diff --git a/Packet++/header/SSLCommon.h b/Packet++/header/SSLCommon.h index 5f499f9ec9..e6f620f172 100644 --- a/Packet++/header/SSLCommon.h +++ b/Packet++/header/SSLCommon.h @@ -3,22 +3,15 @@ #include #include -/** - * @file - * See detailed explanation of the TLS/SSL protocol support in PcapPlusPlus in SSLLayer.h - */ +/// @file +/// See detailed explanation of the TLS/SSL protocol support in PcapPlusPlus in SSLLayer.h -/** - * \namespace pcpp - * \brief The main namespace for the PcapPlusPlus lib - */ +/// @namespace pcpp +/// @brief The main namespace for the PcapPlusPlus lib namespace pcpp { - - /** - * @struct ssl_tls_record_layer - * The common part of all SSL/TLS messages - */ + /// @struct ssl_tls_record_layer + /// The common part of all SSL/TLS messages #pragma pack(push, 1) struct ssl_tls_record_layer { @@ -31,10 +24,8 @@ namespace pcpp }; #pragma pack(pop) - /** - * @struct ssl_tls_handshake_layer - * The common part of all SSL/TLS handshake message types - */ + /// @struct ssl_tls_handshake_layer + /// The common part of all SSL/TLS handshake message types #pragma pack(push, 1) struct ssl_tls_handshake_layer { @@ -47,10 +38,8 @@ namespace pcpp }; #pragma pack(pop) - /** - * @struct ssl_tls_client_server_hello - * The common header part of client-hello and server-hello handshake messages - */ + /// @struct ssl_tls_client_server_hello + /// The common header part of client-hello and server-hello handshake messages #pragma pack(push, 1) struct ssl_tls_client_server_hello : ssl_tls_handshake_layer { @@ -61,10 +50,8 @@ namespace pcpp }; #pragma pack(pop) - /** - * @struct ssl_tls_change_cipher_spec - * SSL/TLS change-cipher-spec message structure - */ + /// @struct ssl_tls_change_cipher_spec + /// SSL/TLS change-cipher-spec message structure #pragma pack(push, 1) struct ssl_tls_change_cipher_spec { @@ -73,10 +60,8 @@ namespace pcpp }; #pragma pack(pop) - /** - * @struct ssl_tls_alert - * SSL/TLS alert message structure - */ + /// @struct ssl_tls_alert + /// SSL/TLS alert message structure #pragma pack(push, 1) struct ssl_tls_alert { @@ -87,9 +72,7 @@ namespace pcpp }; #pragma pack(pop) - /** - * SSL/TLS message types - */ + /// SSL/TLS message types enum SSLRecordType { /** Change-cipher-spec message */ @@ -102,18 +85,14 @@ namespace pcpp SSL_APPLICATION_DATA = 23 }; - /** - * @class SSLVersion - * A wrapper class for SSL/TLS versions. The SSL/TLS version is typically represented by a 2-byte number, - * for example TLS 1.2 is represented by 0x0303. - * This class wraps the numeric value and provides methods to convert it into an enum, string, etc. - */ + /// @class SSLVersion + /// A wrapper class for SSL/TLS versions. The SSL/TLS version is typically represented by a 2-byte number, + /// for example TLS 1.2 is represented by 0x0303. + /// This class wraps the numeric value and provides methods to convert it into an enum, string, etc. class SSLVersion { public: - /** - * SSL/TLS versions enum - */ + /// SSL/TLS versions enum enum SSLVersionEnum { /** SSL 2.0 */ @@ -166,40 +145,32 @@ namespace pcpp Unknown = 0 }; - /** - * A c'tor for this class. - * @param[in] sslVersionValue The numeric value representing this SSL/TLS version. For example: - * for TLS 1.2 this would be 0x0303. - */ + /// A c'tor for this class. + /// @param[in] sslVersionValue The numeric value representing this SSL/TLS version. For example: + /// for TLS 1.2 this would be 0x0303. explicit SSLVersion(uint16_t sslVersionValue) { m_SSLVersionValue = sslVersionValue; } - /** - * @return An enum value of type SSLVersion::SSLVersionEnum representing the SSL/TLS version. - * If the numeric value is an invalid SSL/TLS version SSLVersion::Unknown will be returned. - * @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the enum value SSLVersion::TLS1_3 for all - * TLS 1.3 drafts. If set to "true" all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return - * SSLVersion::TLS1_3, otherwise the corresponding enum values will be returned. The default value is "false". - */ + /// @return An enum value of type SSLVersion::SSLVersionEnum representing the SSL/TLS version. + /// If the numeric value is an invalid SSL/TLS version SSLVersion::Unknown will be returned. + /// @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the enum value SSLVersion::TLS1_3 for all + /// TLS 1.3 drafts. If set to "true" all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return + /// SSLVersion::TLS1_3, otherwise the corresponding enum values will be returned. The default value is "false". SSLVersionEnum asEnum(bool countTlsDraftsAs1_3 = false); - /** - * @return The numeric value of the SSL/TLs version - */ + /// @return The numeric value of the SSL/TLs version uint16_t asUInt() { return m_SSLVersionValue; } - /** - * @return A string representation of the SSL/TLS version. For example: for TLS 1.2 the string "TLS 1.2" is - * returned. If the numeric value is an invalid SSL/TLS version the string "Unknown" will be returned. - * @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the string value "TLS 1.3" for all TLS 1.3 - * drafts. If set to "true" all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return - * "TLS 1.3", otherwise the corresponding string values will be returned. The default value is "false". - */ + /// @return A string representation of the SSL/TLS version. For example: for TLS 1.2 the string "TLS 1.2" is + /// returned. If the numeric value is an invalid SSL/TLS version the string "Unknown" will be returned. + /// @param[in] countTlsDraftsAs1_3 A flag indicating whether to return the string value "TLS 1.3" for all + /// TLS 1.3 drafts. If set to "true" all TLS 1.3 draft values (i.e 0x7f0e - 0x7f1c, 0xfb17, 0xfb1a) will return + /// "TLS 1.3", otherwise the corresponding string values will be returned. The default value is "false". std::string toString(bool countTlsDraftsAs1_3 = false); private: @@ -209,9 +180,7 @@ namespace pcpp SSLVersion(); }; - /** - * SSL/TLS handshake message types - */ + /// SSL/TLS handshake message types enum SSLHandshakeType { /** Hello-request message type */ @@ -246,9 +215,7 @@ namespace pcpp SSL_HANDSHAKE_UNKNOWN = 255 }; - /** - * SSL/TLS alert levels - */ + /// SSL/TLS alert levels enum SSLAlertLevel { /** Warning level alert */ @@ -259,9 +226,7 @@ namespace pcpp SSL_ALERT_LEVEL_ENCRYPTED = 255 }; - /** - * SSL/TLS alert description types - */ + /// SSL/TLS alert description types enum SSLAlertDescription { /** Close notify alert */ @@ -318,9 +283,7 @@ namespace pcpp SSL_ALERT_ENCRYPTED = 255 }; - /** - * SSL/TLS key exchange algorithms - */ + /// SSL/TLS key exchange algorithms enum SSLKeyExchangeAlgorithm { /** Null value */ @@ -351,9 +314,7 @@ namespace pcpp SSL_KEYX_Unknown }; - /** - * SSL/TLS authentication algorithms - */ + /// SSL/TLS authentication algorithms enum SSLAuthenticationAlgorithm { /** Null value */ @@ -384,9 +345,7 @@ namespace pcpp SSL_AUTH_Unknown }; - /** - * SSL/TLS symmetric encryption algorithms - */ + /// SSL/TLS symmetric encryption algorithms enum SSLSymetricEncryptionAlgorithm { /** Null value */ @@ -467,9 +426,7 @@ namespace pcpp SSL_SYM_Unknown }; - /** - * SSL/TLS hashing algorithms - */ + /// SSL/TLS hashing algorithms enum SSLHashingAlgorithm { /** Null value */ @@ -494,9 +451,7 @@ namespace pcpp SSL_HASH_Unknown }; - /** - * SSL/TLS extension types - */ + /// SSL/TLS extension types enum SSLExtensionType { /** Server Name Indication extension */ @@ -577,9 +532,7 @@ namespace pcpp SSL_EXT_Unknown }; - /** - * SSL/TLS client certificate types - */ + /// SSL/TLS client certificate types enum SSLClientCertificateType { /** RSA_SIGN */ @@ -605,5 +558,4 @@ namespace pcpp /** Unknown client certificate type */ SSL_CCT_UNKNOWN }; - } // namespace pcpp diff --git a/Packet++/header/SSLHandshake.h b/Packet++/header/SSLHandshake.h index 9c41752e2b..549d3ef850 100644 --- a/Packet++/header/SSLHandshake.h +++ b/Packet++/header/SSLHandshake.h @@ -5,104 +5,79 @@ #include "PointerVector.h" #include "Asn1Codec.h" -/** - * @file - * See detailed explanation of the TLS/SSL protocol support in PcapPlusPlus in SSLLayer.h - */ - -/** - * \namespace pcpp - * \brief The main namespace for the PcapPlusPlus lib - */ +/// @file +/// See detailed explanation of the TLS/SSL protocol support in PcapPlusPlus in SSLLayer.h + +/// @namespace pcpp +/// @brief The main namespace for the PcapPlusPlus lib namespace pcpp { - - /** - * @class SSLCipherSuite - * Represents a cipher-suite and enables access all information about it such as all algorithms it encapsulates, - * its ID (as appears in the client-hello or server-hello messages), - * its name (e.g "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA") etc. PcapPlusPlus contains static instances of this type - * for all known cipher-suites and enables access to them through name or ID (see getCipherSuiteByID() and - * getCipherSuiteByName() ). List of cipher-suite was taken from here: - * http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml - */ + /// @class SSLCipherSuite + /// Represents a cipher-suite and enables access all information about it such as all algorithms it encapsulates, + /// its ID (as appears in the client-hello or server-hello messages), + /// its name (e.g "TLS_DH_RSA_WITH_CAMELLIA_128_CBC_SHA") etc. PcapPlusPlus contains static instances of this type + /// for all known cipher-suites and enables access to them through name or ID (see getCipherSuiteByID() and + /// getCipherSuiteByName() ). List of cipher-suite was taken from here: + /// http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml class SSLCipherSuite { public: - /** - * A c'tor for this class, should never be used by a user - * @param[in] id Cipher-suite ID - * @param[in] keyExAlg Key-exchange algorithm used in this cipher-suite - * @param[in] authAlg Authentication algorithm used in this cipher-suite - * @param[in] symKeyAlg Symmetric key algorithm used in this cipher-suite - * @param[in] MACAlg MAC algorithm used in this cipher-suite - * @param[in] name String representation of this cipher-suite - */ + /// A c'tor for this class, should never be used by a user + /// @param[in] id Cipher-suite ID + /// @param[in] keyExAlg Key-exchange algorithm used in this cipher-suite + /// @param[in] authAlg Authentication algorithm used in this cipher-suite + /// @param[in] symKeyAlg Symmetric key algorithm used in this cipher-suite + /// @param[in] MACAlg MAC algorithm used in this cipher-suite + /// @param[in] name String representation of this cipher-suite SSLCipherSuite(uint16_t id, SSLKeyExchangeAlgorithm keyExAlg, SSLAuthenticationAlgorithm authAlg, SSLSymetricEncryptionAlgorithm symKeyAlg, SSLHashingAlgorithm MACAlg, const char* name) : m_Id(id), m_KeyExAlg(keyExAlg), m_AuthAlg(authAlg), m_SymKeyAlg(symKeyAlg), m_MACAlg(MACAlg), m_Name(name) {} - /** - * @return Cipher-suite ID - */ + /// @return Cipher-suite ID uint16_t getID() const { return m_Id; } - /** - * @return String representation of this cipher-suite - */ + /// @return String representation of this cipher-suite std::string asString() const { return m_Name; } - /** - * @return Key-exchange algorithm used in this cipher-suite - */ + /// @return Key-exchange algorithm used in this cipher-suite SSLKeyExchangeAlgorithm getKeyExchangeAlg() const { return m_KeyExAlg; } - /** - * @return Authentication algorithm used in this cipher-suite - */ + /// @return Authentication algorithm used in this cipher-suite SSLAuthenticationAlgorithm getAuthAlg() const { return m_AuthAlg; } - /** - * @return Symmetric key algorithm used in this cipher-suite - */ + /// @return Symmetric key algorithm used in this cipher-suite SSLSymetricEncryptionAlgorithm getSymKeyAlg() const { return m_SymKeyAlg; } - /** - * @return MAC algorithm used in this cipher-suite - */ + /// @return MAC algorithm used in this cipher-suite SSLHashingAlgorithm getMACAlg() const { return m_MACAlg; } - /** - * A static method that returns a cipher-suite instance by ID - * @param[in] id Cipher-suite ID - * @return A cipher-suite instance matching this ID or nullptr if ID not found - */ + /// A static method that returns a cipher-suite instance by ID + /// @param[in] id Cipher-suite ID + /// @return A cipher-suite instance matching this ID or nullptr if ID not found static SSLCipherSuite* getCipherSuiteByID(uint16_t id); - /** - * A static method that returns a cipher-suite instance by name - * @param[in] name Cipher-suite name (e.g "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA") - * @return A cipher-suite instance matching this name or nullptr if name not found - */ + /// A static method that returns a cipher-suite instance by name + /// @param[in] name Cipher-suite name (e.g "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA") + /// @return A cipher-suite instance matching this name or nullptr if name not found static SSLCipherSuite* getCipherSuiteByName(std::string name); private: @@ -114,53 +89,37 @@ namespace pcpp std::string m_Name; }; - /** - * @class SSLExtension - * Represents a SSL/TLS extension. This is a base class that can represent any type of extension. Inherited classes - * may contain parsing logic for specific extensions. This class provides capabilities such as getting the extension - * type, length and viewing the extension data as raw (byte array) - */ + /// @class SSLExtension + /// Represents a SSL/TLS extension. This is a base class that can represent any type of extension. Inherited classes + /// may contain parsing logic for specific extensions. This class provides capabilities such as getting the + /// extension type, length and viewing the extension data as raw (byte array) class SSLExtension { public: - /** - * C'tor for this class - * @param[in] data The raw data for the extension - */ + /// C'tor for this class + /// @param[in] data The raw data for the extension explicit SSLExtension(uint8_t* data); virtual ~SSLExtension() = default; - /** - * @return The type of the extension as enum - */ + /// @return The type of the extension as enum SSLExtensionType getType() const; - /** - * @return The type of the extension as a numeric value - */ + /// @return The type of the extension as a numeric value uint16_t getTypeAsInt() const; - /** - * @return The length of the extension data in bytes (not including the type and length fields) - */ + /// @return The length of the extension data in bytes (not including the type and length fields) uint16_t getLength() const; - /** - * @return The total length of the extension, including type and length fields and the extension data field - */ + /// @return The total length of the extension, including type and length fields and the extension data field uint16_t getTotalLength() const; - /** - * @return A pointer to the raw data of the extension - */ + /// @return A pointer to the raw data of the extension uint8_t* getData() const; protected: - /** - * @struct SSLExtensionStruct - * Represents the common fields of the extension - */ + /// @struct SSLExtensionStruct + /// Represents the common fields of the extension struct SSLExtensionStruct { /** Extension type */ @@ -179,139 +138,103 @@ namespace pcpp } }; - /** - * @class SSLServerNameIndicationExtension - * Represents SSL/TLS Server Name Indication extension. Inherits from SSLExtension and add parsing of the hostname - * written in the extension data - */ + /// @class SSLServerNameIndicationExtension + /// Represents SSL/TLS Server Name Indication extension. Inherits from SSLExtension and add parsing of the hostname + /// written in the extension data class SSLServerNameIndicationExtension : public SSLExtension { public: - /** - * C'tor for this class - * @param[in] data The raw data for the extension - */ + /// C'tor for this class + /// @param[in] data The raw data for the extension explicit SSLServerNameIndicationExtension(uint8_t* data) : SSLExtension(data) {} - /** - * @return The hostname written in the extension data - */ + /// @return The hostname written in the extension data std::string getHostName() const; }; - /** - * @class SSLSupportedVersionsExtension - * Represents TLS Supported Versions extension. Inherits from SSLExtension and adds parsing of the list - * of supported versions mentioned in the extension data - */ + /// @class SSLSupportedVersionsExtension + /// Represents TLS Supported Versions extension. Inherits from SSLExtension and adds parsing of the list + /// of supported versions mentioned in the extension data class SSLSupportedVersionsExtension : public SSLExtension { public: - /** - * C'tor for this class - * @param[in] data The raw data for the extension - */ + /// C'tor for this class + /// @param[in] data The raw data for the extension explicit SSLSupportedVersionsExtension(uint8_t* data) : SSLExtension(data) {} - /** - * @return The list of supported versions mentioned in the extension data - */ + /// @return The list of supported versions mentioned in the extension data std::vector getSupportedVersions() const; }; - /** - * @class TLSSupportedGroupsExtension - * Represents TLS Supported Groups extension. Inherits from SSLExtension and adds parsing of the - * supported groups (Elliptic Curves) mentioned in the extension data - */ + /// @class TLSSupportedGroupsExtension + /// Represents TLS Supported Groups extension. Inherits from SSLExtension and adds parsing of the + /// supported groups (Elliptic Curves) mentioned in the extension data class TLSSupportedGroupsExtension : public SSLExtension { public: - /** - * C'tor for this class - * @param[in] data The raw data for the extension - */ + /// C'tor for this class + /// @param[in] data The raw data for the extension explicit TLSSupportedGroupsExtension(uint8_t* data) : SSLExtension(data) {} - /** - * @return A vector of the supported groups (also known as "Elliptic Curves") - */ + /// @return A vector of the supported groups (also known as "Elliptic Curves") std::vector getSupportedGroups() const; }; - /** - * @class TLSECPointFormatExtension - * Represents TLS EC (Elliptic Curves) Point Format extension. Inherits from SSLExtension and adds parsing of the - * EC point formats mentioned in the extension data - */ + /// @class TLSECPointFormatExtension + /// Represents TLS EC (Elliptic Curves) Point Format extension. Inherits from SSLExtension and adds parsing of the + /// EC point formats mentioned in the extension data class TLSECPointFormatExtension : public SSLExtension { public: - /** - * C'tor for this class - * @param[in] data The raw data for the extension - */ + /// C'tor for this class + /// @param[in] data The raw data for the extension explicit TLSECPointFormatExtension(uint8_t* data) : SSLExtension(data) {} - /** - * @return A vector of the elliptic curves point formats - */ + /// @return A vector of the elliptic curves point formats std::vector getECPointFormatList() const; }; - /** - * @class SSLx509Certificate - * Represents a x509v3 certificate. the SSLCertificateMessage class returns an instance of this class as the - * certificate. Currently this class doesn't do much as it doesn't parse the certificate. It only acts as container - * to the raw data and returns general info as data as raw, length, etc. In the future I may add full parsing of the - * certificate - */ + /// @class SSLx509Certificate + /// Represents a x509v3 certificate. the SSLCertificateMessage class returns an instance of this class as the + /// certificate. Currently this class doesn't do much as it doesn't parse the certificate. It only acts as container + /// to the raw data and returns general info as data as raw, length, etc. In the future I may add full parsing of + /// the certificate class SSLx509Certificate { public: - /** - * C'tor for this class - * @param[in] data The raw data of the certificate - * @param[in] dataLen The length in bytes of the raw data - * @param[in] allDataExists Certificate messages usually spread on more than 1 packet. So a certificate is - * likely to split between 2 packets or more. This field indicates whether the raw data contains all - * certificate data of just a part of it - */ + /// C'tor for this class + /// @param[in] data The raw data of the certificate + /// @param[in] dataLen The length in bytes of the raw data + /// @param[in] allDataExists Certificate messages usually spread on more than 1 packet. So a certificate is + /// likely to split between 2 packets or more. This field indicates whether the raw data contains all + /// certificate data of just a part of it SSLx509Certificate(uint8_t* data, size_t dataLen, bool allDataExists) : m_Data(data), m_DataLen(dataLen), m_AllDataExists(allDataExists) {} - /** - * @return A pointer to the raw data - */ + /// @return A pointer to the raw data uint8_t* getData() const { return m_Data; } - /** - * @return Raw data length - */ + /// @return Raw data length size_t getDataLength() const { return m_DataLen; } - /** - * @return The root ASN.1 record of the certificate data. All of the certificate data will be under this record. - * If the Root ASN.1 record is malformed, an exception is thrown - */ + /// @return The root ASN.1 record of the certificate data. All of the certificate data will be under this + /// record. If the Root ASN.1 record is malformed, an exception is thrown Asn1SequenceRecord* getRootAsn1Record(); - /** - * Certificate messages usually spread on more than 1 packet. So a certificate is likely to split between 2 - * packets or more. This method provides an indication whether all certificate data exists or only part of it - * @return True if this data contains all certificate data, false otherwise - */ + /// Certificate messages usually spread on more than 1 packet. So a certificate is likely to split between 2 + /// packets or more. This method provides an indication whether all certificate data exists or only part of it + /// @return True if this data contains all certificate data, false otherwise bool allDataExists() const { return m_AllDataExists; @@ -326,58 +249,45 @@ namespace pcpp class SSLHandshakeLayer; - /** - * @class SSLHandshakeMessage - * A base class for SSL/TLS handshake messages. This is an abstract class and cannot be instantiated. SSL/TLS - * handshake messages are contained in SSLHandshakeLayer, meaning a SSLHandshakeLayer instance can contain one or - * more SSLHandshakeMessage instances. For example: one SSLHandshakeLayer may contain a server-hello, certificate, - * server-key-exchange, and server-hello-done messages (although it's not such a common case, most handshake layers - * contain 1 handshake message only) - */ + /// @class SSLHandshakeMessage + /// A base class for SSL/TLS handshake messages. This is an abstract class and cannot be instantiated. SSL/TLS + /// handshake messages are contained in SSLHandshakeLayer, meaning a SSLHandshakeLayer instance can contain one or + /// more SSLHandshakeMessage instances. For example: one SSLHandshakeLayer may contain a server-hello, certificate, + /// server-key-exchange, and server-hello-done messages (although it's not such a common case, most handshake layers + /// contain 1 handshake message only) class SSLHandshakeMessage { public: virtual ~SSLHandshakeMessage() = default; - /** - * A factory method for creating instances of handshake messages from raw data - * @param[in] data The raw data containing 1 handshake message - * @param[in] dataLen Raw data length in bytes - * @param[in] container A pointer to the SSLHandshakeLayer instance which will contain the created message. - * This parameter is required because the handshake message includes a pointer to its container - */ + /// A factory method for creating instances of handshake messages from raw data + /// @param[in] data The raw data containing 1 handshake message + /// @param[in] dataLen Raw data length in bytes + /// @param[in] container A pointer to the SSLHandshakeLayer instance which will contain the created message. + /// This parameter is required because the handshake message includes a pointer to its container static SSLHandshakeMessage* createHandshakeMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container); - /** - * @return The handshake message type - */ + /// @return The handshake message type virtual SSLHandshakeType getHandshakeType() const; - /** - * @return The handshake message length in bytes. Notice that sometimes the handshake message is divided between - * several packets, in this case this method will return the length of part of the message in the current packet - */ + /// @return The handshake message length in bytes. Notice that sometimes the handshake message is divided + /// between several packets, in this case this method will return the length of part of the message in the + /// current packet virtual size_t getMessageLength() const; - /** - * @return True if current packet contains the entire message or false otherwise. This method is important - * because sometimes handshake messages are divided in consequent packets (happens a lot in certificate messages - * which usually contain several KB of data which is larger than standard packet size, so the message is divided - * between several packets) - */ + /// @return True if current packet contains the entire message or false otherwise. This method is important + /// because sometimes handshake messages are divided in consequent packets (happens a lot in certificate + /// messages which usually contain several KB of data which is larger than standard packet size, so the message + /// is divided between several packets) virtual bool isMessageComplete() const; - /** - * @return A pointer to the SSLHandshakeLayer instance containing this message - */ + /// @return A pointer to the SSLHandshakeLayer instance containing this message SSLHandshakeLayer* getContainingLayer() const { return m_Container; } - /** - * @return A string representation of the message type (e.g "Client Hello message") - */ + /// @return A string representation of the message type (e.g "Client Hello message") virtual std::string toString() const = 0; protected: @@ -388,22 +298,18 @@ namespace pcpp SSLHandshakeLayer* m_Container; }; - /** - * @class SSLClientHelloMessage - * Represents a client-hello message (type 1). Inherits from SSLHandshakeMessage and adds parsing of all fields - * of this message including the message extensions, cipher-suite list, etc. - */ + /// @class SSLClientHelloMessage + /// Represents a client-hello message (type 1). Inherits from SSLHandshakeMessage and adds parsing of all fields + /// of this message including the message extensions, cipher-suite list, etc. class SSLClientHelloMessage : public SSLHandshakeMessage { public: - /** - * @struct ClientHelloTLSFingerprint - * A struct that contains all the elements needed for creating a Client Hello TLS fingerprinting: - * TLS version, a list of Cipher Suite IDs, a list of Extensions IDs, a list of support groups and a list of - * EC point formats. - * You can read more about this in SSLClientHelloMessage#generateTLSFingerprint(). - * This struct contains methods to extract the TLS fingerprint itself: toString() and toMD5() - */ + /// @struct ClientHelloTLSFingerprint + /// A struct that contains all the elements needed for creating a Client Hello TLS fingerprinting: + /// TLS version, a list of Cipher Suite IDs, a list of Extensions IDs, a list of support groups and a list of + /// EC point formats. + /// You can read more about this in SSLClientHelloMessage#generateTLSFingerprint(). + /// This struct contains methods to extract the TLS fingerprint itself: toString() and toMD5() struct ClientHelloTLSFingerprint { /** TLS version */ @@ -417,154 +323,116 @@ namespace pcpp /** A list of EC point formats taken from the "EC point formats" TLS extension (if exist in the message) */ std::vector ecPointFormats; - /** - * @return A string representing the TLS fingerprint, for example: - * 771,4866-4867-4865-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2 - * - * This string has the following format: - * TLSVersion,CipherSuiteIDs,ExtensionIDs,SupportedGroups,ECPointFormats - * - * The extension IDs, supported groups and EC point formats are each separated by a "-". - * If the message doesn't include the "supported groups" or "EC point formats" extensions, they will be - * replaced by an empty string for example: 771,4866-4867-4865-255,0-11-10-35-22-23-13-43-45-51,, - */ + /// @return A string representing the TLS fingerprint, for example: + /// 771,4866-4867-4865-255,0-11-10-35-22-23-13-43-45-51,29-23-30-25-24,0-1-2 + /// + /// This string has the following format: + /// TLSVersion,CipherSuiteIDs,ExtensionIDs,SupportedGroups,ECPointFormats + /// + /// The extension IDs, supported groups and EC point formats are each separated by a "-". + /// If the message doesn't include the "supported groups" or "EC point formats" extensions, they will be + /// replaced by an empty string for example: 771,4866-4867-4865-255,0-11-10-35-22-23-13-43-45-51,, std::string toString(); - /** - * @return An MD5 hash of the string generated by toString() - */ + /// @return An MD5 hash of the string generated by toString() std::string toMD5(); - /** - * @return A pair of the string and MD5 hash (string is first, MD5 is second). - * If you want both this method is more efficient than calling toString() and toMD5() separately - */ + /// @return A pair of the string and MD5 hash (string is first, MD5 is second). + /// If you want both this method is more efficient than calling toString() and toMD5() separately std::pair toStringAndMD5(); }; - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and shouldn't be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and shouldn't + /// be used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLClientHelloMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container); ~SSLClientHelloMessage() override = default; - /** - * @return A struct containing common fields for client-hello and server-hello messages. Notice this points - * directly to the data, so every change will change the actual packet data - */ + /// @return A struct containing common fields for client-hello and server-hello messages. Notice this points + /// directly to the data, so every change will change the actual packet data ssl_tls_client_server_hello* getClientHelloHeader() const { return reinterpret_cast(m_Data); } - /** - * @return Handshake SSL/TLS version (notice it may be different than SSLLayer#getRecordVersion(). Each - * client-hello or server-hello message has both record version and handshake version and they may differ from - * one another) - */ + /// @return Handshake SSL/TLS version (notice it may be different than SSLLayer#getRecordVersion(). Each + /// client-hello or server-hello message has both record version and handshake version and they may differ from + /// one another) SSLVersion getHandshakeVersion() const; - /** - * @return Session ID length in bytes. If server-hello message doesn't include session ID 0 will be returned - */ + /// @return Session ID length in bytes. If server-hello message doesn't include session ID 0 will be returned uint8_t getSessionIDLength() const; - /** - * @return Session ID as byte array. If server-hello message doesn't include session ID nullptr will be returned - */ + /// @return Session ID as byte array. If server-hello message doesn't include session ID nullptr will be + /// returned uint8_t* getSessionID() const; - /** - * @return The number of cipher-suites included in this message - */ + /// @return The number of cipher-suites included in this message int getCipherSuiteCount() const; - /** - * Get a pointer to a cipher-suite by index. The cipher-suites are numbered according to their order of - * appearance in the message. If index is out of bounds (less than 0 or larger than total amount of cipher - * suites) nullptr will be returned. nullptr will also be returned if the cipher-suite ID is unknown. If you - * still want to get the cipher-suite ID you can use getCipherSuiteID() - * @param[in] index The index of the cipher-suite to return - * @return The pointer to the cipher-suite object or nullptr if index is out of bounds - */ + /// Get a pointer to a cipher-suite by index. The cipher-suites are numbered according to their order of + /// appearance in the message. If index is out of bounds (less than 0 or larger than total amount of cipher + /// suites) nullptr will be returned. nullptr will also be returned if the cipher-suite ID is unknown. If you + /// still want to get the cipher-suite ID you can use getCipherSuiteID() + /// @param[in] index The index of the cipher-suite to return + /// @return The pointer to the cipher-suite object or nullptr if index is out of bounds SSLCipherSuite* getCipherSuite(int index) const; - /** - * Get the cipher-suite ID by index. This method just parses the ID from the client-hello message and returns - * it. To get more information on the cipher-suite you can use the getCipherSuite() method - * @param[in] index The index of the cipher-suite to return - * @param[out] isValid Set to "true" if parsing succeeded and the return value is valid or "false" if: - * (1) the index is out-of-bounds (less than 0 or larger than total amount of cipher suites) or (2) the parsing - * failed. If the value is "false" the return value can be ignored - * @return The cipher-suite ID if "isValid" is set to "true". If "isValid" is set to "false" the return value - * can be ignored - */ + /// Get the cipher-suite ID by index. This method just parses the ID from the client-hello message and returns + /// it. To get more information on the cipher-suite you can use the getCipherSuite() method + /// @param[in] index The index of the cipher-suite to return + /// @param[out] isValid Set to "true" if parsing succeeded and the return value is valid or "false" if: + /// (1) the index is out-of-bounds (less than 0 or larger than total amount of cipher suites) or (2) the parsing + /// failed. If the value is "false" the return value can be ignored + /// @return The cipher-suite ID if "isValid" is set to "true". If "isValid" is set to "false" the return value + /// can be ignored uint16_t getCipherSuiteID(int index, bool& isValid) const; - /** - * @return The value of the compression method byte - */ + /// @return The value of the compression method byte uint8_t getCompressionMethodsValue() const; - /** - * @return The number of extensions in this message - */ + /// @return The number of extensions in this message int getExtensionCount() const; - /** - * @return The size (in bytes) of all extensions data in this message. Extracted from the "extensions length" - * field - */ + /// @return The size (in bytes) of all extensions data in this message. Extracted from the "extensions length" + /// field uint16_t getExtensionsLength() const; - /** - * Get a pointer to an extension by index. The extensions are numbered according to their order of appearance - * in the message. If index is out of bounds (less than 0 or larger than total amount of extensions) nullptr - * will be returned - * @param[in] index The index of the extension to return - * @return The pointer to the extension or nullptr if index is out of bounds - */ + /// Get a pointer to an extension by index. The extensions are numbered according to their order of appearance + /// in the message. If index is out of bounds (less than 0 or larger than total amount of extensions) nullptr + /// will be returned + /// @param[in] index The index of the extension to return + /// @return The pointer to the extension or nullptr if index is out of bounds SSLExtension* getExtension(int index) const; - /** - * Get a pointer to an extension by numeric type field. Every extension has a 2-byte numeric value representing - * its type (for example: renegotiation info extension type is 0x1ff). This method gets the type and returns a - * pointer to the extension object - * @param[in] type The 2-byte numeric type of the extension - * @return A pointer to the extension object of nullptr if this type doesn't exist in this message - */ + /// Get a pointer to an extension by numeric type field. Every extension has a 2-byte numeric value representing + /// its type (for example: renegotiation info extension type is 0x1ff). This method gets the type and returns a + /// pointer to the extension object + /// @param[in] type The 2-byte numeric type of the extension + /// @return A pointer to the extension object of nullptr if this type doesn't exist in this message SSLExtension* getExtensionOfType(uint16_t type) const; - /** - * Get a pointer to an extension by its enum type - * @param[in] type The type of extension to return - * @return A pointer to the extension object or nullptr if this type doesn't exist in this message - */ + /// Get a pointer to an extension by its enum type + /// @param[in] type The type of extension to return + /// @return A pointer to the extension object or nullptr if this type doesn't exist in this message SSLExtension* getExtensionOfType(SSLExtensionType type) const; - /** - * Get a pointer to an extension by its class type. This is a templated method that is used with the type of the - * requested extension and returns the first extension instance of this type - * @return A pointer to the extension object or nullptr if this extension type doesn't exist in this message - * - */ + /// Get a pointer to an extension by its class type. This is a templated method that is used with the type of + /// the requested extension and returns the first extension instance of this type + /// @return A pointer to the extension object or nullptr if this extension type doesn't exist in this message template TExtension* getExtensionOfType() const; - /** - * TLS fingerprinting is a way to identify client applications using the details in the TLS Client Hello packet. - * It was initially introduced by Lee Brotherston in his 2015 research: - * This implementation of TLS fingerprint is a C++ version of - * Salesforce's JA3 open source project (originally written in Python and Zeek): - * - * @return A SSLClientHelloMessage#ClientHelloTLSFingerprint struct that contains all the elements needed for - * creating a TLS fingerprint out of this Client Hello message. This struct has also methods to extract the TLS - * fingerprint itself in a string or MD5 formats - */ + /// TLS fingerprinting is a way to identify client applications using the details in the TLS Client Hello + /// packet. It was initially introduced by Lee Brotherston in his 2015 research: + /// This implementation of TLS fingerprint is a C++ version + /// of Salesforce's JA3 open source project (originally written in Python and Zeek): + /// + /// @return A SSLClientHelloMessage#ClientHelloTLSFingerprint struct that contains all the elements needed for + /// creating a TLS fingerprint out of this Client Hello message. This struct has also methods to extract the TLS + /// fingerprint itself in a string or MD5 formats ClientHelloTLSFingerprint generateTLSFingerprint() const; // implement abstract methods @@ -575,21 +443,17 @@ namespace pcpp PointerVector m_ExtensionList; }; - /** - * @class SSLServerHelloMessage - * Represents SSL/TLS server-hello message (type 2). Inherits from SSLHandshakeMessage and adds parsing of all - * fields of this message including the message extensions, cipher-suite, etc. - */ + /// @class SSLServerHelloMessage + /// Represents SSL/TLS server-hello message (type 2). Inherits from SSLHandshakeMessage and adds parsing of all + /// fields of this message including the message extensions, cipher-suite, etc. class SSLServerHelloMessage : public SSLHandshakeMessage { public: - /** - * @struct ServerHelloTLSFingerprint - * A struct that contains all the elements needed for creating a Server Hello TLS fingerprinting: - * TLS version, Cipher Suite ID, and a list of Extensions IDs. - * You can read more about this in SSLServerHelloMessage#generateTLSFingerprint(). - * This struct contains methods to extract the TLS fingerprint itself: toString() and toMD5() - */ + /// @struct ServerHelloTLSFingerprint + /// A struct that contains all the elements needed for creating a Server Hello TLS fingerprinting: + /// TLS version, Cipher Suite ID, and a list of Extensions IDs. + /// You can read more about this in SSLServerHelloMessage#generateTLSFingerprint(). + /// This struct contains methods to extract the TLS fingerprint itself: toString() and toMD5() struct ServerHelloTLSFingerprint { /** TLS version */ @@ -599,146 +463,110 @@ namespace pcpp /** A list of extension IDs */ std::vector extensions; - /** - * @return A string representing the TLS fingerprint, for example: 771,49195,65281-16-11 - * - * This string has the following format: TLSVersion,Cipher,Extensions - * - * The extension ID are separated with a "-" - */ + /// @return A string representing the TLS fingerprint, for example: 771,49195,65281-16-11 + /// + /// This string has the following format: TLSVersion,Cipher,Extensions + /// + /// The extension ID are separated with a "-" std::string toString(); - /** - * @return An MD5 hash of the string generated by toString() - */ + /// @return An MD5 hash of the string generated by toString() std::string toMD5(); - /** - * @return A pair of the string and MD5 hash (string is first, MD5 is second). - * If you want both this method is more efficient than calling toString() and toMD5() separately - */ + /// @return A pair of the string and MD5 hash (string is first, MD5 is second). + /// If you want both this method is more efficient than calling toString() and toMD5() separately std::pair toStringAndMD5(); }; - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and shouldn't be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and shouldn't + /// be used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLServerHelloMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container); ~SSLServerHelloMessage() override = default; - /** - * @return A struct containing common fields for client-hello and server-hello messages. Notice this points - * directly to the data, so every change will change the actual packet data - */ + /// @return A struct containing common fields for client-hello and server-hello messages. Notice this points + /// directly to the data, so every change will change the actual packet data ssl_tls_client_server_hello* getServerHelloHeader() const { return reinterpret_cast(m_Data); } - /** - * @return Handshake SSL/TLS version (notice it may be different than SSLLayer#getRecordVersion(). Each - * client-hello or server-hello message has both record version and handshake version and they may differ from - * one another). - * - * NOTE: for TLS 1.3 the handshake version written in ssl_tls_client_server_hello::handshakeVersion is - * still TLS 1.2, so a special check is made here see if a SupportedVersions extension exists and if so extract - * the version from it. This is the most straight-forward way to detect TLS 1.3. - */ + /// @return Handshake SSL/TLS version (notice it may be different than SSLLayer#getRecordVersion(). Each + /// client-hello or server-hello message has both record version and handshake version and they may differ from + /// one another). + /// + /// NOTE: for TLS 1.3 the handshake version written in ssl_tls_client_server_hello::handshakeVersion is + /// still TLS 1.2, so a special check is made here see if a SupportedVersions extension exists and if so extract + /// the version from it. This is the most straight-forward way to detect TLS 1.3. SSLVersion getHandshakeVersion() const; - /** - * @return Session ID length in bytes. If server-hello message doesn't include session ID 0 will be returned - */ + /// @return Session ID length in bytes. If server-hello message doesn't include session ID 0 will be returned uint8_t getSessionIDLength() const; - /** - * @return Session ID as byte array. If server-hello message doesn't include session ID nullptr will be returned - */ + /// @return Session ID as byte array. If server-hello message doesn't include session ID nullptr will be + /// returned uint8_t* getSessionID() const; - /** - * @return A pointer to the cipher suite encapsulated in this message (server-hello message contains one - * cipher-suite, the one that will be used to for encryption between client and server). May return nullptr - * if the parsing of the message failed or the cipher-suite ID is unknown. If you still want to get the - * cipher-suite ID you can use the getCipherSuiteID() method - */ + /// @return A pointer to the cipher suite encapsulated in this message (server-hello message contains one + /// cipher-suite, the one that will be used to for encryption between client and server). May return nullptr + /// if the parsing of the message failed or the cipher-suite ID is unknown. If you still want to get the + /// cipher-suite ID you can use the getCipherSuiteID() method SSLCipherSuite* getCipherSuite() const; - /** - * Get the cipher-suite ID. This method just parses the ID from the server-hello message and returns it. - * To get more information on the cipher-suite you can use the getCipherSuite() method - * @param[out] isValid Set to "true" if parsing succeeded and the return value is valid or "false" otherwise. - * If the value is "false" the return value can be ignored - * @return The cipher-suite ID if "isValid" is set to "true". If "isValid" is set to "false" the return value - * can be ignored - */ + /// Get the cipher-suite ID. This method just parses the ID from the server-hello message and returns it. + /// To get more information on the cipher-suite you can use the getCipherSuite() method + /// @param[out] isValid Set to "true" if parsing succeeded and the return value is valid or "false" otherwise. + /// If the value is "false" the return value can be ignored + /// @return The cipher-suite ID if "isValid" is set to "true". If "isValid" is set to "false" the return value + /// can be ignored uint16_t getCipherSuiteID(bool& isValid) const; - /** - * @return The value of the compression method byte - */ + /// @return The value of the compression method byte uint8_t getCompressionMethodsValue() const; - /** - * @return The number of extensions in this message - */ + /// @return The number of extensions in this message int getExtensionCount() const; - /** - * @return The size (in bytes) of all extensions data in this message. Extracted from the "extensions length" - * field - */ + /// @return The size (in bytes) of all extensions data in this message. Extracted from the "extensions length" + /// field uint16_t getExtensionsLength() const; - /** - * Get a pointer to an extension by index. The extensions are numbered according to their order of appearance - * in the message. If index is out of bounds (less than 0 or larger than total amount of extensions) nullptr - * will be returned - * @param[in] index The index of the extension to return - * @return The pointer to the extension or nullptr if index is out of bounds - */ + /// Get a pointer to an extension by index. The extensions are numbered according to their order of appearance + /// in the message. If index is out of bounds (less than 0 or larger than total amount of extensions) nullptr + /// will be returned + /// @param[in] index The index of the extension to return + /// @return The pointer to the extension or nullptr if index is out of bounds SSLExtension* getExtension(int index) const; - /** - * Get a pointer to an extension by numeric type field. Every extension has a 2-byte numeric value representing - * its type (for example: renegotiation info extension type is 0x1ff). This method gets the type and returns a - * pointer to the extension object - * @param[in] type The 2-byte numeric type of the extension - * @return A pointer to the extension object of nullptr if this type doesn't exist in this message - */ + /// Get a pointer to an extension by numeric type field. Every extension has a 2-byte numeric value representing + /// its type (for example: renegotiation info extension type is 0x1ff). This method gets the type and returns a + /// pointer to the extension object + /// @param[in] type The 2-byte numeric type of the extension + /// @return A pointer to the extension object of nullptr if this type doesn't exist in this message SSLExtension* getExtensionOfType(uint16_t type) const; - /** - * Get a pointer to an extension by its enum type - * @param[in] type The type of extension to return - * @return A pointer to the extension object or nullptr if this type doesn't exist in this message - */ + /// Get a pointer to an extension by its enum type + /// @param[in] type The type of extension to return + /// @return A pointer to the extension object or nullptr if this type doesn't exist in this message SSLExtension* getExtensionOfType(SSLExtensionType type) const; - /** - * Get a pointer to an extension by its class type. This is a templated method that is used with the type of the - * requested extension and returns the first extension instance of this type - * @return A pointer to the extension object or nullptr if this extension type doesn't exist in this message - * - */ + /// Get a pointer to an extension by its class type. This is a templated method that is used with the type of + /// the requested extension and returns the first extension instance of this type + /// @return A pointer to the extension object or nullptr if this extension type doesn't exist in this message template TExtension* getExtensionOfType() const; - /** - * ServerHello TLS fingerprinting is a way to fingerprint TLS Server Hello messages. In conjunction with - * ClientHello TLS fingerprinting it can assist in identifying specific client-server communication (for - * example: a malware connecting to its backend server). - * ServerHello TLS fingerprinting was introduced in Salesforce's JA3S open source project: - * - * This implementation is a C++ version of Salesforce's JAS3 (originally written in Python and Zeek) - * @return A SSLServerHelloMessage#ServerHelloTLSFingerprint struct that contains all the elements needed for - * creating a TLS fingerprint out of this Server Hello message. This struct has also methods to extract the TLS - * fingerprint itself in a string or MD5 formats - */ + /// ServerHello TLS fingerprinting is a way to fingerprint TLS Server Hello messages. In conjunction with + /// ClientHello TLS fingerprinting it can assist in identifying specific client-server communication (for + /// example: a malware connecting to its backend server). + /// ServerHello TLS fingerprinting was introduced in Salesforce's JA3S open source project: + /// + /// This implementation is a C++ version of Salesforce's JAS3 (originally written in Python and Zeek) + /// @return A SSLServerHelloMessage#ServerHelloTLSFingerprint struct that contains all the elements needed for + /// creating a TLS fingerprint out of this Server Hello message. This struct has also methods to extract the TLS + /// fingerprint itself in a string or MD5 formats ServerHelloTLSFingerprint generateTLSFingerprint() const; // implement abstract methods @@ -749,43 +577,35 @@ namespace pcpp PointerVector m_ExtensionList; }; - /** - * @class SSLCertificateMessage - * Represents SSL/TLS certificate message (type 11). Inherits from SSLHandshakeMessage and adds parsing - * functionality such as extracting the certificates data. Notice that in most cases this message is spread over - * more than 1 packet as its size is too big for a single packet. So SSLCertificateMessage instance will be created - * just for the first part of the message - the one encapsulated in the first packet. Other parts (encapsulated in - * the following packets) won't be recognized as SSLCertificateMessage messages - */ + /// @class SSLCertificateMessage + /// Represents SSL/TLS certificate message (type 11). Inherits from SSLHandshakeMessage and adds parsing + /// functionality such as extracting the certificates data. Notice that in most cases this message is spread over + /// more than 1 packet as its size is too big for a single packet. So SSLCertificateMessage instance will be created + /// just for the first part of the message - the one encapsulated in the first packet. Other parts (encapsulated in + /// the following packets) won't be recognized as SSLCertificateMessage messages class SSLCertificateMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLCertificateMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container); ~SSLCertificateMessage() override = default; - /** - * @return The number of certificates encapsulated in this message (as written in the 'length' field of the - * message). Notice that because the message may spread over several packets, not all certificates will - * necessarily be in this packet. So, for example, there may be a case where this method return 3 (message - * contains 3 certificates) but this message actually contains only 1 certificate as the other 2 are spread over - * the other packets - */ + /// @return The number of certificates encapsulated in this message (as written in the 'length' field of the + /// message). Notice that because the message may spread over several packets, not all certificates will + /// necessarily be in this packet. So, for example, there may be a case where this method return 3 (message + /// contains 3 certificates) but this message actually contains only 1 certificate as the other 2 are spread + /// over the other packets int getNumOfCertificates() const; - /** - * Get a certificate by index - * @param[in] index The index of the certificate to retrieve - * @return A pointer to the certificate object. Notice that if index < 0 or index > num of certificates - * encapsulated in current packet a nullptr value will be returned - */ + /// Get a certificate by index + /// @param[in] index The index of the certificate to retrieve + /// @return A pointer to the certificate object. Notice that if index < 0 or index > num of certificates + /// encapsulated in current packet a nullptr value will be returned SSLx509Certificate* getCertificate(int index) const; // implement abstract methods @@ -796,21 +616,17 @@ namespace pcpp PointerVector m_CertificateList; }; - /** - * @class SSLHelloRequestMessage - * Represents SSL/TLS hello-request message (type 0). This message has no additional payload except for the common - * payload described in SSLHandshakeMessage - */ + /// @class SSLHelloRequestMessage + /// Represents SSL/TLS hello-request message (type 0). This message has no additional payload except for the common + /// payload described in SSLHandshakeMessage class SSLHelloRequestMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLHelloRequestMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} @@ -822,41 +638,33 @@ namespace pcpp std::string toString() const override; }; - /** - * @class SSLServerKeyExchangeMessage - * Represents SSL/TLS server-key-exchange message (type 12). Inherits from SSLHandshakeMessage and adds parsing - * functionality such as getting the server key exchange params as raw data (parsing of this may be added in the - * future) - */ + /// @class SSLServerKeyExchangeMessage + /// Represents SSL/TLS server-key-exchange message (type 12). Inherits from SSLHandshakeMessage and adds parsing + /// functionality such as getting the server key exchange params as raw data (parsing of this may be added in the + /// future) class SSLServerKeyExchangeMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLServerKeyExchangeMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} ~SSLServerKeyExchangeMessage() override = default; - /** - * @return A pointer to the raw data of the server key exchange params. Currently this data can only returned as - * raw, parsing may be added in the future. Notice that if the message is spread over more than 1 packet in a - * way params doesn't exist in the first packet, nullptr will be returned - */ + /// @return A pointer to the raw data of the server key exchange params. Currently this data can only returned + /// as raw, parsing may be added in the future. Notice that if the message is spread over more than 1 packet in + /// a way params doesn't exist in the first packet, nullptr will be returned uint8_t* getServerKeyExchangeParams() const; - /** - * @return The size of the params field. Notice that if the message is spread over more than 1 packet in a way - * the ssl_tls_handshake_layer cannot be parsed from the packet, 0 will be returned. Also, if only part of the - * params exist in current packet (and the rest are on consequent packets), the size that will be returned is - * the size of the part that exists in the current packet (and not total size of params) - */ + /// @return The size of the params field. Notice that if the message is spread over more than 1 packet in a way + /// the ssl_tls_handshake_layer cannot be parsed from the packet, 0 will be returned. Also, if only part of the + /// params exist in current packet (and the rest are on consequent packets), the size that will be returned is + /// the size of the part that exists in the current packet (and not total size of params) size_t getServerKeyExchangeParamsLength() const; // implement abstract methods @@ -864,41 +672,33 @@ namespace pcpp std::string toString() const override; }; - /** - * @class SSLClientKeyExchangeMessage - * Represents SSL/TLS client-key-exchange message (type 16). Inherits from SSLHandshakeMessage and adds parsing - * functionality such as getting the server key exchange params as raw data (parsing of this may be added in the - * future) - */ + /// @class SSLClientKeyExchangeMessage + /// Represents SSL/TLS client-key-exchange message (type 16). Inherits from SSLHandshakeMessage and adds parsing + /// functionality such as getting the server key exchange params as raw data (parsing of this may be added in the + /// future) class SSLClientKeyExchangeMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLClientKeyExchangeMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} ~SSLClientKeyExchangeMessage() override = default; - /** - * @return A pointer to the raw data of the server key exchange params. Currently this data can only be returned - * as raw, parsing may be added in the future. Notice that if the message is spread over more than 1 packet in - * a way params doesn't exist in the first packet, nullptr will be returned - */ + /// @return A pointer to the raw data of the server key exchange params. Currently this data can only be + /// returned as raw, parsing may be added in the future. Notice that if the message is spread over more than 1 + /// packet in a way params doesn't exist in the first packet, nullptr will be returned uint8_t* getClientKeyExchangeParams() const; - /** - * @return The size of the params field. Notice that if the message is spread over more than 1 packet in a way - * the ssl_tls_handshake_layer cannot be parsed from the packet, 0 will be returned. Also, if only part of the - * params exist in current packet (and the rest are on consequent packets), the size that will be returned is - * the size of the part that exists in the current packet (and not the total size of params) - */ + /// @return The size of the params field. Notice that if the message is spread over more than 1 packet in a way + /// the ssl_tls_handshake_layer cannot be parsed from the packet, 0 will be returned. Also, if only part of the + /// params exist in current packet (and the rest are on consequent packets), the size that will be returned is + /// the size of the part that exists in the current packet (and not the total size of params) size_t getClientKeyExchangeParamsLength() const; // implement abstract methods @@ -906,43 +706,33 @@ namespace pcpp std::string toString() const override; }; - /** - * @class SSLCertificateRequestMessage - * Represents SSL/TLS certificate-request message (type 13). Inherits from SSLHandshakeMessage and adds parsing - * functionality such as retrieving client certificate types and authority data - */ + /// @class SSLCertificateRequestMessage + /// Represents SSL/TLS certificate-request message (type 13). Inherits from SSLHandshakeMessage and adds parsing + /// functionality such as retrieving client certificate types and authority data class SSLCertificateRequestMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLCertificateRequestMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container); ~SSLCertificateRequestMessage() override = default; - /** - * @return A reference to a vector containing all client certificate types exist in this message - */ + /// @return A reference to a vector containing all client certificate types exist in this message std::vector& getCertificateTypes(); - /** - * @return A pointer to the certificate authority data as raw data (byte array). Parsing of this data may be - * added in the future. Notice that if this message is spread over several packets in a way none of the - * certificate authority data exists in this packet, nullptr will be returned - */ + /// @return A pointer to the certificate authority data as raw data (byte array). Parsing of this data may be + /// added in the future. Notice that if this message is spread over several packets in a way none of the + /// certificate authority data exists in this packet, nullptr will be returned uint8_t* getCertificateAuthorityData() const; - /** - * @return The length of certificate authority data returned by getCertificateAuthorityData(). Notice that if - * this message is spread over several packets in a way none of certificate authority data exists in the current - * packet, 0 will be returned. Also, if some of the data exists in the consequent packets, the length that will - * be returned is the length of data exists in the current packet only (and not the total length) - */ + /// @return The length of certificate authority data returned by getCertificateAuthorityData(). Notice that if + /// this message is spread over several packets in a way none of certificate authority data exists in the + /// current packet, 0 will be returned. Also, if some of the data exists in the consequent packets, the length + /// that will be returned is the length of data exists in the current packet only (and not the total length) size_t getCertificateAuthorityLength() const; // implement abstract methods @@ -953,21 +743,17 @@ namespace pcpp std::vector m_ClientCertificateTypes; }; - /** - * @class SSLServerHelloDoneMessage - * Represents SSL/TLS server-hello-done message (type 14). This message has no additional payload except for the - * common payload described in SSLHandshakeMessage - */ + /// @class SSLServerHelloDoneMessage + /// Represents SSL/TLS server-hello-done message (type 14). This message has no additional payload except for the + /// common payload described in SSLHandshakeMessage class SSLServerHelloDoneMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLServerHelloDoneMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} @@ -979,41 +765,33 @@ namespace pcpp std::string toString() const override; }; - /** - * @class SSLCertificateVerifyMessage - * Represents SSL/TLS certificate-verify message (type 15). Inherits from SSLHandshakeMessage and adds parsing - * functionality such as retrieving signed hash data as raw data (parsing may be added in the future) - * @todo This message type wasn't tested in unit-tests - */ + /// @class SSLCertificateVerifyMessage + /// Represents SSL/TLS certificate-verify message (type 15). Inherits from SSLHandshakeMessage and adds parsing + /// functionality such as retrieving signed hash data as raw data (parsing may be added in the future) + /// @todo This message type wasn't tested in unit-tests class SSLCertificateVerifyMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLCertificateVerifyMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} ~SSLCertificateVerifyMessage() override = default; - /** - * @return A pointer to the signed hash data as raw data (byte array). Parsing of this data may be added - * in the future. Notice that if this message is spread over several packets in a way none of the signed hash - * data exists in this packet, nullptr will be returned - */ + /// @return A pointer to the signed hash data as raw data (byte array). Parsing of this data may be added + /// in the future. Notice that if this message is spread over several packets in a way none of the signed hash + /// data exists in this packet, nullptr will be returned uint8_t* getSignedHash() const; - /** - * @return The length of signed hash data returned by getSignedHash(). Notice that if this message is spread - * over several packets in a way none of this data exists in the current packet, 0 will be returned. Also, if - * some of the data exists in the consequent packets, the length that will be returned will be the length of - * data exists in the current packet only (and not the total length) - */ + /// @return The length of signed hash data returned by getSignedHash(). Notice that if this message is spread + /// over several packets in a way none of this data exists in the current packet, 0 will be returned. Also, if + /// some of the data exists in the consequent packets, the length that will be returned will be the length of + /// data exists in the current packet only (and not the total length) size_t getSignedHashLength() const; // implement abstract methods @@ -1021,41 +799,33 @@ namespace pcpp std::string toString() const override; }; - /** - * @class SSLFinishedMessage - * Represents SSL/TLS finished message (type 20). Inherits from SSLHandshakeMessage and adds parsing - * functionality such as retrieving signed hash data as raw data (parsing may be added in the future) - * @todo This message type wasn't tested in unit-tests - */ + /// @class SSLFinishedMessage + /// Represents SSL/TLS finished message (type 20). Inherits from SSLHandshakeMessage and adds parsing + /// functionality such as retrieving signed hash data as raw data (parsing may be added in the future) + /// @todo This message type wasn't tested in unit-tests class SSLFinishedMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLFinishedMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} ~SSLFinishedMessage() override = default; - /** - * @return A pointer to the signed hash data as raw data (byte array). Parsing of this data may be added - * in the future. Notice that if this message is spread over several packets in a way none of the signed hash - * data exists in this packet, nullptr will be returned - */ + /// @return A pointer to the signed hash data as raw data (byte array). Parsing of this data may be added + /// in the future. Notice that if this message is spread over several packets in a way none of the signed hash + /// data exists in this packet, nullptr will be returned uint8_t* getSignedHash() const; - /** - * @return The length of signed hash data returned by getSignedHash(). Notice that if the message is spread over - * several packets in a way none of this data exists in the current packet, 0 will be returned. Also, if some of - * the data exists in the consequent packets, the length that will be returned will be the length of data exists - * in the current packet only (and not the total length) - */ + /// @return The length of signed hash data returned by getSignedHash(). Notice that if the message is spread + /// over several packets in a way none of this data exists in the current packet, 0 will be returned. Also, if + /// some of the data exists in the consequent packets, the length that will be returned will be the length of + /// data exists in the current packet only (and not the total length) size_t getSignedHashLength() const; // implement abstract methods @@ -1063,40 +833,32 @@ namespace pcpp std::string toString() const override; }; - /** - * @class SSLNewSessionTicketMessage - * Represents SSL/TLS new-session-ticket message (type 4). Inherits from SSLHandshakeMessage and adds parsing - * functionality such as retrieving session ticket data as raw data (parsing may be added in the future) - */ + /// @class SSLNewSessionTicketMessage + /// Represents SSL/TLS new-session-ticket message (type 4). Inherits from SSLHandshakeMessage and adds parsing + /// functionality such as retrieving session ticket data as raw data (parsing may be added in the future) class SSLNewSessionTicketMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLNewSessionTicketMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} ~SSLNewSessionTicketMessage() override = default; - /** - * @return A pointer to the session ticket data as raw data (byte array). Parsing of this data may be added - * in the future. Notice that if this message is spread over several packets in a way none of the signed hash - * data exists in current packet, nullptr will be returned - */ + /// @return A pointer to the session ticket data as raw data (byte array). Parsing of this data may be added + /// in the future. Notice that if this message is spread over several packets in a way none of the signed hash + /// data exists in current packet, nullptr will be returned uint8_t* getSessionTicketData() const; - /** - * @return The length of session ticket data returned by getSessionTicketData(). Notice that if this message is - * spread over several packets in a way none of this data exists in the current packet, 0 will be returned. - * Also, if some of the data exist in the consequent packets, the length that will be returned will be the - * length of the data existing in the current packet only (and not the total length) - */ + /// @return The length of session ticket data returned by getSessionTicketData(). Notice that if this message is + /// spread over several packets in a way none of this data exists in the current packet, 0 will be returned. + /// Also, if some of the data exist in the consequent packets, the length that will be returned will be the + /// length of the data existing in the current packet only (and not the total length) size_t getSessionTicketDataLength() const; // implement abstract methods @@ -1104,22 +866,18 @@ namespace pcpp std::string toString() const override; }; - /** - * @class SSLUnknownMessage - * Represents an unknown type of message or an encrypted message that PcapPlusPlus can't determine its type. In - * these cases length can't always be determined from the message itself (especially if the message is encrypted), - * so the length of this message will always be the size counted from message start until the end of the layer - */ + /// @class SSLUnknownMessage + /// Represents an unknown type of message or an encrypted message that PcapPlusPlus can't determine its type. In + /// these cases length can't always be determined from the message itself (especially if the message is encrypted), + /// so the length of this message will always be the size counted from message start until the end of the layer class SSLUnknownMessage : public SSLHandshakeMessage { public: - /** - * C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be - * used by a user - * @param[in] data The message as raw data - * @param[in] dataLen Message raw data length in bytes - * @param[in] container The SSL handshake layer which shall contain this message - */ + /// C'tor for this class. Currently only in use in SSLHandshakeMessage::createHandshakeMessage() and should be + /// used by a user + /// @param[in] data The message as raw data + /// @param[in] dataLen Message raw data length in bytes + /// @param[in] container The SSL handshake layer which shall contain this message SSLUnknownMessage(uint8_t* data, size_t dataLen, SSLHandshakeLayer* container) : SSLHandshakeMessage(data, dataLen, container) {} @@ -1128,16 +886,12 @@ namespace pcpp // implement virtual and abstract methods - /** - * @return Always ::SSL_HANDSHAKE_UNKNOWN (overridden from SSLHandshakeMessage) - */ + /// @return Always ::SSL_HANDSHAKE_UNKNOWN (overridden from SSLHandshakeMessage) SSLHandshakeType getHandshakeType() const override; - /** - * @return The length of the data from message start until the end of the layer. Since it's an unknown type - * or an encrypted message the length parsed from the message can't be guaranteed to be the correct length. - * That's why the length returned is the size until the end of the layer - */ + /// @return The length of the data from message start until the end of the layer. Since it's an unknown type + /// or an encrypted message the length parsed from the message can't be guaranteed to be the correct length. + /// That's why the length returned is the size until the end of the layer size_t getMessageLength() const override; std::string toString() const override; @@ -1168,5 +922,4 @@ namespace pcpp return nullptr; } - } // namespace pcpp diff --git a/Packet++/header/SSLLayer.h b/Packet++/header/SSLLayer.h index adf70a17ba..6fd1c91c5f 100644 --- a/Packet++/header/SSLLayer.h +++ b/Packet++/header/SSLLayer.h @@ -5,255 +5,242 @@ #include "SSLCommon.h" #include "SSLHandshake.h" -/** - * @file - * This file as well as SSLCommon.h and SSLHandshake.h provide structures that represent SSL/TLS protocol. - * Main features: - * - All common SSL/TLS version are supported from SSL 3.0 to TLS 1.3 - * - All SSL/TLS message types are supported (at least the message types that are not encrypted) - * - More than 300 cipher-suites are supported - * - Only parsing capabilities exist, editing and creation of messages are not supported - * - X509 certificate parsing is not supported - * - *

- * - * __SSL Records:__
- * - * The SSL/TLS protocol has 4 types of records: - * - Handshake record type - * - Change cipher spec record type - * - Alert record type - * - Application data record type - * - * Each record type corresponds to a layer class, and these classes inherit from one base class which is pcpp::SSLLayer. - * The pcpp::SSLLayer is an abstract class which cannot be instantiated. Only its 4 derived classes can be instantiated. - * This means you'll never see a layer of type pcpp::SSLLayer, you'll only see the type of the derived classes. - * A basic class diagram looks like this: - @verbatim - +----------------------------+ - +---| SSLHandshakeLayer | ===> Handshake record type - | +----------------------------+ - | - | +----------------------------+ - +---| SSLChangeCipherSpecLayer | ===> Change cipher spec record type - | +----------------------------+ - | - +------------+ | +----------------------------+ - | SSLLayer |-------------+---| SSLAlertLayer | ===> Alert record type - | (abstract) | | +----------------------------+ - +------------+ | - | +----------------------------+ - +---| SSLApplicationDataLayer | ===> Application data record type - +----------------------------+ - - @endverbatim - * - * A single packet may include several SSL/TLS records, meaning several layer instances of these types, for example: - * - @verbatim - - +--------------------------+ - | EthLayer | - +--------------------------+ - | IPv4Layer | - +--------------------------+ - | TcpLayer | - +--------------------------+ - | SSLHandshakeLayer | \ - +--------------------------+ \ - | SSLChangeCipherSpecLayer | -------- 3 SSL/TLS records in the same packet! - +--------------------------+ / - | SSLHandshakeLayer | / - +--------------------------+ - - @endverbatim - * - *

- * - * __SSL/TLS Handshake records:__
- * - * The SSL/TLS handshake records are the most complex ones. These type of records encapsulate all messages between - * client and server during SSL/TLS connection establishment. To accomplish that a SSL/TLS handshake record holds - * zero or more handshake messages (usually it holds 1 message). These messages form the handshake negotiation between - * the client and the server. There are several types of handshake messages. Some of the are sent from client to server - * and some from server to client. PcapPlusPlus supports 11 of these types (definitely the most common ones). For each - * message there is a designated class which parses the message and exposes its attributes in an easy-to-use manner. - * Here are the list of supported messages: - * - Client-hello - * - Server-hello - * - Certificate - * - Hello-request - * - Server-key-exchange - * - Client-key-exchange - * - Certificate-request - * - Server-hello-done - * - Certificate-verify - * - Finished - * - New-session-ticket - * - * All handshake messages classes inherit from a base abstract class: pcpp::SSLHandshakeMessage which cannot be - * instantiated. - * Also, all of them reside in SSLHandshake.h. Following is a simple diagram of these classes: - * - @verbatim - - SSLHandshakeMessage - | - +-------------------------------+ |--- SSLClientHelloMessage ==> Client-hello message - | SSLHandshakeLayer | | - +-------------------------------+ |--- SSLServerHelloMessage ==> Server-hello message - | -List of SSLHandshakeMessage | | - | Message1 | |---SSLCertificateMessage ==> Certificate message - | Message2 | | - | ... | |---SSLHelloRequestMessage ==> Hello-request message - | | | - +-------------------------------+ |---SSLServerKeyExchangeMessage ==> Server-key-exchange message - | - |---SSLClientKeyExchangeMessage ==> Client-key-exchange message - | - |---SSLCertificateRequestMessage ==> Certificate-request message - | - |---SSLServerHelloDoneMessage ==> Server-hello-done message - | - |---SSLCertificateVerifyMessage ==> Certificate-verify message - | - |---SSLFinishedMessage ==> Finished message - | - |---SSLNewSessionTicketMessage ==> New-session-ticket message - - @endverbatim - * - * In addition, for all handshake messages which aren't supported in PcapPlusPlus or for encrypted handshake messages - * There is another class: pcpp::SSLUnknownMessage - * - *

- * - * __Cipher suites:__
- * - * Cipher suites are named combinations of authentication, encryption, message authentication code (MAC) and key - * exchange algorithms used to negotiate the security settings for a network connection using SSL/TLS. - * There are many known cipher-suites. PcapPlusPlus support above 300 of them, according to this list: - * http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml - * There is a designated class in PcapPlusPlus called pcpp::SSLCipherSuite which represents the cipher-suites and - * provides access to their attributes. Then there is a static instance of this class for each one of the supported - * cipher-suites. - * This means there are 300+ static instances of pcpp::SSLCipherSuite representing the different cipher suites. The user - * can access them through static methods in pcpp::SSLCipherSuite or from client-hello and server-hello messages where - * they appear. - * - *

- * - * __SSL/TLS extensions:__
- * - * SSL/TLS handshake messages, specifically client-hello and server-hello usually include extensions. There are various - * types of extensions - some are more broadly used, some are less. In PcapPlusPlus there is a base class for all - * extensions: pcpp::SSLExtension. This class is instantiable and represents a generic extension, which means extension - * data isn't parsed and given to the user as raw data. Currently there are only two extension that are fully parsed - * which are server-name-indication (pcpp::SSLServerNameIndicationExtension) and SupportedVersions - * (pcpp::SSLSupportedVersionsExtension). - * Both inherit from pcpp::SSLExtension and add additional parsing relevant for the specific extension. - * All other extensions aren't parsed and are represented by instance of pcpp::SSLExtension. - * Access to extensions is done through the handshake messages classes, specifically pcpp::SSLClientHelloMessage and - * pcpp::SSLServerHelloMessage - */ - -/** - * \namespace pcpp - * \brief The main namespace for the PcapPlusPlus lib - */ +/// @file +/// This file as well as SSLCommon.h and SSLHandshake.h provide structures that represent SSL/TLS protocol. +/// Main features: +/// - All common SSL/TLS version are supported from SSL 3.0 to TLS 1.3 +/// - All SSL/TLS message types are supported (at least the message types that are not encrypted) +/// - More than 300 cipher-suites are supported +/// - Only parsing capabilities exist, editing and creation of messages are not supported +/// - X509 certificate parsing is not supported +/// +///

+/// +/// __SSL Records:__
+/// +/// The SSL/TLS protocol has 4 types of records: +/// - Handshake record type +/// - Change cipher spec record type +/// - Alert record type +/// - Application data record type +/// +/// Each record type corresponds to a layer class, and these classes inherit from one base class which is +/// pcpp::SSLLayer. The pcpp::SSLLayer is an abstract class which cannot be instantiated. Only its 4 derived classes can +/// be instantiated. This means you'll never see a layer of type pcpp::SSLLayer, you'll only see the type of the derived +/// classes. A basic class diagram looks like this: +/// @verbatim +/// +/// +----------------------------+ +/// +---| SSLHandshakeLayer | ===> Handshake record type +/// | +----------------------------+ +/// | +/// | +----------------------------+ +/// +---| SSLChangeCipherSpecLayer | ===> Change cipher spec record type +/// | +----------------------------+ +/// | +/// +------------+ | +----------------------------+ +/// | SSLLayer |----------+---| SSLAlertLayer | ===> Alert record type +/// | (abstract) | | +----------------------------+ +/// +------------+ | +/// | +----------------------------+ +/// +---| SSLApplicationDataLayer | ===> Application data record type +/// +----------------------------+ +/// +/// @endverbatim +/// +/// A single packet may include several SSL/TLS records, meaning +/// several layer instances of these types, for example: +/// +/// @verbatim +/// +/// +--------------------------+ +/// | EthLayer | +/// +--------------------------+ +/// | IPv4Layer | +/// +--------------------------+ +/// | TcpLayer | +/// +--------------------------+ +/// | SSLHandshakeLayer | \ +/// +--------------------------+ \ +/// | SSLChangeCipherSpecLayer | -------- 3 SSL/TLS records in the same packet! +/// +--------------------------+ / +/// | SSLHandshakeLayer | / +/// +--------------------------+ +/// +/// @endverbatim +/// +///

+/// +/// __SSL/TLS Handshake records:__
+/// +/// The SSL/TLS handshake records are the most complex ones. These type +/// of records encapsulate all messages between client and server during +/// SSL/TLS connection establishment. To accomplish that a SSL/TLS +/// handshake record holds zero or more handshake messages (usually it +/// holds 1 message). These messages form the handshake negotiation +/// between the client and the server. There are several types of +/// handshake messages. Some of the are sent from client to server and +/// some from server to client. PcapPlusPlus supports 11 of these types +/// (definitely the most common ones). For each message there is a +/// designated class which parses the message and exposes its attributes +/// in an easy-to-use manner. Here are the list of supported messages: +/// - Client-hello +/// - Server-hello +/// - Certificate +/// - Hello-request +/// - Server-key-exchange +/// - Client-key-exchange +/// - Certificate-request +/// - Server-hello-done +/// - Certificate-verify +/// - Finished +/// - New-session-ticket +/// +/// All handshake messages classes inherit from a base abstract class: +/// pcpp::SSLHandshakeMessage which cannot be instantiated. Also, all of +/// them reside in SSLHandshake.h. Following is a simple diagram of these +/// classes: +/// +/// @verbatim +/// +/// SSLHandshakeMessage +/// | +/// +-------------------------------+ |--- SSLClientHelloMessage ==> Client-hello message +/// | SSLHandshakeLayer | | +/// +-------------------------------+ |--- SSLServerHelloMessage ==> Server-hello message +/// | -List of SSLHandshakeMessage | | +/// | Message1 | |---SSLCertificateMessage ==> Certificate message +/// | Message2 | | +/// | ... | |---SSLHelloRequestMessage ==> Hello-request message +/// | | | +/// +-------------------------------+ |---SSLServerKeyExchangeMessage ==> Server-key-exchange message +/// | +/// |---SSLClientKeyExchangeMessage ==> Client-key-exchange message +/// | +/// |---SSLCertificateRequestMessage ==> Certificate-request message +/// | +/// |---SSLServerHelloDoneMessage ==> Server-hello-done message +/// | +/// |---SSLCertificateVerifyMessage ==> Certificate-verify message +/// | +/// |---SSLFinishedMessage ==> Finished message +/// | +/// |---SSLNewSessionTicketMessage ==> New-session-ticket message +/// +/// @endverbatim +/// +/// In addition, for all handshake messages which aren't supported in PcapPlusPlus or for encrypted +/// handshake messages There is another class: pcpp::SSLUnknownMessage +/// +///

+/// +/// __Cipher suites:__
+/// +/// Cipher suites are named combinations of authentication, encryption, message authentication code +/// (MAC) and key exchange algorithms used to negotiate the security settings for a network connection +/// using SSL/TLS. There are many known cipher-suites. PcapPlusPlus support above 300 of them, +/// according to this list: http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml There +/// is a designated class in PcapPlusPlus called pcpp::SSLCipherSuite which represents the +/// cipher-suites and provides access to their attributes. Then there is a static instance of this +/// class for each one of the supported cipher-suites. This means there are 300+ static instances of +/// pcpp::SSLCipherSuite representing the different cipher suites. The user can access them through +/// static methods in pcpp::SSLCipherSuite or from client-hello and server-hello messages where they +/// appear. +/// +///

+/// +/// __SSL/TLS extensions:__
+/// +/// SSL/TLS handshake messages, specifically client-hello and server-hello usually include extensions. +/// There are various types of extensions - some are more broadly used, some are less. In PcapPlusPlus +/// there is a base class for all extensions: pcpp::SSLExtension. This class is instantiable and +/// represents a generic extension, which means extension data isn't parsed and given to the user as +/// raw data. Currently there are only two extension that are fully parsed which are +/// server-name-indication (pcpp::SSLServerNameIndicationExtension) and SupportedVersions +/// (pcpp::SSLSupportedVersionsExtension). +/// Both inherit from pcpp::SSLExtension and add additional parsing relevant for the specific +/// extension. All other extensions aren't parsed and are represented by instance of +/// pcpp::SSLExtension. Access to extensions is done through the handshake messages classes, +/// specifically pcpp::SSLClientHelloMessage and pcpp::SSLServerHelloMessage +/// + +/// @namespace pcpp +/// @brief The main namespace for the PcapPlusPlus lib namespace pcpp { - /** - * @class SSLLayer - * The base class for the 4 record type classes. Each record type is represented as a layer. See SSLLayer.h for - * detailed explanation of the TLS/SSL protocol support in PcapPlusPlus. - * This class provides the common functionality used by all record types and also contains static methods for - * identifying an creating SSL/TLS record type layers - */ + /// @class SSLLayer + /// The base class for the 4 record type classes. Each record type is represented as a layer. See SSLLayer.h for + /// detailed explanation of the TLS/SSL protocol support in PcapPlusPlus. + /// This class provides the common functionality used by all record types and also contains static methods for + /// identifying an creating SSL/TLS record type layers class SSLLayer : public Layer { public: - /** - * A static method that checks whether the port is considered as SSL/TLS - * @param[in] port The port number to be checked - */ + /// A static method that checks whether the port is considered as SSL/TLS + /// @param[in] port The port number to be checked static inline bool isSSLPort(uint16_t port); - /** - * A static methods that gets raw data of a layer and checks whether this data is a SSL/TLS record or not. This - * check is done using the source/dest port and matching of a legal record type in the raw data. The list of - * ports identified as SSL/TLS is hard-coded and includes the following ports: - * - Port 443 [HTTPS] - * - Port 261 [NSIIOPS] - * - Port 448 [DDM-SSL] - * - Port 563 [NNTPS] - * - Port 614 [SSHELL] - * - Port 465 [SMTPS] - * - Port 636 [LDAPS] - * - Port 989 [FTPS - data] - * - Port 990 [FTPS - control] - * - Port 992 [Telnet over TLS/SSL] - * - Port 993 [IMAPS] - * - Port 994 [IRCS] - * - Port 995 [POP3S] - * @param[in] srcPort The source port of the packet that contains the raw data. Source port (or dest port) are a - * criteria to identify SSL/TLS packets - * @param[in] dstPort The dest port of the packet that contains the raw data. Dest port (or source port) are a - * criteria to identify SSL/TLS packets - * @param[in] data The data to check - * @param[in] dataLen Length (in bytes) of the data - * @param[in] ignorePorts SSL/TLS ports are only relevant for parsing the first SSL/TLS message, but are not - * relevant for parsing subsequent messages. This parameter can be set to "true" to skip SSL/TLS ports check. - * This is an optional parameter and its default is "false" - */ + /// A static methods that gets raw data of a layer and checks whether this data is a SSL/TLS record or not. This + /// check is done using the source/dest port and matching of a legal record type in the raw data. The list of + /// ports identified as SSL/TLS is hard-coded and includes the following ports: + /// - Port 443 [HTTPS] + /// - Port 261 [NSIIOPS] + /// - Port 448 [DDM-SSL] + /// - Port 563 [NNTPS] + /// - Port 614 [SSHELL] + /// - Port 465 [SMTPS] + /// - Port 636 [LDAPS] + /// - Port 989 [FTPS - data] + /// - Port 990 [FTPS - control] + /// - Port 992 [Telnet over TLS/SSL] + /// - Port 993 [IMAPS] + /// - Port 994 [IRCS] + /// - Port 995 [POP3S] + /// @param[in] srcPort The source port of the packet that contains the raw data. Source port (or dest port) are + /// a criteria to identify SSL/TLS packets + /// @param[in] dstPort The dest port of the packet that contains the raw data. Dest port (or source port) are a + /// criteria to identify SSL/TLS packets + /// @param[in] data The data to check + /// @param[in] dataLen Length (in bytes) of the data + /// @param[in] ignorePorts SSL/TLS ports are only relevant for parsing the first SSL/TLS message, but are not + /// relevant for parsing subsequent messages. This parameter can be set to "true" to skip SSL/TLS ports check. + /// This is an optional parameter and its default is "false" static bool IsSSLMessage(uint16_t srcPort, uint16_t dstPort, uint8_t* data, size_t dataLen, bool ignorePorts = false); - /** - * A static method that creates SSL/TLS layers by raw data. This method parses the raw data, finds if and which - * SSL/TLS record it is and creates the corresponding record layer. It's the responsibility of the user to free - * the created object when done using it - * @param[in] data A pointer to the raw data - * @param[in] dataLen Size of the data in bytes - * @param[in] prevLayer A pointer to the previous layer - * @param[in] packet A pointer to the Packet instance where layer will be stored in - * @return A pointer to the newly created record layer. If no SSL/TLS record could be identified from the raw - * data nullptr is returned - */ + /// A static method that creates SSL/TLS layers by raw data. This method parses the raw data, finds if and which + /// SSL/TLS record it is and creates the corresponding record layer. It's the responsibility of the user to free + /// the created object when done using it + /// @param[in] data A pointer to the raw data + /// @param[in] dataLen Size of the data in bytes + /// @param[in] prevLayer A pointer to the previous layer + /// @param[in] packet A pointer to the Packet instance where layer will be stored in + /// @return A pointer to the newly created record layer. If no SSL/TLS record could be identified from the raw + /// data nullptr is returned static SSLLayer* createSSLMessage(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet); - /** - * Get a pointer to the record header. Notice this points directly to the data, so every change will change the - * actual packet data - * @return A pointer to the @ref ssl_tls_record_layer - */ + /// Get a pointer to the record header. Notice this points directly to the data, so every change will change the + /// actual packet data + /// @return A pointer to the @ref ssl_tls_record_layer ssl_tls_record_layer* getRecordLayer() const { return reinterpret_cast(m_Data); } - /** - * @return The SSL/TLS version used in this record (parsed from the record) - */ + /// @return The SSL/TLS version used in this record (parsed from the record) SSLVersion getRecordVersion() const; - /** - * @return The SSL/TLS record type as parsed from the record - */ + /// @return The SSL/TLS record type as parsed from the record SSLRecordType getRecordType() const; // implement abstract methods - /** - * @return The record size as extracted from the record data (in ssl_tls_record_layer#length) - */ + /// @return The record size as extracted from the record data (in ssl_tls_record_layer#length) size_t getHeaderLen() const override; - /** - * Several SSL/TLS records can reside in a single packets. So this method checks the remaining data and if it's - * identified as SSL/TLS it creates another SSL/TLS record layer as the next layer - */ + /// Several SSL/TLS records can reside in a single packets. So this method checks the remaining data and if it's + /// identified as SSL/TLS it creates another SSL/TLS record layer as the next layer void parseNextLayer() override; OsiModelLayer getOsiModelLayer() const override @@ -270,96 +257,84 @@ namespace pcpp // The graph below will break the code formatting, so it's disabled. // clang-format off - /** - * @class SSLHandshakeLayer - * Represents SSL/TLS handshake layer. This layer may contain one or more handshake messages (all of them inherit - * from the base class SSLHandshakeMessage) which are the SSL/TLS handshake message sent between a client and a - * server until they establish a secure connection (e.g client-hello, server-hello, certificate, - * client-key-exchange, server-key-exchange, etc.). - * Usually this layer will contain just one message (as the first example below - * demonstrates). But there are cases a layer may contain more than 1 message. To better explain this layer - * structure. We'll use 2 examples. The first will be client-hello message. The layer structure will look like this: - @verbatim - - |------------------- SSLHandshakeLayer ----------------------| - +----------------------+-------------------------------------+ - | ssl_tls_record_layer | SSLClientHelloMessage | - | struct | | - +----------------------+-------------------------------------+ - / | \ | \ \ \ - / version \ | handshake \ \ \ - / TLS1_0 \ type \ \ rest of - type \ | SSL_CLIENT_HELLO \ \ message fields... - SSL_HANDSHAKE length handshake \ - (22) xxx | version message - TLS1_2 length - | yyy - @endverbatim - - * Second example is a multiple-message handshake layer comprises of server-hello, certificate and - * server-key-exchange messages: - - @verbatim - - |---------------------------------------------- SSLHandshakeLayer -----------------------------------------------------| - +----------------------+-------------------------------------+---------------------------+-----------------------------+ - | ssl_tls_record_layer | SSLServerHelloMessage | SSLCertificateMessage | SSLServerKeyExchangeMessage | - | struct | | | | - +----------------------+-------------------------------------+---------------------------+-----------------------------+ - / | \ | \ \ | \ | \ - / version \ | handshake \ rest of | | rest | | rest - / TLS1_0 \ type \ message handshake of fields... handshake of fields... - type \ | SSL_SERVER_HELLO \ fields...| type | type - SSL_HANDSHAKE length handshake SSL_CERTIFICATE SSL_SERVER_KEY_EXCHANGE - (22) xxx | version,length | | - @endverbatim - */ + /// @class SSLHandshakeLayer + /// Represents SSL/TLS handshake layer. This layer may contain one or more handshake messages (all of them inherit + /// from the base class SSLHandshakeMessage) which are the SSL/TLS handshake message sent between a client and a + /// server until they establish a secure connection (e.g client-hello, server-hello, certificate, + /// client-key-exchange, server-key-exchange, etc.). + /// Usually this layer will contain just one message (as the first example below + /// demonstrates). But there are cases a layer may contain more than 1 message. To better explain this layer + /// structure. We'll use 2 examples. The first will be client-hello message. The layer structure will look like this: + /// @verbatim + /// + /// |------------------- SSLHandshakeLayer ----------------------| + /// +----------------------+-------------------------------------+ + /// | ssl_tls_record_layer | SSLClientHelloMessage | + /// | struct | | + /// +----------------------+-------------------------------------+ + /// / | \ | \ \ \ + /// / version \ | handshake \ \ \ + /// / TLS1_0 \ type \ \ rest of + /// type \ | SSL_CLIENT_HELLO \ \ message fields... + /// SSL_HANDSHAKE length handshake \ + /// (22) xxx | version message + /// TLS1_2 length + /// | yyy + /// @endverbatim + /// + /// Second example is a multiple-message handshake layer comprises of server-hello, certificate and + /// server-key-exchange messages: + /// + /// @verbatim + /// + /// |---------------------------------------------- SSLHandshakeLayer -----------------------------------------------------| + /// +----------------------+-------------------------------------+---------------------------+-----------------------------+ + /// | ssl_tls_record_layer | SSLServerHelloMessage | SSLCertificateMessage | SSLServerKeyExchangeMessage | + /// | struct | | | | + /// +----------------------+-------------------------------------+---------------------------+-----------------------------+ + /// / | \ | \ \ | \ | \ + /// / version \ | handshake \ rest of | | rest | | rest + /// / TLS1_0 \ type \ message handshake of fields... handshake of fields... + /// type \ | SSL_SERVER_HELLO \ fields...| type | type + /// SSL_HANDSHAKE length handshake SSL_CERTIFICATE SSL_SERVER_KEY_EXCHANGE + /// (22) xxx | version,length | | + /// @endverbatim // clang-format on class SSLHandshakeLayer : public SSLLayer { public: - /** - * C'tor for this class that creates the layer from an existing packet raw data - * @param[in] data A pointer to the raw data - * @param[in] dataLen Size of the data in bytes - * @param[in] prevLayer A pointer to the previous layer - * @param[in] packet A pointer to the Packet instance where layer will be stored in - */ + /// C'tor for this class that creates the layer from an existing packet raw data + /// @param[in] data A pointer to the raw data + /// @param[in] dataLen Size of the data in bytes + /// @param[in] prevLayer A pointer to the previous layer + /// @param[in] packet A pointer to the Packet instance where layer will be stored in SSLHandshakeLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet); - /** - * @return The number of messages in this layer instance - */ + /// @return The number of messages in this layer instance size_t getHandshakeMessagesCount() const { return m_MessageList.size(); } - /** - * Get a pointer to an handshake message by index. The message are numbered according to their order of - * appearance in the layer. If index is out of bounds (less than 0 or larger than total amount of message) - * nullptr will be returned - * @param[in] index The index of the message to return - * @return The pointer to the message object or nullptr if index is out of bounds - */ + /// Get a pointer to an handshake message by index. The message are numbered according to their order of + /// appearance in the layer. If index is out of bounds (less than 0 or larger than total amount of message) + /// nullptr will be returned + /// @param[in] index The index of the message to return + /// @return The pointer to the message object or nullptr if index is out of bounds SSLHandshakeMessage* getHandshakeMessageAt(int index) const; - /** - * A templated method to get a message of a certain type. If no message of such type is found, nullptr is - * returned - * @return A pointer to the message of the requested type, nullptr if not found - */ + /// A templated method to get a message of a certain type. If no message of such type is found, nullptr is + /// returned + /// @return A pointer to the message of the requested type, nullptr if not found template THandshakeMessage* getHandshakeMessageOfType() const; - /** - * A templated method to get the first message of a certain type, starting to search from a certain message. - * For example: if the layer looks like: HelloRequest(1) -> HelloRequest(2) - * and the user put HelloRequest(1) as a parameter and wishes to search for an HelloRequest message, the - * HelloRequest(2) will be returned.
- * If no layer of such type is found, nullptr is returned - * @param[in] after A pointer to the message to start search from - * @return A pointer to the message of the requested type, nullptr if not found - */ + /// A templated method to get the first message of a certain type, starting to search from a certain message. + /// For example: if the layer looks like: HelloRequest(1) -> HelloRequest(2) + /// and the user put HelloRequest(1) as a parameter and wishes to search for an HelloRequest message, the + /// HelloRequest(2) will be returned.
+ /// If no layer of such type is found, nullptr is returned + /// @param[in] after A pointer to the message to start search from + /// @return A pointer to the message of the requested type, nullptr if not found template THandshakeMessage* getNextHandshakeMessageOfType(const SSLHandshakeMessage* after) const; @@ -367,9 +342,7 @@ namespace pcpp std::string toString() const override; - /** - * There are no calculated fields for this layer - */ + /// There are no calculated fields for this layer void computeCalculateFields() override {} @@ -377,21 +350,17 @@ namespace pcpp PointerVector m_MessageList; }; // class SSLHandshakeLayer - /** - * @class SSLChangeCipherSpecLayer - * Represents SSL/TLS change-cipher-spec layer. This layer has no additional fields besides common fields described - * in SSLLayer - */ + /// @class SSLChangeCipherSpecLayer + /// Represents SSL/TLS change-cipher-spec layer. This layer has no additional fields besides common fields described + /// in SSLLayer class SSLChangeCipherSpecLayer : public SSLLayer { public: - /** - * C'tor for this class that creates the layer from an existing packet raw data - * @param[in] data A pointer to the raw data - * @param[in] dataLen Size of the data in bytes - * @param[in] prevLayer A pointer to the previous layer - * @param[in] packet A pointer to the Packet instance where layer will be stored in - */ + /// C'tor for this class that creates the layer from an existing packet raw data + /// @param[in] data A pointer to the raw data + /// @param[in] dataLen Size of the data in bytes + /// @param[in] prevLayer A pointer to the previous layer + /// @param[in] packet A pointer to the Packet instance where layer will be stored in SSLChangeCipherSpecLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet) : SSLLayer(data, dataLen, prevLayer, packet) {} @@ -402,94 +371,72 @@ namespace pcpp std::string toString() const override; - /** - * There are no calculated fields for this layer - */ + /// There are no calculated fields for this layer void computeCalculateFields() override {} }; // class SSLChangeCipherSpecLayer - /** - * @class SSLAlertLayer - * Represents SSL/TLS alert layer. Inherits from SSLLayer and adds parsing functionality such as retrieving the - * alert level and description - */ + /// @class SSLAlertLayer + /// Represents SSL/TLS alert layer. Inherits from SSLLayer and adds parsing functionality such as retrieving the + /// alert level and description class SSLAlertLayer : public SSLLayer { public: - /** - * C'tor for this class that creates the layer from an existing packet raw data - * @param[in] data A pointer to the raw data - * @param[in] dataLen Size of the data in bytes - * @param[in] prevLayer A pointer to the previous layer - * @param[in] packet A pointer to the Packet instance where layer will be stored in - */ + /// C'tor for this class that creates the layer from an existing packet raw data + /// @param[in] data A pointer to the raw data + /// @param[in] dataLen Size of the data in bytes + /// @param[in] prevLayer A pointer to the previous layer + /// @param[in] packet A pointer to the Packet instance where layer will be stored in SSLAlertLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet) : SSLLayer(data, dataLen, prevLayer, packet) {} ~SSLAlertLayer() override = default; - /** - * @return SSL/TLS alert level. Will return ::SSL_ALERT_LEVEL_ENCRYPTED if alert is encrypted - */ + /// @return SSL/TLS alert level. Will return ::SSL_ALERT_LEVEL_ENCRYPTED if alert is encrypted SSLAlertLevel getAlertLevel() const; - /** - * @return SSL/TLS alert description. Will return ::SSL_ALERT_ENCRYPTED if alert is encrypted - */ + /// @return SSL/TLS alert description. Will return ::SSL_ALERT_ENCRYPTED if alert is encrypted SSLAlertDescription getAlertDescription(); // implement abstract methods std::string toString() const override; - /** - * There are no calculated fields for this layer - */ + /// There are no calculated fields for this layer void computeCalculateFields() override {} }; // class SSLAlertLayer - /** - * @class SSLApplicationDataLayer - * Represents SSL/TLS application data layer. This message contains the encrypted data transferred from client to - * server and vice-versa after the SSL/TLS handshake was completed successfully - */ + /// @class SSLApplicationDataLayer + /// Represents SSL/TLS application data layer. This message contains the encrypted data transferred from client to + /// server and vice-versa after the SSL/TLS handshake was completed successfully class SSLApplicationDataLayer : public SSLLayer { public: - /** - * C'tor for this class that creates the layer from an existing packet raw data - * @param[in] data A pointer to the raw data - * @param[in] dataLen Size of the data in bytes - * @param[in] prevLayer A pointer to the previous layer - * @param[in] packet A pointer to the Packet instance where layer will be stored in - */ + /// C'tor for this class that creates the layer from an existing packet raw data + /// @param[in] data A pointer to the raw data + /// @param[in] dataLen Size of the data in bytes + /// @param[in] prevLayer A pointer to the previous layer + /// @param[in] packet A pointer to the Packet instance where layer will be stored in SSLApplicationDataLayer(uint8_t* data, size_t dataLen, Layer* prevLayer, Packet* packet) : SSLLayer(data, dataLen, prevLayer, packet) {} ~SSLApplicationDataLayer() override = default; - /** - * @return A pointer to the encrypted data. This data can be decrypted only if you have the symmetric key - * that was agreed between the client and the server during SSL/TLS handshake process - */ + /// @return A pointer to the encrypted data. This data can be decrypted only if you have the symmetric key + /// that was agreed between the client and the server during SSL/TLS handshake process uint8_t* getEncryptedData() const; - /** - * @return The length in bytes of the encrypted data returned in getEncryptedData() - */ + /// @return The length in bytes of the encrypted data returned in getEncryptedData() size_t getEncryptedDataLen() const; // implement abstract methods std::string toString() const override; - /** - * There are no calculated fields for this layer - */ + /// There are no calculated fields for this layer void computeCalculateFields() override {} }; // class SSLApplicationDataLayer @@ -563,5 +510,4 @@ namespace pcpp return false; } } // isSSLPort - } // namespace pcpp