PcapPlusPlus  Next
Public Member Functions | List of all members
pcpp::SSLHandshakeLayer Class Reference

#include <SSLLayer.h>

Inheritance diagram for pcpp::SSLHandshakeLayer:
pcpp::SSLLayer pcpp::Layer pcpp::IDataContainer

Public Member Functions

 SSLHandshakeLayer (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
 
size_t getHandshakeMessagesCount () const
 
SSLHandshakeMessagegetHandshakeMessageAt (int index) const
 
template<class THandshakeMessage >
THandshakeMessage * getHandshakeMessageOfType () const
 
template<class THandshakeMessage >
THandshakeMessage * getNextHandshakeMessageOfType (const SSLHandshakeMessage *after) const
 
std::string toString () const override
 
void computeCalculateFields () override
 There are no calculated fields for this layer.
 
- Public Member Functions inherited from pcpp::SSLLayer
ssl_tls_record_layergetRecordLayer () const
 
SSLVersion getRecordVersion () const
 
SSLRecordType getRecordType () const
 
size_t getHeaderLen () const override
 
void parseNextLayer () override
 
OsiModelLayer getOsiModelLayer () const override
 
- Public Member Functions inherited from pcpp::Layer
 ~Layer () override
 
LayergetNextLayer () const
 
LayergetPrevLayer () const
 
ProtocolType getProtocol () const
 
bool isMemberOfProtocolFamily (ProtocolTypeFamily protocolTypeFamily) const
 
uint8_t * getData () const
 
size_t getDataLen () const
 
uint8_t * getLayerPayload () const
 
size_t getLayerPayloadSize () const
 
bool isAllocatedToPacket () const
 
void copyData (uint8_t *toArr) const
 
uint8_t * getDataPtr (size_t offset=0) const override
 

Additional Inherited Members

- Static Public Member Functions inherited from pcpp::SSLLayer
static bool isSSLPort (uint16_t port)
 
static bool IsSSLMessage (uint16_t srcPort, uint16_t dstPort, uint8_t *data, size_t dataLen, bool ignorePorts=false)
 
static SSLLayercreateSSLMessage (uint8_t *data, size_t dataLen, Layer *prevLayer, Packet *packet)
 
- Protected Member Functions inherited from pcpp::Layer
template<typename T , typename... Args>
LayerconstructNextLayer (uint8_t *data, size_t dataLen, Packet *packet, Args &&... extraArgs)
 
template<typename T , typename TFallback , typename... Args>
LayertryConstructNextLayerWithFallback (uint8_t *data, size_t dataLen, Packet *packet, Args &&... extraArgs)
 
- Static Protected Member Functions inherited from pcpp::Layer
template<typename T >
static bool canReinterpretAs (const uint8_t *data, size_t dataLen)
 Check if the data is large enough to reinterpret as a type. More...
 

Detailed Description

Represents SSL/TLS handshake layer. This layer may contain one or more handshake messages (all of them inherit from the base class SSLHandshakeMessage) which are the SSL/TLS handshake message sent between a client and a server until they establish a secure connection (e.g client-hello, server-hello, certificate, client-key-exchange, server-key-exchange, etc.). Usually this layer will contain just one message (as the first example below demonstrates). But there are cases a layer may contain more than 1 message. To better explain this layer structure. We'll use 2 examples. The first will be client-hello message. The layer structure will look like this:

|----------------------------- SSLHandshakeLayer ----------------------------------------|
+--------------------------------+-------------------------------------------------------+
| ssl_tls_record_layer | SSLClientHelloMessage |
| struct | |
+--------------------------------+-------------------------------------------------------+
| / | \ | \ \ \ |
| / version \ | handshake \ \ \ |
| / TLS1_0 \ type \ \ rest of |
| type \ | SSL_CLIENT_HELLO \ \ message fields... |
| SSL_HANDSHAKE length handshake \ |
| (22) xxx | version message |
| TLS1_2 length |
| | yyy |

Second example is a multiple-message handshake layer comprises of server-hello, certificate and server-key-exchange messages:

|------------------------------------------------------- SSLHandshakeLayer ------------------------------------------------------|
+--------------------------------+-------------------------------------+---------------------------+-----------------------------+
| ssl_tls_record_layer | SSLServerHelloMessage | SSLCertificateMessage | SSLServerKeyExchangeMessage |
| struct | | | |
+--------------------------------+-------------------------------------+---------------------------+-----------------------------+
| / | \ | \ \ | \ | \ |
| / version \ | handshake \ rest of | | rest | | rest |
| / TLS1_0 \ type \ message handshake of fields... handshake of fields... |
| type \ | SSL_SERVER_HELLO \ fields...| type | type |
| SSL_HANDSHAKE length handshake SSL_CERTIFICATE SSL_SERVER_KEY_EXCHANGE |
| (22) xxx | version,length | | |

Constructor & Destructor Documentation

◆ SSLHandshakeLayer()

pcpp::SSLHandshakeLayer::SSLHandshakeLayer ( uint8_t *  data,
size_t  dataLen,
Layer prevLayer,
Packet packet 
)

C'tor for this class that creates the layer from an existing packet raw data

Parameters
[in]dataA pointer to the raw data
[in]dataLenSize of the data in bytes
[in]prevLayerA pointer to the previous layer
[in]packetA pointer to the Packet instance where layer will be stored in

Member Function Documentation

◆ getHandshakeMessageAt()

SSLHandshakeMessage* pcpp::SSLHandshakeLayer::getHandshakeMessageAt ( int  index) const

Get a pointer to an handshake message by index. The message are numbered according to their order of appearance in the layer. If index is out of bounds (less than 0 or larger than total amount of message) nullptr will be returned

Parameters
[in]indexThe index of the message to return
Returns
The pointer to the message object or nullptr if index is out of bounds

◆ getHandshakeMessageOfType()

template<class THandshakeMessage >
THandshakeMessage * pcpp::SSLHandshakeLayer::getHandshakeMessageOfType

A templated method to get a message of a certain type. If no message of such type is found, nullptr is returned

Returns
A pointer to the message of the requested type, nullptr if not found

◆ getHandshakeMessagesCount()

size_t pcpp::SSLHandshakeLayer::getHandshakeMessagesCount ( ) const
inline
Returns
The number of messages in this layer instance

◆ getNextHandshakeMessageOfType()

template<class THandshakeMessage >
THandshakeMessage * pcpp::SSLHandshakeLayer::getNextHandshakeMessageOfType ( const SSLHandshakeMessage after) const

A templated method to get the first message of a certain type, starting to search from a certain message. For example: if the layer looks like: HelloRequest(1) -> HelloRequest(2) and the user put HelloRequest(1) as a parameter and wishes to search for an HelloRequest message, the HelloRequest(2) will be returned.
If no layer of such type is found, nullptr is returned

Parameters
[in]afterA pointer to the message to start search from
Returns
A pointer to the message of the requested type, nullptr if not found

◆ toString()

std::string pcpp::SSLHandshakeLayer::toString ( ) const
overridevirtual
Returns
A string representation of the layer most important data (should look like the layer description in Wireshark)

Implements pcpp::Layer.