tls.go 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208
  1. // Copyright 2018 The GoPacket Authors. All rights reserved.
  2. //
  3. // Use of this source code is governed by a BSD-style license
  4. // that can be found in the LICENSE file in the root of the source
  5. // tree.
  6. package layers
  7. import (
  8. "encoding/binary"
  9. "errors"
  10. "github.com/google/gopacket"
  11. )
  12. // TLSType defines the type of data after the TLS Record
  13. type TLSType uint8
  14. // TLSType known values.
  15. const (
  16. TLSChangeCipherSpec TLSType = 20
  17. TLSAlert TLSType = 21
  18. TLSHandshake TLSType = 22
  19. TLSApplicationData TLSType = 23
  20. TLSUnknown TLSType = 255
  21. )
  22. // String shows the register type nicely formatted
  23. func (tt TLSType) String() string {
  24. switch tt {
  25. default:
  26. return "Unknown"
  27. case TLSChangeCipherSpec:
  28. return "Change Cipher Spec"
  29. case TLSAlert:
  30. return "Alert"
  31. case TLSHandshake:
  32. return "Handshake"
  33. case TLSApplicationData:
  34. return "Application Data"
  35. }
  36. }
  37. // TLSVersion represents the TLS version in numeric format
  38. type TLSVersion uint16
  39. // Strings shows the TLS version nicely formatted
  40. func (tv TLSVersion) String() string {
  41. switch tv {
  42. default:
  43. return "Unknown"
  44. case 0x0200:
  45. return "SSL 2.0"
  46. case 0x0300:
  47. return "SSL 3.0"
  48. case 0x0301:
  49. return "TLS 1.0"
  50. case 0x0302:
  51. return "TLS 1.1"
  52. case 0x0303:
  53. return "TLS 1.2"
  54. case 0x0304:
  55. return "TLS 1.3"
  56. }
  57. }
  58. // TLS is specified in RFC 5246
  59. //
  60. // TLS Record Protocol
  61. // 0 1 2 3 4 5 6 7 8
  62. // +--+--+--+--+--+--+--+--+
  63. // | Content Type |
  64. // +--+--+--+--+--+--+--+--+
  65. // | Version (major) |
  66. // +--+--+--+--+--+--+--+--+
  67. // | Version (minor) |
  68. // +--+--+--+--+--+--+--+--+
  69. // | Length |
  70. // +--+--+--+--+--+--+--+--+
  71. // | Length |
  72. // +--+--+--+--+--+--+--+--+
  73. // TLS is actually a slide of TLSrecord structures
  74. type TLS struct {
  75. BaseLayer
  76. // TLS Records
  77. ChangeCipherSpec []TLSChangeCipherSpecRecord
  78. Handshake []TLSHandshakeRecord
  79. AppData []TLSAppDataRecord
  80. Alert []TLSAlertRecord
  81. }
  82. // TLSRecordHeader contains all the information that each TLS Record types should have
  83. type TLSRecordHeader struct {
  84. ContentType TLSType
  85. Version TLSVersion
  86. Length uint16
  87. }
  88. // LayerType returns gopacket.LayerTypeTLS.
  89. func (t *TLS) LayerType() gopacket.LayerType { return LayerTypeTLS }
  90. // decodeTLS decodes the byte slice into a TLS type. It also
  91. // setups the application Layer in PacketBuilder.
  92. func decodeTLS(data []byte, p gopacket.PacketBuilder) error {
  93. t := &TLS{}
  94. err := t.DecodeFromBytes(data, p)
  95. if err != nil {
  96. return err
  97. }
  98. p.AddLayer(t)
  99. p.SetApplicationLayer(t)
  100. return nil
  101. }
  102. // DecodeFromBytes decodes the slice into the TLS struct.
  103. func (t *TLS) DecodeFromBytes(data []byte, df gopacket.DecodeFeedback) error {
  104. t.BaseLayer.Contents = data
  105. t.BaseLayer.Payload = nil
  106. t.ChangeCipherSpec = t.ChangeCipherSpec[:0]
  107. t.Handshake = t.Handshake[:0]
  108. t.AppData = t.AppData[:0]
  109. t.Alert = t.Alert[:0]
  110. return t.decodeTLSRecords(data, df)
  111. }
  112. func (t *TLS) decodeTLSRecords(data []byte, df gopacket.DecodeFeedback) error {
  113. if len(data) < 5 {
  114. df.SetTruncated()
  115. return errors.New("TLS record too short")
  116. }
  117. // since there are no further layers, the baselayer's content is
  118. // pointing to this layer
  119. t.BaseLayer = BaseLayer{Contents: data[:len(data)]}
  120. var h TLSRecordHeader
  121. h.ContentType = TLSType(data[0])
  122. h.Version = TLSVersion(binary.BigEndian.Uint16(data[1:3]))
  123. h.Length = binary.BigEndian.Uint16(data[3:5])
  124. if h.ContentType.String() == "Unknown" {
  125. return errors.New("Unknown TLS record type")
  126. }
  127. hl := 5 // header length
  128. tl := hl + int(h.Length)
  129. if len(data) < tl {
  130. df.SetTruncated()
  131. return errors.New("TLS packet length mismatch")
  132. }
  133. switch h.ContentType {
  134. default:
  135. return errors.New("Unknown TLS record type")
  136. case TLSChangeCipherSpec:
  137. var r TLSChangeCipherSpecRecord
  138. e := r.decodeFromBytes(h, data[hl:tl], df)
  139. if e != nil {
  140. return e
  141. }
  142. t.ChangeCipherSpec = append(t.ChangeCipherSpec, r)
  143. case TLSAlert:
  144. var r TLSAlertRecord
  145. e := r.decodeFromBytes(h, data[hl:tl], df)
  146. if e != nil {
  147. return e
  148. }
  149. t.Alert = append(t.Alert, r)
  150. case TLSHandshake:
  151. var r TLSHandshakeRecord
  152. e := r.decodeFromBytes(h, data[hl:tl], df)
  153. if e != nil {
  154. return e
  155. }
  156. t.Handshake = append(t.Handshake, r)
  157. case TLSApplicationData:
  158. var r TLSAppDataRecord
  159. e := r.decodeFromBytes(h, data[hl:tl], df)
  160. if e != nil {
  161. return e
  162. }
  163. t.AppData = append(t.AppData, r)
  164. }
  165. if len(data) == tl {
  166. return nil
  167. }
  168. return t.decodeTLSRecords(data[tl:len(data)], df)
  169. }
  170. // CanDecode implements gopacket.DecodingLayer.
  171. func (t *TLS) CanDecode() gopacket.LayerClass {
  172. return LayerTypeTLS
  173. }
  174. // NextLayerType implements gopacket.DecodingLayer.
  175. func (t *TLS) NextLayerType() gopacket.LayerType {
  176. return gopacket.LayerTypeZero
  177. }
  178. // Payload returns nil, since TLS encrypted payload is inside TLSAppDataRecord
  179. func (t *TLS) Payload() []byte {
  180. return nil
  181. }