SSLLayer.h

Go to the documentation of this file.

#pragma once
 
#include "PointerVector.h"
#include "Layer.h"
#include "SSLCommon.h"
#include "SSLHandshake.h"
 
namespace pcpp
{
 
    class SSLLayer : public Layer
    {
    public:
        static inline bool isSSLPort(uint16_t port);
 
        static bool IsSSLMessage(uint16_t srcPort, uint16_t dstPort, uint8_t* data, size_t dataLen,
                                 bool ignorePorts = false);
 
        static SSLLayer* createSSLMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        ssl_tls_record_layer* getRecordLayer() const
        {
            return reinterpret_cast<ssl_tls_record_layer*>(m_Data);
        }
 
        SSLVersion getRecordVersion() const;
 
        SSLRecordType getRecordType() const;
 
        // implement abstract methods
 
        size_t getHeaderLen() const override;
 
        void parseNextLayer() override;
 
        OsiModelLayer getOsiModelLayer() const override
        {
            return OsiModelPresentationLayer;
        }
 
    protected:
        SSLLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
            : Layer(data, dataLen, prevLayer, packet, SSL)
        {}
 
    };  // class SSLLayer
 
    // The graph below will break the code formatting, so it's disabled.
    // clang-format off
    // clang-format on
    class SSLHandshakeLayer : public SSLLayer
    {
    public:
        SSLHandshakeLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet);
 
        size_t getHandshakeMessagesCount() const
        {
            return m_MessageList.size();
        }
 
        SSLHandshakeMessage* getHandshakeMessageAt(int index) const;
 
        template <class THandshakeMessage> THandshakeMessage* getHandshakeMessageOfType() const;
 
        template <class THandshakeMessage>
        THandshakeMessage* getNextHandshakeMessageOfType(const SSLHandshakeMessage* after) const;
 
        // implement abstract methods
 
        std::string toString() const override;
 
        void computeCalculateFields() override
        {}
 
    private:
        PointerVector<SSLHandshakeMessage> m_MessageList;
    };  // class SSLHandshakeLayer
 
    class SSLChangeCipherSpecLayer : public SSLLayer
    {
    public:
        SSLChangeCipherSpecLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
            : SSLLayer(data, dataLen, prevLayer, packet)
        {}
 
        ~SSLChangeCipherSpecLayer() override = default;
 
        // implement abstract methods
 
        std::string toString() const override;
 
        void computeCalculateFields() override
        {}
    };  // class SSLChangeCipherSpecLayer
 
    class SSLAlertLayer : public SSLLayer
    {
    public:
        SSLAlertLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
            : SSLLayer(data, dataLen, prevLayer, packet)
        {}
 
        ~SSLAlertLayer() override = default;
 
        SSLAlertLevel getAlertLevel() const;
 
        SSLAlertDescription getAlertDescription();
 
        // implement abstract methods
 
        std::string toString() const override;
 
        void computeCalculateFields() override
        {}
    };  // class SSLAlertLayer
 
    class SSLApplicationDataLayer : public SSLLayer
    {
    public:
        SSLApplicationDataLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet)
            : SSLLayer(data, dataLen, prevLayer, packet)
        {}
 
        ~SSLApplicationDataLayer() override = default;
 
        uint8_t* getEncryptedData() const;
 
        size_t getEncryptedDataLen() const;
 
        // implement abstract methods
 
        std::string toString() const override;
 
        void computeCalculateFields() override
        {}
    };  // class SSLApplicationDataLayer
 
    template <class THandshakeMessage> THandshakeMessage* SSLHandshakeLayer::getHandshakeMessageOfType() const
    {
        size_t vecSize = m_MessageList.size();
        for (size_t i = 0; i < vecSize; i++)
        {
            SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i));
            if (dynamic_cast<THandshakeMessage*>(curElem) != nullptr)
                return (THandshakeMessage*)curElem;
        }
 
        // element not found
        return nullptr;
    }  // getHandshakeMessageOfType
 
    template <class THandshakeMessage>
    THandshakeMessage* SSLHandshakeLayer::getNextHandshakeMessageOfType(const SSLHandshakeMessage* after) const
    {
        size_t vecSize = m_MessageList.size();
        size_t afterIndex;
 
        // find the index of "after"
        for (afterIndex = 0; afterIndex < vecSize; afterIndex++)
        {
            SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(afterIndex));
            if (curElem == after)
                break;
        }
 
        // "after" not found
        if (afterIndex == vecSize)
            return nullptr;
 
        for (size_t i = afterIndex + 1; i < vecSize; i++)
        {
            SSLHandshakeMessage* curElem = const_cast<SSLHandshakeMessage*>(m_MessageList.at(i));
            if (dynamic_cast<THandshakeMessage*>(curElem) != nullptr)
                return (THandshakeMessage*)curElem;
        }
 
        // element not found
        return nullptr;
    }  // getNextHandshakeMessageOfType
 
    // implementation of inline methods
 
    bool SSLLayer::isSSLPort(uint16_t port)
    {
        if (port == 443)  // HTTPS, this is likely case
            return true;
 
        switch (port)
        {
        case 261:  // NSIIOPS
        case 448:  // DDM-SSL
        case 465:  // SMTPS
        case 563:  // NNTPS
        case 614:  // SSHELL
        case 636:  // LDAPS
        case 989:  // FTPS - data
        case 990:  // FTPS - control
        case 992:  // Telnet over TLS/SSL
        case 993:  // IMAPS
        case 994:  // IRCS
        case 995:  // POP3S
            return true;
        default:
            return false;
        }
    }  // isSSLPort
 
}  // namespace pcpp