/src/PcapPlusPlus/Packet++/header/SSLLayer.h
Line | Count | Source (jump to first uncovered line) |
1 | | #pragma once |
2 | | |
3 | | #include "PointerVector.h" |
4 | | #include "Layer.h" |
5 | | #include "SSLCommon.h" |
6 | | #include "SSLHandshake.h" |
7 | | |
8 | | /** |
9 | | * @file |
10 | | * This file as well as SSLCommon.h and SSLHandshake.h provide structures that represent SSL/TLS protocol. |
11 | | * Main features: |
12 | | * - All common SSL/TLS version are supported from SSL 3.0 to TLS 1.3 |
13 | | * - All SSL/TLS message types are supported (at least the message types that are not encrypted) |
14 | | * - More than 300 cipher-suites are supported |
15 | | * - Only parsing capabilities exist, editing and creation of messages are not supported |
16 | | * - X509 certificate parsing is not supported |
17 | | * |
18 | | * <BR><BR> |
19 | | * |
20 | | * __SSL Records:__ <BR> |
21 | | * |
22 | | * The SSL/TLS protocol has 4 types of records: |
23 | | * - Handshake record type |
24 | | * - Change cipher spec record type |
25 | | * - Alert record type |
26 | | * - Application data record type |
27 | | * |
28 | | * Each record type corresponds to a layer class, and these classes inherit from one base class which is pcpp::SSLLayer. |
29 | | * The pcpp::SSLLayer is an abstract class which cannot be instantiated. Only its 4 derived classes can be instantiated. |
30 | | * This means you'll never see a layer of type pcpp::SSLLayer, you'll only see the type of the derived classes. |
31 | | * A basic class diagram looks like this: |
32 | | @verbatim |
33 | | +----------------------------+ |
34 | | +---| SSLHandshakeLayer | ===> Handshake record type |
35 | | | +----------------------------+ |
36 | | | |
37 | | | +----------------------------+ |
38 | | +---| SSLChangeCipherSpecLayer | ===> Change cipher spec record type |
39 | | | +----------------------------+ |
40 | | | |
41 | | +------------+ | +----------------------------+ |
42 | | | SSLLayer |-------------+---| SSLAlertLayer | ===> Alert record type |
43 | | | (abstract) | | +----------------------------+ |
44 | | +------------+ | |
45 | | | +----------------------------+ |
46 | | +---| SSLApplicationDataLayer | ===> Application data record type |
47 | | +----------------------------+ |
48 | | |
49 | | @endverbatim |
50 | | * |
51 | | * A single packet may include several SSL/TLS records, meaning several layer instances of these types, for example: |
52 | | * |
53 | | @verbatim |
54 | | |
55 | | +--------------------------+ |
56 | | | EthLayer | |
57 | | +--------------------------+ |
58 | | | IPv4Layer | |
59 | | +--------------------------+ |
60 | | | TcpLayer | |
61 | | +--------------------------+ |
62 | | | SSLHandshakeLayer | \ |
63 | | +--------------------------+ \ |
64 | | | SSLChangeCipherSpecLayer | -------- 3 SSL/TLS records in the same packet! |
65 | | +--------------------------+ / |
66 | | | SSLHandshakeLayer | / |
67 | | +--------------------------+ |
68 | | |
69 | | @endverbatim |
70 | | * |
71 | | * <BR><BR> |
72 | | * |
73 | | * __SSL/TLS Handshake records:__ <BR> |
74 | | * |
75 | | * The SSL/TLS handshake records are the most complex ones. These type of records encapsulate all messages between |
76 | | * client and server during SSL/TLS connection establishment. To accomplish that a SSL/TLS handshake record holds |
77 | | * zero or more handshake messages (usually it holds 1 message). These messages form the handshake negotiation between |
78 | | * the client and the server. There are several types of handshake messages. Some of the are sent from client to server |
79 | | * and some from server to client. PcapPlusPlus supports 11 of these types (definitely the most common ones). For each |
80 | | * message there is a designated class which parses the message and exposes its attributes in an easy-to-use manner. |
81 | | * Here are the list of supported messages: |
82 | | * - Client-hello |
83 | | * - Server-hello |
84 | | * - Certificate |
85 | | * - Hello-request |
86 | | * - Server-key-exchange |
87 | | * - Client-key-exchange |
88 | | * - Certificate-request |
89 | | * - Server-hello-done |
90 | | * - Certificate-verify |
91 | | * - Finished |
92 | | * - New-session-ticket |
93 | | * |
94 | | * All handshake messages classes inherit from a base abstract class: pcpp::SSLHandshakeMessage which cannot be instantiated. |
95 | | * Also, all of them reside in SSLHandshake.h. Following is a simple diagram of these classes: |
96 | | * |
97 | | @verbatim |
98 | | |
99 | | SSLHandshakeMessage |
100 | | | |
101 | | +-------------------------------+ |--- SSLClientHelloMessage ==> Client-hello message |
102 | | | SSLHandshakeLayer | | |
103 | | +-------------------------------+ |--- SSLServerHelloMessage ==> Server-hello message |
104 | | | -List of SSLHandshakeMessage | | |
105 | | | Message1 | |---SSLCertificateMessage ==> Certificate message |
106 | | | Message2 | | |
107 | | | ... | |---SSLHelloRequestMessage ==> Hello-request message |
108 | | | | | |
109 | | +-------------------------------+ |---SSLServerKeyExchangeMessage ==> Server-key-exchange message |
110 | | | |
111 | | |---SSLClientKeyExchangeMessage ==> Client-key-exchange message |
112 | | | |
113 | | |---SSLCertificateRequestMessage ==> Certificate-request message |
114 | | | |
115 | | |---SSLServerHelloDoneMessage ==> Server-hello-done message |
116 | | | |
117 | | |---SSLCertificateVerifyMessage ==> Certificate-verify message |
118 | | | |
119 | | |---SSLFinishedMessage ==> Finished message |
120 | | | |
121 | | |---SSLNewSessionTicketMessage ==> New-session-ticket message |
122 | | |
123 | | @endverbatim |
124 | | * |
125 | | * In addition, for all handshake messages which aren't supported in PcapPlusPlus or for encrypted handshake messages |
126 | | * There is another class: pcpp::SSLUnknownMessage |
127 | | * |
128 | | * <BR><BR> |
129 | | * |
130 | | * __Cipher suites:__ <BR> |
131 | | * |
132 | | * Cipher suites are named combinations of authentication, encryption, message authentication code (MAC) and key exchange |
133 | | * algorithms used to negotiate the security settings for a network connection using SSL/TLS. |
134 | | * There are many known cipher-suites. PcapPlusPlus support above 300 of them, according to this list: |
135 | | * http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml |
136 | | * There is a designated class in PcapPlusPlus called pcpp::SSLCipherSuite which represents the cipher-suites and provides |
137 | | * access to their attributes. Then there is a static instance of this class for each one of the supported cipher-suites. |
138 | | * This means there are 300+ static instances of pcpp::SSLCipherSuite representing the different cipher suites. The user can |
139 | | * access them through static methods in pcpp::SSLCipherSuite or from client-hello and server-hello messages where they appear |
140 | | * |
141 | | * <BR><BR> |
142 | | * |
143 | | * __SSL/TLS extensions:__ <BR> |
144 | | * |
145 | | * SSL/TLS handshake messages, specifically client-hello and server-hello usually include extensions. There are various |
146 | | * types of extensions - some are more broadly used, some are less. In PcapPlusPlus there is a base class for all |
147 | | * extensions: pcpp::SSLExtension. This class is instantiable and represents a generic extension, which means extension data |
148 | | * isn't parsed and given to the user as raw data. Currently there are only two extension that are fully parsed which are |
149 | | * server-name-indication (pcpp::SSLServerNameIndicationExtension) and SupportedVersions (pcpp::SSLSupportedVersionsExtension). |
150 | | * Both inherit from pcpp::SSLExtension and add additional parsing relevant for the specific extension. |
151 | | * All other extensions aren't parsed and are represented by instance of pcpp::SSLExtension. |
152 | | * Access to extensions is done through the handshake messages classes, specifically pcpp::SSLClientHelloMessage and pcpp::SSLServerHelloMessage |
153 | | */ |
154 | | |
155 | | |
156 | | /** |
157 | | * \namespace pcpp |
158 | | * \brief The main namespace for the PcapPlusPlus lib |
159 | | */ |
160 | | namespace pcpp |
161 | | { |
162 | | |
163 | | /** |
164 | | * @class SSLLayer |
165 | | * The base class for the 4 record type classes. Each record type is represented as a layer. See SSLLayer.h for |
166 | | * detailed explanation of the TLS/SSL protocol support in PcapPlusPlus. |
167 | | * This class provides the common functionality used by all record types and also contains static methods for identifying |
168 | | * an creating SSL/TLS record type layers |
169 | | */ |
170 | | class SSLLayer : public Layer |
171 | | { |
172 | | public: |
173 | | |
174 | | /** |
175 | | * A static method that checks whether the port is considered as SSL/TLS |
176 | | * @param[in] port The port number to be checked |
177 | | */ |
178 | | static inline bool isSSLPort(uint16_t port); |
179 | | |
180 | | /** |
181 | | * A static methods that gets raw data of a layer and checks whether this data is a SSL/TLS record or not. This check is |
182 | | * done using the source/dest port and matching of a legal record type in the raw data. The list of ports identified |
183 | | * as SSL/TLS is hard-coded and includes the following ports: |
184 | | * - Port 443 [HTTPS] |
185 | | * - Port 261 [NSIIOPS] |
186 | | * - Port 448 [DDM-SSL] |
187 | | * - Port 563 [NNTPS] |
188 | | * - Port 614 [SSHELL] |
189 | | * - Port 465 [SMTPS] |
190 | | * - Port 636 [LDAPS] |
191 | | * - Port 989 [FTPS - data] |
192 | | * - Port 990 [FTPS - control] |
193 | | * - Port 992 [Telnet over TLS/SSL] |
194 | | * - Port 993 [IMAPS] |
195 | | * - Port 994 [IRCS] |
196 | | * - Port 995 [POP3S] |
197 | | * @param[in] srcPort The source port of the packet that contains the raw data. Source port (or dest port) are a |
198 | | * criteria to identify SSL/TLS packets |
199 | | * @param[in] dstPort The dest port of the packet that contains the raw data. Dest port (or source port) are a |
200 | | * criteria to identify SSL/TLS packets |
201 | | * @param[in] data The data to check |
202 | | * @param[in] dataLen Length (in bytes) of the data |
203 | | * @param[in] ignorePorts SSL/TLS ports are only relevant for parsing the first SSL/TLS message, but are not relevant |
204 | | * for parsing subsequent messages. This parameter can be set to "true" to skip SSL/TLS ports check. This is an |
205 | | * optional parameter and its default is "false" |
206 | | */ |
207 | | static bool IsSSLMessage(uint16_t srcPort, uint16_t dstPort, uint8_t* data, size_t dataLen, bool ignorePorts = false); |
208 | | |
209 | | /** |
210 | | * A static method that creates SSL/TLS layers by raw data. This method parses the raw data, finds if and which |
211 | | * SSL/TLS record it is and creates the corresponding record layer. It's the responsibility of the user to free |
212 | | * the created object when done using it |
213 | | * @param[in] data A pointer to the raw data |
214 | | * @param[in] dataLen Size of the data in bytes |
215 | | * @param[in] prevLayer A pointer to the previous layer |
216 | | * @param[in] packet A pointer to the Packet instance where layer will be stored in |
217 | | * @return A pointer to the newly created record layer. If no SSL/TLS record could be identified from the raw data |
218 | | * NULL is returned |
219 | | */ |
220 | | static SSLLayer* createSSLMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet); |
221 | | |
222 | | /** |
223 | | * Get a pointer to the record header. Notice this points directly to the data, so every change will change the actual packet data |
224 | | * @return A pointer to the @ref ssl_tls_record_layer |
225 | | */ |
226 | 593k | ssl_tls_record_layer* getRecordLayer() const { return (ssl_tls_record_layer*)m_Data; } |
227 | | |
228 | | /** |
229 | | * @return The SSL/TLS version used in this record (parsed from the record) |
230 | | */ |
231 | | SSLVersion getRecordVersion() const; |
232 | | |
233 | | /** |
234 | | * @return The SSL/TLS record type as parsed from the record |
235 | | */ |
236 | | SSLRecordType getRecordType() const; |
237 | | |
238 | | // implement abstract methods |
239 | | |
240 | | /** |
241 | | * @return The record size as extracted from the record data (in ssl_tls_record_layer#length) |
242 | | */ |
243 | | size_t getHeaderLen() const; |
244 | | |
245 | | /** |
246 | | * Several SSL/TLS records can reside in a single packets. So this method checks the remaining data and if it's |
247 | | * identified as SSL/TLS it creates another SSL/TLS record layer as the next layer |
248 | | */ |
249 | | void parseNextLayer(); |
250 | | |
251 | 56.1k | OsiModelLayer getOsiModelLayer() const { return OsiModelPresentationLayer; } |
252 | | |
253 | | protected: |
254 | 304k | SSLLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet) : Layer(data, dataLen, prevLayer, packet) { m_Protocol = SSL; } |
255 | | |
256 | | }; // class SSLLayer |
257 | | |
258 | | |
259 | | /** |
260 | | * @class SSLHandshakeLayer |
261 | | * Represents SSL/TLS handshake layer. This layer may contain one or more handshake messages (all of them inherit from |
262 | | * the base class SSLHandshakeMessage) which are the SSL/TLS handshake message sent between a client and a server until |
263 | | * they establish a secure connection (e.g client-hello, server-hello, certificate, client-key-exchange, |
264 | | * server-key-exchange, etc.). Usually this layer will contain just one message (as the first example below |
265 | | * demonstrates). But there are cases a layer may contain more than 1 message. To better explain this layer structure |
266 | | * we'll use 2 examples. The first will be client-hello message. The layer structure will look like this: |
267 | | @verbatim |
268 | | |
269 | | |------------------- SSLHandshakeLayer ----------------------| |
270 | | +----------------------+-------------------------------------+ |
271 | | | ssl_tls_record_layer | SSLClientHelloMessage | |
272 | | | struct | | |
273 | | +----------------------+-------------------------------------+ |
274 | | / | \ | \ \ \ |
275 | | / version \ | handshake \ \ \ |
276 | | / TLS1_0 \ type \ \ rest of |
277 | | type \ | SSL_CLIENT_HELLO \ \ message fields... |
278 | | SSL_HANDSHAKE length handshake \ |
279 | | (22) xxx | version message |
280 | | TLS1_2 length |
281 | | | yyy |
282 | | @endverbatim |
283 | | |
284 | | * Second example is a multiple-message handshake layer comprises of server-hello, certificate and server-key-exchange |
285 | | * messages: |
286 | | |
287 | | @verbatim |
288 | | |
289 | | |---------------------------------------------- SSLHandshakeLayer -----------------------------------------------------| |
290 | | +----------------------+-------------------------------------+---------------------------+-----------------------------+ |
291 | | | ssl_tls_record_layer | SSLServerHelloMessage | SSLCertificateMessage | SSLServerKeyExchangeMessage | |
292 | | | struct | | | | |
293 | | +----------------------+-------------------------------------+---------------------------+-----------------------------+ |
294 | | / | \ | \ \ | \ | \ |
295 | | / version \ | handshake \ rest of | | rest | | rest |
296 | | / TLS1_0 \ type \ message handshake of fields... handshake of fields... |
297 | | type \ | SSL_SERVER_HELLO \ fields...| type | type |
298 | | SSL_HANDSHAKE length handshake SSL_CERTIFICATE SSL_SERVER_KEY_EXCHANGE |
299 | | (22) xxx | version,length | | |
300 | | @endverbatim |
301 | | */ |
302 | | class SSLHandshakeLayer: public SSLLayer |
303 | | { |
304 | | public: |
305 | | |
306 | | /** |
307 | | * C'tor for this class that creates the layer from an existing packet raw data |
308 | | * @param[in] data A pointer to the raw data |
309 | | * @param[in] dataLen Size of the data in bytes |
310 | | * @param[in] prevLayer A pointer to the previous layer |
311 | | * @param[in] packet A pointer to the Packet instance where layer will be stored in |
312 | | */ |
313 | | SSLHandshakeLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet); |
314 | | |
315 | | /** |
316 | | * @return The number of messages in this layer instance |
317 | | */ |
318 | 0 | size_t getHandshakeMessagesCount() const { return m_MessageList.size(); } |
319 | | |
320 | | /** |
321 | | * Get a pointer to an handshake message by index. The message are numbered according to their order of appearance |
322 | | * in the layer. If index is out of bounds (less than 0 or larger than total amount of message) NULL will be |
323 | | * returned |
324 | | * @param[in] index The index of the message to return |
325 | | * @return The pointer to the message object or NULL if index is out of bounds |
326 | | */ |
327 | | SSLHandshakeMessage* getHandshakeMessageAt(int index) const; |
328 | | |
329 | | /** |
330 | | * A templated method to get a message of a certain type. If no message of such type is found, NULL is returned |
331 | | * @return A pointer to the message of the requested type, NULL if not found |
332 | | */ |
333 | | template<class THandshakeMessage> |
334 | | THandshakeMessage* getHandshakeMessageOfType() const; |
335 | | |
336 | | /** |
337 | | * A templated method to get the first message of a certain type, starting to search from a certain message. |
338 | | * For example: if the layer looks like: HelloRequest(1) -> HelloRequest(2) |
339 | | * and the user put HelloRequest(1) as a parameter and wishes to search for an HelloRequest message, the |
340 | | * HelloRequest(2) will be returned.<BR> |
341 | | * If no layer of such type is found, NULL is returned |
342 | | * @param[in] after A pointer to the message to start search from |
343 | | * @return A pointer to the message of the requested type, NULL if not found |
344 | | */ |
345 | | template<class THandshakeMessage> |
346 | | THandshakeMessage* getNextHandshakeMessageOfType(const SSLHandshakeMessage* after) const; |
347 | | |
348 | | // implement abstract methods |
349 | | |
350 | | std::string toString() const; |
351 | | |
352 | | /** |
353 | | * There are no calculated fields for this layer |
354 | | */ |
355 | 22.2k | void computeCalculateFields() {} |
356 | | |
357 | | private: |
358 | | PointerVector<SSLHandshakeMessage> m_MessageList; |
359 | | }; // class SSLHandshakeLayer |
360 | | |
361 | | |
362 | | /** |
363 | | * @class SSLChangeCipherSpecLayer |
364 | | * Represents SSL/TLS change-cipher-spec layer. This layer has no additional fields besides common fields described in |
365 | | * SSLLayer |
366 | | */ |
367 | | class SSLChangeCipherSpecLayer : public SSLLayer |
368 | | { |
369 | | public: |
370 | | |
371 | | /** |
372 | | * C'tor for this class that creates the layer from an existing packet raw data |
373 | | * @param[in] data A pointer to the raw data |
374 | | * @param[in] dataLen Size of the data in bytes |
375 | | * @param[in] prevLayer A pointer to the previous layer |
376 | | * @param[in] packet A pointer to the Packet instance where layer will be stored in |
377 | | */ |
378 | | SSLChangeCipherSpecLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet) |
379 | 37.7k | : SSLLayer(data, dataLen, prevLayer, packet) {} |
380 | | |
381 | 0 | ~SSLChangeCipherSpecLayer() {} |
382 | | |
383 | | // implement abstract methods |
384 | | |
385 | | std::string toString() const; |
386 | | |
387 | | /** |
388 | | * There are no calculated fields for this layer |
389 | | */ |
390 | 5.89k | void computeCalculateFields() {} |
391 | | }; // class SSLChangeCipherSpecLayer |
392 | | |
393 | | |
394 | | /** |
395 | | * @class SSLAlertLayer |
396 | | * Represents SSL/TLS alert layer. Inherits from SSLLayer and adds parsing functionality such as retrieving the alert |
397 | | * level and description |
398 | | */ |
399 | | class SSLAlertLayer : public SSLLayer |
400 | | { |
401 | | public: |
402 | | |
403 | | /** |
404 | | * C'tor for this class that creates the layer from an existing packet raw data |
405 | | * @param[in] data A pointer to the raw data |
406 | | * @param[in] dataLen Size of the data in bytes |
407 | | * @param[in] prevLayer A pointer to the previous layer |
408 | | * @param[in] packet A pointer to the Packet instance where layer will be stored in |
409 | | */ |
410 | | SSLAlertLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet) |
411 | 2.28k | : SSLLayer(data, dataLen, prevLayer, packet) {} |
412 | | |
413 | 0 | ~SSLAlertLayer() {} |
414 | | |
415 | | /** |
416 | | * @return SSL/TLS alert level. Will return ::SSL_ALERT_LEVEL_ENCRYPTED if alert is encrypted |
417 | | */ |
418 | | SSLAlertLevel getAlertLevel() const; |
419 | | |
420 | | /** |
421 | | * @return SSL/TLS alert description. Will return ::SSL_ALERT_ENCRYPTED if alert is encrypted |
422 | | */ |
423 | | SSLAlertDescription getAlertDescription(); |
424 | | |
425 | | // implement abstract methods |
426 | | |
427 | | std::string toString() const; |
428 | | |
429 | | /** |
430 | | * There are no calculated fields for this layer |
431 | | */ |
432 | 408 | void computeCalculateFields() {} |
433 | | }; // class SSLAlertLayer |
434 | | |
435 | | |
436 | | /** |
437 | | * @class SSLApplicationDataLayer |
438 | | * Represents SSL/TLS application data layer. This message contains the encrypted data transferred from client to |
439 | | * server and vice-versa after the SSL/TLS handshake was completed successfully |
440 | | */ |
441 | | class SSLApplicationDataLayer : public SSLLayer |
442 | | { |
443 | | public: |
444 | | |
445 | | /** |
446 | | * C'tor for this class that creates the layer from an existing packet raw data |
447 | | * @param[in] data A pointer to the raw data |
448 | | * @param[in] dataLen Size of the data in bytes |
449 | | * @param[in] prevLayer A pointer to the previous layer |
450 | | * @param[in] packet A pointer to the Packet instance where layer will be stored in |
451 | | */ |
452 | | SSLApplicationDataLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet) |
453 | 143k | : SSLLayer(data, dataLen, prevLayer, packet) {} |
454 | | |
455 | 0 | ~SSLApplicationDataLayer() {} |
456 | | |
457 | | /** |
458 | | * @return A pointer to the encrypted data. This data can be decrypted only if you have the symmetric key |
459 | | * that was agreed between the client and the server during SSL/TLS handshake process |
460 | | */ |
461 | | uint8_t* getEncryptedData() const; |
462 | | |
463 | | /** |
464 | | * @return The length in bytes of the encrypted data returned in getEncryptedData() |
465 | | */ |
466 | | size_t getEncryptedDataLen() const; |
467 | | |
468 | | // implement abstract methods |
469 | | |
470 | | std::string toString() const; |
471 | | |
472 | | /** |
473 | | * There are no calculated fields for this layer |
474 | | */ |
475 | 27.6k | void computeCalculateFields() {} |
476 | | }; // class SSLApplicationDataLayer |
477 | | |
478 | | |
479 | | template<class THandshakeMessage> |
480 | | THandshakeMessage* SSLHandshakeLayer::getHandshakeMessageOfType() const |
481 | 66.7k | { |
482 | 66.7k | size_t vecSize = m_MessageList.size(); |
483 | 124k | for (size_t i = 0; i < vecSize; i++) |
484 | 95.6k | { |
485 | 95.6k | SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i)); |
486 | 95.6k | if (dynamic_cast<THandshakeMessage*>(curElem) != NULL) |
487 | 38.0k | return (THandshakeMessage*)curElem; |
488 | 95.6k | } |
489 | | |
490 | | // element not found |
491 | 28.6k | return NULL; |
492 | 66.7k | } // getHandshakeMessageOfType pcpp::SSLClientHelloMessage* pcpp::SSLHandshakeLayer::getHandshakeMessageOfType<pcpp::SSLClientHelloMessage>() const Line | Count | Source | 481 | 22.2k | { | 482 | 22.2k | size_t vecSize = m_MessageList.size(); | 483 | 54.8k | for (size_t i = 0; i < vecSize; i++) | 484 | 41.7k | { | 485 | 41.7k | SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i)); | 486 | 41.7k | if (dynamic_cast<THandshakeMessage*>(curElem) != NULL) | 487 | 9.13k | return (THandshakeMessage*)curElem; | 488 | 41.7k | } | 489 | | | 490 | | // element not found | 491 | 13.1k | return NULL; | 492 | 22.2k | } // getHandshakeMessageOfType |
pcpp::SSLServerHelloMessage* pcpp::SSLHandshakeLayer::getHandshakeMessageOfType<pcpp::SSLServerHelloMessage>() const Line | Count | Source | 481 | 22.2k | { | 482 | 22.2k | size_t vecSize = m_MessageList.size(); | 483 | 47.1k | for (size_t i = 0; i < vecSize; i++) | 484 | 33.2k | { | 485 | 33.2k | SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i)); | 486 | 33.2k | if (dynamic_cast<THandshakeMessage*>(curElem) != NULL) | 487 | 8.28k | return (THandshakeMessage*)curElem; | 488 | 33.2k | } | 489 | | | 490 | | // element not found | 491 | 13.9k | return NULL; | 492 | 22.2k | } // getHandshakeMessageOfType |
pcpp::SSLHandshakeMessage* pcpp::SSLHandshakeLayer::getHandshakeMessageOfType<pcpp::SSLHandshakeMessage>() const Line | Count | Source | 481 | 22.2k | { | 482 | 22.2k | size_t vecSize = m_MessageList.size(); | 483 | 22.2k | for (size_t i = 0; i < vecSize; i++) | 484 | 20.6k | { | 485 | 20.6k | SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i)); | 486 | 20.6k | if (dynamic_cast<THandshakeMessage*>(curElem) != NULL) | 487 | 20.6k | return (THandshakeMessage*)curElem; | 488 | 20.6k | } | 489 | | | 490 | | // element not found | 491 | 1.60k | return NULL; | 492 | 22.2k | } // getHandshakeMessageOfType |
|
493 | | |
494 | | |
495 | | template<class THandshakeMessage> |
496 | | THandshakeMessage* SSLHandshakeLayer::getNextHandshakeMessageOfType(const SSLHandshakeMessage* after) const |
497 | | { |
498 | | size_t vecSize = m_MessageList.size(); |
499 | | size_t afterIndex; |
500 | | |
501 | | // find the index of "after" |
502 | | for (afterIndex = 0; afterIndex < vecSize; afterIndex++) |
503 | | { |
504 | | SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(afterIndex)); |
505 | | if (curElem == after) |
506 | | break; |
507 | | } |
508 | | |
509 | | // "after" not found |
510 | | if (afterIndex == vecSize) |
511 | | return NULL; |
512 | | |
513 | | for (size_t i = afterIndex+1; i < vecSize; i++) |
514 | | { |
515 | | SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i)); |
516 | | if (dynamic_cast<THandshakeMessage*>(curElem) != NULL) |
517 | | return (THandshakeMessage*)curElem; |
518 | | } |
519 | | |
520 | | // element not found |
521 | | return NULL; |
522 | | } // getNextHandshakeMessageOfType |
523 | | |
524 | | |
525 | | // implementation of inline methods |
526 | | |
527 | | bool SSLLayer::isSSLPort(uint16_t port) |
528 | 734k | { |
529 | 734k | if (port == 443) // HTTPS, this is likely case |
530 | 208k | return true; |
531 | | |
532 | 525k | switch (port) |
533 | 525k | { |
534 | 17.4k | case 261: // NSIIOPS |
535 | 17.4k | case 448: // DDM-SSL |
536 | 17.9k | case 465: // SMTPS |
537 | 18.1k | case 563: // NNTPS |
538 | 18.2k | case 614: // SSHELL |
539 | 25.4k | case 636: // LDAPS |
540 | 26.1k | case 989: // FTPS - data |
541 | 51.9k | case 990: // FTPS - control |
542 | 51.9k | case 992: // Telnet over TLS/SSL |
543 | 52.0k | case 993: // IMAPS |
544 | 53.1k | case 994: // IRCS |
545 | 53.1k | case 995: // POP3S |
546 | 53.1k | return true; |
547 | 472k | default: |
548 | 472k | return false; |
549 | 525k | } |
550 | 525k | } // isSSLPort |
551 | | |
552 | | } // namespace pcpp |