Takahiro Suzuki | 241c10e | 2020-12-17 20:17:57 +0900 | [diff] [blame^] | 1 | // Copyright 2018 The GoPacket Authors. All rights reserved. |
| 2 | // |
| 3 | // Use of this source code is governed by a BSD-style license |
| 4 | // that can be found in the LICENSE file in the root of the source |
| 5 | // tree. |
| 6 | |
| 7 | package layers |
| 8 | |
| 9 | import ( |
| 10 | "errors" |
| 11 | "fmt" |
| 12 | |
| 13 | "github.com/google/gopacket" |
| 14 | ) |
| 15 | |
| 16 | // TLSAlertLevel defines the alert level data type |
| 17 | type TLSAlertLevel uint8 |
| 18 | |
| 19 | // TLSAlertDescr defines the alert descrption data type |
| 20 | type TLSAlertDescr uint8 |
| 21 | |
| 22 | const ( |
| 23 | TLSAlertWarning TLSAlertLevel = 1 |
| 24 | TLSAlertFatal TLSAlertLevel = 2 |
| 25 | TLSAlertUnknownLevel TLSAlertLevel = 255 |
| 26 | |
| 27 | TLSAlertCloseNotify TLSAlertDescr = 0 |
| 28 | TLSAlertUnexpectedMessage TLSAlertDescr = 10 |
| 29 | TLSAlertBadRecordMac TLSAlertDescr = 20 |
| 30 | TLSAlertDecryptionFailedRESERVED TLSAlertDescr = 21 |
| 31 | TLSAlertRecordOverflow TLSAlertDescr = 22 |
| 32 | TLSAlertDecompressionFailure TLSAlertDescr = 30 |
| 33 | TLSAlertHandshakeFailure TLSAlertDescr = 40 |
| 34 | TLSAlertNoCertificateRESERVED TLSAlertDescr = 41 |
| 35 | TLSAlertBadCertificate TLSAlertDescr = 42 |
| 36 | TLSAlertUnsupportedCertificate TLSAlertDescr = 43 |
| 37 | TLSAlertCertificateRevoked TLSAlertDescr = 44 |
| 38 | TLSAlertCertificateExpired TLSAlertDescr = 45 |
| 39 | TLSAlertCertificateUnknown TLSAlertDescr = 46 |
| 40 | TLSAlertIllegalParameter TLSAlertDescr = 47 |
| 41 | TLSAlertUnknownCa TLSAlertDescr = 48 |
| 42 | TLSAlertAccessDenied TLSAlertDescr = 49 |
| 43 | TLSAlertDecodeError TLSAlertDescr = 50 |
| 44 | TLSAlertDecryptError TLSAlertDescr = 51 |
| 45 | TLSAlertExportRestrictionRESERVED TLSAlertDescr = 60 |
| 46 | TLSAlertProtocolVersion TLSAlertDescr = 70 |
| 47 | TLSAlertInsufficientSecurity TLSAlertDescr = 71 |
| 48 | TLSAlertInternalError TLSAlertDescr = 80 |
| 49 | TLSAlertUserCanceled TLSAlertDescr = 90 |
| 50 | TLSAlertNoRenegotiation TLSAlertDescr = 100 |
| 51 | TLSAlertUnsupportedExtension TLSAlertDescr = 110 |
| 52 | TLSAlertUnknownDescription TLSAlertDescr = 255 |
| 53 | ) |
| 54 | |
| 55 | // TLS Alert |
| 56 | // 0 1 2 3 4 5 6 7 8 |
| 57 | // +--+--+--+--+--+--+--+--+ |
| 58 | // | Level | |
| 59 | // +--+--+--+--+--+--+--+--+ |
| 60 | // | Description | |
| 61 | // +--+--+--+--+--+--+--+--+ |
| 62 | |
| 63 | // TLSAlertRecord contains all the information that each Alert Record type should have |
| 64 | type TLSAlertRecord struct { |
| 65 | TLSRecordHeader |
| 66 | |
| 67 | Level TLSAlertLevel |
| 68 | Description TLSAlertDescr |
| 69 | |
| 70 | EncryptedMsg []byte |
| 71 | } |
| 72 | |
| 73 | // DecodeFromBytes decodes the slice into the TLS struct. |
| 74 | func (t *TLSAlertRecord) decodeFromBytes(h TLSRecordHeader, data []byte, df gopacket.DecodeFeedback) error { |
| 75 | // TLS Record Header |
| 76 | t.ContentType = h.ContentType |
| 77 | t.Version = h.Version |
| 78 | t.Length = h.Length |
| 79 | |
| 80 | if len(data) < 2 { |
| 81 | df.SetTruncated() |
| 82 | return errors.New("TLS Alert packet too short") |
| 83 | } |
| 84 | |
| 85 | if t.Length == 2 { |
| 86 | t.Level = TLSAlertLevel(data[0]) |
| 87 | t.Description = TLSAlertDescr(data[1]) |
| 88 | } else { |
| 89 | t.Level = TLSAlertUnknownLevel |
| 90 | t.Description = TLSAlertUnknownDescription |
| 91 | t.EncryptedMsg = data |
| 92 | } |
| 93 | |
| 94 | return nil |
| 95 | } |
| 96 | |
| 97 | // Strings shows the TLS alert level nicely formatted |
| 98 | func (al TLSAlertLevel) String() string { |
| 99 | switch al { |
| 100 | default: |
| 101 | return fmt.Sprintf("Unknown(%d)", al) |
| 102 | case TLSAlertWarning: |
| 103 | return "Warning" |
| 104 | case TLSAlertFatal: |
| 105 | return "Fatal" |
| 106 | } |
| 107 | } |
| 108 | |
| 109 | // Strings shows the TLS alert description nicely formatted |
| 110 | func (ad TLSAlertDescr) String() string { |
| 111 | switch ad { |
| 112 | default: |
| 113 | return "Unknown" |
| 114 | case TLSAlertCloseNotify: |
| 115 | return "close_notify" |
| 116 | case TLSAlertUnexpectedMessage: |
| 117 | return "unexpected_message" |
| 118 | case TLSAlertBadRecordMac: |
| 119 | return "bad_record_mac" |
| 120 | case TLSAlertDecryptionFailedRESERVED: |
| 121 | return "decryption_failed_RESERVED" |
| 122 | case TLSAlertRecordOverflow: |
| 123 | return "record_overflow" |
| 124 | case TLSAlertDecompressionFailure: |
| 125 | return "decompression_failure" |
| 126 | case TLSAlertHandshakeFailure: |
| 127 | return "handshake_failure" |
| 128 | case TLSAlertNoCertificateRESERVED: |
| 129 | return "no_certificate_RESERVED" |
| 130 | case TLSAlertBadCertificate: |
| 131 | return "bad_certificate" |
| 132 | case TLSAlertUnsupportedCertificate: |
| 133 | return "unsupported_certificate" |
| 134 | case TLSAlertCertificateRevoked: |
| 135 | return "certificate_revoked" |
| 136 | case TLSAlertCertificateExpired: |
| 137 | return "certificate_expired" |
| 138 | case TLSAlertCertificateUnknown: |
| 139 | return "certificate_unknown" |
| 140 | case TLSAlertIllegalParameter: |
| 141 | return "illegal_parameter" |
| 142 | case TLSAlertUnknownCa: |
| 143 | return "unknown_ca" |
| 144 | case TLSAlertAccessDenied: |
| 145 | return "access_denied" |
| 146 | case TLSAlertDecodeError: |
| 147 | return "decode_error" |
| 148 | case TLSAlertDecryptError: |
| 149 | return "decrypt_error" |
| 150 | case TLSAlertExportRestrictionRESERVED: |
| 151 | return "export_restriction_RESERVED" |
| 152 | case TLSAlertProtocolVersion: |
| 153 | return "protocol_version" |
| 154 | case TLSAlertInsufficientSecurity: |
| 155 | return "insufficient_security" |
| 156 | case TLSAlertInternalError: |
| 157 | return "internal_error" |
| 158 | case TLSAlertUserCanceled: |
| 159 | return "user_canceled" |
| 160 | case TLSAlertNoRenegotiation: |
| 161 | return "no_renegotiation" |
| 162 | case TLSAlertUnsupportedExtension: |
| 163 | return "unsupported_extension" |
| 164 | } |
| 165 | } |