/src/PcapPlusPlus/Packet++/header/SSLCommon.h
Line | Count | Source |
1 | | #pragma once |
2 | | |
3 | | #include <string> |
4 | | #include <stdint.h> |
5 | | |
6 | | /** |
7 | | * @file |
8 | | * See detailed explanation of the TLS/SSL protocol support in PcapPlusPlus in SSLLayer.h |
9 | | */ |
10 | | |
11 | | /** |
12 | | * \namespace pcpp |
13 | | * \brief The main namespace for the PcapPlusPlus lib |
14 | | */ |
15 | | namespace pcpp |
16 | | { |
17 | | |
18 | | /** |
19 | | * @struct ssl_tls_record_layer |
20 | | * The common part of all SSL/TLS messages |
21 | | */ |
22 | | #pragma pack(push, 1) |
23 | | struct ssl_tls_record_layer |
24 | | { |
25 | | /** Message (record) type (one of ::SSLRecordType) */ |
26 | | uint8_t recordType; |
27 | | /** Message (record) version (one of SSLVersion::SSLVersionEnum) */ |
28 | | uint16_t recordVersion; |
29 | | /** Message (record) length in bytes */ |
30 | | uint16_t length; |
31 | | }; |
32 | | #pragma pack(pop) |
33 | | |
34 | | |
35 | | /** |
36 | | * @struct ssl_tls_handshake_layer |
37 | | * The common part of all SSL/TLS handshake message types |
38 | | */ |
39 | | #pragma pack(push, 1) |
40 | | struct ssl_tls_handshake_layer |
41 | | { |
42 | | /** Type of the handshake message (one of ::SSLHandshakeType) */ |
43 | | uint8_t handshakeType; |
44 | | /** Length of the message. Length is 3-Byte long, This is the MSB byte */ |
45 | | uint8_t length1; |
46 | | /** Length of the message. Length is 3-Byte long, This is the 2 LSB bytes */ |
47 | | uint16_t length2; |
48 | | }; |
49 | | #pragma pack(pop) |
50 | | |
51 | | |
52 | | /** |
53 | | * @struct ssl_tls_client_server_hello |
54 | | * The common header part of client-hello and server-hello handshake messages |
55 | | */ |
56 | | #pragma pack(push, 1) |
57 | | struct ssl_tls_client_server_hello : ssl_tls_handshake_layer |
58 | | { |
59 | | /** SSL/TLS handshake version (one of SSLVersion::SSLVersionEnum) */ |
60 | | uint16_t handshakeVersion; |
61 | | /** 32-bytes random number */ |
62 | | uint8_t random[32]; |
63 | | }; |
64 | | #pragma pack(pop) |
65 | | |
66 | | |
67 | | /** |
68 | | * @struct ssl_tls_change_cipher_spec |
69 | | * SSL/TLS change-cipher-spec message structure |
70 | | */ |
71 | | #pragma pack(push, 1) |
72 | | struct ssl_tls_change_cipher_spec |
73 | | { |
74 | | /** Unused byte */ |
75 | | uint8_t changeCipherSpec; |
76 | | }; |
77 | | #pragma pack(pop) |
78 | | |
79 | | |
80 | | /** |
81 | | * @struct ssl_tls_alert |
82 | | * SSL/TLS alert message structure |
83 | | */ |
84 | | #pragma pack(push, 1) |
85 | | struct ssl_tls_alert |
86 | | { |
87 | | /** Alert level (one of ::SSLAlertLevel) */ |
88 | | uint8_t alertLevel; |
89 | | /** Alert description (one of ::SSLAlertDescription) */ |
90 | | uint8_t alertDescription; |
91 | | }; |
92 | | #pragma pack(pop) |
93 | | |
94 | | |
95 | | /** |
96 | | * SSL/TLS message types |
97 | | */ |
98 | | enum SSLRecordType |
99 | | { |
100 | | /** Change-cipher-spec message */ |
101 | | SSL_CHANGE_CIPHER_SPEC = 20, |
102 | | /** SSL alert message */ |
103 | | SSL_ALERT = 21, |
104 | | /** SSL handshake message */ |
105 | | SSL_HANDSHAKE = 22, |
106 | | /** SSL data message */ |
107 | | SSL_APPLICATION_DATA = 23 |
108 | | }; |
109 | | |
110 | | |
111 | | /** |
112 | | * @class SSLVersion |
113 | | * A wrapper class for SSL/TLS versions. The SSL/TLS version is typically represented by a 2-byte number, |
114 | | * for example TLS 1.2 is represented by 0x0303. |
115 | | * This class wraps the numeric value and provides methods to convert it into an enum, string, etc. |
116 | | */ |
117 | | class SSLVersion |
118 | | { |
119 | | public: |
120 | | /** |
121 | | * SSL/TLS versions enum |
122 | | */ |
123 | | enum SSLVersionEnum |
124 | | { |
125 | | /** SSL 2.0 */ |
126 | | SSL2 = 0x0200, |
127 | | /** SSL 3.0 */ |
128 | | SSL3 = 0x0300, |
129 | | /** TLS 1.0 */ |
130 | | TLS1_0 = 0x0301, |
131 | | /** TLS 1.1 */ |
132 | | TLS1_1 = 0x0302, |
133 | | /** TLS 1.2 */ |
134 | | TLS1_2 = 0x0303, |
135 | | /** TLS 1.3 */ |
136 | | TLS1_3 = 0x0304, |
137 | | /** TLS 1.3 (draft 14) */ |
138 | | TLS1_3_D14 = 0x7f0e, |
139 | | /** TLS 1.3 (draft 15) */ |
140 | | TLS1_3_D15 = 0x7f0f, |
141 | | /** TLS 1.3 (draft 16) */ |
142 | | TLS1_3_D16 = 0x7f10, |
143 | | /** TLS 1.3 (draft 17) */ |
144 | | TLS1_3_D17 = 0x7f11, |
145 | | /** TLS 1.3 (draft 18) */ |
146 | | TLS1_3_D18 = 0x7f12, |
147 | | /** TLS 1.3 (draft 19) */ |
148 | | TLS1_3_D19 = 0x7f13, |
149 | | /** TLS 1.3 (draft 20) */ |
150 | | TLS1_3_D20 = 0x7f14, |
151 | | /** TLS 1.3 (draft 21) */ |
152 | | TLS1_3_D21 = 0x7f15, |
153 | | /** TLS 1.3 (draft 22) */ |
154 | | TLS1_3_D22 = 0x7f16, |
155 | | /** TLS 1.3 (draft 23) */ |
156 | | TLS1_3_D23 = 0x7f17, |
157 | | /** TLS 1.3 (draft 24) */ |
158 | | TLS1_3_D24 = 0x7f18, |
159 | | /** TLS 1.3 (draft 25) */ |
160 | | TLS1_3_D25 = 0x7f19, |
161 | | /** TLS 1.3 (draft 26) */ |
162 | | TLS1_3_D26 = 0x7f1a, |
163 | | /** TLS 1.3 (draft 27) */ |
164 | | TLS1_3_D27 = 0x7f1b, |
165 | | /** TLS 1.3 (draft 28) */ |
166 | | TLS1_3_D28 = 0x7f1c, |
167 | | /** TLS 1.3 (Facebook draft 23) */ |
168 | | TLS1_3_FBD23 = 0xfb17, |
169 | | /** TLS 1.3 (Facebook draft 26) */ |
170 | | TLS1_3_FBD26 = 0xfb1a, |
171 | | /** Unknown value */ |
172 | | Unknown = 0 |
173 | | }; |
174 | | |
175 | | /** |
176 | | * A c'tor for this class. |
177 | | * @param[in] sslVersionValue The numeric value representing this SSL/TLS version. For example: |
178 | | * for TLS 1.2 this would be 0x0303. |
179 | | */ |
180 | 457k | explicit SSLVersion(uint16_t sslVersionValue) { m_SSLVersionValue = sslVersionValue; } |
181 | | |
182 | | /** |
183 | | * @return An enum value of type SSLVersion::SSLVersionEnum representing the SSL/TLS version. |
184 | | * If the numeric value is an invalid SSL/TLS version SSLVersion::Unknown will be returned. |
185 | | * @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the enum value SSLVersion::TLS1_3 for all TLS 1.3 drafts. If set to "true" |
186 | | * all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return SSLVersion::TLS1_3, otherwise the corresponding enum values will be |
187 | | * returned. The default value is "false". |
188 | | */ |
189 | | SSLVersionEnum asEnum(bool countTlsDraftsAs1_3 = false); |
190 | | |
191 | | /** |
192 | | * @return The numeric value of the SSL/TLs version |
193 | | */ |
194 | 17.4k | uint16_t asUInt() { return m_SSLVersionValue; } |
195 | | |
196 | | /** |
197 | | * @return A string representation of the SSL/TLS version. For example: for TLS 1.2 the string "TLS 1.2" is returned. |
198 | | * If the numeric value is an invalid SSL/TLS version the string "Unknown" will be returned. |
199 | | * @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the string value "TLS 1.3" for all TLS 1.3 drafts. If set to "true" |
200 | | * all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return "TLS 1.3", otherwise the corresponding string values will be |
201 | | * returned. The default value is "false". |
202 | | */ |
203 | | std::string toString(bool countTlsDraftsAs1_3 = false); |
204 | | |
205 | | private: |
206 | | uint16_t m_SSLVersionValue; |
207 | | |
208 | | // unimplemented empty c'tor |
209 | | SSLVersion(); |
210 | | }; |
211 | | |
212 | | /** |
213 | | * SSL/TLS handshake message types |
214 | | */ |
215 | | enum SSLHandshakeType |
216 | | { |
217 | | /** Hello-request message type */ |
218 | | SSL_HELLO_REQUEST = 0, |
219 | | /** Client-hello message type */ |
220 | | SSL_CLIENT_HELLO = 1, |
221 | | /** Server-hello message type */ |
222 | | SSL_SERVER_HELLO = 2, |
223 | | /** New-session-ticket message type */ |
224 | | SSL_NEW_SESSION_TICKET = 4, |
225 | | /** End-of-early-data message type (TLS 1.3) */ |
226 | | SSL_END_OF_EARLY_DATE = 5, |
227 | | /** Encrypted-extensions message type (TLS 1.3) */ |
228 | | SSL_ENCRYPTED_EXTENSIONS = 8, |
229 | | /** Certificate message type */ |
230 | | SSL_CERTIFICATE = 11, |
231 | | /** Server-key-exchange message type */ |
232 | | SSL_SERVER_KEY_EXCHANGE = 12, |
233 | | /** Certificate-request message type */ |
234 | | SSL_CERTIFICATE_REQUEST = 13, |
235 | | /** Server-hello-done message type */ |
236 | | SSL_SERVER_DONE = 14, |
237 | | /** Certificate-verify message type */ |
238 | | SSL_CERTIFICATE_VERIFY = 15, |
239 | | /** Client-key-exchange message type */ |
240 | | SSL_CLIENT_KEY_EXCHANGE = 16, |
241 | | /** Finish message type */ |
242 | | SSL_FINISHED = 20, |
243 | | /** Key-update message type (TLS 1.3) */ |
244 | | SSL_KEY_UPDATE = 24, |
245 | | /** Unknown SSL handshake message */ |
246 | | SSL_HANDSHAKE_UNKNOWN = 255 |
247 | | }; |
248 | | |
249 | | /** |
250 | | * SSL/TLS alert levels |
251 | | */ |
252 | | enum SSLAlertLevel |
253 | | { |
254 | | /** Warning level alert */ |
255 | | SSL_ALERT_LEVEL_WARNING = 1, |
256 | | /** Fatal level alert */ |
257 | | SSL_ALERT_LEVEL_FATAL = 2, |
258 | | /** For encrypted alerts the level is unknown so this type will be returned */ |
259 | | SSL_ALERT_LEVEL_ENCRYPTED = 255 |
260 | | }; |
261 | | |
262 | | /** |
263 | | * SSL/TLS alert description types |
264 | | */ |
265 | | enum SSLAlertDescription |
266 | | { |
267 | | /** Close notify alert */ |
268 | | SSL_ALERT_CLOSE_NOTIFY = 0, |
269 | | /** Unexpected message alert */ |
270 | | SSL_ALERT_UNEXPECTED_MESSAGE = 10, |
271 | | /** Bad record MAC alert */ |
272 | | SSL_ALERT_BAD_RECORD_MAC = 20, |
273 | | /** Decryption failed alert */ |
274 | | SSL_ALERT_DECRYPTION_FAILED = 21, |
275 | | /** */ |
276 | | SSL_ALERT_RECORD_OVERFLOW = 22, |
277 | | /** Decompression failure alert */ |
278 | | SSL_ALERT_DECOMPRESSION_FAILURE = 30, |
279 | | /** Handshake failure alert */ |
280 | | SSL_ALERT_HANDSHAKE_FAILURE = 40, |
281 | | /** No certificate alert */ |
282 | | SSL_ALERT_NO_CERTIFICATE = 41, |
283 | | /** Bad certificate alert */ |
284 | | SSL_ALERT_BAD_CERTIFICATE = 42, |
285 | | /** Unsupported certificate */ |
286 | | SSL_ALERT_UNSUPPORTED_CERTIFICATE = 43, |
287 | | /** Certificate revoked alert */ |
288 | | SSL_ALERT_CERTIFICATE_REVOKED = 44, |
289 | | /** Certificate expired alert */ |
290 | | SSL_ALERT_CERTIFICATE_EXPIRED = 45, |
291 | | /** Certificate unknown alert */ |
292 | | SSL_ALERT_CERTIFICATE_UNKNOWN = 46, |
293 | | /** Illegal parameter alert */ |
294 | | SSL_ALERT_ILLEGAL_PARAMETER = 47, |
295 | | /** Unknown CA alert */ |
296 | | SSL_ALERT_UNKNOWN_CA = 48, |
297 | | /** Access denied alert */ |
298 | | SSL_ALERT_ACCESS_DENIED = 49, |
299 | | /** Decode error alert */ |
300 | | SSL_ALERT_DECODE_ERROR = 50, |
301 | | /** Decrypt error alert */ |
302 | | SSL_ALERT_DECRYPT_ERROR = 51, |
303 | | /** Export restriction alert */ |
304 | | SSL_ALERT_EXPORT_RESTRICTION = 60, |
305 | | /** Protocol version alert */ |
306 | | SSL_ALERT_PROTOCOL_VERSION = 70, |
307 | | /** Insufficient security alert */ |
308 | | SSL_ALERT_INSUFFICIENT_SECURITY = 71, |
309 | | /** Internal error alert */ |
310 | | SSL_ALERT_INTERNAL_ERROR = 80, |
311 | | /** User cancelled alert */ |
312 | | SSL_ALERT_USER_CANCELLED = 90, |
313 | | /** No negotiation alert */ |
314 | | SSL_ALERT_NO_RENEGOTIATION = 100, |
315 | | /** Unsupported extension alert */ |
316 | | SSL_ALERT_UNSUPPORTED_EXTENSION = 110, |
317 | | /** Encrtpyed alert (cannot determine its type) */ |
318 | | SSL_ALERT_ENCRYPTED = 255 |
319 | | }; |
320 | | |
321 | | /** |
322 | | * SSL/TLS key exchange algorithms |
323 | | */ |
324 | | enum SSLKeyExchangeAlgorithm |
325 | | { |
326 | | /** NULL value */ |
327 | | SSL_KEYX_NULL, |
328 | | /** RSA (Rivest-Shamir-Adleman) */ |
329 | | SSL_KEYX_RSA, |
330 | | /** Diffie-Hellman */ |
331 | | SSL_KEYX_DH, |
332 | | /** Diffie-Hellman ephemeral */ |
333 | | SSL_KEYX_DHE, |
334 | | /** Elliptic curve Diffie�Hellman */ |
335 | | SSL_KEYX_ECDH, |
336 | | /** Elliptic curve Diffie�Hellman ephemeral */ |
337 | | SSL_KEYX_ECDHE, |
338 | | /** Fortezza Crypto Card */ |
339 | | SSL_KEYX_FORTEZZA, |
340 | | /** Kerberos 5 */ |
341 | | SSL_KEYX_KRB5, |
342 | | /** Pre-Shared Key */ |
343 | | SSL_KEYX_PSK, |
344 | | /** GOST */ |
345 | | SSL_KEYX_GOST, |
346 | | /** Secure Remote Password */ |
347 | | SSL_KEYX_SRP, |
348 | | /** PCT */ |
349 | | SSL_KEYX_PCT, |
350 | | /** Unknown algorithm */ |
351 | | SSL_KEYX_Unknown |
352 | | }; |
353 | | |
354 | | /** |
355 | | * SSL/TLS authentication algorithms |
356 | | */ |
357 | | enum SSLAuthenticationAlgorithm |
358 | | { |
359 | | /** NULL value */ |
360 | | SSL_AUTH_NULL, |
361 | | /** RSA (Rivest-Shamir-Adleman) */ |
362 | | SSL_AUTH_RSA, |
363 | | /** Digital Signature Standard */ |
364 | | SSL_AUTH_DSS, |
365 | | /** Anonymous */ |
366 | | SSL_AUTH_anon, |
367 | | /** Diffie-Hellman based key-exchange protocol */ |
368 | | SSL_AUTH_KEA, |
369 | | /** Kerberos 5 */ |
370 | | SSL_AUTH_KRB5, |
371 | | /** Pre-Shared Key */ |
372 | | SSL_AUTH_PSK, |
373 | | /** Elliptic Curve Digital Signature Algorithm */ |
374 | | SSL_AUTH_ECDSA, |
375 | | /** GOST */ |
376 | | SSL_AUTH_GOST, |
377 | | /** SHA-1 (Secure Hash Algorithm) */ |
378 | | SSL_AUTH_SHA, |
379 | | /** PCT */ |
380 | | SSL_AUTH_PCT, |
381 | | /** Diffie-Hellman ephemeral */ |
382 | | SSL_AUTH_DHE, |
383 | | /** Unknown algorithm */ |
384 | | SSL_AUTH_Unknown |
385 | | }; |
386 | | |
387 | | /** |
388 | | * SSL/TLS symmetric encryption algorithms |
389 | | */ |
390 | | enum SSLSymetricEncryptionAlgorithm |
391 | | { |
392 | | /** NULL value */ |
393 | | SSL_SYM_NULL, |
394 | | /** RC4_40 */ |
395 | | SSL_SYM_RC4_40, |
396 | | /** RC4_128 */ |
397 | | SSL_SYM_RC4_128, |
398 | | /** RC2_CBC_40 */ |
399 | | SSL_SYM_RC2_CBC_40, |
400 | | /** IDEA_CBC */ |
401 | | SSL_SYM_IDEA_CBC, |
402 | | /** DES40_CBC */ |
403 | | SSL_SYM_DES40_CBC, |
404 | | /** DES_CBC */ |
405 | | SSL_SYM_DES_CBC, |
406 | | /** 3DES_EDE_CBC */ |
407 | | SSL_SYM_3DES_EDE_CBC, |
408 | | /** FORTEZZA_CBC */ |
409 | | SSL_SYM_FORTEZZA_CBC, |
410 | | /** DES_CBC_40 */ |
411 | | SSL_SYM_DES_CBC_40, |
412 | | /** AES_128_CBC */ |
413 | | SSL_SYM_AES_128_CBC, |
414 | | /** AES_256_CBC */ |
415 | | SSL_SYM_AES_256_CBC, |
416 | | /** CAMELLIA_128_CBC */ |
417 | | SSL_SYM_CAMELLIA_128_CBC, |
418 | | /** CAMELLIA_128_GCM */ |
419 | | SSL_SYM_CAMELLIA_128_GCM, |
420 | | /** CAMELLIA_256_GCM */ |
421 | | SSL_SYM_CAMELLIA_256_GCM, |
422 | | /** RC4_56 */ |
423 | | SSL_SYM_RC4_56, |
424 | | /** RC2_CBC_56 */ |
425 | | SSL_SYM_RC2_CBC_56, |
426 | | /** GOST28147 */ |
427 | | SSL_SYM_GOST28147, |
428 | | /** CAMELLIA_256_CBC */ |
429 | | SSL_SYM_CAMELLIA_256_CBC, |
430 | | /** SEED_CBC */ |
431 | | SSL_SYM_SEED_CBC, |
432 | | /** AES_128 */ |
433 | | SSL_SYM_AES_128, |
434 | | /** AES_256 */ |
435 | | SSL_SYM_AES_256, |
436 | | /** SSL_SYM_AES_128_GCM */ |
437 | | SSL_SYM_AES_128_GCM, |
438 | | /** AES_256_GCM */ |
439 | | SSL_SYM_AES_256_GCM, |
440 | | /** RC4_128_EXPORT40 */ |
441 | | SSL_SYM_RC4_128_EXPORT40, |
442 | | /** RC2_CBC_128_CBC */ |
443 | | SSL_SYM_RC2_CBC_128_CBC, |
444 | | /** IDEA_128_CBC */ |
445 | | SSL_SYM_IDEA_128_CBC, |
446 | | /** DES_64_CBC */ |
447 | | SSL_SYM_DES_64_CBC, |
448 | | /** DES_192_EDE3_CBC */ |
449 | | SSL_SYM_DES_192_EDE3_CBC, |
450 | | /** RC4_64 */ |
451 | | SSL_SYM_RC4_64, |
452 | | /** ARIA_128_CBC*/ |
453 | | SSL_SYM_ARIA_128_CBC, |
454 | | /** ARIA_256_CBC */ |
455 | | SSL_SYM_ARIA_256_CBC, |
456 | | /** ARIA_128_GCM */ |
457 | | SSL_SYM_ARIA_128_GCM, |
458 | | /** ARIA_256_GCM */ |
459 | | SSL_SYM_ARIA_256_GCM, |
460 | | /** CHACHA20_POLY1305 */ |
461 | | SSL_SYM_CHACHA20_POLY1305, |
462 | | /** AES_128_CCM */ |
463 | | SSL_SYM_AES_128_CCM, |
464 | | /** AES_128_CCM_8 */ |
465 | | SSL_SYM_AES_128_CCM_8, |
466 | | /** Unknown algorithm */ |
467 | | SSL_SYM_Unknown |
468 | | }; |
469 | | |
470 | | /** |
471 | | * SSL/TLS hashing algorithms |
472 | | */ |
473 | | enum SSLHashingAlgorithm |
474 | | { |
475 | | /** NULL value */ |
476 | | SSL_HASH_NULL, |
477 | | /** Message-Digest Algorithm */ |
478 | | SSL_HASH_MD5, |
479 | | /** SHA-1 (Secure Hash Algorithm) */ |
480 | | SSL_HASH_SHA, |
481 | | /** SHA-256 (Secure Hash Algorithm) */ |
482 | | SSL_HASH_SHA256, |
483 | | /** GOST 28147 */ |
484 | | SSL_HASH_GOST28147, |
485 | | /** GOST R 34.11 */ |
486 | | SSL_HASH_GOSTR3411, |
487 | | /** SHA-384 (Secure Hash Algorithm) */ |
488 | | SSL_HASH_SHA384, |
489 | | /** CCM mode (Counter with CBC-MAC) */ |
490 | | SSL_HASH_CCM, |
491 | | /** CCM mode (Counter with CBC-MAC) */ |
492 | | SSL_HASH_CCM_8, |
493 | | /** Unknown algorithm */ |
494 | | SSL_HASH_Unknown |
495 | | }; |
496 | | |
497 | | /** |
498 | | * SSL/TLS extension types |
499 | | */ |
500 | | enum SSLExtensionType |
501 | | { |
502 | | /** Server Name Indication extension */ |
503 | | SSL_EXT_SERVER_NAME = 0, |
504 | | /** Maximum Fragment Length Negotiation extension */ |
505 | | SSL_EXT_MAX_FRAGMENT_LENGTH = 1, |
506 | | /** Client Certificate URLs extension */ |
507 | | SSL_EXT_CLIENT_CERTIFICATE_URL = 2, |
508 | | /** Trusted CA Indication extension */ |
509 | | SSL_EXT_TRUSTED_CA_KEYS = 3, |
510 | | /** Truncated HMAC extension */ |
511 | | SSL_EXT_TRUNCATED_HMAC = 4, |
512 | | /** Certificate Status Request extension */ |
513 | | SSL_EXT_STATUS_REQUEST = 5, |
514 | | /** TLS User Mapping extension */ |
515 | | SSL_EXT_USER_MAPPING = 6, |
516 | | /** Client Authorization extension */ |
517 | | SSL_EXT_CLIENT_AUTHZ = 7, |
518 | | /** Server Authorization extension */ |
519 | | SSL_EXT_SERVER_AUTHZ = 8, |
520 | | /** Certificate Type extension */ |
521 | | SSL_EXT_CERT_TYPE = 9, |
522 | | /** Supported Groups extension (renamed from "elliptic curves") */ |
523 | | SSL_EXT_SUPPORTED_GROUPS = 10, |
524 | | /** Elliptic Curves Point Format extension */ |
525 | | SSL_EXT_EC_POINT_FORMATS = 11, |
526 | | /** Secure Remote Password extension */ |
527 | | SSL_EXT_SRP = 12, |
528 | | /** Signature Algorithms extension */ |
529 | | SSL_EXT_SIGNATURE_ALGORITHMS = 13, |
530 | | /** Use Secure Real-time Transport Protocol extension */ |
531 | | SSL_EXT_USE_SRTP = 14, |
532 | | /** TLS Heartbit extension */ |
533 | | SSL_EXT_HEARTBEAT = 15, |
534 | | /** Application Layer Protocol Negotiation (ALPN) extension */ |
535 | | SSL_EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16, |
536 | | /** Status Request extension */ |
537 | | SSL_EXT_STATUS_REQUEST_V2 = 17, |
538 | | /** Signed Certificate Timestamp extension */ |
539 | | SSL_EXT_SIGNED_CERTIFICATE_TIMESTAMP = 18, |
540 | | /** Client Certificate Type extension */ |
541 | | SSL_EXT_CLIENT_CERTIFICATE_TYPE = 19, |
542 | | /** Server Certificate Type extension */ |
543 | | SSL_EXT_SERVER_CERTIFICATE_TYPE = 20, |
544 | | /** ClientHello Padding extension */ |
545 | | SSL_EXT_PADDING = 21, |
546 | | /** Encrypt-then-MAC extension */ |
547 | | SSL_EXT_ENCRYPT_THEN_MAC = 22, |
548 | | /** Extended Master Secret extension */ |
549 | | SSL_EXT_EXTENDED_MASTER_SECRET = 23, |
550 | | /** Token Binding extension */ |
551 | | SSL_EXT_TOKEN_BINDING = 24, |
552 | | /** SessionTicket TLS extension */ |
553 | | SSL_EXT_SESSIONTICKET_TLS = 35, |
554 | | /** Pre-shared key (PSK) extension (TLS 1.3) */ |
555 | | SSL_EXT_PRE_SHARED_KEY = 41, |
556 | | /** Early data extension (TLS 1.3) */ |
557 | | SSL_EXT_EARLY_DATA = 42, |
558 | | /** Supported versions extension (TLS 1.3) */ |
559 | | SSL_EXT_SUPPORTED_VERSIONS = 43, |
560 | | /** Cookie extension (TLS 1.3) */ |
561 | | SSL_EXT_COOKIE = 44, |
562 | | /** Pre-Shared Key Exchange Modes extension (TLS 1.3) */ |
563 | | SSL_EXT_PSK_KEY_EXCHANGE_MODES = 45, |
564 | | /** Certificate authorities extension (TLS 1.3) */ |
565 | | SSL_EXT_CERTIFICATE_AUTHORITIES = 47, |
566 | | /** Old filters extension (TLS 1.3) */ |
567 | | SSL_EXT_OLD_FILTERS = 48, |
568 | | /** Post handshake auth extension (TLS 1.3) */ |
569 | | SSL_EXT_POST_HANDSHAKE_AUTH = 49, |
570 | | /** Signature algorithm cert extension (TLS 1.3) */ |
571 | | SSL_EXT_SIGNATURE_ALGORITHM_CERT = 50, |
572 | | /** Key share extension (TLS 1.3) */ |
573 | | SSL_EXT_KEY_SHARE = 51, |
574 | | /** Renegotiation Indication extension */ |
575 | | SSL_EXT_RENEGOTIATION_INFO = 65281, |
576 | | /** Unknown extension */ |
577 | | SSL_EXT_Unknown |
578 | | }; |
579 | | |
580 | | /** |
581 | | * SSL/TLS client certificate types |
582 | | */ |
583 | | enum SSLClientCertificateType |
584 | | { |
585 | | /** RSA_SIGN */ |
586 | | SSL_CCT_RSA_SIGN = 1, |
587 | | /** DSS_SIGN */ |
588 | | SSL_CCT_DSS_SIGN = 2, |
589 | | /** RSA_FIXED_DH */ |
590 | | SSL_CCT_RSA_FIXED_DH = 3, |
591 | | /** DSS_FIXED_DH */ |
592 | | SSL_CCT_DSS_FIXED_DH = 4, |
593 | | /** RSA_EPHEMERAL_DH_RESERVED */ |
594 | | SSL_CCT_RSA_EPHEMERAL_DH_RESERVED = 5, |
595 | | /** DSS_EPHEMERAL_DH_RESERVED */ |
596 | | SSL_CCT_DSS_EPHEMERAL_DH_RESERVED = 6, |
597 | | /** FORTEZZA_DMS_RESERVED */ |
598 | | SSL_CCT_FORTEZZA_DMS_RESERVED = 20, |
599 | | /** ECDSA_SIGN */ |
600 | | SSL_CCT_ECDSA_SIGN = 64, |
601 | | /** FIXED_ECDH */ |
602 | | SSL_CCT_RSA_FIXED_ECDH = 65, |
603 | | /** ECDSA_FIXED_ECDH */ |
604 | | SSL_CCT_ECDSA_FIXED_ECDH = 66, |
605 | | /** Unknown client certificate type */ |
606 | | SSL_CCT_UNKNOWN |
607 | | }; |
608 | | |
609 | | } //namespace pcpp |