Enable TLSProxy to talk TLS1.3

Now that ossltest knows about a TLS1.3 cipher we can now do TLS1.3 in
TLSProxy
Reviewed-by: NRich Salz <rsalz@openssl.org>

test/recipes/70-test_sslcbcpadding.t

@@ -40,6 +40,7 @@ my @test_offsets = (0, 128, 254, 255);
 
 # Test that maximally-padded records are accepted.
 my $bad_padding_offset = -1;
+$proxy->serverflags("-tls1_2");
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
 plan tests => 1 + scalar(@test_offsets);
 ok(TLSProxy::Message->success(), "Maximally-padded record test");

test/recipes/70-test_sslrecords.t

@@ -37,6 +37,7 @@ my $proxy = TLSProxy::Proxy->new(
 #Test 1: Injecting out of context empty records should fail
 my $content_type = TLSProxy::Record::RT_APPLICATION_DATA;
 my $inject_recs_num = 1;
+$proxy->serverflags("-tls1_2");
 $proxy->start() or plan skip_all => "Unable to start up Proxy for tests";
 plan tests => 9;
 ok(TLSProxy::Message->fail(), "Out of context empty records test");
@@ -44,6 +45,7 @@ ok(TLSProxy::Message->fail(), "Out of context empty records test");
 #Test 2: Injecting in context empty records should succeed
 $proxy->clear();
 $content_type = TLSProxy::Record::RT_HANDSHAKE;
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(TLSProxy::Message->success(), "In context empty records test");
 
@@ -51,6 +53,7 @@ ok(TLSProxy::Message->success(), "In context empty records test");
 $proxy->clear();
 #We allow 32 consecutive in context empty records
 $inject_recs_num = 33;
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Too many in context empty records test");
 
@@ -59,6 +62,7 @@ ok(TLSProxy::Message->fail(), "Too many in context empty records test");
 #        alert, i.e. this will look like a disorderly close
 $proxy->clear();
 $proxy->filter(\&add_frag_alert_filter);
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(!TLSProxy::Message->end(), "Fragmented alert records test");
 
@@ -75,6 +79,7 @@ use constant {
 my $sslv2testtype = TLSV1_2_IN_SSLV2;
 $proxy->clear();
 $proxy->filter(\&add_sslv2_filter);
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");
 
@@ -83,6 +88,7 @@ ok(TLSProxy::Message->success(), "TLSv1.2 in SSLv2 ClientHello test");
 #        protocol so we don't even send an alert in this case.
 $sslv2testtype = SSLV2_IN_SSLV2;
 $proxy->clear();
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test");
 
@@ -91,6 +97,7 @@ ok(!TLSProxy::Message->end(), "SSLv2 in SSLv2 ClientHello test");
 #        reasons
 $sslv2testtype = FRAGMENTED_IN_TLSV1_2;
 $proxy->clear();
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");
 
@@ -98,6 +105,7 @@ ok(TLSProxy::Message->success(), "Fragmented ClientHello in TLSv1.2 test");
 #        record; and another TLS1.2 record. This isn't allowed so should fail
 $sslv2testtype = FRAGMENTED_IN_SSLV2;
 $proxy->clear();
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");
 
@@ -105,6 +113,7 @@ ok(TLSProxy::Message->fail(), "Fragmented ClientHello in TLSv1.2/SSLv2 test");
 #        fail because an SSLv2 ClientHello must be the first record.
 $sslv2testtype = ALERT_BEFORE_SSLV2;
 $proxy->clear();
+$proxy->serverflags("-tls1_2");
 $proxy->start();
 ok(TLSProxy::Message->fail(), "Alert before SSLv2 ClientHello test");
 sub add_empty_recs_filter

util/TLSProxy/Proxy.pm

@@ -48,7 +48,7 @@ sub new
         cert => $cert,
         debug => $debug,
         cipherc => "",
-        ciphers => "AES128-SHA",
+        ciphers => "AES128-SHA:TLS13-AES-128-GCM-SHA256",
         flight => 0,
         record_list => [],
         message_list => [],
@@ -113,7 +113,7 @@ sub clear
     my $self = shift;
 
     $self->clearClient;
-    $self->{ciphers} = "AES128-SHA";
+    $self->{ciphers} = "AES128-SHA:TLS13-AES-128-GCM-SHA256";
     $self->{serverflags} = "";
     $self->{serverconnects} = 1;
     $self->{serverpid} = 0;
@@ -147,10 +147,8 @@ sub start
                 or die "Failed to redirect stdout: $!";
             open(STDERR, ">&STDOUT");
         }
-        # TODO(TLS1.3): Temporarily disabled for TLS1.3...no shared cipher
-        # because the TLS1.3 ciphersuites are not compatible with ossltest
         my $execcmd = $self->execute
-            ." s_server -no_tls1_3 -no_comp -rev -engine ossltest -accept "
+            ." s_server -no_comp -rev -engine ossltest -accept "
             .($self->server_port)
             ." -cert ".$self->cert." -naccept ".$self->serverconnects;
         if ($self->ciphers ne "") {

util/TLSProxy/Record.pm

@@ -107,7 +107,7 @@ sub get_records
 
             if (($server && $server_ccs_seen)
                      || (!$server && $client_ccs_seen)) {
-                if ($etm) {
+                if ($version != VERS_TLS_1_3() && $etm) {
                     $record->decryptETM();
                 } else {
                     $record->decrypt();
@@ -221,22 +221,27 @@ sub decryptETM
 sub decrypt()
 {
     my ($self) = shift;
-
+    my $mactaglen = 20;
     my $data = $self->data;
 
-    if($self->version >= VERS_TLS_1_1()) {
-        #TLS1.1+ has an explicit IV. Throw it away
+    #Throw away any IVs
+    if ($self->version >= VERS_TLS_1_3()) {
+        #8 bytes for a GCM IV
+        $data = substr($data, 8);
+        $mactaglen = 16;
+    } elsif ($self->version >= VERS_TLS_1_1()) {
+        #16 bytes for a standard IV
         $data = substr($data, 16);
-    }
 
-    #Find out what the padding byte is
-    my $padval = unpack("C", substr($data, length($data) - 1));
+        #Find out what the padding byte is
+        my $padval = unpack("C", substr($data, length($data) - 1));
 
-    #Throw away the padding
-    $data = substr($data, 0, length($data) - ($padval + 1));
+        #Throw away the padding
+        $data = substr($data, 0, length($data) - ($padval + 1));
+    }
 
-    #Throw away the MAC (assumes MAC is 20 bytes for now. FIXME)
-    $data = substr($data, 0, length($data) - 20);
+    #Throw away the MAC or TAG
+    $data = substr($data, 0, length($data) - $mactaglen);
 
     $self->decrypt_data($data);
     $self->decrypt_len(length($data));