Incremental TLS/SSL Handshake parser. More...

#include <Handshake.h>

Collaboration diagram for Security::HandshakeParser:

[legend]

Public Types
enum	ParserState { atHelloNone = 0 , atHelloStarted , atHelloReceived , atHelloDoneReceived , atNstReceived , atCcsReceived , atFinishReceived }
	The parsing states. More...

enum	MessageSource { fromClient = 0 , fromServer }
	the originator of the TLS handshake being parsed More...

Public Member Functions
	HandshakeParser (MessageSource)

bool	parseHello (const SBuf &data)

Public Attributes
TlsDetails::Pointer	details
	TLS handshake meta info. Never nil. More...

ParserState	state
	current parsing state. More...

bool	resumingSession
	True if this is a resuming session. More...

MessageSource	messageSource
	whether we are parsing Server or Client TLS handshake messages More...

Private Member Functions
bool	isSslv2Record (const SBuf &raw) const

void	parseRecord ()

void	parseModernRecord ()
	parses a single TLS Record Layer frame More...

void	parseVersion2Record ()

void	parseMessages ()
	parses one or more "higher-level protocol" frames of currentContentType More...

void	parseChangeCipherCpecMessage ()

void	parseAlertMessage ()

void	parseHandshakeMessage ()

void	parseApplicationDataMessage ()

void	skipMessage (const char *msgType)

bool	parseRecordVersion2Try ()

void	parseVersion2HandshakeMessage (const SBuf &raw)

void	parseClientHelloHandshakeMessage (const SBuf &raw)

void	parseServerHelloHandshakeMessage (const SBuf &raw)
	RFC 5246 Section 7.4.1.3. Server Hello. More...

bool	parseCompressionMethods (const SBuf &raw)

void	parseExtensions (const SBuf &raw)

SBuf	parseSniExtension (const SBuf &extensionData) const

void	parseSupportedVersionsExtension (const SBuf &extensionData) const
	RFC 8446 Section 4.2.1: SupportedVersions extension. More...

void	parseCiphers (const SBuf &raw)

void	parseV23Ciphers (const SBuf &raw)

void	parseServerCertificates (const SBuf &raw)

Private Attributes
unsigned int	currentContentType
	The current TLS/SSL record content type. More...

const char *	done
	not nil if we got what we were looking for More...

SBuf	fragments
	concatenated TLSPlaintext.fragments of TLSPlaintext.type More...

Parser::BinaryTokenizer	tkRecords
	TLS record layer (parsing uninterpreted data) More...

Parser::BinaryTokenizer	tkMessages
	TLS message layer (parsing fragments) More...

YesNoNone	expectingModernRecords
	Whether to use TLS parser or a V2 compatible parser. More...

Detailed Description

Definition at line 60 of file Handshake.h.

Member Enumeration Documentation

◆ MessageSource

enum Security::HandshakeParser::MessageSource

Enumerator
fromClient
fromServer

Definition at line 67 of file Handshake.h.

◆ ParserState

enum Security::HandshakeParser::ParserState

Enumerator
atHelloNone
atHelloStarted
atHelloReceived
atHelloDoneReceived
atNstReceived
atCcsReceived
atFinishReceived

Definition at line 64 of file Handshake.h.

Constructor & Destructor Documentation

◆ HandshakeParser()

Security::HandshakeParser::HandshakeParser ( MessageSource source )

explicit

Definition at line 219 of file Handshake.cc.

Member Function Documentation

◆ isSslv2Record()

bool Security::HandshakeParser::isSslv2Record ( const SBuf & raw ) const

private

RFC 5246. Appendix E.2. Compatibility with SSL 2.0 And draft-hickman-netscape-ssl-00. Section 4.1. SSL Record Header Format

Definition at line 244 of file Handshake.cc.

References head, Parser::BinaryTokenizer::uint16(), and Parser::BinaryTokenizer::uint8().

◆ parseAlertMessage()

void Security::HandshakeParser::parseAlertMessage ( )

private

Definition at line 334 of file Handshake.cc.

References Security::ctAlert, debugs, Security::Alert::description, Security::Alert::fatal(), Security::Alert::level, and Must.

◆ parseApplicationDataMessage()

void Security::HandshakeParser::parseApplicationDataMessage ( )

private

Definition at line 382 of file Handshake.cc.

References Security::ctApplicationData, and Must.

◆ parseChangeCipherCpecMessage()

void Security::HandshakeParser::parseChangeCipherCpecMessage ( )

private

Definition at line 314 of file Handshake.cc.

References Security::ctChangeCipherSpec, Must, and Security::Tls1p3orLater().

◆ parseCiphers()

void Security::HandshakeParser::parseCiphers ( const SBuf & raw )

private

Definition at line 479 of file Handshake.cc.

References Parser::BinaryTokenizer::atEnd(), SBuf::length(), and Parser::BinaryTokenizer::uint16().

◆ parseClientHelloHandshakeMessage()

void Security::HandshakeParser::parseClientHelloHandshakeMessage ( const SBuf & raw )

private

Definition at line 405 of file Handshake.cc.

References Parser::BinaryTokenizer::area(), Parser::BinaryTokenizer::atEnd(), Security::HelloRandomSize, Security::ParseProtocolVersion(), Parser::BinaryTokenizer::pstring16(), Parser::BinaryTokenizer::pstring8(), and Parser::BinaryTokenizerContext::success().

Referenced by parseHandshakeMessage().

◆ parseCompressionMethods()

bool Security::HandshakeParser::parseCompressionMethods ( const SBuf & raw )

private

Definition at line 420 of file Handshake.cc.

References Parser::BinaryTokenizer::atEnd(), SBuf::length(), and Parser::BinaryTokenizer::uint8().

◆ parseExtensions()

void Security::HandshakeParser::parseExtensions ( const SBuf & raw )

private

Definition at line 435 of file Handshake.cc.

References Parser::BinaryTokenizer::atEnd(), Security::Extension::data, debugs, SBuf::isEmpty(), Parser::BinaryTokenizer::pstring16(), Security::Extension::supported(), and Security::Extension::type.

◆ parseHandshakeMessage()

void Security::HandshakeParser::parseHandshakeMessage ( )

private

Definition at line 347 of file Handshake.cc.

References Security::ctHandshake, debugs, Security::hskClientHello, Security::hskServerHello, Security::hskServerHelloDone, SBuf::length(), Security::Handshake::msg_body, Security::Handshake::msg_type, Must, parseClientHelloHandshakeMessage(), and Security::Tls1p3orLater().

◆ parseHello()

bool Security::HandshakeParser::parseHello ( const SBuf & data )

Parses the initial sequence of raw bytes sent by the TLS/SSL agent. Returns true upon successful completion (e.g., got HelloDone). Returns false if more data is needed. Throws on errors.

Definition at line 641 of file Handshake.cc.

References debugs.

Referenced by ConnStateData::parseTlsHandshake().

◆ parseMessages()

void Security::HandshakeParser::parseMessages ( )

private

Definition at line 291 of file Handshake.cc.

References Security::ctAlert, Security::ctApplicationData, Security::ctChangeCipherSpec, and Security::ctHandshake.

◆ parseModernRecord()

void Security::HandshakeParser::parseModernRecord ( )

private

Definition at line 264 of file Handshake.cc.

References Security::ctApplicationData, Security::TLSPlaintext::fragment, SBuf::length(), Must, Security::TLSPlaintext::type, and Security::TLSPlaintext::version.

◆ parseRecord()

void Security::HandshakeParser::parseRecord ( )

private

Definition at line 254 of file Handshake.cc.

◆ parseRecordVersion2Try()

bool Security::HandshakeParser::parseRecordVersion2Try ( )

private

◆ parseServerCertificates()

void Security::HandshakeParser::parseServerCertificates ( const SBuf & raw )

private

◆ parseServerHelloHandshakeMessage()

void Security::HandshakeParser::parseServerHelloHandshakeMessage ( const SBuf & raw )

private

Definition at line 509 of file Handshake.cc.

References Parser::BinaryTokenizer::atEnd(), Security::HelloRandomSize, Security::ParseProtocolVersion(), Parser::BinaryTokenizer::pstring16(), Parser::BinaryTokenizer::pstring8(), Parser::BinaryTokenizer::skip(), Parser::BinaryTokenizerContext::success(), Parser::BinaryTokenizer::uint16(), and Parser::BinaryTokenizer::uint8().

◆ parseSniExtension()

SBuf Security::HandshakeParser::parseSniExtension ( const SBuf & extensionData ) const

private

Definition at line 526 of file Handshake.cc.

References Parser::BinaryTokenizer::atEnd(), debugs, SBuf::isEmpty(), Parser::BinaryTokenizer::pstring16(), Parser::BinaryTokenizerContext::success(), and Parser::BinaryTokenizer::uint8().

◆ parseSupportedVersionsExtension()

void Security::HandshakeParser::parseSupportedVersionsExtension ( const SBuf & extensionData ) const

private

Definition at line 554 of file Handshake.cc.

References assert, Parser::BinaryTokenizer::atEnd(), debugs, Security::ParseOptionalProtocolVersion(), AnyP::PROTO_TLS, Parser::BinaryTokenizer::pstring8(), Security::Tls1p2orEarlier(), Security::TlsVersionEarlierThan(), and version.

◆ parseV23Ciphers()

void Security::HandshakeParser::parseV23Ciphers ( const SBuf & raw )

private

Definition at line 490 of file Handshake.cc.

References Parser::BinaryTokenizer::atEnd(), Parser::BinaryTokenizer::uint16(), and Parser::BinaryTokenizer::uint8().

◆ parseVersion2HandshakeMessage()

void Security::HandshakeParser::parseVersion2HandshakeMessage ( const SBuf & raw )

private

Definition at line 389 of file Handshake.cc.

References Parser::BinaryTokenizer::area(), Security::hskClientHello, Must, Security::ParseProtocolVersion(), Parser::BinaryTokenizer::skip(), Parser::BinaryTokenizerContext::success(), Parser::BinaryTokenizer::uint16(), and Parser::BinaryTokenizer::uint8().

◆ parseVersion2Record()

void Security::HandshakeParser::parseVersion2Record ( )

private

Definition at line 231 of file Handshake.cc.

References Security::Sslv2Record::fragment, AnyP::PROTO_SSL, and Ftp::ProtocolVersion().

◆ skipMessage()

void Security::HandshakeParser::skipMessage ( const char * msgType )

private

Definition at line 632 of file Handshake.cc.

Member Data Documentation

◆ currentContentType

unsigned int Security::HandshakeParser::currentContentType

private

Definition at line 114 of file Handshake.h.

◆ details

TlsDetails::Pointer Security::HandshakeParser::details

Definition at line 77 of file Handshake.h.

Referenced by ConnStateData::parseTlsHandshake(), and Ssl::ServerBio::receivedHelloDetails().

◆ done

const char* Security::HandshakeParser::done

private

Definition at line 116 of file Handshake.h.

◆ expectingModernRecords

YesNoNone Security::HandshakeParser::expectingModernRecords

private

Definition at line 128 of file Handshake.h.

◆ fragments

SBuf Security::HandshakeParser::fragments

private

Definition at line 119 of file Handshake.h.

◆ messageSource

MessageSource Security::HandshakeParser::messageSource

Definition at line 84 of file Handshake.h.

◆ resumingSession

bool Security::HandshakeParser::resumingSession

Definition at line 81 of file Handshake.h.

◆ state

ParserState Security::HandshakeParser::state

Definition at line 79 of file Handshake.h.

◆ tkMessages

Parser::BinaryTokenizer Security::HandshakeParser::tkMessages

private

Definition at line 125 of file Handshake.h.

◆ tkRecords

Parser::BinaryTokenizer Security::HandshakeParser::tkRecords

private

Definition at line 122 of file Handshake.h.

The documentation for this class was generated from the following files:

src/security/Handshake.h
src/security/Handshake.cc

squid-cache.org

Optimising Web Delivery

Public Types

Public Member Functions

Public Attributes

Private Member Functions

Private Attributes

Detailed Description

Member Enumeration Documentation

◆ MessageSource

◆ ParserState

Constructor & Destructor Documentation

◆ HandshakeParser()

Member Function Documentation

◆ isSslv2Record()

◆ parseAlertMessage()

◆ parseApplicationDataMessage()

◆ parseChangeCipherCpecMessage()

◆ parseCiphers()

◆ parseClientHelloHandshakeMessage()

◆ parseCompressionMethods()

◆ parseExtensions()

◆ parseHandshakeMessage()

◆ parseHello()

◆ parseMessages()

◆ parseModernRecord()

◆ parseRecord()

◆ parseRecordVersion2Try()

◆ parseServerCertificates()

◆ parseServerHelloHandshakeMessage()

◆ parseSniExtension()

◆ parseSupportedVersionsExtension()

◆ parseV23Ciphers()

◆ parseVersion2HandshakeMessage()

◆ parseVersion2Record()

◆ skipMessage()

Member Data Documentation

◆ currentContentType

◆ details

◆ done

◆ expectingModernRecords

◆ fragments

◆ messageSource

◆ resumingSession

◆ state

◆ tkMessages

◆ tkRecords

Introduction

Documentation

Support

Miscellaneous

Web Site Translations

Mirrors