line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Protocol::TLS::Handshake; |
2
|
2
|
|
|
2
|
|
10
|
use strict; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
51
|
|
3
|
2
|
|
|
2
|
|
10
|
use warnings; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
47
|
|
4
|
2
|
|
|
2
|
|
10
|
use Carp; |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
118
|
|
5
|
2
|
|
|
2
|
|
10
|
use Protocol::TLS::Trace qw(tracer); |
|
2
|
|
|
|
|
2
|
|
|
2
|
|
|
|
|
100
|
|
6
|
|
|
|
|
|
|
use Protocol::TLS::Constants |
7
|
2
|
|
|
2
|
|
10
|
qw(const_name :versions :hs_types :c_types :alert_desc); |
|
2
|
|
|
|
|
3
|
|
|
2
|
|
|
|
|
5235
|
|
8
|
|
|
|
|
|
|
|
9
|
|
|
|
|
|
|
my %handshake_types = ( |
10
|
|
|
|
|
|
|
&HSTYPE_HELLO_REQUEST => 'hello_request', |
11
|
|
|
|
|
|
|
&HSTYPE_CLIENT_HELLO => 'client_hello', |
12
|
|
|
|
|
|
|
&HSTYPE_SERVER_HELLO => 'server_hello', |
13
|
|
|
|
|
|
|
&HSTYPE_CERTIFICATE => 'certificate', |
14
|
|
|
|
|
|
|
&HSTYPE_SERVER_KEY_EXCHANGE => 'server_key_exchange', |
15
|
|
|
|
|
|
|
&HSTYPE_CERTIFICATE_REQUEST => 'certificate_request', |
16
|
|
|
|
|
|
|
&HSTYPE_SERVER_HELLO_DONE => 'server_hello_done', |
17
|
|
|
|
|
|
|
&HSTYPE_CERTIFICATE_VERIFY => 'certificate_verify', |
18
|
|
|
|
|
|
|
&HSTYPE_CLIENT_KEY_EXCHANGE => 'client_key_exchange', |
19
|
|
|
|
|
|
|
&HSTYPE_FINISHED => 'finished', |
20
|
|
|
|
|
|
|
); |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
my %decoder = |
23
|
|
|
|
|
|
|
map { $_ => \&{ $handshake_types{$_} . '_decode' } } |
24
|
|
|
|
|
|
|
keys %handshake_types; |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
my %encoder = |
27
|
|
|
|
|
|
|
map { $_ => \&{ $handshake_types{$_} . '_encode' } } |
28
|
|
|
|
|
|
|
keys %handshake_types; |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
sub decode { |
31
|
11
|
|
|
11
|
0
|
21
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
32
|
11
|
50
|
|
|
|
39
|
return 0 if length($$buf_ref) - $buf_offset < 4; |
33
|
11
|
|
|
|
|
47
|
my ( $type, $length_high, $length_low ) = unpack "x${buf_offset}CCn", |
34
|
|
|
|
|
|
|
$$buf_ref; |
35
|
|
|
|
|
|
|
|
36
|
11
|
|
|
|
|
27
|
my $h_len = $length_high * 256**3 + $length_low; |
37
|
11
|
50
|
|
|
|
29
|
return 0 if $h_len > $length - 4; |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
# Unknown handshake type |
40
|
11
|
50
|
|
|
|
38
|
if ( !exists $handshake_types{$type} ) { |
41
|
0
|
|
|
|
|
0
|
tracer->debug("Unknown handshake type: $type\n"); |
42
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
43
|
0
|
|
|
|
|
0
|
return undef; |
44
|
|
|
|
|
|
|
} |
45
|
11
|
|
|
|
|
37
|
tracer->debug( 'Got ' . const_name( 'hs_types', $type ) . "\n" ); |
46
|
|
|
|
|
|
|
|
47
|
11
|
|
|
|
|
141
|
my $len = $decoder{$type}->( $ctx, $buf_ref, $buf_offset + 4, $h_len ); |
48
|
11
|
50
|
|
|
|
33
|
return undef unless defined $len; |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
# Save handshake data |
51
|
11
|
50
|
|
|
|
33
|
push @{ $ctx->{pending}->{hs_messages} }, substr $$buf_ref, $buf_offset, |
|
11
|
|
|
|
|
51
|
|
52
|
|
|
|
|
|
|
$h_len + 4 |
53
|
|
|
|
|
|
|
if $type != HSTYPE_HELLO_REQUEST; |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
# Arrived record may change state of stream |
56
|
11
|
|
|
|
|
47
|
$ctx->state_machine( 'recv', CTYPE_HANDSHAKE, $type ); |
57
|
|
|
|
|
|
|
|
58
|
11
|
|
|
|
|
39
|
return $h_len + 4; |
59
|
|
|
|
|
|
|
} |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
sub encode { |
62
|
11
|
|
|
11
|
0
|
36
|
my ( $ctx, $type ) = splice @_, 0, 2; |
63
|
11
|
|
|
|
|
113
|
my $encoded = pack 'CC n/a*', $type, 0, $encoder{$type}->( $ctx, @_ ); |
64
|
11
|
50
|
|
|
|
43
|
push @{ $ctx->{pending}->{hs_messages} }, $encoded |
|
11
|
|
|
|
|
38
|
|
65
|
|
|
|
|
|
|
if $type != HSTYPE_HELLO_REQUEST; |
66
|
11
|
|
|
|
|
78
|
$encoded; |
67
|
|
|
|
|
|
|
} |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
sub hello_request_decode { |
70
|
0
|
|
|
0
|
0
|
0
|
0; |
71
|
|
|
|
|
|
|
} |
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
sub hello_request_encode { |
74
|
0
|
|
|
0
|
0
|
0
|
''; |
75
|
|
|
|
|
|
|
} |
76
|
|
|
|
|
|
|
|
77
|
|
|
|
|
|
|
sub client_hello_decode { |
78
|
1
|
|
|
1
|
0
|
4
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
79
|
1
|
|
|
|
|
8
|
my ( $tls_version, $random, $session_id, $ciphers_l ) = |
80
|
|
|
|
|
|
|
unpack "x$buf_offset na32 C/a n", $$buf_ref; |
81
|
|
|
|
|
|
|
|
82
|
1
|
|
50
|
|
|
4
|
my $sess_l = length($session_id) || 0; |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
# Length error |
85
|
1
|
50
|
|
|
|
5
|
if ( $sess_l > 32 ) { |
86
|
0
|
|
|
|
|
0
|
tracer->debug("Session_id length error: $sess_l\n"); |
87
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
88
|
0
|
|
|
|
|
0
|
return undef; |
89
|
|
|
|
|
|
|
} |
90
|
|
|
|
|
|
|
|
91
|
|
|
|
|
|
|
# Ciphers error |
92
|
1
|
50
|
33
|
|
|
9
|
if ( !$ciphers_l || $ciphers_l % 2 ) { |
93
|
0
|
|
|
|
|
0
|
tracer->debug("Cipher suites length error\n"); |
94
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
95
|
0
|
|
|
|
|
0
|
return undef; |
96
|
|
|
|
|
|
|
} |
97
|
|
|
|
|
|
|
|
98
|
1
|
|
|
|
|
3
|
my $offset = 37 + $sess_l; |
99
|
|
|
|
|
|
|
|
100
|
1
|
|
|
|
|
18
|
my @ciphers = unpack 'x' . ( $buf_offset + $offset ) . 'n' . $ciphers_l / 2, |
101
|
|
|
|
|
|
|
$$buf_ref; |
102
|
|
|
|
|
|
|
|
103
|
1
|
|
|
|
|
4
|
$offset += $ciphers_l; |
104
|
|
|
|
|
|
|
|
105
|
1
|
|
|
|
|
6
|
my @compr = unpack 'x' . ( $buf_offset + $offset ) . 'C/C*', $$buf_ref; |
106
|
|
|
|
|
|
|
|
107
|
|
|
|
|
|
|
# Compression length error |
108
|
1
|
50
|
|
|
|
4
|
if ( !@compr ) { |
109
|
0
|
|
|
|
|
0
|
tracer->debug("Compression methods not defined\n"); |
110
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
111
|
0
|
|
|
|
|
0
|
return undef; |
112
|
|
|
|
|
|
|
} |
113
|
1
|
|
|
|
|
2
|
$offset += 1 + @compr; |
114
|
|
|
|
|
|
|
|
115
|
|
|
|
|
|
|
# Extensions |
116
|
1
|
|
|
|
|
2
|
my $ext_result; |
117
|
1
|
50
|
|
|
|
3
|
if ( $length > $offset ) { |
118
|
1
|
|
|
|
|
12
|
my $len = $ctx->ext_decode( |
119
|
|
|
|
|
|
|
\$ext_result, $buf_ref, |
120
|
|
|
|
|
|
|
$buf_offset + $offset, |
121
|
|
|
|
|
|
|
$length - $offset |
122
|
|
|
|
|
|
|
); |
123
|
1
|
50
|
|
|
|
3
|
return undef unless defined $len; |
124
|
1
|
|
|
|
|
3
|
$offset += $len; |
125
|
|
|
|
|
|
|
} |
126
|
|
|
|
|
|
|
|
127
|
|
|
|
|
|
|
# TODO: need sane result handling |
128
|
1
|
|
|
|
|
8
|
my $res = $ctx->validate_client_hello( |
129
|
|
|
|
|
|
|
ciphers => \@ciphers, |
130
|
|
|
|
|
|
|
compression => \@compr, |
131
|
|
|
|
|
|
|
session_id => $session_id, |
132
|
|
|
|
|
|
|
tls_version => $tls_version, |
133
|
|
|
|
|
|
|
random => $random, |
134
|
|
|
|
|
|
|
extensions => $ext_result, |
135
|
|
|
|
|
|
|
); |
136
|
|
|
|
|
|
|
|
137
|
1
|
50
|
|
|
|
13
|
return $res ? $offset : undef; |
138
|
|
|
|
|
|
|
} |
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
sub client_hello_encode { |
141
|
3
|
|
|
3
|
0
|
7
|
my ( $ctx, $data_ref ) = @_; |
142
|
|
|
|
|
|
|
|
143
|
3
|
|
|
|
|
8
|
my $ext = ''; |
144
|
3
|
50
|
|
|
|
12
|
if ( exists $data_ref->{extensions} ) { |
145
|
|
|
|
|
|
|
|
146
|
|
|
|
|
|
|
# TODO extenions |
147
|
|
|
|
|
|
|
} |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
pack( |
150
|
|
|
|
|
|
|
'na32 C/a* n' |
151
|
3
|
|
|
|
|
12
|
. ( @{ $data_ref->{ciphers} } + 1 ) . 'C' |
152
|
3
|
|
|
|
|
13
|
. ( @{ $data_ref->{compression} } + 1 ), |
153
|
|
|
|
|
|
|
$data_ref->{tls_version}, |
154
|
|
|
|
|
|
|
$ctx->{pending}->{securityParameters}->{client_random}, |
155
|
|
|
|
|
|
|
$data_ref->{session_id}, |
156
|
3
|
|
|
|
|
14
|
2 * @{ $data_ref->{ciphers} }, |
157
|
3
|
|
|
|
|
7
|
@{ $data_ref->{ciphers} }, |
158
|
3
|
|
|
|
|
7
|
scalar @{ $data_ref->{compression} }, |
159
|
3
|
|
|
|
|
6
|
@{ $data_ref->{compression} } |
|
3
|
|
|
|
|
37
|
|
160
|
|
|
|
|
|
|
) . $ext; |
161
|
|
|
|
|
|
|
} |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
sub server_hello_decode { |
164
|
3
|
|
|
3
|
0
|
6
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
165
|
3
|
|
|
|
|
22
|
my ( $version, $rand, $sess_id, $cipher, $compr ) = |
166
|
|
|
|
|
|
|
unpack "x$buf_offset n a32 C/a n C", $$buf_ref; |
167
|
|
|
|
|
|
|
|
168
|
3
|
|
|
|
|
8
|
my $offset = 35 + length($sess_id) + 2 + 1; |
169
|
|
|
|
|
|
|
|
170
|
|
|
|
|
|
|
# Extensions |
171
|
3
|
|
|
|
|
6
|
my $ext_result; |
172
|
3
|
50
|
|
|
|
9
|
if ( $length > $offset ) { |
173
|
0
|
|
|
|
|
0
|
my $len = $ctx->ext_decode( |
174
|
|
|
|
|
|
|
\$ext_result, $buf_ref, |
175
|
|
|
|
|
|
|
$buf_offset + $offset, |
176
|
|
|
|
|
|
|
$length - $offset |
177
|
|
|
|
|
|
|
); |
178
|
0
|
0
|
|
|
|
0
|
return undef unless defined $len; |
179
|
0
|
|
|
|
|
0
|
$offset += $len; |
180
|
|
|
|
|
|
|
} |
181
|
|
|
|
|
|
|
|
182
|
|
|
|
|
|
|
# TODO: need sane result handling |
183
|
3
|
|
|
|
|
23
|
my $res = $ctx->validate_server_hello( |
184
|
|
|
|
|
|
|
cipher => $cipher, |
185
|
|
|
|
|
|
|
compression => $compr, |
186
|
|
|
|
|
|
|
session_id => $sess_id, |
187
|
|
|
|
|
|
|
version => $version, |
188
|
|
|
|
|
|
|
random => $rand, |
189
|
|
|
|
|
|
|
extensions => $ext_result, |
190
|
|
|
|
|
|
|
); |
191
|
|
|
|
|
|
|
|
192
|
3
|
50
|
|
|
|
12
|
return $res ? $offset : undef; |
193
|
|
|
|
|
|
|
} |
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
sub server_hello_encode { |
196
|
1
|
|
|
1
|
0
|
3
|
my ( $ctx, $data_ref ) = @_; |
197
|
|
|
|
|
|
|
|
198
|
1
|
|
|
|
|
3
|
my $ext = ''; |
199
|
1
|
50
|
|
|
|
6
|
if ( exists $data_ref->{extensions} ) { |
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
# TODO extenions |
202
|
|
|
|
|
|
|
} |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
pack( "n a32 C/a* n C", |
205
|
|
|
|
|
|
|
$data_ref->{tls_version}, $data_ref->{server_random}, |
206
|
|
|
|
|
|
|
$data_ref->{session_id}, $data_ref->{cipher}, |
207
|
|
|
|
|
|
|
$data_ref->{compression} ) |
208
|
1
|
|
|
|
|
12
|
. $ext; |
209
|
|
|
|
|
|
|
} |
210
|
|
|
|
|
|
|
|
211
|
|
|
|
|
|
|
sub certificate_decode { |
212
|
2
|
|
|
2
|
0
|
6
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
213
|
2
|
|
|
|
|
9
|
my $list_len = unpack 'N', "\0" . substr $$buf_ref, $buf_offset, 3; |
214
|
2
|
|
|
|
|
4
|
my $offset = 3; |
215
|
|
|
|
|
|
|
|
216
|
2
|
50
|
|
|
|
9
|
if ( $list_len > $length - $offset ) { |
217
|
0
|
|
|
|
|
0
|
tracer->debug("list too long: $list_len\n"); |
218
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
219
|
0
|
|
|
|
|
0
|
return undef; |
220
|
|
|
|
|
|
|
} |
221
|
|
|
|
|
|
|
|
222
|
2
|
|
|
|
|
7
|
while ( $offset < $list_len ) { |
223
|
2
|
|
|
|
|
8
|
my $cert_len = unpack 'N', "\0" . substr $$buf_ref, |
224
|
|
|
|
|
|
|
$buf_offset + $offset, 3; |
225
|
2
|
50
|
|
|
|
7
|
if ( $cert_len > $length - $offset - 3 ) { |
226
|
0
|
|
|
|
|
0
|
tracer->debug("cert length too long: $cert_len\n"); |
227
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
228
|
0
|
|
|
|
|
0
|
return undef; |
229
|
|
|
|
|
|
|
} |
230
|
2
|
|
50
|
|
|
34
|
$ctx->{pending}->{cert} ||= []; |
231
|
2
|
|
|
|
|
3
|
push @{ $ctx->{pending}->{cert} }, substr $$buf_ref, |
|
2
|
|
|
|
|
13
|
|
232
|
|
|
|
|
|
|
$buf_offset + $offset + 3, $cert_len; |
233
|
2
|
|
|
|
|
19
|
$offset += 3 + $cert_len; |
234
|
|
|
|
|
|
|
} |
235
|
|
|
|
|
|
|
|
236
|
2
|
|
|
|
|
6
|
return $offset; |
237
|
|
|
|
|
|
|
} |
238
|
|
|
|
|
|
|
|
239
|
|
|
|
|
|
|
sub certificate_encode { |
240
|
1
|
|
|
1
|
0
|
4
|
my $ctx = shift; |
241
|
|
|
|
|
|
|
|
242
|
1
|
|
|
|
|
2
|
my $res = ''; |
243
|
1
|
|
|
|
|
3
|
for my $cert (@_) { |
244
|
1
|
|
|
|
|
12
|
$res .= pack 'C n/a*', 0, $cert; |
245
|
|
|
|
|
|
|
} |
246
|
|
|
|
|
|
|
|
247
|
1
|
|
|
|
|
8
|
pack( 'Cn', 0, length($res) ) . $res; |
248
|
|
|
|
|
|
|
} |
249
|
|
|
|
|
|
|
|
250
|
|
|
|
|
|
|
sub server_key_exchange_decode { |
251
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
252
|
|
|
|
|
|
|
} |
253
|
|
|
|
|
|
|
|
254
|
|
|
|
|
|
|
sub server_key_exchange_encode { |
255
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
256
|
|
|
|
|
|
|
} |
257
|
|
|
|
|
|
|
|
258
|
|
|
|
|
|
|
sub certificate_request_decode { |
259
|
0
|
|
|
0
|
0
|
0
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
260
|
|
|
|
|
|
|
|
261
|
|
|
|
|
|
|
# Client certificate types |
262
|
0
|
|
|
|
|
0
|
my @cct = unpack "x$buf_offset C/C*", $$buf_ref; |
263
|
|
|
|
|
|
|
|
264
|
0
|
|
|
|
|
0
|
my $offset = @cct + 1; |
265
|
|
|
|
|
|
|
|
266
|
|
|
|
|
|
|
# Signature and hash algorithms |
267
|
0
|
|
|
|
|
0
|
my @sah = unpack 'x' . ( $buf_offset + $offset ) . 'n/C*', $$buf_ref; |
268
|
|
|
|
|
|
|
|
269
|
0
|
|
|
|
|
0
|
$offset += @sah + 2; |
270
|
|
|
|
|
|
|
|
271
|
|
|
|
|
|
|
# DistinguishedName certificate_authorities |
272
|
0
|
|
|
|
|
0
|
my $dn_len = unpack 'x' . ( $buf_offset + $offset ) . 'n', $$buf_ref; |
273
|
0
|
|
|
|
|
0
|
$offset += 2; |
274
|
0
|
|
|
|
|
0
|
my @dn; |
275
|
|
|
|
|
|
|
|
276
|
0
|
|
|
|
|
0
|
while ( $offset < $length ) { |
277
|
0
|
|
|
|
|
0
|
my $dn = unpack 'x' . ( $buf_offset + $offset ) . 'n/a*', $$buf_ref; |
278
|
0
|
0
|
|
|
|
0
|
last unless $dn; |
279
|
0
|
|
|
|
|
0
|
$offset += 2 + length($dn); |
280
|
0
|
|
|
|
|
0
|
push @dn, $dn; |
281
|
|
|
|
|
|
|
} |
282
|
|
|
|
|
|
|
|
283
|
0
|
0
|
|
|
|
0
|
if ( $offset != $length ) { |
284
|
0
|
|
|
|
|
0
|
tracer->debug( "certificate request decoding error:" |
285
|
|
|
|
|
|
|
. "expected length $length != $offset" ); |
286
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
287
|
0
|
|
|
|
|
0
|
return undef; |
288
|
|
|
|
|
|
|
} |
289
|
|
|
|
|
|
|
|
290
|
|
|
|
|
|
|
$ctx->{pending}->{client_cert} = { |
291
|
0
|
|
|
|
|
0
|
cct => [@cct], |
292
|
|
|
|
|
|
|
sah => [@sah], |
293
|
|
|
|
|
|
|
dn => [@dn], |
294
|
|
|
|
|
|
|
}; |
295
|
|
|
|
|
|
|
|
296
|
0
|
|
|
|
|
0
|
$offset; |
297
|
|
|
|
|
|
|
} |
298
|
|
|
|
|
|
|
|
299
|
|
|
|
|
|
|
sub certificate_request_encode { |
300
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
301
|
|
|
|
|
|
|
} |
302
|
|
|
|
|
|
|
|
303
|
|
|
|
|
|
|
sub server_hello_done_decode { |
304
|
2
|
|
|
2
|
0
|
4
|
0; |
305
|
|
|
|
|
|
|
} |
306
|
|
|
|
|
|
|
|
307
|
|
|
|
|
|
|
sub server_hello_done_encode { |
308
|
1
|
|
|
1
|
0
|
5
|
''; |
309
|
|
|
|
|
|
|
} |
310
|
|
|
|
|
|
|
|
311
|
|
|
|
|
|
|
sub certificate_verify_encode { |
312
|
0
|
|
|
0
|
0
|
0
|
pack 'C2n/a', $_[1], $_[2], $_[3]; |
313
|
|
|
|
|
|
|
} |
314
|
|
|
|
|
|
|
|
315
|
|
|
|
|
|
|
sub certificate_verify_decode { |
316
|
0
|
|
|
0
|
0
|
0
|
die "not implemented"; |
317
|
|
|
|
|
|
|
} |
318
|
|
|
|
|
|
|
|
319
|
|
|
|
|
|
|
sub client_key_exchange_decode { |
320
|
0
|
|
|
0
|
0
|
0
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
321
|
0
|
|
|
|
|
0
|
my ($encoded_pkey) = unpack "x$buf_offset n/a", $$buf_ref; |
322
|
0
|
0
|
0
|
|
|
0
|
unless ( defined $encoded_pkey && length($encoded_pkey) == $length - 2 ) { |
323
|
0
|
|
0
|
|
|
0
|
tracer->error( "broken key length: " |
324
|
|
|
|
|
|
|
. ( $length - 2 ) . " vs " |
325
|
|
|
|
|
|
|
. ( length($encoded_pkey) || 0 ) |
326
|
|
|
|
|
|
|
. "\n" ); |
327
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
328
|
0
|
|
|
|
|
0
|
return undef; |
329
|
|
|
|
|
|
|
} |
330
|
|
|
|
|
|
|
|
331
|
0
|
0
|
|
|
|
0
|
unless ( $ctx->validate_client_key($encoded_pkey) ) { |
332
|
0
|
|
|
|
|
0
|
tracer->error("client key validation failed"); |
333
|
0
|
|
|
|
|
0
|
$ctx->error(DECODE_ERROR); |
334
|
0
|
|
|
|
|
0
|
return undef; |
335
|
|
|
|
|
|
|
} |
336
|
0
|
|
|
|
|
0
|
$length; |
337
|
|
|
|
|
|
|
} |
338
|
|
|
|
|
|
|
|
339
|
|
|
|
|
|
|
sub client_key_exchange_encode { |
340
|
2
|
|
|
2
|
0
|
24
|
pack 'n/a*', $_[1]; |
341
|
|
|
|
|
|
|
} |
342
|
|
|
|
|
|
|
|
343
|
|
|
|
|
|
|
sub finished_encode { |
344
|
3
|
|
|
3
|
0
|
17
|
$_[1]; |
345
|
|
|
|
|
|
|
} |
346
|
|
|
|
|
|
|
|
347
|
|
|
|
|
|
|
sub finished_decode { |
348
|
3
|
|
|
3
|
0
|
8
|
my ( $ctx, $buf_ref, $buf_offset, $length ) = @_; |
349
|
3
|
|
|
|
|
8
|
my $message = substr $$buf_ref, $buf_offset, $length; |
350
|
3
|
50
|
|
|
|
24
|
return $ctx->validate_finished($message) ? $length : undef; |
351
|
|
|
|
|
|
|
} |
352
|
|
|
|
|
|
|
|
353
|
|
|
|
|
|
|
1 |