Handshake.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2017 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SECURITY_HANDSHAKE_H
10 #define SQUID_SECURITY_HANDSHAKE_H
11 
12 #include "anyp/ProtocolVersion.h"
13 #include "base/YesNoNone.h"
14 #include "parser/BinaryTokenizer.h"
15 #include "security/forward.h"
16 
17 #include <unordered_set>
18 
19 namespace Security
20 {
21 
22 class TlsDetails: public RefCountable
23 {
24 public:
26 
27  TlsDetails();
29  std::ostream & print(std::ostream &os) const;
30 
37  bool hasTlsTicket;
44 
45  typedef std::unordered_set<uint16_t> Ciphers;
47 };
48 
49 inline
50 std::ostream &operator <<(std::ostream &os, Security::TlsDetails const &details)
51 {
52  return details.print(os);
53 }
54 
57 {
58 public:
61 
63 
68  bool parseHello(const SBuf &data);
69 
71 
73 
75 
77 
78 private:
79  bool isSslv2Record(const SBuf &raw) const;
80  void parseRecord();
81  void parseModernRecord();
82  void parseVersion2Record();
83  void parseMessages();
84 
86  void parseAlertMessage();
87  void parseHandshakeMessage();
89  void skipMessage(const char *msgType);
90 
92  void parseVersion2HandshakeMessage(const SBuf &raw);
93  void parseClientHelloHandshakeMessage(const SBuf &raw);
94  void parseServerHelloHandshakeMessage(const SBuf &raw);
95 
96  bool parseCompressionMethods(const SBuf &raw);
97  void parseExtensions(const SBuf &raw);
98  SBuf parseSniExtension(const SBuf &extensionData) const;
99 
100  void parseCiphers(const SBuf &raw);
101  void parseV23Ciphers(const SBuf &raw);
102 
103  void parseServerCertificates(const SBuf &raw);
104  static CertPointer ParseCertificate(const SBuf &raw);
105 
106  unsigned int currentContentType;
107 
108  const char *done;
109 
112 
115 
118 
121 };
122 
123 }
124 
125 #endif // SQUID_SECURITY_HANDSHAKE_H
126 
void parseCiphers(const SBuf &raw)
Definition: Handshake.cc:434
SBuf clientRandom
The client random number.
Definition: Handshake.h:42
std::unordered_set< uint16_t > Ciphers
Definition: Handshake.h:45
SBuf fragments
concatenated TLSPlaintext.fragments of TLSPlaintext.type
Definition: Handshake.h:111
void skipMessage(const char *msgType)
Definition: Handshake.cc:507
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:56
Definition: SBuf.h:87
bool tlsTicketsExtension
whether TLS tickets extension is enabled
Definition: Handshake.h:36
static CertPointer ParseCertificate(const SBuf &raw)
Definition: Handshake.cc:541
bool compressionSupported
The requested/used compressed method.
Definition: Handshake.h:33
void parseMessages()
parses one or more "higher-level protocol" frames of currentContentType
Definition: Handshake.cc:261
CtoCpp1(X509_free, X509 *) typedef Security CtoCpp1(X509_CRL_free, X509_CRL *) typedef Security typedef std::list< Security::CertPointer CertList)
Definition: forward.h:96
RefCount< TlsDetails > Pointer
Definition: Handshake.h:25
bool resumingSession
True if this is a resuming session.
Definition: Handshake.h:76
Parser::BinaryTokenizer tkRecords
TLS record layer (parsing uninterpreted data)
Definition: Handshake.h:114
Parser::BinaryTokenizer tkMessages
TLS message layer (parsing fragments)
Definition: Handshake.h:117
void const char HLPCB void * data
Definition: stub_helper.cc:16
bool isSslv2Record(const SBuf &raw) const
Definition: Handshake.cc:214
void parseModernRecord()
parses a single TLS Record Layer frame
Definition: Handshake.cc:234
Security::CertList serverCertificates
parsed certificates chain
Definition: Handshake.h:72
bool parseHello(const SBuf &data)
Definition: Handshake.cc:516
AnyP::ProtocolVersion tlsVersion
The TLS hello message version.
Definition: Handshake.h:31
SBuf serverName
The SNI hostname, if any.
Definition: Handshake.h:34
unsigned int currentContentType
The current TLS/SSL record content type.
Definition: Handshake.h:106
void parseServerCertificates(const SBuf &raw)
Definition: Handshake.cc:561
AnyP::ProtocolVersion tlsSupportedVersion
The requested/used TLS version.
Definition: Handshake.h:32
bool parseCompressionMethods(const SBuf &raw)
Definition: Handshake.cc:382
void parseVersion2HandshakeMessage(const SBuf &raw)
Definition: Handshake.cc:351
ParserState
The parsing states.
Definition: Handshake.h:60
bool unsupportedExtensions
whether any unsupported by Squid extensions are used
Definition: Handshake.h:39
TlsDetails::Pointer details
TLS handshake meta info or nil.
Definition: Handshake.h:70
SBuf parseSniExtension(const SBuf &extensionData) const
Definition: Handshake.cc:480
void parseExtensions(const SBuf &raw)
Definition: Handshake.cc:397
ParserState state
current parsing state.
Definition: Handshake.h:74
void parseClientHelloHandshakeMessage(const SBuf &raw)
Definition: Handshake.cc:367
void parseServerHelloHandshakeMessage(const SBuf &raw)
RFC 5246 Section 7.4.1.3. Server Hello.
Definition: Handshake.cc:464
const char * done
not nil if we got what we were looking for
Definition: Handshake.h:108
bool tlsStatusRequest
whether the TLS status request extension is set
Definition: Handshake.h:38
std::ostream & print(std::ostream &os) const
Prints to os stream a human readable form of TlsDetails object.
std::ostream & operator<<(std::ostream &, const Security::EncryptorAnswer &)
void parseV23Ciphers(const SBuf &raw)
Definition: Handshake.cc:445
YesNoNone expectingModernRecords
Whether to use TLS parser or a V2 compatible parser.
Definition: Handshake.h:120
bool hasTlsTicket
whether a TLS ticket is included
Definition: Handshake.h:37

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors