diff options
author | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
---|---|---|
committer | Lorry Tar Creator <lorry-tar-importer@lorry> | 2017-01-04 14:24:24 +0000 |
commit | dc1565216a5d20ae0d75872151523252309a1292 (patch) | |
tree | d57454ba9a40386552179eddf60d28bd1e8f3d54 /nss/external_tests/ssl_gtest/tls_filter.cc | |
parent | 26c046fbc57d53136b4fb3b5e0d18298318125d4 (diff) | |
download | nss-dc1565216a5d20ae0d75872151523252309a1292.tar.gz |
nss-3.28.1nss-3.28.1
Diffstat (limited to 'nss/external_tests/ssl_gtest/tls_filter.cc')
-rw-r--r-- | nss/external_tests/ssl_gtest/tls_filter.cc | 244 |
1 files changed, 0 insertions, 244 deletions
diff --git a/nss/external_tests/ssl_gtest/tls_filter.cc b/nss/external_tests/ssl_gtest/tls_filter.cc deleted file mode 100644 index 07654ee..0000000 --- a/nss/external_tests/ssl_gtest/tls_filter.cc +++ /dev/null @@ -1,244 +0,0 @@ -/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ -/* vim: set ts=2 et sw=2 tw=80: */ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -#include "tls_filter.h" - -#include <iostream> - -namespace nss_test { - -bool TlsRecordFilter::Filter(const DataBuffer& input, DataBuffer* output) { - bool changed = false; - size_t output_offset = 0U; - output->Allocate(input.len()); - - TlsParser parser(input); - while (parser.remaining()) { - size_t start = parser.consumed(); - uint8_t content_type; - if (!parser.Read(&content_type)) { - return false; - } - uint32_t version; - if (!parser.Read(&version, 2)) { - return false; - } - - if (IsDtls(version)) { - if (!parser.Skip(8)) { - return false; - } - } - size_t header_len = parser.consumed() - start; - output->Write(output_offset, input.data() + start, header_len); - - DataBuffer record; - if (!parser.ReadVariable(&record, 2)) { - return false; - } - - // Move the offset in the output forward. ApplyFilter() returns the index - // of the end of the record it wrote to the output, so we need to skip - // over the content type and version for the value passed to it. - output_offset = ApplyFilter(content_type, version, record, output, - output_offset + header_len, - &changed); - } - output->Truncate(output_offset); - - // Record how many packets we actually touched. - if (changed) { - ++count_; - } - - return changed; -} - -size_t TlsRecordFilter::ApplyFilter(uint8_t content_type, uint16_t version, - const DataBuffer& record, - DataBuffer* output, - size_t offset, bool* changed) { - const DataBuffer* source = &record; - DataBuffer filtered; - if (FilterRecord(content_type, version, record, &filtered) && - filtered.len() < 0x10000) { - *changed = true; - std::cerr << "record old: " << record << std::endl; - std::cerr << "record new: " << filtered << std::endl; - source = &filtered; - } - - output->Write(offset, source->len(), 2); - output->Write(offset + 2, *source); - return offset + 2 + source->len(); -} - -bool TlsHandshakeFilter::FilterRecord(uint8_t content_type, uint16_t version, - const DataBuffer& input, - DataBuffer* output) { - // Check that the first byte is as requested. - if (content_type != kTlsHandshakeType) { - return false; - } - - bool changed = false; - size_t output_offset = 0U; - output->Allocate(input.len()); // Preallocate a little. - - TlsParser parser(input); - while (parser.remaining()) { - size_t start = parser.consumed(); - uint8_t handshake_type; - if (!parser.Read(&handshake_type)) { - return false; // malformed - } - uint32_t length; - if (!ReadLength(&parser, version, &length)) { - return false; - } - - size_t header_len = parser.consumed() - start; - output->Write(output_offset, input.data() + start, header_len); - - DataBuffer handshake; - if (!parser.Read(&handshake, length)) { - return false; - } - - // Move the offset in the output forward. ApplyFilter() returns the index - // of the end of the message it wrote to the output, so we need to identify - // offsets from the start of the message for length and the handshake - // message. - output_offset = ApplyFilter(version, handshake_type, handshake, - output, output_offset + 1, - output_offset + header_len, - &changed); - } - output->Truncate(output_offset); - return changed; -} - -bool TlsHandshakeFilter::ReadLength(TlsParser* parser, uint16_t version, uint32_t *length) { - if (!parser->Read(length, 3)) { - return false; // malformed - } - - if (!IsDtls(version)) { - return true; // nothing left to do - } - - // Read and check DTLS parameters - if (!parser->Skip(2)) { // sequence number - return false; - } - - uint32_t fragment_offset; - if (!parser->Read(&fragment_offset, 3)) { - return false; - } - - uint32_t fragment_length; - if (!parser->Read(&fragment_length, 3)) { - return false; - } - - // All current tests where we are using this code don't fragment. - return (fragment_offset == 0 && fragment_length == *length); -} - -size_t TlsHandshakeFilter::ApplyFilter( - uint16_t version, uint8_t handshake_type, const DataBuffer& handshake, - DataBuffer* output, size_t length_offset, size_t value_offset, - bool* changed) { - const DataBuffer* source = &handshake; - DataBuffer filtered; - if (FilterHandshake(version, handshake_type, handshake, &filtered) && - filtered.len() < 0x1000000) { - *changed = true; - std::cerr << "handshake old: " << handshake << std::endl; - std::cerr << "handshake new: " << filtered << std::endl; - source = &filtered; - } - - // Back up and overwrite the (two) length field(s): the handshake message - // length and the DTLS fragment length. - output->Write(length_offset, source->len(), 3); - if (IsDtls(version)) { - output->Write(length_offset + 8, source->len(), 3); - } - output->Write(value_offset, *source); - return value_offset + source->len(); -} - -bool TlsInspectorRecordHandshakeMessage::FilterHandshake( - uint16_t version, uint8_t handshake_type, - const DataBuffer& input, DataBuffer* output) { - // Only do this once. - if (buffer_.len()) { - return false; - } - - if (handshake_type == handshake_type_) { - buffer_ = input; - } - return false; -} - - -bool TlsInspectorReplaceHandshakeMessage::FilterHandshake( - uint16_t version, uint8_t handshake_type, - const DataBuffer& input, DataBuffer* output) { - if (handshake_type == handshake_type_) { - *output = buffer_; - return true; - } - - return false; -} - -bool TlsAlertRecorder::FilterRecord(uint8_t content_type, uint16_t version, - const DataBuffer& input, DataBuffer* output) { - if (level_ == kTlsAlertFatal) { // already fatal - return false; - } - if (content_type != kTlsAlertType) { - return false; - } - - std::cerr << "Alert: " << input << std::endl; - - TlsParser parser(input); - uint8_t lvl; - if (!parser.Read(&lvl)) { - return false; - } - if (lvl == kTlsAlertWarning) { // not strong enough - return false; - } - level_ = lvl; - (void)parser.Read(&description_); - return false; -} - -ChainedPacketFilter::~ChainedPacketFilter() { - for (auto it = filters_.begin(); it != filters_.end(); ++it) { - delete *it; - } -} - -bool ChainedPacketFilter::Filter(const DataBuffer& input, DataBuffer* output) { - DataBuffer in(input); - bool changed = false; - for (auto it = filters_.begin(); it != filters_.end(); ++it) { - if ((*it)->Filter(in, output)) { - in = *output; - changed = true; - } - } - return changed; -} - -} // namespace nss_test |