PcapPlusPlus  Next
SSLLayer.h
Go to the documentation of this file.
1 #pragma once
2 
3 #include "PointerVector.h"
4 #include "Layer.h"
5 #include "SSLCommon.h"
6 #include "SSLHandshake.h"
7 
8 #ifdef __GNUC__
9 # pragma GCC diagnostic push
10 # pragma GCC diagnostic ignored "-Wcomment"
11 #endif
163 #ifdef __GNUC__
164 # pragma GCC diagnostic pop
165 #endif
166 
169 namespace pcpp
170 {
171 
177  class SSLLayer : public Layer
178  {
179  public:
182  static inline bool isSSLPort(uint16_t port);
183 
209  static bool IsSSLMessage(uint16_t srcPort, uint16_t dstPort, uint8_t* data, size_t dataLen,
210  bool ignorePorts = false);
211 
221  static SSLLayer* createSSLMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
222 
227  {
228  return reinterpret_cast<ssl_tls_record_layer*>(m_Data);
229  }
230 
233 
236 
237  // implement abstract methods
238 
240  size_t getHeaderLen() const override;
241 
244  void parseNextLayer() override;
245 
247  {
249  }
250 
251  protected:
252  SSLLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
253  : Layer(data, dataLen, prevLayer, packet, SSL)
254  {}
255 
256  }; // class SSLLayer
257 
258  // The graph below will break the code formatting, so it's disabled.
259  // clang-format off
301  // clang-format on
303  {
304  public:
310  SSLHandshakeLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
311 
314  {
315  return m_MessageList.size();
316  }
317 
324 
328  template <class THandshakeMessage> THandshakeMessage* getHandshakeMessageOfType() const;
329 
337  template <class THandshakeMessage>
338  THandshakeMessage* getNextHandshakeMessageOfType(const SSLHandshakeMessage* after) const;
339 
340  // implement abstract methods
341 
342  std::string toString() const override;
343 
345  void computeCalculateFields() override
346  {}
347 
348  private:
350  }; // class SSLHandshakeLayer
351 
356  {
357  public:
363  SSLChangeCipherSpecLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
364  : SSLLayer(data, dataLen, prevLayer, packet)
365  {}
366 
367  ~SSLChangeCipherSpecLayer() override = default;
368 
369  // implement abstract methods
370 
371  std::string toString() const override;
372 
374  void computeCalculateFields() override
375  {}
376  }; // class SSLChangeCipherSpecLayer
377 
381  class SSLAlertLayer : public SSLLayer
382  {
383  public:
389  SSLAlertLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
390  : SSLLayer(data, dataLen, prevLayer, packet)
391  {}
392 
393  ~SSLAlertLayer() override = default;
394 
397 
400 
401  // implement abstract methods
402 
403  std::string toString() const override;
404 
406  void computeCalculateFields() override
407  {}
408  }; // class SSLAlertLayer
409 
414  {
415  public:
421  SSLApplicationDataLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
422  : SSLLayer(data, dataLen, prevLayer, packet)
423  {}
424 
425  ~SSLApplicationDataLayer() override = default;
426 
429  uint8_t* getEncryptedData() const;
430 
432  size_t getEncryptedDataLen() const;
433 
434  // implement abstract methods
435 
436  std::string toString() const override;
437 
439  void computeCalculateFields() override
440  {}
441  }; // class SSLApplicationDataLayer
442 
443  template <class THandshakeMessage> THandshakeMessage* SSLHandshakeLayer::getHandshakeMessageOfType() const
444  {
445  size_t vecSize = m_MessageList.size();
446  for (size_t i = 0; i < vecSize; i++)
447  {
448  SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i));
449  if (dynamic_cast<THandshakeMessage*>(curElem) != nullptr)
450  return (THandshakeMessage*)curElem;
451  }
452 
453  // element not found
454  return nullptr;
455  } // getHandshakeMessageOfType
456 
457  template <class THandshakeMessage>
459  {
460  size_t vecSize = m_MessageList.size();
461  size_t afterIndex;
462 
463  // find the index of "after"
464  for (afterIndex = 0; afterIndex < vecSize; afterIndex++)
465  {
466  SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(afterIndex));
467  if (curElem == after)
468  break;
469  }
470 
471  // "after" not found
472  if (afterIndex == vecSize)
473  return nullptr;
474 
475  for (size_t i = afterIndex + 1; i < vecSize; i++)
476  {
477  SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i));
478  if (dynamic_cast<THandshakeMessage*>(curElem) != nullptr)
479  return (THandshakeMessage*)curElem;
480  }
481 
482  // element not found
483  return nullptr;
484  } // getNextHandshakeMessageOfType
485 
486  // implementation of inline methods
487 
488  bool SSLLayer::isSSLPort(uint16_t port)
489  {
490  if (port == 443) // HTTPS, this is likely case
491  return true;
492 
493  switch (port)
494  {
495  case 261: // NSIIOPS
496  case 448: // DDM-SSL
497  case 465: // SMTPS
498  case 563: // NNTPS
499  case 614: // SSHELL
500  case 636: // LDAPS
501  case 989: // FTPS - data
502  case 990: // FTPS - control
503  case 992: // Telnet over TLS/SSL
504  case 993: // IMAPS
505  case 994: // IRCS
506  case 995: // POP3S
507  return true;
508  default:
509  return false;
510  }
511  } // isSSLPort
512 } // namespace pcpp
Definition: Layer.h:60
Definition: Packet.h:22
Definition: PointerVector.h:50
Definition: SSLLayer.h:382
void computeCalculateFields() override
There are no calculated fields for this layer.
Definition: SSLLayer.h:406
SSLAlertLevel getAlertLevel() const
std::string toString() const override
SSLAlertDescription getAlertDescription()
SSLAlertLayer(uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
Definition: SSLLayer.h:389
Definition: SSLLayer.h:414
uint8_t * getEncryptedData() const
std::string toString() const override
void computeCalculateFields() override
There are no calculated fields for this layer.
Definition: SSLLayer.h:439
size_t getEncryptedDataLen() const
SSLApplicationDataLayer(uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
Definition: SSLLayer.h:421
Definition: SSLLayer.h:356
SSLChangeCipherSpecLayer(uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
Definition: SSLLayer.h:363
std::string toString() const override
void computeCalculateFields() override
There are no calculated fields for this layer.
Definition: SSLLayer.h:374
Definition: SSLLayer.h:303
SSLHandshakeLayer(uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
std::string toString() const override
size_t getHandshakeMessagesCount() const
Definition: SSLLayer.h:313
THandshakeMessage * getHandshakeMessageOfType() const
Definition: SSLLayer.h:443
void computeCalculateFields() override
There are no calculated fields for this layer.
Definition: SSLLayer.h:345
THandshakeMessage * getNextHandshakeMessageOfType(const SSLHandshakeMessage *after) const
Definition: SSLLayer.h:458
SSLHandshakeMessage * getHandshakeMessageAt(int index) const
Definition: SSLHandshake.h:259
Definition: SSLLayer.h:178
SSLVersion getRecordVersion() const
size_t getHeaderLen() const override
void parseNextLayer() override
OsiModelLayer getOsiModelLayer() const override
Definition: SSLLayer.h:246
static bool isSSLPort(uint16_t port)
Definition: SSLLayer.h:488
static bool IsSSLMessage(uint16_t srcPort, uint16_t dstPort, uint8_t *data, size_t dataLen, bool ignorePorts=false)
static SSLLayer * createSSLMessage(uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
ssl_tls_record_layer * getRecordLayer() const
Definition: SSLLayer.h:226
SSLRecordType getRecordType() const
Definition: SSLCommon.h:98
The main namespace for the PcapPlusPlus lib.
SSLAlertDescription
SSL/TLS alert description types.
Definition: SSLCommon.h:234
OsiModelLayer
An enum representing OSI model layers.
Definition: ProtocolType.h:225
@ OsiModelPresentationLayer
Presentation layer (layer 6)
Definition: ProtocolType.h:237
const ProtocolType SSL
SSL/TLS protocol.
Definition: ProtocolType.h:86
SSLRecordType
SSL/TLS message types.
Definition: SSLCommon.h:82
SSLAlertLevel
SSL/TLS alert levels.
Definition: SSLCommon.h:223
Definition: SSLCommon.h:17