Teach TLSProxy about the CertificateVerify message (adb403de) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

util/TLSProxy/CertificateVerify.pm

0 → 100644

+96 −0

Original line number	Diff line number	Diff line
		# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
		#
		# Licensed under the OpenSSL license (the "License"). You may not use
		# this file except in compliance with the License. You can obtain a copy
		# in the file LICENSE in the source distribution or at
		# https://www.openssl.org/source/license.html

		use strict;

		package TLSProxy::CertificateVerify;

		use vars '@ISA';
		push @ISA, 'TLSProxy::Message';

		sub new
		{
		my $class = shift;
		my ($server,
		$data,
		$records,
		$startoffset,
		$message_frag_lens) = @_;

		my $self = $class->SUPER::new(
		$server,
		TLSProxy::Message::MT_CERTIFICATE_VERIFY,
		$data,
		$records,
		$startoffset,
		$message_frag_lens);

		$self->{sigalg} = -1;
		$self->{signature} = "";

		return $self;
		}

		sub parse
		{
		my $self = shift;

		my $sigalg = -1;
		my $remdata = $self->data;
		my $record = ${$self->records}[0];

		if (TLSProxy::Proxy->is_tls13()
		\|\| $record->version() == TLSProxy::Record::VERS_TLS_1_2) {
		$sigalg = unpack('n', $remdata);
		$remdata = substr($remdata, 2);
		}

		my $siglen = unpack('n', substr($remdata, 0, 2));
		my $sig = substr($remdata, 2);

		die "Invalid CertificateVerify signature length" if length($sig) != $siglen;

		print " SigAlg:".$sigalg."\n";
		print " Signature Len:".$siglen."\n";

		$self->sigalg($sigalg);
		$self->signature($sig);
		}

		#Reconstruct the on-the-wire message data following changes
		sub set_message_contents
		{
		my $self = shift;
		my $data = "";
		my $sig = $self->signature();
		my $olddata = $self->data();

		$data .= pack("n", $self->sigalg()) if ($self->sigalg() != -1);
		$data .= pack("n", length($sig));
		$data .= $sig;

		$self->data($data);
		}

		#Read/write accessors
		sub sigalg
		{
		my $self = shift;
		if (@_) {
		$self->{sigalg} = shift;
		}
		return $self->{sigalg};
		}
		sub signature
		{
		my $self = shift;
		if (@_) {
		$self->{signature} = shift;
		}
		return $self->{signature};
		}
		1;

util/TLSProxy/Message.pm

+9 −0

Original line number	Diff line number	Diff line
		@@ -277,6 +277,15 @@ sub create_message
		[@message_frag_lens]
		);
		$message->parse();
		} elsif ($mt == MT_CERTIFICATE_VERIFY) {
		$message = TLSProxy::CertificateVerify->new(
		$server,
		$data,
		[@message_rec_list],
		$startoffset,
		[@message_frag_lens]
		);
		$message->parse();
		} elsif ($mt == MT_SERVER_KEY_EXCHANGE) {
		$message = TLSProxy::ServerKeyExchange->new(
		$server,

util/TLSProxy/Proxy.pm

+1 −0

Original line number	Diff line number	Diff line
		@@ -19,6 +19,7 @@ use TLSProxy::ClientHello;
		use TLSProxy::ServerHello;
		use TLSProxy::EncryptedExtensions;
		use TLSProxy::Certificate;
		use TLSProxy::CertificateVerify;
		use TLSProxy::ServerKeyExchange;
		use TLSProxy::NewSessionTicket;