PcapPlusPlus  20.08+
pcpp::SSLHandshakeLayer Class Reference

#include <SSLLayer.h>

Inheritance diagram for pcpp::SSLHandshakeLayer:
pcpp::SSLLayer pcpp::Layer pcpp::IDataContainer

Public Member Functions

 SSLHandshakeLayer (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
 
size_t getHandshakeMessagesCount () const
 
SSLHandshakeMessagegetHandshakeMessageAt (int index) const
 
template<class THandshakeMessage >
THandshakeMessage * getHandshakeMessageOfType () const
 
template<class THandshakeMessage >
THandshakeMessage * getNextHandshakeMessageOfType (SSLHandshakeMessage *after) const
 
std::string toString () const
 
void computeCalculateFields ()
 
- Public Member Functions inherited from pcpp::SSLLayer
ssl_tls_record_layergetRecordLayer () const
 
SSLVersion getRecordVersion () const
 
SSLRecordType getRecordType () const
 
size_t getHeaderLen () const
 
void parseNextLayer ()
 
OsiModelLayer getOsiModelLayer () const
 
- Public Member Functions inherited from pcpp::Layer
virtual ~Layer ()
 
LayergetNextLayer () const
 
LayergetPrevLayer () const
 
ProtocolType getProtocol () const
 
uint8_t * getData () const
 
size_t getDataLen () const
 
uint8_t * getLayerPayload () const
 
size_t getLayerPayloadSize () const
 
bool isAllocatedToPacket () const
 
void copyData (uint8_t *toArr) const
 
uint8_t * getDataPtr (size_t offset=0) const
 

Additional Inherited Members

- Static Public Member Functions inherited from pcpp::SSLLayer
static bool isSSLPort (uint16_t port)
 
static bool IsSSLMessage (uint16_t srcPort, uint16_t dstPort, uint8_t *data, size_t dataLen, bool ignorePorts=false)
 
static SSLLayercreateSSLMessage (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
 

Detailed Description

Represents SSL/TLS handshake layer. This layer may contain one or more handshake messages (all of them inherit from the base class SSLHandshakeMessage) which are the SSL/TLS handshake message sent between a client and a server until they establish a secure connection (e.g client-hello, server-hello, certificate, client-key-exchange, server-key-exchange, etc.). Usually this layer will contain just one message (as the first example below demonstrates). But there are cases a layer may contain more than 1 message. To better explain this layer structure we'll use 2 examples. The first will be client-hello message. The layer structure will look like this:

      |------------------- SSLHandshakeLayer ----------------------|
      +----------------------+-------------------------------------+
      | ssl_tls_record_layer |       SSLClientHelloMessage         |
      |        struct        |                                     |
      +----------------------+-------------------------------------+
       /     |       \               |          \         \      \
      /    version    \      |   handshake       \         \      \
     /     TLS1_0      \            type          \         \     rest of
    type                  \    | SSL_CLIENT_HELLO    \         \    message fields...
SSL_HANDSHAKE           length                   handshake      \
    (22)                 xxx   |                  version      message
                                                 TLS1_2      length
                             |                                yyy

Second example is a multiple-message handshake layer comprises of server-hello, certificate and server-key-exchange messages:

      |---------------------------------------------- SSLHandshakeLayer -----------------------------------------------------|
      +----------------------+-------------------------------------+---------------------------+-----------------------------+
      | ssl_tls_record_layer |       SSLServerHelloMessage         |   SSLCertificateMessage   | SSLServerKeyExchangeMessage |
      |        struct        |                                     |                           |                             |
      +----------------------+-------------------------------------+---------------------------+-----------------------------+
       /     |       \               |          \         \               |           \               |            \
      /    version    \      |   handshake       \        rest of  |      |          rest      |      |            rest
     /     TLS1_0      \            type          \       message      handshake   of fields...   handshake    of fields...
    type                  \    | SSL_SERVER_HELLO    \      fields...|     type                  |     type
SSL_HANDSHAKE           length                   handshake             SSL_CERTIFICATE             SSL_SERVER_KEY_EXCHANGE
    (22)                 xxx   |               version,length        |                           |

                             |                                     |                           |

Constructor & Destructor Documentation

◆ SSLHandshakeLayer()

pcpp::SSLHandshakeLayer::SSLHandshakeLayer ( uint8_t *  data,
size_t  dataLen,
Layer prevLayer,
Packet packet 
)

C'tor for this class that creates the layer from an existing packet raw data

Parameters
[in]dataA pointer to the raw data
[in]dataLenSize of the data in bytes
[in]prevLayerA pointer to the previous layer
[in]packetA pointer to the Packet instance where layer will be stored in

Member Function Documentation

◆ computeCalculateFields()

void pcpp::SSLHandshakeLayer::computeCalculateFields ( )
inlinevirtual

There are no calculated fields for this layer

Implements pcpp::Layer.

◆ getHandshakeMessageAt()

SSLHandshakeMessage* pcpp::SSLHandshakeLayer::getHandshakeMessageAt ( int  index) const

Get a pointer to an handshake message by index. The message are numbered according to their order of appearance in the layer. If index is out of bounds (less than 0 or larger than total amount of message) NULL will be returned

Parameters
[in]indexThe index of the message to return
Returns
The pointer to the message object or NULL if index is out of bounds

◆ getHandshakeMessageOfType()

template<class THandshakeMessage >
THandshakeMessage * pcpp::SSLHandshakeLayer::getHandshakeMessageOfType ( ) const

A templated method to get a message of a certain type. If no message of such type is found, NULL is returned

Returns
A pointer to the message of the requested type, NULL if not found

◆ getHandshakeMessagesCount()

size_t pcpp::SSLHandshakeLayer::getHandshakeMessagesCount ( ) const
inline
Returns
The number of messages in this layer instance

◆ getNextHandshakeMessageOfType()

template<class THandshakeMessage >
THandshakeMessage * pcpp::SSLHandshakeLayer::getNextHandshakeMessageOfType ( SSLHandshakeMessage after) const

A templated method to get the first message of a certain type, starting to search from a certain message. For example: if the layer looks like: HelloRequest(1) -> HelloRequest(2) and the user put HelloRequest(1) as a parameter and wishes to search for an HelloRequest message, the HelloRequest(2) will be returned.
If no layer of such type is found, NULL is returned

Parameters
[in]afterA pointer to the message to start search from
Returns
A pointer to the message of the requested type, NULL if not found

◆ toString()

std::string pcpp::SSLHandshakeLayer::toString ( ) const
virtual
Returns
A string representation of the layer most important data (should look like the layer description in Wireshark)

Implements pcpp::Layer.