/src/PcapPlusPlus/Packet++/header/SSLCommon.h
Line | Count | Source |
1 | | #pragma once |
2 | | |
3 | | #include <string> |
4 | | #include <stdint.h> |
5 | | |
6 | | /// @file |
7 | | /// See detailed explanation of the TLS/SSL protocol support in PcapPlusPlus in SSLLayer.h |
8 | | |
9 | | /// @namespace pcpp |
10 | | /// @brief The main namespace for the PcapPlusPlus lib |
11 | | namespace pcpp |
12 | | { |
13 | | /// @struct ssl_tls_record_layer |
14 | | /// The common part of all SSL/TLS messages |
15 | | #pragma pack(push, 1) |
16 | | struct ssl_tls_record_layer |
17 | | { |
18 | | /// Message (record) type (one of ::SSLRecordType) |
19 | | uint8_t recordType; |
20 | | /// Message (record) version (one of SSLVersion::SSLVersionEnum) |
21 | | uint16_t recordVersion; |
22 | | /// Message (record) length in bytes |
23 | | uint16_t length; |
24 | | }; |
25 | | #pragma pack(pop) |
26 | | static_assert(sizeof(ssl_tls_record_layer) == 5, "ssl_tls_record_layer size is not 5 bytes"); |
27 | | |
28 | | /// @struct ssl_tls_handshake_layer |
29 | | /// The common part of all SSL/TLS handshake message types |
30 | | #pragma pack(push, 1) |
31 | | struct ssl_tls_handshake_layer |
32 | | { |
33 | | /// Type of the handshake message (one of ::SSLHandshakeType) |
34 | | uint8_t handshakeType; |
35 | | /// Length of the message. Length is 3-Byte long, This is the MSB byte |
36 | | uint8_t length1; |
37 | | /// Length of the message. Length is 3-Byte long, This is the 2 LSB bytes |
38 | | uint16_t length2; |
39 | | }; |
40 | | #pragma pack(pop) |
41 | | static_assert(sizeof(ssl_tls_handshake_layer) == 4, "ssl_tls_handshake_layer size is not 4 bytes"); |
42 | | |
43 | | /// @struct ssl_tls_client_server_hello |
44 | | /// The common header part of client-hello and server-hello handshake messages |
45 | | #pragma pack(push, 1) |
46 | | struct ssl_tls_client_server_hello : ssl_tls_handshake_layer |
47 | | { |
48 | | /// SSL/TLS handshake version (one of SSLVersion::SSLVersionEnum) |
49 | | uint16_t handshakeVersion; |
50 | | /// 32-bytes random number |
51 | | uint8_t random[32]; |
52 | | }; |
53 | | #pragma pack(pop) |
54 | | static_assert(sizeof(ssl_tls_client_server_hello) == 38, "ssl_tls_client_server_hello size is not 38 bytes"); |
55 | | |
56 | | /// @struct ssl_tls_change_cipher_spec |
57 | | /// SSL/TLS change-cipher-spec message structure |
58 | | #pragma pack(push, 1) |
59 | | struct ssl_tls_change_cipher_spec |
60 | | { |
61 | | /// Unused byte |
62 | | uint8_t changeCipherSpec; |
63 | | }; |
64 | | #pragma pack(pop) |
65 | | static_assert(sizeof(ssl_tls_change_cipher_spec) == 1, "ssl_tls_change_cipher_spec size is not 1 byte"); |
66 | | |
67 | | /// @struct ssl_tls_alert |
68 | | /// SSL/TLS alert message structure |
69 | | #pragma pack(push, 1) |
70 | | struct ssl_tls_alert |
71 | | { |
72 | | /// Alert level (one of ::SSLAlertLevel) |
73 | | uint8_t alertLevel; |
74 | | /// Alert description (one of ::SSLAlertDescription) |
75 | | uint8_t alertDescription; |
76 | | }; |
77 | | #pragma pack(pop) |
78 | | static_assert(sizeof(ssl_tls_alert) == 2, "ssl_tls_alert size is not 2 bytes"); |
79 | | |
80 | | /// SSL/TLS message types |
81 | | enum SSLRecordType |
82 | | { |
83 | | /// Change-cipher-spec message |
84 | | SSL_CHANGE_CIPHER_SPEC = 20, |
85 | | /// SSL alert message |
86 | | SSL_ALERT = 21, |
87 | | /// SSL handshake message |
88 | | SSL_HANDSHAKE = 22, |
89 | | /// SSL data message |
90 | | SSL_APPLICATION_DATA = 23 |
91 | | }; |
92 | | |
93 | | /// @class SSLVersion |
94 | | /// A wrapper class for SSL/TLS versions. The SSL/TLS version is typically represented by a 2-byte number, |
95 | | /// for example TLS 1.2 is represented by 0x0303. |
96 | | /// This class wraps the numeric value and provides methods to convert it into an enum, string, etc. |
97 | | class SSLVersion |
98 | | { |
99 | | public: |
100 | | /// SSL/TLS versions enum |
101 | | enum SSLVersionEnum |
102 | | { |
103 | | /// SSL 3.0 |
104 | | SSL3 = 0x0300, |
105 | | /// TLS 1.0 |
106 | | TLS1_0 = 0x0301, |
107 | | /// TLS 1.1 |
108 | | TLS1_1 = 0x0302, |
109 | | /// TLS 1.2 |
110 | | TLS1_2 = 0x0303, |
111 | | /// TLS 1.3 |
112 | | TLS1_3 = 0x0304, |
113 | | /// TLS 1.3 (draft 14) |
114 | | TLS1_3_D14 = 0x7f0e, |
115 | | /// TLS 1.3 (draft 15) |
116 | | TLS1_3_D15 = 0x7f0f, |
117 | | /// TLS 1.3 (draft 16) |
118 | | TLS1_3_D16 = 0x7f10, |
119 | | /// TLS 1.3 (draft 17) |
120 | | TLS1_3_D17 = 0x7f11, |
121 | | /// TLS 1.3 (draft 18) |
122 | | TLS1_3_D18 = 0x7f12, |
123 | | /// TLS 1.3 (draft 19) |
124 | | TLS1_3_D19 = 0x7f13, |
125 | | /// TLS 1.3 (draft 20) |
126 | | TLS1_3_D20 = 0x7f14, |
127 | | /// TLS 1.3 (draft 21) |
128 | | TLS1_3_D21 = 0x7f15, |
129 | | /// TLS 1.3 (draft 22) |
130 | | TLS1_3_D22 = 0x7f16, |
131 | | /// TLS 1.3 (draft 23) |
132 | | TLS1_3_D23 = 0x7f17, |
133 | | /// TLS 1.3 (draft 24) |
134 | | TLS1_3_D24 = 0x7f18, |
135 | | /// TLS 1.3 (draft 25) |
136 | | TLS1_3_D25 = 0x7f19, |
137 | | /// TLS 1.3 (draft 26) |
138 | | TLS1_3_D26 = 0x7f1a, |
139 | | /// TLS 1.3 (draft 27) |
140 | | TLS1_3_D27 = 0x7f1b, |
141 | | /// TLS 1.3 (draft 28) |
142 | | TLS1_3_D28 = 0x7f1c, |
143 | | /// TLS 1.3 (Facebook draft 23) |
144 | | TLS1_3_FBD23 = 0xfb17, |
145 | | /// TLS 1.3 (Facebook draft 26) |
146 | | TLS1_3_FBD26 = 0xfb1a, |
147 | | /// Unknown value |
148 | | Unknown = 0 |
149 | | }; |
150 | | |
151 | | /// A c'tor for this class. |
152 | | /// @param[in] sslVersionValue The numeric value representing this SSL/TLS version. For example: |
153 | | /// for TLS 1.2 this would be 0x0303. |
154 | | explicit SSLVersion(uint16_t sslVersionValue) |
155 | 103k | { |
156 | 103k | m_SSLVersionValue = sslVersionValue; |
157 | 103k | } |
158 | | |
159 | | /// @return An enum value of type SSLVersion::SSLVersionEnum representing the SSL/TLS version. |
160 | | /// If the numeric value is an invalid SSL/TLS version SSLVersion::Unknown will be returned. |
161 | | /// @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the enum value SSLVersion::TLS1_3 for all |
162 | | /// TLS 1.3 drafts. If set to "true" all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return |
163 | | /// SSLVersion::TLS1_3, otherwise the corresponding enum values will be returned. The default value is "false". |
164 | | SSLVersionEnum asEnum(bool countTlsDraftsAs1_3 = false); |
165 | | |
166 | | /// @return The numeric value of the SSL/TLs version |
167 | | uint16_t asUInt() |
168 | 3.27k | { |
169 | 3.27k | return m_SSLVersionValue; |
170 | 3.27k | } |
171 | | |
172 | | /// @return A string representation of the SSL/TLS version. For example: for TLS 1.2 the string "TLS 1.2" is |
173 | | /// returned. If the numeric value is an invalid SSL/TLS version the string "Unknown" will be returned. |
174 | | /// @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the string value "TLS 1.3" for all |
175 | | /// TLS 1.3 drafts. If set to "true" all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return |
176 | | /// "TLS 1.3", otherwise the corresponding string values will be returned. The default value is "false". |
177 | | std::string toString(bool countTlsDraftsAs1_3 = false); |
178 | | |
179 | | private: |
180 | | uint16_t m_SSLVersionValue; |
181 | | |
182 | | // unimplemented empty c'tor |
183 | | SSLVersion(); |
184 | | }; |
185 | | |
186 | | /// SSL/TLS handshake message types |
187 | | enum SSLHandshakeType |
188 | | { |
189 | | /// Hello-request message type |
190 | | SSL_HELLO_REQUEST = 0, |
191 | | /// Client-hello message type |
192 | | SSL_CLIENT_HELLO = 1, |
193 | | /// Server-hello message type |
194 | | SSL_SERVER_HELLO = 2, |
195 | | /// New-session-ticket message type |
196 | | SSL_NEW_SESSION_TICKET = 4, |
197 | | /// End-of-early-data message type (TLS 1.3) |
198 | | SSL_END_OF_EARLY_DATE = 5, |
199 | | /// Encrypted-extensions message type (TLS 1.3) |
200 | | SSL_ENCRYPTED_EXTENSIONS = 8, |
201 | | /// Certificate message type |
202 | | SSL_CERTIFICATE = 11, |
203 | | /// Server-key-exchange message type |
204 | | SSL_SERVER_KEY_EXCHANGE = 12, |
205 | | /// Certificate-request message type |
206 | | SSL_CERTIFICATE_REQUEST = 13, |
207 | | /// Server-hello-done message type |
208 | | SSL_SERVER_DONE = 14, |
209 | | /// Certificate-verify message type |
210 | | SSL_CERTIFICATE_VERIFY = 15, |
211 | | /// Client-key-exchange message type |
212 | | SSL_CLIENT_KEY_EXCHANGE = 16, |
213 | | /// Finish message type |
214 | | SSL_FINISHED = 20, |
215 | | /// Key-update message type (TLS 1.3) |
216 | | SSL_KEY_UPDATE = 24, |
217 | | /// Unknown SSL handshake message |
218 | | SSL_HANDSHAKE_UNKNOWN = 255 |
219 | | }; |
220 | | |
221 | | /// SSL/TLS alert levels |
222 | | enum SSLAlertLevel |
223 | | { |
224 | | /// Warning level alert |
225 | | SSL_ALERT_LEVEL_WARNING = 1, |
226 | | /// Fatal level alert |
227 | | SSL_ALERT_LEVEL_FATAL = 2, |
228 | | /// For encrypted alerts the level is unknown so this type will be returned |
229 | | SSL_ALERT_LEVEL_ENCRYPTED = 255 |
230 | | }; |
231 | | |
232 | | /// SSL/TLS alert description types |
233 | | enum SSLAlertDescription |
234 | | { |
235 | | /// Close notify alert |
236 | | SSL_ALERT_CLOSE_NOTIFY = 0, |
237 | | /// Unexpected message alert |
238 | | SSL_ALERT_UNEXPECTED_MESSAGE = 10, |
239 | | /// Bad record MAC alert |
240 | | SSL_ALERT_BAD_RECORD_MAC = 20, |
241 | | /// Decryption failed alert |
242 | | SSL_ALERT_DECRYPTION_FAILED = 21, |
243 | | /// |
244 | | SSL_ALERT_RECORD_OVERFLOW = 22, |
245 | | /// Decompression failure alert |
246 | | SSL_ALERT_DECOMPRESSION_FAILURE = 30, |
247 | | /// Handshake failure alert |
248 | | SSL_ALERT_HANDSHAKE_FAILURE = 40, |
249 | | /// No certificate alert |
250 | | SSL_ALERT_NO_CERTIFICATE = 41, |
251 | | /// Bad certificate alert |
252 | | SSL_ALERT_BAD_CERTIFICATE = 42, |
253 | | /// Unsupported certificate |
254 | | SSL_ALERT_UNSUPPORTED_CERTIFICATE = 43, |
255 | | /// Certificate revoked alert |
256 | | SSL_ALERT_CERTIFICATE_REVOKED = 44, |
257 | | /// Certificate expired alert |
258 | | SSL_ALERT_CERTIFICATE_EXPIRED = 45, |
259 | | /// Certificate unknown alert |
260 | | SSL_ALERT_CERTIFICATE_UNKNOWN = 46, |
261 | | /// Illegal parameter alert |
262 | | SSL_ALERT_ILLEGAL_PARAMETER = 47, |
263 | | /// Unknown CA alert |
264 | | SSL_ALERT_UNKNOWN_CA = 48, |
265 | | /// Access denied alert |
266 | | SSL_ALERT_ACCESS_DENIED = 49, |
267 | | /// Decode error alert |
268 | | SSL_ALERT_DECODE_ERROR = 50, |
269 | | /// Decrypt error alert |
270 | | SSL_ALERT_DECRYPT_ERROR = 51, |
271 | | /// Export restriction alert |
272 | | SSL_ALERT_EXPORT_RESTRICTION = 60, |
273 | | /// Protocol version alert |
274 | | SSL_ALERT_PROTOCOL_VERSION = 70, |
275 | | /// Insufficient security alert |
276 | | SSL_ALERT_INSUFFICIENT_SECURITY = 71, |
277 | | /// Internal error alert |
278 | | SSL_ALERT_INTERNAL_ERROR = 80, |
279 | | /// User cancelled alert |
280 | | SSL_ALERT_USER_CANCELLED = 90, |
281 | | /// No negotiation alert |
282 | | SSL_ALERT_NO_RENEGOTIATION = 100, |
283 | | /// Unsupported extension alert |
284 | | SSL_ALERT_UNSUPPORTED_EXTENSION = 110, |
285 | | /// Encrtpyed alert (cannot determine its type) |
286 | | SSL_ALERT_ENCRYPTED = 255 |
287 | | }; |
288 | | |
289 | | /// SSL/TLS key exchange algorithms |
290 | | enum SSLKeyExchangeAlgorithm |
291 | | { |
292 | | /// Null value |
293 | | SSL_KEYX_NULL, |
294 | | /// RSA (Rivest-Shamir-Adleman) |
295 | | SSL_KEYX_RSA, |
296 | | /// Diffie-Hellman |
297 | | SSL_KEYX_DH, |
298 | | /// Diffie-Hellman ephemeral |
299 | | SSL_KEYX_DHE, |
300 | | /// Elliptic curve Diffie�Hellman |
301 | | SSL_KEYX_ECDH, |
302 | | /// Elliptic curve Diffie�Hellman ephemeral |
303 | | SSL_KEYX_ECDHE, |
304 | | /// Fortezza Crypto Card |
305 | | SSL_KEYX_FORTEZZA, |
306 | | /// Kerberos 5 |
307 | | SSL_KEYX_KRB5, |
308 | | /// Pre-Shared Key |
309 | | SSL_KEYX_PSK, |
310 | | /// GOST |
311 | | SSL_KEYX_GOST, |
312 | | /// Secure Remote Password |
313 | | SSL_KEYX_SRP, |
314 | | /// PCT |
315 | | SSL_KEYX_PCT, |
316 | | /// Unknown algorithm |
317 | | SSL_KEYX_Unknown |
318 | | }; |
319 | | |
320 | | /// SSL/TLS authentication algorithms |
321 | | enum SSLAuthenticationAlgorithm |
322 | | { |
323 | | /// Null value |
324 | | SSL_AUTH_NULL, |
325 | | /// RSA (Rivest-Shamir-Adleman) |
326 | | SSL_AUTH_RSA, |
327 | | /// Digital Signature Standard |
328 | | SSL_AUTH_DSS, |
329 | | /// Anonymous |
330 | | SSL_AUTH_anon, |
331 | | /// Diffie-Hellman based key-exchange protocol |
332 | | SSL_AUTH_KEA, |
333 | | /// Kerberos 5 |
334 | | SSL_AUTH_KRB5, |
335 | | /// Pre-Shared Key |
336 | | SSL_AUTH_PSK, |
337 | | /// Elliptic Curve Digital Signature Algorithm |
338 | | SSL_AUTH_ECDSA, |
339 | | /// GOST |
340 | | SSL_AUTH_GOST, |
341 | | /// SHA-1 (Secure Hash Algorithm) |
342 | | SSL_AUTH_SHA, |
343 | | /// PCT |
344 | | SSL_AUTH_PCT, |
345 | | /// Diffie-Hellman ephemeral |
346 | | SSL_AUTH_DHE, |
347 | | /// Unknown algorithm |
348 | | SSL_AUTH_Unknown |
349 | | }; |
350 | | |
351 | | /// SSL/TLS symmetric encryption algorithms |
352 | | enum SSLSymetricEncryptionAlgorithm |
353 | | { |
354 | | /// Null value |
355 | | SSL_SYM_NULL, |
356 | | /// RC4_40 |
357 | | SSL_SYM_RC4_40, |
358 | | /// RC4_128 |
359 | | SSL_SYM_RC4_128, |
360 | | /// RC2_CBC_40 |
361 | | SSL_SYM_RC2_CBC_40, |
362 | | /// IDEA_CBC |
363 | | SSL_SYM_IDEA_CBC, |
364 | | /// DES40_CBC |
365 | | SSL_SYM_DES40_CBC, |
366 | | /// DES_CBC |
367 | | SSL_SYM_DES_CBC, |
368 | | /// 3DES_EDE_CBC |
369 | | SSL_SYM_3DES_EDE_CBC, |
370 | | /// FORTEZZA_CBC |
371 | | SSL_SYM_FORTEZZA_CBC, |
372 | | /// DES_CBC_40 |
373 | | SSL_SYM_DES_CBC_40, |
374 | | /// AES_128_CBC |
375 | | SSL_SYM_AES_128_CBC, |
376 | | /// AES_256_CBC |
377 | | SSL_SYM_AES_256_CBC, |
378 | | /// CAMELLIA_128_CBC |
379 | | SSL_SYM_CAMELLIA_128_CBC, |
380 | | /// CAMELLIA_128_GCM |
381 | | SSL_SYM_CAMELLIA_128_GCM, |
382 | | /// CAMELLIA_256_GCM |
383 | | SSL_SYM_CAMELLIA_256_GCM, |
384 | | /// RC4_56 |
385 | | SSL_SYM_RC4_56, |
386 | | /// RC2_CBC_56 |
387 | | SSL_SYM_RC2_CBC_56, |
388 | | /// GOST28147 |
389 | | SSL_SYM_GOST28147, |
390 | | /// CAMELLIA_256_CBC |
391 | | SSL_SYM_CAMELLIA_256_CBC, |
392 | | /// SEED_CBC |
393 | | SSL_SYM_SEED_CBC, |
394 | | /// AES_128 |
395 | | SSL_SYM_AES_128, |
396 | | /// AES_256 |
397 | | SSL_SYM_AES_256, |
398 | | /// SSL_SYM_AES_128_GCM |
399 | | SSL_SYM_AES_128_GCM, |
400 | | /// AES_256_GCM |
401 | | SSL_SYM_AES_256_GCM, |
402 | | /// RC4_128_EXPORT40 |
403 | | SSL_SYM_RC4_128_EXPORT40, |
404 | | /// RC2_CBC_128_CBC |
405 | | SSL_SYM_RC2_CBC_128_CBC, |
406 | | /// IDEA_128_CBC |
407 | | SSL_SYM_IDEA_128_CBC, |
408 | | /// DES_64_CBC |
409 | | SSL_SYM_DES_64_CBC, |
410 | | /// DES_192_EDE3_CBC |
411 | | SSL_SYM_DES_192_EDE3_CBC, |
412 | | /// RC4_64 |
413 | | SSL_SYM_RC4_64, |
414 | | /// ARIA_128_CBC |
415 | | SSL_SYM_ARIA_128_CBC, |
416 | | /// ARIA_256_CBC |
417 | | SSL_SYM_ARIA_256_CBC, |
418 | | /// ARIA_128_GCM |
419 | | SSL_SYM_ARIA_128_GCM, |
420 | | /// ARIA_256_GCM |
421 | | SSL_SYM_ARIA_256_GCM, |
422 | | /// CHACHA20_POLY1305 |
423 | | SSL_SYM_CHACHA20_POLY1305, |
424 | | /// AES_128_CCM |
425 | | SSL_SYM_AES_128_CCM, |
426 | | /// AES_128_CCM_8 |
427 | | SSL_SYM_AES_128_CCM_8, |
428 | | /// Unknown algorithm |
429 | | SSL_SYM_Unknown |
430 | | }; |
431 | | |
432 | | /// SSL/TLS hashing algorithms |
433 | | enum SSLHashingAlgorithm |
434 | | { |
435 | | /// Null value |
436 | | SSL_HASH_NULL, |
437 | | /// Message-Digest Algorithm |
438 | | SSL_HASH_MD5, |
439 | | /// SHA-1 (Secure Hash Algorithm) |
440 | | SSL_HASH_SHA, |
441 | | /// SHA-256 (Secure Hash Algorithm) |
442 | | SSL_HASH_SHA256, |
443 | | /// GOST 28147 |
444 | | SSL_HASH_GOST28147, |
445 | | /// GOST R 34.11 |
446 | | SSL_HASH_GOSTR3411, |
447 | | /// SHA-384 (Secure Hash Algorithm) |
448 | | SSL_HASH_SHA384, |
449 | | /// CCM mode (Counter with CBC-MAC) |
450 | | SSL_HASH_CCM, |
451 | | /// CCM mode (Counter with CBC-MAC) |
452 | | SSL_HASH_CCM_8, |
453 | | /// Unknown algorithm |
454 | | SSL_HASH_Unknown |
455 | | }; |
456 | | |
457 | | /// SSL/TLS extension types |
458 | | enum SSLExtensionType |
459 | | { |
460 | | /// Server Name Indication extension |
461 | | SSL_EXT_SERVER_NAME = 0, |
462 | | /// Maximum Fragment Length Negotiation extension |
463 | | SSL_EXT_MAX_FRAGMENT_LENGTH = 1, |
464 | | /// Client Certificate URLs extension |
465 | | SSL_EXT_CLIENT_CERTIFICATE_URL = 2, |
466 | | /// Trusted CA Indication extension |
467 | | SSL_EXT_TRUSTED_CA_KEYS = 3, |
468 | | /// Truncated HMAC extension |
469 | | SSL_EXT_TRUNCATED_HMAC = 4, |
470 | | /// Certificate Status Request extension |
471 | | SSL_EXT_STATUS_REQUEST = 5, |
472 | | /// TLS User Mapping extension |
473 | | SSL_EXT_USER_MAPPING = 6, |
474 | | /// Client Authorization extension |
475 | | SSL_EXT_CLIENT_AUTHZ = 7, |
476 | | /// Server Authorization extension |
477 | | SSL_EXT_SERVER_AUTHZ = 8, |
478 | | /// Certificate Type extension |
479 | | SSL_EXT_CERT_TYPE = 9, |
480 | | /// Supported Groups extension (renamed from "elliptic curves") |
481 | | SSL_EXT_SUPPORTED_GROUPS = 10, |
482 | | /// Elliptic Curves Point Format extension |
483 | | SSL_EXT_EC_POINT_FORMATS = 11, |
484 | | /// Secure Remote Password extension |
485 | | SSL_EXT_SRP = 12, |
486 | | /// Signature Algorithms extension |
487 | | SSL_EXT_SIGNATURE_ALGORITHMS = 13, |
488 | | /// Use Secure Real-time Transport Protocol extension |
489 | | SSL_EXT_USE_SRTP = 14, |
490 | | /// TLS Heartbit extension |
491 | | SSL_EXT_HEARTBEAT = 15, |
492 | | /// Application Layer Protocol Negotiation (ALPN) extension |
493 | | SSL_EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION = 16, |
494 | | /// Status Request extension |
495 | | SSL_EXT_STATUS_REQUEST_V2 = 17, |
496 | | /// Signed Certificate Timestamp extension |
497 | | SSL_EXT_SIGNED_CERTIFICATE_TIMESTAMP = 18, |
498 | | /// Client Certificate Type extension |
499 | | SSL_EXT_CLIENT_CERTIFICATE_TYPE = 19, |
500 | | /// Server Certificate Type extension |
501 | | SSL_EXT_SERVER_CERTIFICATE_TYPE = 20, |
502 | | /// ClientHello Padding extension |
503 | | SSL_EXT_PADDING = 21, |
504 | | /// Encrypt-then-MAC extension |
505 | | SSL_EXT_ENCRYPT_THEN_MAC = 22, |
506 | | /// Extended Master Secret extension |
507 | | SSL_EXT_EXTENDED_MASTER_SECRET = 23, |
508 | | /// Token Binding extension |
509 | | SSL_EXT_TOKEN_BINDING = 24, |
510 | | /// SessionTicket TLS extension |
511 | | SSL_EXT_SESSIONTICKET_TLS = 35, |
512 | | /// Pre-shared key (PSK) extension (TLS 1.3) |
513 | | SSL_EXT_PRE_SHARED_KEY = 41, |
514 | | /// Early data extension (TLS 1.3) |
515 | | SSL_EXT_EARLY_DATA = 42, |
516 | | /// Supported versions extension (TLS 1.3) |
517 | | SSL_EXT_SUPPORTED_VERSIONS = 43, |
518 | | /// Cookie extension (TLS 1.3) |
519 | | SSL_EXT_COOKIE = 44, |
520 | | /// Pre-Shared Key Exchange Modes extension (TLS 1.3) |
521 | | SSL_EXT_PSK_KEY_EXCHANGE_MODES = 45, |
522 | | /// Certificate authorities extension (TLS 1.3) |
523 | | SSL_EXT_CERTIFICATE_AUTHORITIES = 47, |
524 | | /// Old filters extension (TLS 1.3) |
525 | | SSL_EXT_OLD_FILTERS = 48, |
526 | | /// Post handshake auth extension (TLS 1.3) |
527 | | SSL_EXT_POST_HANDSHAKE_AUTH = 49, |
528 | | /// Signature algorithm cert extension (TLS 1.3) |
529 | | SSL_EXT_SIGNATURE_ALGORITHM_CERT = 50, |
530 | | /// Key share extension (TLS 1.3) |
531 | | SSL_EXT_KEY_SHARE = 51, |
532 | | /// Renegotiation Indication extension |
533 | | SSL_EXT_RENEGOTIATION_INFO = 65281, |
534 | | /// Unknown extension |
535 | | SSL_EXT_Unknown |
536 | | }; |
537 | | |
538 | | /// SSL/TLS client certificate types |
539 | | enum SSLClientCertificateType |
540 | | { |
541 | | /// RSA_SIGN |
542 | | SSL_CCT_RSA_SIGN = 1, |
543 | | /// DSS_SIGN |
544 | | SSL_CCT_DSS_SIGN = 2, |
545 | | /// RSA_FIXED_DH |
546 | | SSL_CCT_RSA_FIXED_DH = 3, |
547 | | /// DSS_FIXED_DH |
548 | | SSL_CCT_DSS_FIXED_DH = 4, |
549 | | /// RSA_EPHEMERAL_DH_RESERVED |
550 | | SSL_CCT_RSA_EPHEMERAL_DH_RESERVED = 5, |
551 | | /// DSS_EPHEMERAL_DH_RESERVED |
552 | | SSL_CCT_DSS_EPHEMERAL_DH_RESERVED = 6, |
553 | | /// FORTEZZA_DMS_RESERVED |
554 | | SSL_CCT_FORTEZZA_DMS_RESERVED = 20, |
555 | | /// ECDSA_SIGN |
556 | | SSL_CCT_ECDSA_SIGN = 64, |
557 | | /// FIXED_ECDH |
558 | | SSL_CCT_RSA_FIXED_ECDH = 65, |
559 | | /// ECDSA_FIXED_ECDH |
560 | | SSL_CCT_ECDSA_FIXED_ECDH = 66, |
561 | | /// Unknown client certificate type |
562 | | SSL_CCT_UNKNOWN |
563 | | }; |
564 | | } // namespace pcpp |