line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Protocol::TLS::Constants; |
2
|
3
|
|
|
3
|
|
21021
|
use strict; |
|
3
|
|
|
|
|
7
|
|
|
3
|
|
|
|
|
122
|
|
3
|
3
|
|
|
3
|
|
17
|
use warnings; |
|
3
|
|
|
|
|
6
|
|
|
3
|
|
|
|
|
532
|
|
4
|
|
|
|
|
|
|
use constant { |
5
|
|
|
|
|
|
|
|
6
|
3
|
|
|
|
|
4532
|
TLS_v10 => 0x0301, |
7
|
|
|
|
|
|
|
TLS_v11 => 0x0302, |
8
|
|
|
|
|
|
|
TLS_v12 => 0x0303, |
9
|
|
|
|
|
|
|
TLS_v13 => 0x0304, |
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
# connectionEnd |
12
|
|
|
|
|
|
|
CLIENT => 0, |
13
|
|
|
|
|
|
|
SERVER => 1, |
14
|
|
|
|
|
|
|
|
15
|
|
|
|
|
|
|
# Content Type |
16
|
|
|
|
|
|
|
CTYPE_CHANGE_CIPHER_SPEC => 20, |
17
|
|
|
|
|
|
|
CTYPE_ALERT => 21, |
18
|
|
|
|
|
|
|
CTYPE_HANDSHAKE => 22, |
19
|
|
|
|
|
|
|
CTYPE_APPLICATION_DATA => 23, |
20
|
|
|
|
|
|
|
|
21
|
|
|
|
|
|
|
# Handshake Type |
22
|
|
|
|
|
|
|
HSTYPE_HELLO_REQUEST => 0, |
23
|
|
|
|
|
|
|
HSTYPE_CLIENT_HELLO => 1, |
24
|
|
|
|
|
|
|
HSTYPE_SERVER_HELLO => 2, |
25
|
|
|
|
|
|
|
HSTYPE_CERTIFICATE => 11, |
26
|
|
|
|
|
|
|
HSTYPE_SERVER_KEY_EXCHANGE => 12, |
27
|
|
|
|
|
|
|
HSTYPE_CERTIFICATE_REQUEST => 13, |
28
|
|
|
|
|
|
|
HSTYPE_SERVER_HELLO_DONE => 14, |
29
|
|
|
|
|
|
|
HSTYPE_CERTIFICATE_VERIFY => 15, |
30
|
|
|
|
|
|
|
HSTYPE_CLIENT_KEY_EXCHANGE => 16, |
31
|
|
|
|
|
|
|
HSTYPE_FINISHED => 20, |
32
|
|
|
|
|
|
|
|
33
|
|
|
|
|
|
|
# Ciphers |
34
|
|
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 => 0xc02b, |
35
|
|
|
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 => 0xc02f, |
36
|
|
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA => 0xc00a, |
37
|
|
|
|
|
|
|
TLS_RSA_WITH_AES_128_CBC_SHA => 0x002f, |
38
|
|
|
|
|
|
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA => 0x000a, |
39
|
|
|
|
|
|
|
TLS_RSA_WITH_RC4_128_SHA => 0x0005, |
40
|
|
|
|
|
|
|
TLS_RSA_WITH_RC4_128_MD5 => 0x0004, |
41
|
|
|
|
|
|
|
TLS_RSA_WITH_NULL_SHA256 => 0x003b, |
42
|
|
|
|
|
|
|
TLS_RSA_WITH_NULL_SHA => 0x0002, |
43
|
|
|
|
|
|
|
TLS_NULL_WITH_NULL_NULL => 0x0000, |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
# State |
46
|
|
|
|
|
|
|
STATE_IDLE => 0, |
47
|
|
|
|
|
|
|
STATE_HS_START => 1, |
48
|
|
|
|
|
|
|
STATE_SESS_NEW => 2, |
49
|
|
|
|
|
|
|
STATE_SESS_RESUME => 3, |
50
|
|
|
|
|
|
|
STATE_HS_RESUME => 4, |
51
|
|
|
|
|
|
|
STATE_HS_HALF => 5, |
52
|
|
|
|
|
|
|
STATE_HS_FULL => 6, |
53
|
|
|
|
|
|
|
STATE_OPEN => 7, |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
# Alert |
56
|
|
|
|
|
|
|
WARNING => 1, |
57
|
|
|
|
|
|
|
FATAL => 2, |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
# Alert description |
60
|
|
|
|
|
|
|
CLOSE_NOTIFY => 0, |
61
|
|
|
|
|
|
|
UNEXPECTED_MESSAGE => 10, |
62
|
|
|
|
|
|
|
BAD_RECORD_MAC => 20, |
63
|
|
|
|
|
|
|
DECRYPTION_FAILED_RESERVED => 21, |
64
|
|
|
|
|
|
|
RECORD_OVERFLOW => 22, |
65
|
|
|
|
|
|
|
DECOMPRESSION_FAILURE => 30, |
66
|
|
|
|
|
|
|
HANDSHAKE_FAILURE => 40, |
67
|
|
|
|
|
|
|
NO_CERTIFICATE_RESERVED => 41, |
68
|
|
|
|
|
|
|
BAD_CERTIFICATE => 42, |
69
|
|
|
|
|
|
|
UNSUPPORTED_CERTIFICATE => 43, |
70
|
|
|
|
|
|
|
CERTIFICATE_REVOKED => 44, |
71
|
|
|
|
|
|
|
CERTIFICATE_EXPIRED => 45, |
72
|
|
|
|
|
|
|
CERTIFICATE_UNKNOWN => 46, |
73
|
|
|
|
|
|
|
ILLEGAL_PARAMETER => 47, |
74
|
|
|
|
|
|
|
UNKNOWN_CA => 48, |
75
|
|
|
|
|
|
|
ACCESS_DENIED => 49, |
76
|
|
|
|
|
|
|
DECODE_ERROR => 50, |
77
|
|
|
|
|
|
|
DECRYPT_ERROR => 51, |
78
|
|
|
|
|
|
|
EXPORT_RESTRICTION_RESERVED => 60, |
79
|
|
|
|
|
|
|
PROTOCOL_VERSION => 70, |
80
|
|
|
|
|
|
|
INSUFFICIENT_SECURITY => 71, |
81
|
|
|
|
|
|
|
INTERNAL_ERROR => 80, |
82
|
|
|
|
|
|
|
USER_CANCELED => 90, |
83
|
|
|
|
|
|
|
NO_RENEGOTIATION => 100, |
84
|
|
|
|
|
|
|
UNSUPPORTED_EXTENSION => 110, |
85
|
|
|
|
|
|
|
|
86
|
|
|
|
|
|
|
# Hash Algorithm |
87
|
|
|
|
|
|
|
HASH_NONE => 0, |
88
|
|
|
|
|
|
|
HASH_MD5 => 1, |
89
|
|
|
|
|
|
|
HASH_SHA1 => 2, |
90
|
|
|
|
|
|
|
HASH_SHA224 => 3, |
91
|
|
|
|
|
|
|
HASH_SHA256 => 4, |
92
|
|
|
|
|
|
|
HASH_SHA384 => 5, |
93
|
|
|
|
|
|
|
HASH_SHA512 => 6, |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
# Signature Algorithm |
96
|
|
|
|
|
|
|
SIGN_ANONYMOUS => 0, |
97
|
|
|
|
|
|
|
SIGN_RSA => 1, |
98
|
|
|
|
|
|
|
SIGN_DSA => 2, |
99
|
|
|
|
|
|
|
SIGN_ECDSA => 64, |
100
|
|
|
|
|
|
|
|
101
|
|
|
|
|
|
|
# Client Certificate Type |
102
|
|
|
|
|
|
|
RSA_SIGN => 1, |
103
|
|
|
|
|
|
|
DSS_SIGN => 2, |
104
|
|
|
|
|
|
|
RSA_FIXED_DH => 3, |
105
|
|
|
|
|
|
|
DSS_FIXED_DH => 4, |
106
|
|
|
|
|
|
|
RSA_EPHEMERAL_DH_RESERVED => 5, |
107
|
|
|
|
|
|
|
DSS_EPHEMERAL_DH_RESERVED => 6, |
108
|
|
|
|
|
|
|
FORTEZZA_DMS_RESERVED => 20, |
109
|
3
|
|
|
3
|
|
16
|
}; |
|
3
|
|
|
|
|
4
|
|
110
|
|
|
|
|
|
|
|
111
|
|
|
|
|
|
|
require Exporter; |
112
|
|
|
|
|
|
|
our @ISA = qw(Exporter); |
113
|
|
|
|
|
|
|
our %EXPORT_TAGS = ( |
114
|
|
|
|
|
|
|
versions => [qw(TLS_v10 TLS_v11 TLS_v12 TLS_v13)], |
115
|
|
|
|
|
|
|
c_types => [ |
116
|
|
|
|
|
|
|
qw( CTYPE_CHANGE_CIPHER_SPEC CTYPE_ALERT CTYPE_HANDSHAKE |
117
|
|
|
|
|
|
|
CTYPE_APPLICATION_DATA ) |
118
|
|
|
|
|
|
|
], |
119
|
|
|
|
|
|
|
hs_types => [ |
120
|
|
|
|
|
|
|
qw( HSTYPE_HELLO_REQUEST HSTYPE_CLIENT_HELLO HSTYPE_SERVER_HELLO |
121
|
|
|
|
|
|
|
HSTYPE_CERTIFICATE HSTYPE_SERVER_KEY_EXCHANGE |
122
|
|
|
|
|
|
|
HSTYPE_CERTIFICATE_REQUEST HSTYPE_SERVER_HELLO_DONE |
123
|
|
|
|
|
|
|
HSTYPE_CERTIFICATE_VERIFY HSTYPE_CLIENT_KEY_EXCHANGE HSTYPE_FINISHED ) |
124
|
|
|
|
|
|
|
], |
125
|
|
|
|
|
|
|
end_types => [qw( CLIENT SERVER )], |
126
|
|
|
|
|
|
|
ciphers => [ |
127
|
|
|
|
|
|
|
qw( TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 |
128
|
|
|
|
|
|
|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
129
|
|
|
|
|
|
|
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA |
130
|
|
|
|
|
|
|
TLS_RSA_WITH_3DES_EDE_CBC_SHA TLS_RSA_WITH_RC4_128_SHA |
131
|
|
|
|
|
|
|
TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_NULL_SHA256 TLS_RSA_WITH_NULL_SHA |
132
|
|
|
|
|
|
|
TLS_NULL_WITH_NULL_NULL ) |
133
|
|
|
|
|
|
|
], |
134
|
|
|
|
|
|
|
state_types => [ |
135
|
|
|
|
|
|
|
qw( STATE_IDLE STATE_HS_START STATE_SESS_NEW STATE_SESS_RESUME |
136
|
|
|
|
|
|
|
STATE_HS_RESUME STATE_HS_HALF STATE_HS_FULL STATE_OPEN ) |
137
|
|
|
|
|
|
|
], |
138
|
|
|
|
|
|
|
alert_types => [qw( WARNING FATAL )], |
139
|
|
|
|
|
|
|
alert_desc => [ |
140
|
|
|
|
|
|
|
qw( CLOSE_NOTIFY UNEXPECTED_MESSAGE BAD_RECORD_MAC |
141
|
|
|
|
|
|
|
DECRYPTION_FAILED_RESERVED RECORD_OVERFLOW DECOMPRESSION_FAILURE |
142
|
|
|
|
|
|
|
HANDSHAKE_FAILURE NO_CERTIFICATE_RESERVED BAD_CERTIFICATE |
143
|
|
|
|
|
|
|
UNSUPPORTED_CERTIFICATE CERTIFICATE_REVOKED CERTIFICATE_EXPIRED |
144
|
|
|
|
|
|
|
CERTIFICATE_UNKNOWN ILLEGAL_PARAMETER UNKNOWN_CA ACCESS_DENIED |
145
|
|
|
|
|
|
|
DECODE_ERROR DECRYPT_ERROR EXPORT_RESTRICTION_RESERVED PROTOCOL_VERSION |
146
|
|
|
|
|
|
|
INSUFFICIENT_SECURITY INTERNAL_ERROR USER_CANCELED NO_RENEGOTIATION |
147
|
|
|
|
|
|
|
UNSUPPORTED_EXTENSION) |
148
|
|
|
|
|
|
|
], |
149
|
|
|
|
|
|
|
hash_alg => [ |
150
|
|
|
|
|
|
|
qw( HASH_NONE HASH_MD5 HASH_SHA1 HASH_SHA224 HASH_SHA256 HASH_SHA384 |
151
|
|
|
|
|
|
|
HASH_SHA512 ) |
152
|
|
|
|
|
|
|
], |
153
|
|
|
|
|
|
|
sign_alg => [qw( SIGN_ANONYMOUS SIGN_RSA SIGN_DSA SIGN_ECDSA )], |
154
|
|
|
|
|
|
|
client_c_types => [ |
155
|
|
|
|
|
|
|
qw( RSA_SIGN DSS_SIGN RSA_FIXED_DH DSS_FIXED_DH RSA_EPHEMERAL_DH_RESERVED |
156
|
|
|
|
|
|
|
DSS_EPHEMERAL_DH_RESERVED FORTEZZA_DMS_RESERVED ) |
157
|
|
|
|
|
|
|
], |
158
|
|
|
|
|
|
|
); |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
my ( %reverse, %ciphers ); |
161
|
|
|
|
|
|
|
{ |
162
|
3
|
|
|
3
|
|
18
|
no strict 'refs'; |
|
3
|
|
|
|
|
22
|
|
|
3
|
|
|
|
|
1124
|
|
163
|
|
|
|
|
|
|
for my $k ( keys %EXPORT_TAGS ) { |
164
|
|
|
|
|
|
|
for my $v ( @{ $EXPORT_TAGS{$k} } ) { |
165
|
|
|
|
|
|
|
$reverse{$k}{ &{$v} } = $v; |
166
|
|
|
|
|
|
|
} |
167
|
|
|
|
|
|
|
} |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
for my $c ( keys %{ $reverse{ciphers} } ) { |
170
|
|
|
|
|
|
|
$ciphers{$c} = |
171
|
|
|
|
|
|
|
[ $reverse{ciphers}{$c} =~ /^TLS_(.+)_WITH_(.+)_([^_]+)$/ ]; |
172
|
|
|
|
|
|
|
} |
173
|
|
|
|
|
|
|
} |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
sub const_name { |
176
|
73
|
|
|
73
|
0
|
159
|
my ( $tag, $value ) = @_; |
177
|
73
|
50
|
50
|
|
|
742
|
exists $reverse{$tag} ? ( $reverse{$tag}{$value} || '' ) : ''; |
178
|
|
|
|
|
|
|
} |
179
|
|
|
|
|
|
|
|
180
|
|
|
|
|
|
|
sub is_tls_version { |
181
|
24
|
50
|
33
|
24
|
0
|
272
|
$_[0] < TLS_v10 || $_[0] > TLS_v12 ? undef : $_[0]; |
182
|
|
|
|
|
|
|
} |
183
|
|
|
|
|
|
|
|
184
|
|
|
|
|
|
|
sub cipher_type { |
185
|
6
|
50
|
|
6
|
0
|
38
|
exists $ciphers{ $_[0] } ? @{ $ciphers{ $_[0] } } : (); |
|
6
|
|
|
|
|
66
|
|
186
|
|
|
|
|
|
|
} |
187
|
|
|
|
|
|
|
|
188
|
|
|
|
|
|
|
our @EXPORT_OK = ( |
189
|
|
|
|
|
|
|
qw(const_name is_tls_version cipher_type ), |
190
|
|
|
|
|
|
|
map { @$_ } values %EXPORT_TAGS |
191
|
|
|
|
|
|
|
); |
192
|
|
|
|
|
|
|
|
193
|
|
|
|
|
|
|
1 |