blob: 0c5aee02180ba3dfff36bbba85646e259921be39 [file] [log] [blame]
Takahiro Suzuki241c10e2020-12-17 20:17:57 +09001// Copyright 2018 The GoPacket Authors. All rights reserved.
2//
3// Use of this source code is governed by a BSD-style license
4// that can be found in the LICENSE file in the root of the source
5// tree.
6
7package layers
8
9import (
10 "errors"
11 "fmt"
12
13 "github.com/google/gopacket"
14)
15
16// TLSAlertLevel defines the alert level data type
17type TLSAlertLevel uint8
18
19// TLSAlertDescr defines the alert descrption data type
20type TLSAlertDescr uint8
21
22const (
23 TLSAlertWarning TLSAlertLevel = 1
24 TLSAlertFatal TLSAlertLevel = 2
25 TLSAlertUnknownLevel TLSAlertLevel = 255
26
27 TLSAlertCloseNotify TLSAlertDescr = 0
28 TLSAlertUnexpectedMessage TLSAlertDescr = 10
29 TLSAlertBadRecordMac TLSAlertDescr = 20
30 TLSAlertDecryptionFailedRESERVED TLSAlertDescr = 21
31 TLSAlertRecordOverflow TLSAlertDescr = 22
32 TLSAlertDecompressionFailure TLSAlertDescr = 30
33 TLSAlertHandshakeFailure TLSAlertDescr = 40
34 TLSAlertNoCertificateRESERVED TLSAlertDescr = 41
35 TLSAlertBadCertificate TLSAlertDescr = 42
36 TLSAlertUnsupportedCertificate TLSAlertDescr = 43
37 TLSAlertCertificateRevoked TLSAlertDescr = 44
38 TLSAlertCertificateExpired TLSAlertDescr = 45
39 TLSAlertCertificateUnknown TLSAlertDescr = 46
40 TLSAlertIllegalParameter TLSAlertDescr = 47
41 TLSAlertUnknownCa TLSAlertDescr = 48
42 TLSAlertAccessDenied TLSAlertDescr = 49
43 TLSAlertDecodeError TLSAlertDescr = 50
44 TLSAlertDecryptError TLSAlertDescr = 51
45 TLSAlertExportRestrictionRESERVED TLSAlertDescr = 60
46 TLSAlertProtocolVersion TLSAlertDescr = 70
47 TLSAlertInsufficientSecurity TLSAlertDescr = 71
48 TLSAlertInternalError TLSAlertDescr = 80
49 TLSAlertUserCanceled TLSAlertDescr = 90
50 TLSAlertNoRenegotiation TLSAlertDescr = 100
51 TLSAlertUnsupportedExtension TLSAlertDescr = 110
52 TLSAlertUnknownDescription TLSAlertDescr = 255
53)
54
55// TLS Alert
56// 0 1 2 3 4 5 6 7 8
57// +--+--+--+--+--+--+--+--+
58// | Level |
59// +--+--+--+--+--+--+--+--+
60// | Description |
61// +--+--+--+--+--+--+--+--+
62
63// TLSAlertRecord contains all the information that each Alert Record type should have
64type TLSAlertRecord struct {
65 TLSRecordHeader
66
67 Level TLSAlertLevel
68 Description TLSAlertDescr
69
70 EncryptedMsg []byte
71}
72
73// DecodeFromBytes decodes the slice into the TLS struct.
74func (t *TLSAlertRecord) decodeFromBytes(h TLSRecordHeader, data []byte, df gopacket.DecodeFeedback) error {
75 // TLS Record Header
76 t.ContentType = h.ContentType
77 t.Version = h.Version
78 t.Length = h.Length
79
80 if len(data) < 2 {
81 df.SetTruncated()
82 return errors.New("TLS Alert packet too short")
83 }
84
85 if t.Length == 2 {
86 t.Level = TLSAlertLevel(data[0])
87 t.Description = TLSAlertDescr(data[1])
88 } else {
89 t.Level = TLSAlertUnknownLevel
90 t.Description = TLSAlertUnknownDescription
91 t.EncryptedMsg = data
92 }
93
94 return nil
95}
96
97// Strings shows the TLS alert level nicely formatted
98func (al TLSAlertLevel) String() string {
99 switch al {
100 default:
101 return fmt.Sprintf("Unknown(%d)", al)
102 case TLSAlertWarning:
103 return "Warning"
104 case TLSAlertFatal:
105 return "Fatal"
106 }
107}
108
109// Strings shows the TLS alert description nicely formatted
110func (ad TLSAlertDescr) String() string {
111 switch ad {
112 default:
113 return "Unknown"
114 case TLSAlertCloseNotify:
115 return "close_notify"
116 case TLSAlertUnexpectedMessage:
117 return "unexpected_message"
118 case TLSAlertBadRecordMac:
119 return "bad_record_mac"
120 case TLSAlertDecryptionFailedRESERVED:
121 return "decryption_failed_RESERVED"
122 case TLSAlertRecordOverflow:
123 return "record_overflow"
124 case TLSAlertDecompressionFailure:
125 return "decompression_failure"
126 case TLSAlertHandshakeFailure:
127 return "handshake_failure"
128 case TLSAlertNoCertificateRESERVED:
129 return "no_certificate_RESERVED"
130 case TLSAlertBadCertificate:
131 return "bad_certificate"
132 case TLSAlertUnsupportedCertificate:
133 return "unsupported_certificate"
134 case TLSAlertCertificateRevoked:
135 return "certificate_revoked"
136 case TLSAlertCertificateExpired:
137 return "certificate_expired"
138 case TLSAlertCertificateUnknown:
139 return "certificate_unknown"
140 case TLSAlertIllegalParameter:
141 return "illegal_parameter"
142 case TLSAlertUnknownCa:
143 return "unknown_ca"
144 case TLSAlertAccessDenied:
145 return "access_denied"
146 case TLSAlertDecodeError:
147 return "decode_error"
148 case TLSAlertDecryptError:
149 return "decrypt_error"
150 case TLSAlertExportRestrictionRESERVED:
151 return "export_restriction_RESERVED"
152 case TLSAlertProtocolVersion:
153 return "protocol_version"
154 case TLSAlertInsufficientSecurity:
155 return "insufficient_security"
156 case TLSAlertInternalError:
157 return "internal_error"
158 case TLSAlertUserCanceled:
159 return "user_canceled"
160 case TLSAlertNoRenegotiation:
161 return "no_renegotiation"
162 case TLSAlertUnsupportedExtension:
163 return "unsupported_extension"
164 }
165}