
50
|
|
|
|
10
|
if ( $cert_len > $length - $offset - 3 ) { |
232
|
0
|
|
|
|
|
0
|
tracer->debug("cert length too long: $cert_len\n"); |
233
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
234
|
0
|
|
|
|
|
0
|
return undef; |
235
|
|
|
|
|
|
|
} |
236
|
2
|
|
50
|
|
|
30
|
$ctx->{pending}->{cert} ||= []; |
237
|
2
|
|
|
|
|
3
|
push @{ $ctx->{pending}->{cert} }, substr $$buf_ref, |
|
2
|
|
|
|
|
12
|
|
238
|
|
|
|
|
|
|
$buf_offset + $offset + 3, $cert_len; |
239
|
2
|
|
|
|
|
5
|
$offset += 3 + $cert_len; |
240
|
|
|
|
|
|
|
} |
241
|
|
|
|
|
|
|
|
242
|
2
|
|
|
|
|
4
|
return $offset; |
243
|
|
|
|
|
|
|
} |
244
|
|
|
|
|
|
|
|
245
|
|
|
|
|
|
|
sub certificate_encode { |
246
|
1
|
|
|
1
|
0
|
3
|
my $ctx = shift; |
247
|
|
|
|
|
|
|
|
248
|
1
|
|
|
|
|
2
|
my $res = ''; |
249
|
1
|
|
|
|
|
3
|
for my $cert (@_) { |
250
|
1
|
|
|
|
|
13
|
$res .= pack 'C n/a*', 0, $cert; |
251
|
|
|
|
|
|
|
} |
252
|
|
|
|
|
|
|
|
253
|
1
|
|
|
|
|
7
|
pack( 'Cn', 0, length($res) ) . $res; |
254
|
|
|
|
|
|
|
} |
255
|
|
|
|
|
|
|
|
256
|
|
|
|
|
|
|
sub server_key_exchange_decode { |
257
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
258
|
|
|
|
|
|
|
} |
259
|
|
|
|
|
|
|
|
260
|
|
|
|
|
|
|
sub server_key_exchange_encode { |
261
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
262
|
|
|
|
|
|
|
} |
263
|
|
|
|
|
|
|
|
264
|
|
|
|
|
|
|
sub certificate_request_decode { |
265
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
266
|
|
|
|
|
|
|
} |
267
|
|
|
|
|
|
|
|
268
|
|
|
|
|
|
|
sub certificate_request_encode { |
269
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
270
|
|
|
|
|
|
|
} |
271
|
|
|
|
|
|
|
|
272
|
|
|
|
|
|
|
sub server_hello_done_decode { |
273
|
2
|
|
|
2
|
0
|
4
|
0; |
274
|
|
|
|
|
|
|
} |
275
|
|
|
|
|
|
|
|
276
|
|
|
|
|
|
|
sub server_hello_done_encode { |
277
|
1
|
|
|
1
|
0
|
6
|
''; |
278
|
|
|
|
|
|
|
} |
279
|
|
|
|
|
|
|
|
280
|
|
|
|
|
|
|
sub certificate_verify { |
281
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
282
|
|
|
|
|
|
|
} |
283
|
|
|
|
|
|
|
|
284
|
|
|
|
|
|
|
sub client_key_exchange_decode { |
285
|
0
|
|
|
0
|
0
|
0
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
286
|
0
|
|
|
|
|
0
|
my ($encoded_pkey) = unpack "x$buf_offset n/a", $$buf_ref; |
287
|
0
|
0
|
0
|
|
|
0
|
unless ( defined $encoded_pkey && length($encoded_pkey) == $length - 2 ) { |
288
|
0
|
|
0
|
|
|
0
|
tracer->error( "broken key length: " |
289
|
|
|
|
|
|
|
. ( $length - 2 ) . " vs " |
290
|
|
|
|
|
|
|
. ( length($encoded_pkey) || 0 ) |
291
|
|
|
|
|
|
|
. "\n" ); |
292
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
293
|
0
|
|
|
|
|
0
|
return undef; |
294
|
|
|
|
|
|
|
} |
295
|
|
|
|
|
|
|
|
296
|
0
|
0
|
|
|
|
0
|
unless ( $ctx->validate_client_key($encoded_pkey) ) { |
297
|
0
|
|
|
|
|
0
|
tracer->error("client key validation failed"); |
298
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
299
|
0
|
|
|
|
|
0
|
return undef; |
300
|
|
|
|
|
|
|
} |
301
|
0
|
|
|
|
|
0
|
$length; |
302
|
|
|
|
|
|
|
} |
303
|
|
|
|
|
|
|
|
304
|
|
|
|
|
|
|
sub client_key_exchange_encode { |
305
|
2
|
|
|
2
|
0
|
16
|
pack 'n/a*', $_[1]; |
306
|
|
|
|
|
|
|
} |
307
|
|
|
|
|
|
|
|
308
|
|
|
|
|
|
|
sub finished_encode { |
309
|
3
|
|
|
3
|
0
|
15
|
$_[1]; |
310
|
|
|
|
|
|
|
} |
311
|
|
|
|
|
|
|
|
312
|
|
|
|
|
|
|
sub finished_decode { |
313
|
3
|
|
|
3
|
0
|
5
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
314
|
3
|
|
|
|
|
7
|
my $message = substr $$buf_ref, $buf_offset, $length; |
315
|
3
|
50
|
|
|
|
12
|
return $ctx->validate_finished($message) ? $length : undef; |
316
|
|
|
|
|
|
|
} |
317
|
|
|
|
|
|
|
|
318
|
|
|
|
|
|
|
1 |