/src/PcapPlusPlus/Packet++/header/SSLCommon.h
Line | Count | Source (jump to first uncovered line) |
1 | | #ifndef PACKETPP_SSL_LAYER_COMMON |
2 | | #define PACKETPP_SSL_LAYER_COMMON |
3 | | |
4 | | #include <string> |
5 | | #include <stdint.h> |
6 | | |
7 | | /** |
8 | | * @file |
9 | | * See detailed explanation of the TLS/SSL protocol support in PcapPlusPlus in SSLLayer.h |
10 | | */ |
11 | | |
12 | | /** |
13 | | * \namespace pcpp |
14 | | * \brief The main namespace for the PcapPlusPlus lib |
15 | | */ |
16 | | namespace pcpp |
17 | | { |
18 | | |
19 | | /** |
20 | | * @struct ssl_tls_record_layer |
21 | | * The common part of all SSL/TLS messages |
22 | | */ |
23 | | #pragma pack(push, 1) |
24 | | struct ssl_tls_record_layer |
25 | | { |
26 | | /** Message (record) type (one of ::SSLRecordType) */ |
27 | | uint8_t recordType; |
28 | | /** Message (record) version (one of SSLVersion::SSLVersionEnum) */ |
29 | | uint16_t recordVersion; |
30 | | /** Message (record) length in bytes */ |
31 | | uint16_t length; |
32 | | }; |
33 | | #pragma pack(pop) |
34 | | |
35 | | |
36 | | /** |
37 | | * @struct ssl_tls_handshake_layer |
38 | | * The common part of all SSL/TLS handshake message types |
39 | | */ |
40 | | #pragma pack(push, 1) |
41 | | struct ssl_tls_handshake_layer |
42 | | { |
43 | | /** Type of the handshake message (one of ::SSLHandshakeType) */ |
44 | | uint8_t handshakeType; |
45 | | /** Length of the message. Length is 3-Byte long, This is the MSB byte */ |
46 | | uint8_t length1; |
47 | | /** Length of the message. Length is 3-Byte long, This is the 2 LSB bytes */ |
48 | | uint16_t length2; |
49 | | }; |
50 | | #pragma pack(pop) |
51 | | |
52 | | |
53 | | /** |
54 | | * @struct ssl_tls_client_server_hello |
55 | | * The common header part of client-hello and server-hello handshake messages |
56 | | */ |
57 | | #pragma pack(push, 1) |
58 | | struct ssl_tls_client_server_hello : ssl_tls_handshake_layer |
59 | | { |
60 | | /** SSL/TLS handshake version (one of SSLVersion::SSLVersionEnum) */ |
61 | | uint16_t handshakeVersion; |
62 | | /** 32-bytes random number */ |
63 | | uint8_t random[32]; |
64 | | }; |
65 | | #pragma pack(pop) |
66 | | |
67 | | |
68 | | /** |
69 | | * @struct ssl_tls_change_cipher_spec |
70 | | * SSL/TLS change-cipher-spec message structure |
71 | | */ |
72 | | #pragma pack(push, 1) |
73 | | struct ssl_tls_change_cipher_spec |
74 | | { |
75 | | /** Unused byte */ |
76 | | uint8_t changeCipherSpec; |
77 | | }; |
78 | | #pragma pack(pop) |
79 | | |
80 | | |
81 | | /** |
82 | | * @struct ssl_tls_alert |
83 | | * SSL/TLS alert message structure |
84 | | */ |
85 | | #pragma pack(push, 1) |
86 | | struct ssl_tls_alert |
87 | | { |
88 | | /** Alert level (one of ::SSLAlertLevel) */ |
89 | | uint8_t alertLevel; |
90 | | /** Alert description (one of ::SSLAlertDescription) */ |
91 | | uint8_t alertDescription; |
92 | | }; |
93 | | #pragma pack(pop) |
94 | | |
95 | | |
96 | | /** |
97 | | * SSL/TLS message types |
98 | | */ |
99 | | enum SSLRecordType |
100 | | { |
101 | | /** Change-cipher-spec message */ |
102 | | SSL_CHANGE_CIPHER_SPEC = 20, |
103 | | /** SSL alert message */ |
104 | | SSL_ALERT = 21, |
105 | | /** SSL handshake message */ |
106 | | SSL_HANDSHAKE = 22, |
107 | | /** SSL data message */ |
108 | | SSL_APPLICATION_DATA = 23 |
109 | | }; |
110 | | |
111 | | |
112 | | /** |
113 | | * @class SSLVersion |
114 | | * A wrapper class for SSL/TLS versions. The SSL/TLS version is typically represented by a 2-byte number, |
115 | | * for example TLS 1.2 is represented by 0x0303. |
116 | | * This class wraps the numeric value and provides methods to convert it into an enum, string, etc. |
117 | | */ |
118 | | class SSLVersion |
119 | | { |
120 | | public: |
121 | | /** |
122 | | * SSL/TLS versions enum |
123 | | */ |
124 | | enum SSLVersionEnum |
125 | | { |
126 | | /** SSL 2.0 */ |
127 | | SSL2 = 0x0200, |
128 | | /** SSL 3.0 */ |
129 | | SSL3 = 0x0300, |
130 | | /** TLS 1.0 */ |
131 | | TLS1_0 = 0x0301, |
132 | | /** TLS 1.1 */ |
133 | | TLS1_1 = 0x0302, |
134 | | /** TLS 1.2 */ |
135 | | TLS1_2 = 0x0303, |
136 | | /** TLS 1.3 */ |
137 | | TLS1_3 = 0x0304, |
138 | | /** TLS 1.3 (draft 14) */ |
139 | | TLS1_3_D14 = 0x7f0e, |
140 | | /** TLS 1.3 (draft 15) */ |
141 | | TLS1_3_D15 = 0x7f0f, |
142 | | /** TLS 1.3 (draft 16) */ |
143 | | TLS1_3_D16 = 0x7f10, |
144 | | /** TLS 1.3 (draft 17) */ |
145 | | TLS1_3_D17 = 0x7f11, |
146 | | /** TLS 1.3 (draft 18) */ |
147 | | TLS1_3_D18 = 0x7f12, |
148 | | /** TLS 1.3 (draft 19) */ |
149 | | TLS1_3_D19 = 0x7f13, |
150 | | /** TLS 1.3 (draft 20) */ |
151 | | TLS1_3_D20 = 0x7f14, |
152 | | /** TLS 1.3 (draft 21) */ |
153 | | TLS1_3_D21 = 0x7f15, |
154 | | /** TLS 1.3 (draft 22) */ |
155 | | TLS1_3_D22 = 0x7f16, |
156 | | /** TLS 1.3 (draft 23) */ |
157 | | TLS1_3_D23 = 0x7f17, |
158 | | /** TLS 1.3 (draft 24) */ |
159 | | TLS1_3_D24 = 0x7f18, |
160 | | /** TLS 1.3 (draft 25) */ |
161 | | TLS1_3_D25 = 0x7f19, |
162 | | /** TLS 1.3 (draft 26) */ |
163 | | TLS1_3_D26 = 0x7f1a, |
164 | | /** TLS 1.3 (draft 27) */ |
165 | | TLS1_3_D27 = 0x7f1b, |
166 | | /** TLS 1.3 (draft 28) */ |
167 | | TLS1_3_D28 = 0x7f1c, |
168 | | /** TLS 1.3 (Facebook draft 23) */ |
169 | | TLS1_3_FBD23 = 0xfb17, |
170 | | /** TLS 1.3 (Facebook draft 26) */ |
171 | | TLS1_3_FBD26 = 0xfb1a, |
172 | | /** Unknown value */ |
173 | | Unknown = 0 |
174 | | }; |
175 | | |
176 | | /** |
177 | | * A c'tor for this class. |
178 | | * @param[in] sslVersionValue The numeric value representing this SSL/TLS version. For example: |
179 | | * for TLS 1.2 this would be 0x0303. |
180 | | */ |
181 | 19.6k | explicit SSLVersion(uint16_t sslVersionValue) { m_SSLVersionValue = sslVersionValue; } |
182 | | |
183 | | /** |
184 | | * @return An enum value of type SSLVersion::SSLVersionEnum representing the SSL/TLS version. |
185 | | * If the numeric value is an invalid SSL/TLS version SSLVersion::Unknown will be returned. |
186 | | * @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the enum value SSLVersion::TLS1_3 for all TLS 1.3 drafts. If set to "true" |
187 | | * all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return SSLVersion::TLS1_3, otherwise the corresponding enum values will be |
188 | | * returned. The default value is "false". |
189 | | */ |
190 | | SSLVersionEnum asEnum(bool countTlsDraftsAs1_3 = false); |
191 | | |
192 | | /** |
193 | | * @return The numeric value of the SSL/TLs version |
194 | | */ |
195 | 0 | uint16_t asUInt() { return m_SSLVersionValue; } |
196 | | |
197 | | /** |
198 | | * @return A string representation of the SSL/TLS version. For example: for TLS 1.2 the string "TLS 1.2" is returned. |
199 | | * If the numeric value is an invalid SSL/TLS version the string "Unknown" will be returned. |
200 | | * @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the string value "TLS 1.3" for all TLS 1.3 drafts. If set to "true" |
201 | | * all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return "TLS 1.3", otherwise the corresponding string values will be |
202 | | * returned. The default value is "false". |
203 | | */ |
204 | | std::string toString(bool countTlsDraftsAs1_3 = false); |
205 | | |
206 | | private: |
207 | | uint16_t m_SSLVersionValue; |
208 | | |
209 | | // unimplemented empty c'tor |
210 | | SSLVersion(); |
211 | | }; |
212 | | |
213 | | /** |
214 | | * SSL/TLS handshake message types |
215 | | */ |
216 | | enum SSLHandshakeType |
217 | | { |
218 | | /** Hello-request message type */ |
219 | | SSL_HELLO_REQUEST = 0, |
220 | | /** Client-hello message type */ |
221 | | SSL_CLIENT_HELLO = 1, |
222 | | /** Server-hello message type */ |
223 | | SSL_SERVER_HELLO = 2, |
224 | | /** New-session-ticket message type */ |
225 | | SSL_NEW_SESSION_TICKET = 4, |
226 | | /** End-of-early-data message type (TLS 1.3) */ |
227 | | SSL_END_OF_EARLY_DATE = 5, |
228 | | /** Encrypted-extensions message type (TLS 1.3) */ |
229 | | SSL_ENCRYPTED_EXTENSIONS = 8, |
230 | | /** Certificate message type */ |
231 | | SSL_CERTIFICATE = 11, |
232 | | /** Server-key-exchange message type */ |
233 | | SSL_SERVER_KEY_EXCHANGE = 12, |
234 | | /** Certificate-request message type */ |
235 | | SSL_CERTIFICATE_REQUEST = 13, |
236 | | /** Server-hello-done message type */ |
237 | | SSL_SERVER_DONE = 14, |
238 | | /** Certificate-verify message type */ |
239 | | SSL_CERTIFICATE_VERIFY = 15, |
240 | | /** Client-key-exchange message type */ |
241 | | SSL_CLIENT_KEY_EXCHANGE = 16, |
242 | | /** Finish message type */ |
243 | | SSL_FINISHED = 20, |
244 | | /** Key-update message type (TLS 1.3) */ |
245 | | SSL_KEY_UPDATE = 24, |
246 | | /** Unknown SSL handshake message */ |
247 | | SSL_HANDSHAKE_UNKNOWN = 255 |
248 | | }; |
249 | | |
250 | | /** |
251 | | * SSL/TLS alert levels |
252 | | */ |
253 | | enum SSLAlertLevel |
254 | | { |
255 | | /** Warning level alert */ |
256 | | SSL_ALERT_LEVEL_WARNING = 1, |
257 | | /** Fatal level alert */ |
258 | | SSL_ALERT_LEVEL_FATAL = 2, |
259 | | /** For encrypted alerts the level is unknown so this type will be returned */ |
260 | | SSL_ALERT_LEVEL_ENCRYPTED = 255 |
261 | | }; |
262 | | |
263 | | /** |
264 | | * SSL/TLS alert description types |
265 | | */ |
266 | | enum SSLAlertDescription |
267 | | { |
268 | | /** Close notify alert */ |
269 | | SSL_ALERT_CLOSE_NOTIFY = 0, |
270 | | /** Unexpected message alert */ |
271 | | SSL_ALERT_UNEXPECTED_MESSAGE = 10, |
272 | | /** Bad record MAC alert */ |
273 | | SSL_ALERT_BAD_RECORD_MAC = 20, |
274 | | /** Decryption failed alert */ |
275 | | SSL_ALERT_DECRYPTION_FAILED = 21, |
276 | | /** */ |
277 | | SSL_ALERT_RECORD_OVERFLOW = 22, |
278 | | /** Decompression failure alert */ |
279 | | SSL_ALERT_DECOMPRESSION_FAILURE = 30, |
280 | | /** Handshake failure alert */ |
281 | | SSL_ALERT_HANDSHAKE_FAILURE = 40, |
282 | | /** No certificate alert */ |
283 | | SSL_ALERT_NO_CERTIFICATE = 41, |
284 | | /** Bad certificate alert */ |
285 | | SSL_ALERT_BAD_CERTIFICATE = 42, |
286 | | /** Unsupported certificate */ |
287 | | SSL_ALERT_UNSUPPORTED_CERTIFICATE = 43, |
288 | | /** Certificate revoked alert */ |
289 | | SSL_ALERT_CERTIFICATE_REVOKED = 44, |
290 | | /** Certificate expired alert */ |
291 | | SSL_ALERT_CERTIFICATE_EXPIRED = 45, |
292 | | /** Certificate unknown alert */ |
293 | | SSL_ALERT_CERTIFICATE_UNKNOWN = 46, |
294 | | /** Illegal parameter alert */ |
295 | | SSL_ALERT_ILLEGAL_PARAMETER = 47, |
296 | | /** Unknown CA alert */ |
297 | | SSL_ALERT_UNKNOWN_CA = 48, |
298 | | /** Access denied alert */ |
299 | | SSL_ALERT_ACCESS_DENIED = 49, |
300 | | /** Decode error alert */ |
301 | | SSL_ALERT_DECODE_ERROR = 50, |
302 | | /** Decrypt error alert */ |
303 | | SSL_ALERT_DECRYPT_ERROR = 51, |
304 | | /** Export restriction alert */ |
305 | | SSL_ALERT_EXPORT_RESTRICTION = 60, |
306 | | /** Protocol version alert */ |
307 | | SSL_ALERT_PROTOCOL_VERSION = 70, |
308 | | /** Insufficient security alert */ |
309 | | SSL_ALERT_INSUFFICIENT_SECURITY = 71, |
310 | | /** Internal error alert */ |
311 | | SSL_ALERT_INTERNAL_ERROR = 80, |
312 | | /** User cancelled alert */ |
313 | | SSL_ALERT_USER_CANCELLED = 90, |
314 | | /** No negotiation alert */ |
315 | | SSL_ALERT_NO_RENEGOTIATION = 100, |
316 | | /** Unsupported extension alert */ |
317 | | SSL_ALERT_UNSUPPORTED_EXTENSION = 110, |
318 | | /** Encrtpyed alert (cannot determine its type) */ |
319 | | SSL_ALERT_ENCRYPTED = 255 |
320 | | }; |
321 | | |
322 | | /** |
323 | | * SSL/TLS key exchange algorithms |
324 | | */ |
325 | | enum SSLKeyExchangeAlgorithm |
326 | | { |
327 | | /** NULL value */ |
328 | | SSL_KEYX_NULL, |
329 | | /** RSA (Rivest-Shamir-Adleman) */ |
330 | | SSL_KEYX_RSA, |
331 | | /** Diffie-Hellman */ |
332 | | SSL_KEYX_DH, |
333 | | /** Diffie-Hellman ephemeral */ |
334 | | SSL_KEYX_DHE, |
335 | | /** Elliptic curve Diffie�Hellman */ |
336 | | SSL_KEYX_ECDH, |
337 | | /** Elliptic curve Diffie�Hellman ephemeral */ |
338 | | SSL_KEYX_ECDHE, |
339 | | /** Fortezza Crypto Card */ |
340 | | SSL_KEYX_FORTEZZA, |
341 | | /** Kerberos 5 */ |
342 | | SSL_KEYX_KRB5, |
343 | | /** Pre-Shared Key */ |
344 | | SSL_KEYX_PSK, |
345 | | /** GOST */ |
346 | | SSL_KEYX_GOST, |
347 | | /** Secure Remote Password */ |
348 | | SSL_KEYX_SRP, |
349 | | /** PCT */ |
350 | | SSL_KEYX_PCT, |
351 | | /** Unknown algorithm */ |
352 | | SSL_KEYX_Unknown |
353 | | }; |
354 | | |
355 | | /** |
356 | | * SSL/TLS authentication algorithms |
357 | | */ |
358 | | enum SSLAuthenticationAlgorithm |
359 | | { |
360 | | /** NULL value */ |
361 | | SSL_AUTH_NULL, |
362 | | /** RSA (Rivest-Shamir-Adleman) */ |
363 | | SSL_AUTH_RSA, |
364 | | /** Digital Signature Standard */ |
365 | | SSL_AUTH_DSS, |
366 | | /** Anonymous */ |
367 | | SSL_AUTH_anon, |
368 | | /** Diffie-Hellman based key-exchange protocol */ |
369 | | SSL_AUTH_KEA, |
370 | | /** Kerberos 5 */ |
371 | | SSL_AUTH_KRB5, |
372 | | /** Pre-Shared Key */ |
373 | | SSL_AUTH_PSK, |
374 | | /** Elliptic Curve Digital Signature Algorithm */ |
375 | | SSL_AUTH_ECDSA, |
376 | | /** GOST */ |
377 | | SSL_AUTH_GOST, |
378 | | /** SHA-1 (Secure Hash Algorithm) */ |
379 | | SSL_AUTH_SHA, |
380 | | /** PCT */ |
381 | | SSL_AUTH_PCT, |
382 | | /** Diffie-Hellman ephemeral */ |
383 | | SSL_AUTH_DHE, |
384 | | /** Unknown algorithm */ |
385 | | SSL_AUTH_Unknown |
386 | | }; |
387 | | |
388 | | /** |
389 | | * SSL/TLS symmetric encryption algorithms |
390 | | */ |
391 | | enum SSLSymetricEncryptionAlgorithm |
392 | | { |
393 | | /** NULL value */ |
394 | | SSL_SYM_NULL, |
395 | | /** RC4_40 */ |
396 | | SSL_SYM_RC4_40, |
397 | | /** RC4_128 */ |
398 | | SSL_SYM_RC4_128, |
399 | | /** RC2_CBC_40 */ |
400 | | SSL_SYM_RC2_CBC_40, |
401 | | /** IDEA_CBC */ |
402 | | SSL_SYM_IDEA_CBC, |
403 | | /** DES40_CBC */ |
404 | | SSL_SYM_DES40_CBC, |
405 | | /** DES_CBC */ |
406 | | SSL_SYM_DES_CBC, |
407 | | /** 3DES_EDE_CBC */ |
408 | | SSL_SYM_3DES_EDE_CBC, |
409 | | /** FORTEZZA_CBC */ |
410 | | SSL_SYM_FORTEZZA_CBC, |
411 | | /** DES_CBC_40 */ |
412 | | SSL_SYM_DES_CBC_40, |
413 | | /** AES_128_CBC */ |
414 | | SSL_SYM_AES_128_CBC, |
415 | | /** AES_256_CBC */ |
416 | | SSL_SYM_AES_256_CBC, |
417 | | /** CAMELLIA_128_CBC */ |
418 | | SSL_SYM_CAMELLIA_128_CBC, |
419 | | /** CAMELLIA_128_GCM */ |
420 | | SSL_SYM_CAMELLIA_128_GCM, |
421 | | /** CAMELLIA_256_GCM */ |
422 | | SSL_SYM_CAMELLIA_256_GCM, |
423 | | /** RC4_56 */ |
424 | | SSL_SYM_RC4_56, |
425 | | /** RC2_CBC_56 */ |
426 | | SSL_SYM_RC2_CBC_56, |
427 | | /** GOST28147 */ |
428 | | SSL_SYM_GOST28147, |
429 | | /** CAMELLIA_256_CBC */ |
430 | | SSL_SYM_CAMELLIA_256_CBC, |
431 | | /** SEED_CBC */ |
432 | | SSL_SYM_SEED_CBC, |
433 | | /** AES_128 */ |
434 | | SSL_SYM_AES_128, |
435 | | /** AES_256 */ |
436 | | SSL_SYM_AES_256, |
437 | | /** SSL_SYM_AES_128_GCM */ |
438 | | SSL_SYM_AES_128_GCM, |
439 | | /** AES_256_GCM */ |
440 | | SSL_SYM_AES_256_GCM, |
441 | | /** RC4_128_EXPORT40 */ |
442 | | SSL_SYM_RC4_128_EXPORT40, |
443 | | /** RC2_CBC_128_CBC */ |
444 | | SSL_SYM_RC2_CBC_128_CBC, |
445 | | /** IDEA_128_CBC */ |
446 | | SSL_SYM_IDEA_128_CBC, |
447 | | /** DES_64_CBC */ |
448 | | SSL_SYM_DES_64_CBC, |
449 | | /** DES_192_EDE3_CBC */ |
450 | | SSL_SYM_DES_192_EDE3_CBC, |
451 | | /** RC4_64 */ |
452 | | SSL_SYM_RC4_64, |
453 | | /** ARIA_128_CBC*/ |
454 | | SSL_SYM_ARIA_128_CBC, |
455 | | /** ARIA_256_CBC */ |
456 | | SSL_SYM_ARIA_256_CBC, |
457 | | /** ARIA_128_GCM */ |
458 | | SSL_SYM_ARIA_128_GCM, |
459 | | /** ARIA_256_GCM */ |
460 | | SSL_SYM_ARIA_256_GCM, |
461 | | /** CHACHA20_POLY1305 */ |
462 | | SSL_SYM_CHACHA20_POLY1305, |
463 | | /** AES_128_CCM */ |
464 | | SSL_SYM_AES_128_CCM, |
465 | | /** AES_128_CCM_8 */ |
466 | | SSL_SYM_AES_128_CCM_8, |
467 | | /** Unknown algorithm */ |
468 | | SSL_SYM_Unknown |
469 | | }; |
470 | | |
471 | | /** |
472 | | * SSL/TLS hashing algorithms |
473 | | */ |
474 | | enum SSLHashingAlgorithm |
475 | | { |
476 | | /** NULL value */ |
477 | | SSL_HASH_NULL, |
478 | | /** Message-Digest Algorithm */ |
479 | | SSL_HASH_MD5, |
480 | | /** SHA-1 (Secure Hash Algorithm) */ |
481 | | SSL_HASH_SHA, |
482 | | /** SHA-256 (Secure Hash Algorithm) */ |
483 | | SSL_HASH_SHA256, |
484 | | /** GOST 28147 */ |
485 | | SSL_HASH_GOST28147, |
486 | | /** GOST R 34.11 */ |
487 | | SSL_HASH_GOSTR3411, |
488 | | /** SHA-384 (Secure Hash Algorithm) */ |
489 | | SSL_HASH_SHA384, |
490 | | /** CCM mode (Counter with CBC-MAC) */ |
491 | | SSL_HASH_CCM, |
492 | | /** CCM mode (Counter with CBC-MAC) */ |
493 | | SSL_HASH_CCM_8, |
494 | | /** Unknown algorithm */ |
495 | | SSL_HASH_Unknown |
496 | | }; |
497 | | |
498 | | /** |
499 | | * SSL/TLS extension types |
500 | | */ |
501 | | enum SSLExtensionType |
502 | | { |
503 | | /** Server Name Indication extension */ |
504 | | SSL_EXT_SERVER_NAME = 0, |
505 | | /** Maximum Fragment Length Negotiation extension */ |
506 | | SSL_EXT_MAX_FRAGMENT_LENGTH = 1, |
507 | | /** Client Certificate URLs extension */ |
508 | | SSL_EXT_CLIENT_CERTIFICATE_URL = 2, |
509 | | /** Trusted CA Indication extension */ |
510 | | SSL_EXT_TRUSTED_CA_KEYS = 3, |
511 | | /** Truncated HMAC extension */ |
512 | | SSL_EXT_TRUNCATED_HMAC = 4, |
513 | | /** Certificate Status Request extension */ |
514 | | SSL_EXT_STATUS_REQUEST = 5, |
515 | | /** TLS User Mapping extension */ |
516 | | SSL_EXT_USER_MAPPING = 6, |
517 | | /** Client Authorization extension */ |
518 | | SSL_EXT_CLIENT_AUTHZ = 7, |
519 | | /** Server Authorization extension */ |
520 | | SSL_EXT_SERVER_AUTHZ = 8, |
521 | | /** Certificate Type extension */ |
522 | | SSL_EXT_CERT_TYPE = 9, |
523 | | /** Supported Groups extension (renamed from "elliptic curves") */ |
524 | | SSL_EXT_SUPPORTED_GROUPS = 10, |
525 | | /** Elliptic Curves Point Format extension */ |
526 | | SSL_EXT_EC_POINT_FORMATS = 11, |
527 | | /** Secure Remote Password extension */ |
528 | | SSL_EXT_SRP = 12, |
529 | | /** Signature Algorithms extension */ |
530 | | SSL_EXT_SIGNATURE_ALGORITHMS = 13, |
531 | | /** Use Secure Real-time Transport Protocol extension */ |
532 | | SSL_EXT_USE_SRTP = 14, |
533 | | /** TLS Heartbit extension */ |
534 | | SSL_EXT_HEARTBEAT = 15, |
535 | | /** Application Layer Protocol Negotiation (ALPN) extension */ |
536 | | SSL_EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16, |
537 | | /** Status Request extension */ |
538 | | SSL_EXT_STATUS_REQUEST_V2 = 17, |
539 | | /** Signed Certificate Timestamp extension */ |
540 | | SSL_EXT_SIGNED_CERTIFICATE_TIMESTAMP = 18, |
541 | | /** Client Certificate Type extension */ |
542 | | SSL_EXT_CLIENT_CERTIFICATE_TYPE = 19, |
543 | | /** Server Certificate Type extension */ |
544 | | SSL_EXT_SERVER_CERTIFICATE_TYPE = 20, |
545 | | /** ClientHello Padding extension */ |
546 | | SSL_EXT_PADDING = 21, |
547 | | /** Encrypt-then-MAC extension */ |
548 | | SSL_EXT_ENCRYPT_THEN_MAC = 22, |
549 | | /** Extended Master Secret extension */ |
550 | | SSL_EXT_EXTENDED_MASTER_SECRET = 23, |
551 | | /** Token Binding extension */ |
552 | | SSL_EXT_TOKEN_BINDING = 24, |
553 | | /** SessionTicket TLS extension */ |
554 | | SSL_EXT_SESSIONTICKET_TLS = 35, |
555 | | /** Pre-shared key (PSK) extension (TLS 1.3) */ |
556 | | SSL_EXT_PRE_SHARED_KEY = 41, |
557 | | /** Early data extension (TLS 1.3) */ |
558 | | SSL_EXT_EARLY_DATA = 42, |
559 | | /** Supported versions extension (TLS 1.3) */ |
560 | | SSL_EXT_SUPPORTED_VERSIONS = 43, |
561 | | /** Cookie extension (TLS 1.3) */ |
562 | | SSL_EXT_COOKIE = 44, |
563 | | /** Pre-Shared Key Exchange Modes extension (TLS 1.3) */ |
564 | | SSL_EXT_PSK_KEY_EXCHANGE_MODES = 45, |
565 | | /** Certificate authorities extension (TLS 1.3) */ |
566 | | SSL_EXT_CERTIFICATE_AUTHORITIES = 47, |
567 | | /** Old filters extension (TLS 1.3) */ |
568 | | SSL_EXT_OLD_FILTERS = 48, |
569 | | /** Post handshake auth extension (TLS 1.3) */ |
570 | | SSL_EXT_POST_HANDSHAKE_AUTH = 49, |
571 | | /** Signature algorithm cert extension (TLS 1.3) */ |
572 | | SSL_EXT_SIGNATURE_ALGORITHM_CERT = 50, |
573 | | /** Key share extension (TLS 1.3) */ |
574 | | SSL_EXT_KEY_SHARE = 51, |
575 | | /** Renegotiation Indication extension */ |
576 | | SSL_EXT_RENEGOTIATION_INFO = 65281, |
577 | | /** Unknown extension */ |
578 | | SSL_EXT_Unknown |
579 | | }; |
580 | | |
581 | | /** |
582 | | * SSL/TLS client certificate types |
583 | | */ |
584 | | enum SSLClientCertificateType |
585 | | { |
586 | | /** RSA_SIGN */ |
587 | | SSL_CCT_RSA_SIGN = 1, |
588 | | /** DSS_SIGN */ |
589 | | SSL_CCT_DSS_SIGN = 2, |
590 | | /** RSA_FIXED_DH */ |
591 | | SSL_CCT_RSA_FIXED_DH = 3, |
592 | | /** DSS_FIXED_DH */ |
593 | | SSL_CCT_DSS_FIXED_DH = 4, |
594 | | /** RSA_EPHEMERAL_DH_RESERVED */ |
595 | | SSL_CCT_RSA_EPHEMERAL_DH_RESERVED = 5, |
596 | | /** DSS_EPHEMERAL_DH_RESERVED */ |
597 | | SSL_CCT_DSS_EPHEMERAL_DH_RESERVED = 6, |
598 | | /** FORTEZZA_DMS_RESERVED */ |
599 | | SSL_CCT_FORTEZZA_DMS_RESERVED = 20, |
600 | | /** ECDSA_SIGN */ |
601 | | SSL_CCT_ECDSA_SIGN = 64, |
602 | | /** FIXED_ECDH */ |
603 | | SSL_CCT_RSA_FIXED_ECDH = 65, |
604 | | /** ECDSA_FIXED_ECDH */ |
605 | | SSL_CCT_ECDSA_FIXED_ECDH = 66, |
606 | | /** Unknown client certificate type */ |
607 | | SSL_CCT_UNKNOWN |
608 | | }; |
609 | | |
610 | | } //namespace pcpp |
611 | | |
612 | | #endif // PACKETPP_SSL_LAYER_COMMON |