Handshake.h
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1996-2022 The Squid Software Foundation and contributors
3  *
4  * Squid software is distributed under GPLv2+ license and includes
5  * contributions from numerous individuals and organizations.
6  * Please see the COPYING and CONTRIBUTORS files for details.
7  */
8 
9 #ifndef SQUID_SECURITY_HANDSHAKE_H
10 #define SQUID_SECURITY_HANDSHAKE_H
11 
12 #include "anyp/ProtocolVersion.h"
13 #include "base/YesNoNone.h"
14 #include "parser/BinaryTokenizer.h"
15 #include "security/forward.h"
16 
17 #include <unordered_set>
18 
19 namespace Security
20 {
21 
22 class TlsDetails: public RefCountable
23 {
24 public:
26 
27  TlsDetails();
29  std::ostream & print(std::ostream &os) const;
30 
32 
36 
41  bool hasTlsTicket;
48 
49  typedef std::unordered_set<uint16_t> Ciphers;
51 };
52 
53 inline
54 std::ostream &operator <<(std::ostream &os, Security::TlsDetails const &details)
55 {
56  return details.print(os);
57 }
58 
61 {
62 public:
65 
67  typedef enum { fromClient = 0, fromServer } MessageSource;
68 
70 
75  bool parseHello(const SBuf &data);
76 
78 
80 
82 
85 
86 private:
87  bool isSslv2Record(const SBuf &raw) const;
88  void parseRecord();
89  void parseModernRecord();
90  void parseVersion2Record();
91  void parseMessages();
92 
94  void parseAlertMessage();
95  void parseHandshakeMessage();
97  void skipMessage(const char *msgType);
98 
100  void parseVersion2HandshakeMessage(const SBuf &raw);
101  void parseClientHelloHandshakeMessage(const SBuf &raw);
102  void parseServerHelloHandshakeMessage(const SBuf &raw);
103 
104  bool parseCompressionMethods(const SBuf &raw);
105  void parseExtensions(const SBuf &raw);
106  SBuf parseSniExtension(const SBuf &extensionData) const;
107  void parseSupportedVersionsExtension(const SBuf &extensionData) const;
108 
109  void parseCiphers(const SBuf &raw);
110  void parseV23Ciphers(const SBuf &raw);
111 
112  void parseServerCertificates(const SBuf &raw);
113 
114  unsigned int currentContentType;
115 
116  const char *done;
117 
120 
123 
126 
129 };
130 
132 inline bool
134 {
135  return (version.protocol == AnyP::PROTO_TLS || version.protocol == AnyP::PROTO_SSL);
136 }
137 
139 inline bool
141 {
144 
145  if (a.protocol == b.protocol)
146  return a < b;
147 
148  return a.protocol == AnyP::PROTO_SSL; // implies that b is TLS
149 }
150 
152 inline bool
154 {
156 }
157 
159 inline bool
161 {
162  return !Tls1p2orEarlier(p);
163 }
164 
165 }
166 
167 #endif // SQUID_SECURITY_HANDSHAKE_H
168 
std::ostream & print(std::ostream &os) const
Prints to os stream a human readable form of TlsDetails object.
AnyP::ProtocolVersion tlsVersion
The TLS hello message version.
Definition: Handshake.h:31
void parseV23Ciphers(const SBuf &raw)
Definition: Handshake.cc:490
void skipMessage(const char *msgType)
Definition: Handshake.cc:632
@ PROTO_SSL
Definition: ProtocolType.h:41
bool TlsFamilyProtocol(const AnyP::ProtocolVersion &version)
whether the given protocol belongs to the TLS/SSL group of protocols
Definition: Handshake.h:133
SBuf fragments
concatenated TLSPlaintext.fragments of TLSPlaintext.type
Definition: Handshake.h:119
Definition: SBuf.h:94
bool compressionSupported
The requested/used compressed method.
Definition: Handshake.h:37
const char * done
not nil if we got what we were looking for
Definition: Handshake.h:116
void parseVersion2HandshakeMessage(const SBuf &raw)
Definition: Handshake.cc:389
bool resumingSession
True if this is a resuming session.
Definition: Handshake.h:81
HandshakeParser(MessageSource)
Definition: Handshake.cc:219
SBuf serverName
The SNI hostname, if any.
Definition: Handshake.h:38
bool tlsStatusRequest
whether the TLS status request extension is set
Definition: Handshake.h:42
void parseExtensions(const SBuf &raw)
Definition: Handshake.cc:435
ProtocolType protocol
which protocol this version is for
MessageSource messageSource
whether we are parsing Server or Client TLS handshake messages
Definition: Handshake.h:84
SBuf parseSniExtension(const SBuf &extensionData) const
Definition: Handshake.cc:526
bool TlsVersionEarlierThan(const AnyP::ProtocolVersion &a, const AnyP::ProtocolVersion &b)
whether TLS/SSL protocol a precedes TLS/SSL protocol b
Definition: Handshake.h:140
@ PROTO_TLS
Definition: ProtocolType.h:40
bool Tls1p2orEarlier(const AnyP::ProtocolVersion &p)
whether the given TLS/SSL protocol is TLS v1.2 or earlier, including SSL
Definition: Handshake.h:153
SBuf clientRandom
The client random number.
Definition: Handshake.h:46
std::unordered_set< uint16_t > Ciphers
Definition: Handshake.h:49
bool unsupportedExtensions
whether any unsupported by Squid extensions are used
Definition: Handshake.h:43
void parseModernRecord()
parses a single TLS Record Layer frame
Definition: Handshake.cc:264
Parser::BinaryTokenizer tkMessages
TLS message layer (parsing fragments)
Definition: Handshake.h:125
TlsDetails::Pointer details
TLS handshake meta info. Never nil.
Definition: Handshake.h:77
bool parseHello(const SBuf &data)
Definition: Handshake.cc:641
static int version
bool hasTlsTicket
whether a TLS ticket is included
Definition: Handshake.h:41
bool parseCompressionMethods(const SBuf &raw)
Definition: Handshake.cc:420
bool Tls1p3orLater(const AnyP::ProtocolVersion &p)
whether the given TLS/SSL protocol is TLS v1.3 or later
Definition: Handshake.h:160
bool tlsTicketsExtension
whether TLS tickets extension is enabled
Definition: Handshake.h:40
ParserState
The parsing states.
Definition: Handshake.h:64
YesNoNone expectingModernRecords
Whether to use TLS parser or a V2 compatible parser.
Definition: Handshake.h:128
void parseServerCertificates(const SBuf &raw)
std::ostream & operator<<(std::ostream &, const Security::EncryptorAnswer &)
Parser::BinaryTokenizer tkRecords
TLS record layer (parsing uninterpreted data)
Definition: Handshake.h:122
void parseSupportedVersionsExtension(const SBuf &extensionData) const
RFC 8446 Section 4.2.1: SupportedVersions extension.
Definition: Handshake.cc:554
RefCount< TlsDetails > Pointer
Definition: Handshake.h:25
AnyP::ProtocolVersion tlsSupportedVersion
Definition: Handshake.h:35
void parseCiphers(const SBuf &raw)
Definition: Handshake.cc:479
#define Must(condition)
Definition: TextException.h:71
void parseServerHelloHandshakeMessage(const SBuf &raw)
RFC 5246 Section 7.4.1.3. Server Hello.
Definition: Handshake.cc:509
Incremental TLS/SSL Handshake parser.
Definition: Handshake.h:61
MessageSource
the originator of the TLS handshake being parsed
Definition: Handshake.h:67
unsigned int currentContentType
The current TLS/SSL record content type.
Definition: Handshake.h:114
void parseClientHelloHandshakeMessage(const SBuf &raw)
Definition: Handshake.cc:405
ParserState state
current parsing state.
Definition: Handshake.h:79
void parseMessages()
parses one or more "higher-level protocol" frames of currentContentType
Definition: Handshake.cc:291
Network/connection security abstraction layer.
Definition: Connection.h:34
bool isSslv2Record(const SBuf &raw) const
Definition: Handshake.cc:244

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors