Incremental TLS/SSL Handshake parser. More...

#include <Handshake.h>

Collaboration diagram for Security::HandshakeParser:

Public Types

enum  ParserState {
  atHelloNone = 0,
  atHelloStarted,
  atHelloReceived,
  atCertificatesReceived,
  atHelloDoneReceived,
  atNstReceived,
  atCcsReceived,
  atFinishReceived
}
 The parsing states. More...
 

Public Member Functions

 HandshakeParser ()
 
bool parseHello (const SBuf &data)
 

Public Attributes

TlsDetails::Pointer details
 TLS handshake meta info or nil. More...
 
Security::CertList serverCertificates
 parsed certificates chain More...
 
ParserState state
 current parsing state. More...
 
bool resumingSession
 True if this is a resuming session. More...
 

Private Member Functions

bool isSslv2Record (const SBuf &raw) const
 
void parseRecord ()
 
void parseModernRecord ()
 parses a single TLS Record Layer frame More...
 
void parseVersion2Record ()
 
void parseMessages ()
 parses one or more "higher-level protocol" frames of currentContentType More...
 
void parseChangeCipherCpecMessage ()
 
void parseAlertMessage ()
 
void parseHandshakeMessage ()
 
void parseApplicationDataMessage ()
 
void skipMessage (const char *msgType)
 
bool parseRecordVersion2Try ()
 
void parseVersion2HandshakeMessage (const SBuf &raw)
 
void parseClientHelloHandshakeMessage (const SBuf &raw)
 
void parseServerHelloHandshakeMessage (const SBuf &raw)
 RFC 5246 Section 7.4.1.3. Server Hello. More...
 
bool parseCompressionMethods (const SBuf &raw)
 
void parseExtensions (const SBuf &raw)
 
SBuf parseSniExtension (const SBuf &extensionData) const
 
void parseCiphers (const SBuf &raw)
 
void parseV23Ciphers (const SBuf &raw)
 
void parseServerCertificates (const SBuf &raw)
 

Static Private Member Functions

static CertPointer ParseCertificate (const SBuf &raw)
 

Private Attributes

unsigned int currentContentType
 The current TLS/SSL record content type. More...
 
const char * done
 not nil if we got what we were looking for More...
 
SBuf fragments
 concatenated TLSPlaintext.fragments of TLSPlaintext.type More...
 
Parser::BinaryTokenizer tkRecords
 TLS record layer (parsing uninterpreted data) More...
 
Parser::BinaryTokenizer tkMessages
 TLS message layer (parsing fragments) More...
 
YesNoNone expectingModernRecords
 Whether to use TLS parser or a V2 compatible parser. More...
 

Detailed Description

Definition at line 56 of file Handshake.h.

Member Enumeration Documentation

◆ ParserState

Enumerator
atHelloNone 
atHelloStarted 
atHelloReceived 
atCertificatesReceived 
atHelloDoneReceived 
atNstReceived 
atCcsReceived 
atFinishReceived 

Definition at line 60 of file Handshake.h.

Constructor & Destructor Documentation

◆ HandshakeParser()

Security::HandshakeParser::HandshakeParser ( )

Definition at line 190 of file Handshake.cc.

Member Function Documentation

◆ isSslv2Record()

bool Security::HandshakeParser::isSslv2Record ( const SBuf raw) const
private

RFC 5246. Appendix E.2. Compatibility with SSL 2.0 And draft-hickman-netscape-ssl-00. Section 4.1. SSL Record Header Format

Definition at line 214 of file Handshake.cc.

References head, type, Parser::BinaryTokenizer::uint16(), and Parser::BinaryTokenizer::uint8().

Referenced by parseHello().

◆ parseAlertMessage()

void Security::HandshakeParser::parseAlertMessage ( )
private

◆ parseApplicationDataMessage()

void Security::HandshakeParser::parseApplicationDataMessage ( )
private

Definition at line 344 of file Handshake.cc.

References Security::ctApplicationData, currentContentType, Must, and skipMessage().

Referenced by parseMessages().

◆ ParseCertificate()

Security::CertPointer Security::HandshakeParser::ParseCertificate ( const SBuf raw)
staticprivate

Creates and returns a certificate by parsing a DER-encoded X509 structure. Throws on failures.

Definition at line 541 of file Handshake.cc.

References assert, SBuf::length(), Must, SBuf::rawContent(), and Security::LockingPointer< T, UnLocker, Locker >::resetWithoutLocking().

Referenced by parseServerCertificates().

◆ parseChangeCipherCpecMessage()

void Security::HandshakeParser::parseChangeCipherCpecMessage ( )
private

◆ parseCiphers()

void Security::HandshakeParser::parseCiphers ( const SBuf raw)
private

◆ parseClientHelloHandshakeMessage()

◆ parseCompressionMethods()

bool Security::HandshakeParser::parseCompressionMethods ( const SBuf raw)
private

◆ parseExtensions()

◆ parseHandshakeMessage()

◆ parseHello()

bool Security::HandshakeParser::parseHello ( const SBuf data)

Parses the initial sequence of raw bytes sent by the TLS/SSL agent. Returns true upon successful completion (e.g., got HelloDone). Returns false if more data is needed. Throws on errors.

Definition at line 516 of file Handshake.cc.

References YesNoNone::configure(), YesNoNone::configured(), debugs, done, expectingModernRecords, isSslv2Record(), parseRecord(), Parser::BinaryTokenizer::reinput(), Parser::BinaryTokenizer::rollback(), and tkRecords.

Referenced by ConnStateData::parseTlsHandshake(), and Ssl::ServerBio::readAndParse().

◆ parseMessages()

◆ parseModernRecord()

◆ parseRecord()

void Security::HandshakeParser::parseRecord ( )
private

Definition at line 224 of file Handshake.cc.

References expectingModernRecords, parseModernRecord(), and parseVersion2Record().

Referenced by parseHello().

◆ parseRecordVersion2Try()

bool Security::HandshakeParser::parseRecordVersion2Try ( )
private

◆ parseServerCertificates()

void Security::HandshakeParser::parseServerCertificates ( const SBuf raw)
private

◆ parseServerHelloHandshakeMessage()

◆ parseSniExtension()

SBuf Security::HandshakeParser::parseSniExtension ( const SBuf extensionData) const
private

◆ parseV23Ciphers()

void Security::HandshakeParser::parseV23Ciphers ( const SBuf raw)
private

◆ parseVersion2HandshakeMessage()

◆ parseVersion2Record()

void Security::HandshakeParser::parseVersion2Record ( )
private

◆ skipMessage()

void Security::HandshakeParser::skipMessage ( const char *  msgType)
private

Member Data Documentation

◆ currentContentType

unsigned int Security::HandshakeParser::currentContentType
private

◆ details

◆ done

const char* Security::HandshakeParser::done
private

◆ expectingModernRecords

YesNoNone Security::HandshakeParser::expectingModernRecords
private

Definition at line 120 of file Handshake.h.

Referenced by parseHello(), and parseRecord().

◆ fragments

SBuf Security::HandshakeParser::fragments
private

Definition at line 111 of file Handshake.h.

Referenced by parseModernRecord().

◆ resumingSession

bool Security::HandshakeParser::resumingSession

Definition at line 76 of file Handshake.h.

Referenced by parseChangeCipherCpecMessage(), and Ssl::ServerBio::resumingSession().

◆ serverCertificates

Security::CertList Security::HandshakeParser::serverCertificates

Definition at line 72 of file Handshake.h.

Referenced by parseServerCertificates().

◆ state

ParserState Security::HandshakeParser::state

Definition at line 74 of file Handshake.h.

Referenced by parseHandshakeMessage(), and parseVersion2Record().

◆ tkMessages

Parser::BinaryTokenizer Security::HandshakeParser::tkMessages
private

◆ tkRecords

Parser::BinaryTokenizer Security::HandshakeParser::tkRecords
private

Definition at line 114 of file Handshake.h.

Referenced by parseHello(), parseModernRecord(), and parseVersion2Record().


The documentation for this class was generated from the following files:

 

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors