• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright Joyent, Inc. and other Node contributors.
2 //
3 // Permission is hereby granted, free of charge, to any person obtaining a
4 // copy of this software and associated documentation files (the
5 // "Software"), to deal in the Software without restriction, including
6 // without limitation the rights to use, copy, modify, merge, publish,
7 // distribute, sublicense, and/or sell copies of the Software, and to permit
8 // persons to whom the Software is furnished to do so, subject to the
9 // following conditions:
10 //
11 // The above copyright notice and this permission notice shall be included
12 // in all copies or substantial portions of the Software.
13 //
14 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS
15 // OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
17 // NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
18 // DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
19 // OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
20 // USE OR OTHER DEALINGS IN THE SOFTWARE.
21 
22 #include "crypto/crypto_clienthello.h"  // NOLINT(build/include_inline)
23 #include "crypto/crypto_clienthello-inl.h"
24 
25 namespace node {
26 namespace crypto {
Parse(const uint8_t * data,size_t avail)27 void ClientHelloParser::Parse(const uint8_t* data, size_t avail) {
28   switch (state_) {
29     case kWaiting:
30       if (!ParseRecordHeader(data, avail))
31         break;
32       [[fallthrough]];
33     case kTLSHeader:
34       ParseHeader(data, avail);
35       break;
36     case kPaused:
37       // Just nop
38     case kEnded:
39       // Already ended, just ignore it
40       break;
41     default:
42       break;
43   }
44 }
45 
46 
ParseRecordHeader(const uint8_t * data,size_t avail)47 bool ClientHelloParser::ParseRecordHeader(const uint8_t* data, size_t avail) {
48   // >= 5 bytes for header parsing
49   if (avail < 5)
50     return false;
51 
52   if (data[0] == kChangeCipherSpec ||
53       data[0] == kAlert ||
54       data[0] == kHandshake ||
55       data[0] == kApplicationData) {
56     frame_len_ = (data[3] << 8) + data[4];
57     state_ = kTLSHeader;
58     body_offset_ = 5;
59   } else {
60     End();
61     return false;
62   }
63 
64   // Sanity check (too big frame, or too small)
65   // Let OpenSSL handle it
66   if (frame_len_ >= kMaxTLSFrameLen) {
67     End();
68     return false;
69   }
70 
71   return true;
72 }
73 
74 
ParseHeader(const uint8_t * data,size_t avail)75 void ClientHelloParser::ParseHeader(const uint8_t* data, size_t avail) {
76   ClientHello hello;
77 
78   // We need at least six bytes (one byte for kClientHello, three bytes for the
79   // length of the handshake message, and two bytes for the protocol version).
80   // If the client sent a frame that suggests a smaller ClientHello, give up.
81   if (frame_len_ < 6) return End();
82 
83   // >= 5 + frame size bytes for frame parsing
84   if (body_offset_ + frame_len_ > avail)
85     return;
86 
87   // Check hello protocol version.  Protocol tuples that we know about:
88   //
89   // (3,1) TLS v1.0
90   // (3,2) TLS v1.1
91   // (3,3) TLS v1.2
92   //
93   // Note that TLS v1.3 uses a TLS v1.2 handshake so requires no specific
94   // support here.
95   if (data[body_offset_ + 4] != 0x03 ||
96       data[body_offset_ + 5] < 0x01 ||
97       data[body_offset_ + 5] > 0x03) {
98     return End();
99   }
100 
101   if (data[body_offset_] == kClientHello) {
102     if (state_ == kTLSHeader) {
103       if (!ParseTLSClientHello(data, avail))
104         return End();
105     } else {
106       // We couldn't get here, but whatever
107       return End();
108     }
109 
110     // Check if we overflowed (do not reply with any private data)
111     if (session_id_ == nullptr ||
112         session_size_ > 32 ||
113         session_id_ + session_size_ > data + avail) {
114       return End();
115     }
116   }
117 
118   state_ = kPaused;
119   hello.session_id_ = session_id_;
120   hello.session_size_ = session_size_;
121   hello.has_ticket_ = tls_ticket_ != nullptr && tls_ticket_size_ != 0;
122   hello.servername_ = servername_;
123   hello.servername_size_ = static_cast<uint8_t>(servername_size_);
124   onhello_cb_(cb_arg_, hello);
125 }
126 
127 
ParseExtension(const uint16_t type,const uint8_t * data,size_t len)128 void ClientHelloParser::ParseExtension(const uint16_t type,
129                                        const uint8_t* data,
130                                        size_t len) {
131   // NOTE: In case of anything we're just returning back, ignoring the problem.
132   // That's because we're heavily relying on OpenSSL to solve any problem with
133   // incoming data.
134   switch (type) {
135     case kServerName:
136       {
137         if (len < 2)
138           return;
139         uint32_t server_names_len = (data[0] << 8) + data[1];
140         if (server_names_len + 2 > len)
141           return;
142         for (size_t offset = 2; offset < 2 + server_names_len; ) {
143           if (offset + 3 > len)
144             return;
145           uint8_t name_type = data[offset];
146           if (name_type != kServernameHostname)
147             return;
148           uint16_t name_len = (data[offset + 1] << 8) + data[offset + 2];
149           offset += 3;
150           if (offset + name_len > len)
151             return;
152           servername_ = data + offset;
153           servername_size_ = name_len;
154           offset += name_len;
155         }
156       }
157       break;
158     case kTLSSessionTicket:
159       tls_ticket_size_ = len;
160       tls_ticket_ = data + len;
161       break;
162     default:
163       // Ignore
164       break;
165   }
166 }
167 
168 
ParseTLSClientHello(const uint8_t * data,size_t avail)169 bool ClientHelloParser::ParseTLSClientHello(const uint8_t* data, size_t avail) {
170   const uint8_t* body;
171 
172   // Skip frame header, hello header, protocol version and random data
173   size_t session_offset = body_offset_ + 4 + 2 + 32;
174 
175   if (session_offset + 1 >= avail)
176     return false;
177 
178   body = data + session_offset;
179   session_size_ = *body;
180   session_id_ = body + 1;
181 
182   size_t cipher_offset = session_offset + 1 + session_size_;
183 
184   // Session OOB failure
185   if (cipher_offset + 1 >= avail)
186     return false;
187 
188   uint16_t cipher_len =
189       (data[cipher_offset] << 8) + data[cipher_offset + 1];
190   size_t comp_offset = cipher_offset + 2 + cipher_len;
191 
192   // Cipher OOB failure
193   if (comp_offset >= avail)
194     return false;
195 
196   uint8_t comp_len = data[comp_offset];
197   size_t extension_offset = comp_offset + 1 + comp_len;
198 
199   // Compression OOB failure
200   if (extension_offset > avail)
201     return false;
202 
203   // No extensions present
204   if (extension_offset == avail)
205     return true;
206 
207   size_t ext_off = extension_offset + 2;
208 
209   // Parse known extensions
210   while (ext_off < avail) {
211     // Extension OOB
212     if (ext_off + 4 > avail)
213       return false;
214 
215     uint16_t ext_type = (data[ext_off] << 8) + data[ext_off + 1];
216     uint16_t ext_len = (data[ext_off + 2] << 8) + data[ext_off + 3];
217     ext_off += 4;
218 
219     // Extension OOB
220     if (ext_off + ext_len > avail)
221       return false;
222 
223     ParseExtension(ext_type,
224                    data + ext_off,
225                    ext_len);
226 
227     ext_off += ext_len;
228   }
229 
230   // Extensions OOB failure
231   if (ext_off > avail)
232     return false;
233 
234   return true;
235 }
236 
237 }  // namespace crypto
238 }  // namespace node
239