166 lines
4.9 KiB
Go
166 lines
4.9 KiB
Go
// Copyright 2018 The GoPacket Authors. All rights reserved.
|
|
//
|
|
// Use of this source code is governed by a BSD-style license
|
|
// that can be found in the LICENSE file in the root of the source
|
|
// tree.
|
|
|
|
package etls
|
|
|
|
import (
|
|
"errors"
|
|
"fmt"
|
|
|
|
"github.com/google/gopacket"
|
|
)
|
|
|
|
// ETLSAlertLevel defines the alert level data type
|
|
type ETLSAlertLevel uint8
|
|
|
|
// ETLSAlertDescr defines the alert descrption data type
|
|
type ETLSAlertDescr uint8
|
|
|
|
const (
|
|
ETLSAlertWarning ETLSAlertLevel = 1
|
|
ETLSAlertFatal ETLSAlertLevel = 2
|
|
ETLSAlertUnknownLevel ETLSAlertLevel = 255
|
|
|
|
ETLSAlertCloseNotify ETLSAlertDescr = 0
|
|
ETLSAlertUnexpectedMessage ETLSAlertDescr = 10
|
|
ETLSAlertBadRecordMac ETLSAlertDescr = 20
|
|
ETLSAlertDecryptionFailedRESERVED ETLSAlertDescr = 21
|
|
ETLSAlertRecordOverflow ETLSAlertDescr = 22
|
|
ETLSAlertDecompressionFailure ETLSAlertDescr = 30
|
|
ETLSAlertHandshakeFailure ETLSAlertDescr = 40
|
|
ETLSAlertNoCertificateRESERVED ETLSAlertDescr = 41
|
|
ETLSAlertBadCertificate ETLSAlertDescr = 42
|
|
ETLSAlertUnsupportedCertificate ETLSAlertDescr = 43
|
|
ETLSAlertCertificateRevoked ETLSAlertDescr = 44
|
|
ETLSAlertCertificateExpired ETLSAlertDescr = 45
|
|
ETLSAlertCertificateUnknown ETLSAlertDescr = 46
|
|
ETLSAlertIllegalParameter ETLSAlertDescr = 47
|
|
ETLSAlertUnknownCa ETLSAlertDescr = 48
|
|
ETLSAlertAccessDenied ETLSAlertDescr = 49
|
|
ETLSAlertDecodeError ETLSAlertDescr = 50
|
|
ETLSAlertDecryptError ETLSAlertDescr = 51
|
|
ETLSAlertExportRestrictionRESERVED ETLSAlertDescr = 60
|
|
ETLSAlertProtocolVersion ETLSAlertDescr = 70
|
|
ETLSAlertInsufficientSecurity ETLSAlertDescr = 71
|
|
ETLSAlertInternalError ETLSAlertDescr = 80
|
|
ETLSAlertUserCanceled ETLSAlertDescr = 90
|
|
ETLSAlertNoRenegotiation ETLSAlertDescr = 100
|
|
ETLSAlertUnsupportedExtension ETLSAlertDescr = 110
|
|
ETLSAlertUnknownDescription ETLSAlertDescr = 255
|
|
)
|
|
|
|
// ETLS Alert
|
|
// 0 1 2 3 4 5 6 7 8
|
|
// +--+--+--+--+--+--+--+--+
|
|
// | Level |
|
|
// +--+--+--+--+--+--+--+--+
|
|
// | Description |
|
|
// +--+--+--+--+--+--+--+--+
|
|
|
|
// ETLSAlertRecord contains all the information that each Alert Record type should have
|
|
type ETLSAlertRecord struct {
|
|
ETLSRecordHeader
|
|
|
|
Level ETLSAlertLevel
|
|
Description ETLSAlertDescr
|
|
|
|
EncryptedMsg []byte
|
|
}
|
|
|
|
// DecodeFromBytes decodes the slice into the ETLS struct.
|
|
func (t *ETLSAlertRecord) decodeFromBytes(h ETLSRecordHeader, data []byte, df gopacket.DecodeFeedback) error {
|
|
// ETLS Record Header
|
|
t.ContentType = h.ContentType
|
|
t.Version = h.Version
|
|
t.Length = h.Length
|
|
|
|
if len(data) < 2 {
|
|
df.SetTruncated()
|
|
return errors.New("ETLS Alert packet too short")
|
|
}
|
|
|
|
if t.Length == 2 {
|
|
t.Level = ETLSAlertLevel(data[0])
|
|
t.Description = ETLSAlertDescr(data[1])
|
|
} else {
|
|
t.Level = ETLSAlertUnknownLevel
|
|
t.Description = ETLSAlertUnknownDescription
|
|
t.EncryptedMsg = data
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
// Strings shows the ETLS alert level nicely formatted
|
|
func (al ETLSAlertLevel) String() string {
|
|
switch al {
|
|
default:
|
|
return fmt.Sprintf("Unknown(%d)", al)
|
|
case ETLSAlertWarning:
|
|
return "Warning"
|
|
case ETLSAlertFatal:
|
|
return "Fatal"
|
|
}
|
|
}
|
|
|
|
// Strings shows the ETLS alert description nicely formatted
|
|
func (ad ETLSAlertDescr) String() string {
|
|
switch ad {
|
|
default:
|
|
return "Unknown"
|
|
case ETLSAlertCloseNotify:
|
|
return "close_notify"
|
|
case ETLSAlertUnexpectedMessage:
|
|
return "unexpected_message"
|
|
case ETLSAlertBadRecordMac:
|
|
return "bad_record_mac"
|
|
case ETLSAlertDecryptionFailedRESERVED:
|
|
return "decryption_failed_RESERVED"
|
|
case ETLSAlertRecordOverflow:
|
|
return "record_overflow"
|
|
case ETLSAlertDecompressionFailure:
|
|
return "decompression_failure"
|
|
case ETLSAlertHandshakeFailure:
|
|
return "handshake_failure"
|
|
case ETLSAlertNoCertificateRESERVED:
|
|
return "no_certificate_RESERVED"
|
|
case ETLSAlertBadCertificate:
|
|
return "bad_certificate"
|
|
case ETLSAlertUnsupportedCertificate:
|
|
return "unsupported_certificate"
|
|
case ETLSAlertCertificateRevoked:
|
|
return "certificate_revoked"
|
|
case ETLSAlertCertificateExpired:
|
|
return "certificate_expired"
|
|
case ETLSAlertCertificateUnknown:
|
|
return "certificate_unknown"
|
|
case ETLSAlertIllegalParameter:
|
|
return "illegal_parameter"
|
|
case ETLSAlertUnknownCa:
|
|
return "unknown_ca"
|
|
case ETLSAlertAccessDenied:
|
|
return "access_denied"
|
|
case ETLSAlertDecodeError:
|
|
return "decode_error"
|
|
case ETLSAlertDecryptError:
|
|
return "decrypt_error"
|
|
case ETLSAlertExportRestrictionRESERVED:
|
|
return "export_restriction_RESERVED"
|
|
case ETLSAlertProtocolVersion:
|
|
return "protocol_version"
|
|
case ETLSAlertInsufficientSecurity:
|
|
return "insufficient_security"
|
|
case ETLSAlertInternalError:
|
|
return "internal_error"
|
|
case ETLSAlertUserCanceled:
|
|
return "user_canceled"
|
|
case ETLSAlertNoRenegotiation:
|
|
return "no_renegotiation"
|
|
case ETLSAlertUnsupportedExtension:
|
|
return "unsupported_extension"
|
|
}
|
|
}
|