diff --git a/auth.go b/auth.go index 3e12d97..859387e 100644 --- a/auth.go +++ b/auth.go @@ -7,6 +7,7 @@ package tls import ( "crypto" "crypto/ecdsa" + "crypto/elliptic" "crypto/rsa" "encoding/asn1" "errors" @@ -131,3 +132,35 @@ func writeSignedMessage(sigHash io.Writer, context string, transcript hash.Hash) io.WriteString(sigHash, context) sigHash.Write(transcript.Sum(nil)) } + +// signatureSchemesForCertificate returns the list of supported SignatureSchemes +// for a given certificate, based on the public key. +func signatureSchemesForCertificate(cert *Certificate) []SignatureScheme { + priv, ok := cert.PrivateKey.(crypto.Signer) + if !ok { + return nil + } + + switch priv := priv.Public().(type) { + case *ecdsa.PublicKey: + switch priv.Curve { + case elliptic.P256(): + return []SignatureScheme{ECDSAWithP256AndSHA256} + case elliptic.P384(): + return []SignatureScheme{ECDSAWithP384AndSHA384} + case elliptic.P521(): + return []SignatureScheme{ECDSAWithP521AndSHA512} + default: + return nil + } + case *rsa.PublicKey: + // RSA keys with RSA-PSS OID are not supported by crypto/x509. + return []SignatureScheme{ + PSSWithSHA256, + PSSWithSHA384, + PSSWithSHA512, + } + default: + return nil + } +} diff --git a/common.go b/common.go index 7e5976a..ddd3da5 100644 --- a/common.go +++ b/common.go @@ -740,7 +740,7 @@ func (c *Config) supportedVersions(isClient bool) []uint16 { continue } // TLS 1.3 is only supported if explicitly requested while in development. - if v == VersionTLS13 && (!isClient || c == nil || c.MaxVersion != VersionTLS13) { + if v == VersionTLS13 && (c == nil || c.MaxVersion != VersionTLS13) { continue } versions = append(versions, v) diff --git a/handshake_messages.go b/handshake_messages.go index c622e08..98b7bd5 100644 --- a/handshake_messages.go +++ b/handshake_messages.go @@ -131,7 +131,7 @@ func (m *clientHelloMsg) marshal() []byte { }) } if len(m.supportedCurves) > 0 { - // RFC 4492, Section 5.1.1 and RFC 8446, Section 4.2.7 + // RFC 4492, sections 5.1.1 and RFC 8446, Section 4.2.7 b.AddUint16(extensionSupportedCurves) b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { b.AddUint16LengthPrefixed(func(b *cryptobyte.Builder) { @@ -379,7 +379,7 @@ func (m *clientHelloMsg) unmarshal(data []byte) bool { } m.ocspStapling = statusType == statusTypeOCSP case extensionSupportedCurves: - // RFC 4492, Section 5.1.1 and RFC 8446, Section 4.2.7 + // RFC 4492, sections 5.1.1 and RFC 8446, Section 4.2.7 var curves cryptobyte.String if !extData.ReadUint16LengthPrefixed(&curves) || curves.Empty() { return false diff --git a/handshake_server.go b/handshake_server.go index ae793e2..d1f123c 100644 --- a/handshake_server.go +++ b/handshake_server.go @@ -19,20 +19,19 @@ import ( // serverHandshakeState contains details of a server handshake in progress. // It's discarded once the handshake has completed. type serverHandshakeState struct { - c *Conn - clientHello *clientHelloMsg - hello *serverHelloMsg - suite *cipherSuite - ellipticOk bool - ecdsaOk bool - rsaDecryptOk bool - rsaSignOk bool - sessionState *sessionState - finishedHash finishedHash - masterSecret []byte - certsFromClient [][]byte - cert *Certificate - cachedClientHelloInfo *ClientHelloInfo + c *Conn + clientHello *clientHelloMsg + hello *serverHelloMsg + suite *cipherSuite + ellipticOk bool + ecdsaOk bool + rsaDecryptOk bool + rsaSignOk bool + sessionState *sessionState + finishedHash finishedHash + masterSecret []byte + certsFromClient [][]byte + cert *Certificate } // serverHandshake performs a TLS handshake as a server. @@ -41,17 +40,36 @@ func (c *Conn) serverHandshake() error { // encrypt the tickets with. c.config.serverInitOnce.Do(func() { c.config.serverInit(nil) }) - hs := serverHandshakeState{ - c: c, - } - isResume, err := hs.readClientHello() + clientHello, err := c.readClientHello() if err != nil { return err } + if c.vers == VersionTLS13 { + hs := serverHandshakeStateTLS13{ + c: c, + clientHello: clientHello, + } + return hs.handshake() + } + + hs := serverHandshakeState{ + c: c, + clientHello: clientHello, + } + return hs.handshake() +} + +func (hs *serverHandshakeState) handshake() error { + c := hs.c + + if err := hs.processClientHello(); err != nil { + return err + } + // For an overview of TLS handshaking, see RFC 5246, Section 7.3. c.buffering = true - if isResume { + if hs.checkForResumption() { // The client has included a session ticket and so we do an abbreviated handshake. if err := hs.doResumeHandshake(); err != nil { return err @@ -81,6 +99,9 @@ func (c *Conn) serverHandshake() error { } else { // The client didn't include a session ticket, or it wasn't // valid so we do a full handshake. + if err := hs.pickCipherSuite(); err != nil { + return err + } if err := hs.doFullHandshake(); err != nil { return err } @@ -109,42 +130,47 @@ func (c *Conn) serverHandshake() error { return nil } -// readClientHello reads a ClientHello message from the client and decides -// whether we will perform session resumption. -func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { - c := hs.c - +// readClientHello reads a ClientHello message and selects the protocol version. +func (c *Conn) readClientHello() (*clientHelloMsg, error) { msg, err := c.readHandshake() if err != nil { - return false, err + return nil, err } - var ok bool - hs.clientHello, ok = msg.(*clientHelloMsg) + clientHello, ok := msg.(*clientHelloMsg) if !ok { c.sendAlert(alertUnexpectedMessage) - return false, unexpectedMessageError(hs.clientHello, msg) + return nil, unexpectedMessageError(clientHello, msg) } if c.config.GetConfigForClient != nil { - if newConfig, err := c.config.GetConfigForClient(hs.clientHelloInfo()); err != nil { + chi := clientHelloInfo(c, clientHello) + if newConfig, err := c.config.GetConfigForClient(chi); err != nil { c.sendAlert(alertInternalError) - return false, err + return nil, err } else if newConfig != nil { newConfig.serverInitOnce.Do(func() { newConfig.serverInit(c.config) }) c.config = newConfig } } - clientVersions := hs.clientHello.supportedVersions - if len(hs.clientHello.supportedVersions) == 0 { - clientVersions = supportedVersionsFromMax(hs.clientHello.vers) + clientVersions := clientHello.supportedVersions + if len(clientHello.supportedVersions) == 0 { + clientVersions = supportedVersionsFromMax(clientHello.vers) } c.vers, ok = c.config.mutualVersion(false, clientVersions) if !ok { c.sendAlert(alertProtocolVersion) - return false, fmt.Errorf("tls: client offered only unsupported versions: %x", clientVersions) + return nil, fmt.Errorf("tls: client offered only unsupported versions: %x", clientVersions) } c.haveVers = true + c.in.version = c.vers + c.out.version = c.vers + + return clientHello, nil +} + +func (hs *serverHandshakeState) processClientHello() error { + c := hs.c hs.hello = new(serverHelloMsg) hs.hello.vers = c.vers @@ -181,19 +207,19 @@ Curves: if !foundCompression { c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: client does not support uncompressed connections") + return errors.New("tls: client does not support uncompressed connections") } hs.hello.random = make([]byte, 32) - _, err = io.ReadFull(c.config.rand(), hs.hello.random) + _, err := io.ReadFull(c.config.rand(), hs.hello.random) if err != nil { c.sendAlert(alertInternalError) - return false, err + return err } if len(hs.clientHello.secureRenegotiation) != 0 { c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: initial handshake had non-empty renegotiation extension") + return errors.New("tls: initial handshake had non-empty renegotiation extension") } hs.hello.secureRenegotiationSupported = hs.clientHello.secureRenegotiationSupported @@ -218,10 +244,10 @@ Curves: } } - hs.cert, err = c.config.getCertificate(hs.clientHelloInfo()) + hs.cert, err = c.config.getCertificate(clientHelloInfo(c, hs.clientHello)) if err != nil { c.sendAlert(alertInternalError) - return false, err + return err } if hs.clientHello.scts { hs.hello.scts = hs.cert.SignedCertificateTimestamps @@ -235,7 +261,7 @@ Curves: hs.rsaSignOk = true default: c.sendAlert(alertInternalError) - return false, fmt.Errorf("tls: unsupported signing key type (%T)", priv.Public()) + return fmt.Errorf("tls: unsupported signing key type (%T)", priv.Public()) } } if priv, ok := hs.cert.PrivateKey.(crypto.Decrypter); ok { @@ -244,13 +270,15 @@ Curves: hs.rsaDecryptOk = true default: c.sendAlert(alertInternalError) - return false, fmt.Errorf("tls: unsupported decryption key type (%T)", priv.Public()) + return fmt.Errorf("tls: unsupported decryption key type (%T)", priv.Public()) } } - if hs.checkForResumption() { - return true, nil - } + return nil +} + +func (hs *serverHandshakeState) pickCipherSuite() error { + c := hs.c var preferenceList, supportedList []uint16 if c.config.PreferServerCipherSuites { @@ -269,7 +297,7 @@ Curves: if hs.suite == nil { c.sendAlert(alertHandshakeFailure) - return false, errors.New("tls: no cipher suite supported by both client and server") + return errors.New("tls: no cipher suite supported by both client and server") } // See RFC 7507. @@ -278,13 +306,13 @@ Curves: // The client is doing a fallback connection. if hs.clientHello.vers < c.config.supportedVersions(false)[0] { c.sendAlert(alertInappropriateFallback) - return false, errors.New("tls: client using inappropriate protocol fallback") + return errors.New("tls: client using inappropriate protocol fallback") } break } } - return false, nil + return nil } // checkForResumption reports whether we should perform resumption on this connection. @@ -766,26 +794,20 @@ func (hs *serverHandshakeState) setCipherSuite(id uint16, supportedCipherSuites return false } -func (hs *serverHandshakeState) clientHelloInfo() *ClientHelloInfo { - if hs.cachedClientHelloInfo != nil { - return hs.cachedClientHelloInfo +func clientHelloInfo(c *Conn, clientHello *clientHelloMsg) *ClientHelloInfo { + supportedVersions := clientHello.supportedVersions + if len(clientHello.supportedVersions) == 0 { + supportedVersions = supportedVersionsFromMax(clientHello.vers) } - supportedVersions := hs.clientHello.supportedVersions - if len(hs.clientHello.supportedVersions) == 0 { - supportedVersions = supportedVersionsFromMax(hs.clientHello.vers) - } - - hs.cachedClientHelloInfo = &ClientHelloInfo{ - CipherSuites: hs.clientHello.cipherSuites, - ServerName: hs.clientHello.serverName, - SupportedCurves: hs.clientHello.supportedCurves, - SupportedPoints: hs.clientHello.supportedPoints, - SignatureSchemes: hs.clientHello.supportedSignatureAlgorithms, - SupportedProtos: hs.clientHello.alpnProtocols, + return &ClientHelloInfo{ + CipherSuites: clientHello.cipherSuites, + ServerName: clientHello.serverName, + SupportedCurves: clientHello.supportedCurves, + SupportedPoints: clientHello.supportedPoints, + SignatureSchemes: clientHello.supportedSignatureAlgorithms, + SupportedProtos: clientHello.alpnProtocols, SupportedVersions: supportedVersions, - Conn: hs.c.conn, + Conn: c.conn, } - - return hs.cachedClientHelloInfo } diff --git a/handshake_server_test.go b/handshake_server_test.go index f7785ec..a02eae2 100644 --- a/handshake_server_test.go +++ b/handshake_server_test.go @@ -79,17 +79,25 @@ func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessa cli.writeRecord(recordTypeHandshake, m.marshal()) c.Close() }() + conn := Server(s, serverConfig) + ch, err := conn.readClientHello() hs := serverHandshakeState{ - c: Server(s, serverConfig), + c: conn, + clientHello: ch, + } + if err == nil { + err = hs.processClientHello() + } + if err == nil { + err = hs.pickCipherSuite() } - _, err := hs.readClientHello() s.Close() if len(expectedSubStr) == 0 { if err != nil && err != io.EOF { t.Errorf("Got error: %s; expected to succeed", err) } } else if err == nil || !strings.Contains(err.Error(), expectedSubStr) { - t.Errorf("Got error: %s; expected to match substring '%s'", err, expectedSubStr) + t.Errorf("Got error: %v; expected to match substring '%s'", err, expectedSubStr) } } @@ -727,6 +735,16 @@ func runServerTestTLS12(t *testing.T, template *serverTest) { runServerTestForVersion(t, template, "TLSv12", "-tls1_2") } +func runServerTestTLS13(t *testing.T, template *serverTest) { + // TODO(filippo): set MaxVersion to VersionTLS13 instead in testConfig + // while regenerating server tests. + if template.config == nil { + template.config = testConfig.Clone() + } + template.config.MaxVersion = VersionTLS13 + runServerTestForVersion(t, template, "TLSv13", "-tls1_3") +} + func TestHandshakeServerRSARC4(t *testing.T) { test := &serverTest{ name: "RSA-RC4", @@ -774,6 +792,28 @@ func TestHandshakeServerAES256GCMSHA384(t *testing.T) { runServerTestTLS12(t, test) } +func TestHandshakeServerAES128SHA256(t *testing.T) { + test := &serverTest{ + name: "AES128-SHA256", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_AES_128_GCM_SHA256"}, + } + runServerTestTLS13(t, test) +} +func TestHandshakeServerAES256SHA384(t *testing.T) { + test := &serverTest{ + name: "AES256-SHA384", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_AES_256_GCM_SHA384"}, + } + runServerTestTLS13(t, test) +} +func TestHandshakeServerCHACHA20SHA256(t *testing.T) { + test := &serverTest{ + name: "CHACHA20-SHA256", + command: []string{"openssl", "s_client", "-no_ticket", "-ciphersuites", "TLS_CHACHA20_POLY1305_SHA256"}, + } + runServerTestTLS13(t, test) +} + func TestHandshakeServerECDHEECDSAAES(t *testing.T) { config := testConfig.Clone() config.Certificates = make([]Certificate, 1) @@ -783,11 +823,12 @@ func TestHandshakeServerECDHEECDSAAES(t *testing.T) { test := &serverTest{ name: "ECDHE-ECDSA-AES", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA"}, + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA", "-ciphersuites", "TLS_AES_128_GCM_SHA256"}, config: config, } runServerTestTLS10(t, test) runServerTestTLS12(t, test) + runServerTestTLS13(t, test) } func TestHandshakeServerX25519(t *testing.T) { @@ -795,11 +836,37 @@ func TestHandshakeServerX25519(t *testing.T) { config.CurvePreferences = []CurveID{X25519} test := &serverTest{ - name: "X25519-ECDHE-RSA-AES-GCM", - command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"}, + name: "X25519", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "X25519"}, config: config, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func TestHandshakeServerP256(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{CurveP256} + + test := &serverTest{ + name: "P256", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256", "-curves", "P-256"}, + config: config, + } + runServerTestTLS12(t, test) + runServerTestTLS13(t, test) +} + +func TestHandshakeServerHelloRetryRequest(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{CurveP256} + + test := &serverTest{ + name: "HelloRetryRequest", + command: []string{"openssl", "s_client", "-no_ticket", "-curves", "X25519:P-256"}, + config: config, + } + runServerTestTLS13(t, test) } func TestHandshakeServerALPN(t *testing.T) { @@ -821,6 +888,7 @@ func TestHandshakeServerALPN(t *testing.T) { }, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) } func TestHandshakeServerALPNNoMatch(t *testing.T) { @@ -843,6 +911,7 @@ func TestHandshakeServerALPNNoMatch(t *testing.T) { }, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) } // TestHandshakeServerSNI involves a client sending an SNI extension of @@ -1052,6 +1121,7 @@ func TestHandshakeServerExportKeyingMaterial(t *testing.T) { } runServerTestTLS10(t, test) runServerTestTLS12(t, test) + runServerTestTLS13(t, test) } func TestHandshakeServerRSAPKCS1v15(t *testing.T) { @@ -1068,6 +1138,7 @@ func TestHandshakeServerRSAPSS(t *testing.T) { command: []string{"openssl", "s_client", "-no_ticket", "-sigalgs", "rsa_pss_rsae_sha256"}, } runServerTestTLS12(t, test) + runServerTestTLS13(t, test) } func benchmarkHandshakeServer(b *testing.B, cipherSuite uint16, curve CurveID, cert []byte, key crypto.PrivateKey) { @@ -1286,10 +1357,18 @@ func TestSNIGivenOnFailure(t *testing.T) { cli.writeRecord(recordTypeHandshake, clientHello.marshal()) c.Close() }() + conn := Server(s, serverConfig) + ch, err := conn.readClientHello() hs := serverHandshakeState{ - c: Server(s, serverConfig), + c: conn, + clientHello: ch, + } + if err == nil { + err = hs.processClientHello() + } + if err == nil { + err = hs.pickCipherSuite() } - _, err := hs.readClientHello() defer s.Close() if err == nil { diff --git a/handshake_server_tls13.go b/handshake_server_tls13.go new file mode 100644 index 0000000..0ba74d5 --- /dev/null +++ b/handshake_server_tls13.go @@ -0,0 +1,461 @@ +// Copyright 2018 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto" + "crypto/hmac" + "crypto/rsa" + "errors" + "fmt" + "hash" + "io" + "sync/atomic" +) + +type serverHandshakeStateTLS13 struct { + c *Conn + clientHello *clientHelloMsg + hello *serverHelloMsg + suite *cipherSuiteTLS13 + cert *Certificate + sigAlg SignatureScheme + handshakeSecret []byte + trafficSecret []byte // client_application_traffic_secret_0 + transcript hash.Hash +} + +func (hs *serverHandshakeStateTLS13) handshake() error { + c := hs.c + + // For an overview of the TLS 1.3 handshake, see RFC 8446, Section 2. + if err := hs.processClientHello(); err != nil { + return err + } + c.buffering = true + if err := hs.sendServerParameters(); err != nil { + return err + } + if err := hs.sendServerCertificate(); err != nil { + return err + } + if err := hs.sendServerFinished(); err != nil { + return err + } + if _, err := c.flush(); err != nil { + return err + } + if err := hs.readClientFinished(); err != nil { + return err + } + + atomic.StoreUint32(&c.handshakeStatus, 1) + + return nil +} + +func (hs *serverHandshakeStateTLS13) processClientHello() error { + c := hs.c + + hs.hello = new(serverHelloMsg) + + // TLS 1.3 froze the ServerHello.legacy_version field, and uses + // supported_versions instead. See RFC 8446, sections 4.1.3 and 4.2.1. + hs.hello.vers = VersionTLS12 + hs.hello.supportedVersion = c.vers + + if len(hs.clientHello.supportedVersions) == 0 { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client used the legacy version field to negotiate TLS 1.3") + } + + if len(hs.clientHello.compressionMethods) != 1 || + hs.clientHello.compressionMethods[0] != compressionNone { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: TLS 1.3 client supports illegal compression methods") + } + + hs.hello.random = make([]byte, 32) + if _, err := io.ReadFull(c.config.rand(), hs.hello.random); err != nil { + c.sendAlert(alertInternalError) + return err + } + + if len(hs.clientHello.secureRenegotiation) != 0 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: initial handshake had non-empty renegotiation extension") + } + + if hs.clientHello.earlyData { + return errors.New("tls: early data skipping not implemented") // TODO(filippo) + } + + hs.hello.sessionId = hs.clientHello.sessionId + hs.hello.compressionMethod = compressionNone + + var preferenceList, supportedList []uint16 + if c.config.PreferServerCipherSuites { + preferenceList = defaultCipherSuitesTLS13() + supportedList = hs.clientHello.cipherSuites + } else { + preferenceList = hs.clientHello.cipherSuites + supportedList = defaultCipherSuitesTLS13() + } + for _, suiteID := range preferenceList { + hs.suite = mutualCipherSuiteTLS13(supportedList, suiteID) + if hs.suite != nil { + break + } + } + if hs.suite == nil { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: no cipher suite supported by both client and server") + } + c.cipherSuite = hs.suite.id + hs.hello.cipherSuite = hs.suite.id + hs.transcript = hs.suite.hash.New() + + // Pick the ECDHE group in server preference order, but give priority to + // groups with a key share, to avoid a HelloRetryRequest round-trip. + var selectedGroup CurveID + var clientKeyShare *keyShare +GroupSelection: + for _, preferredGroup := range c.config.curvePreferences() { + for _, ks := range hs.clientHello.keyShares { + if ks.group == preferredGroup { + selectedGroup = ks.group + clientKeyShare = &ks + break GroupSelection + } + } + if selectedGroup != 0 { + continue + } + for _, group := range hs.clientHello.supportedCurves { + if group == preferredGroup { + selectedGroup = group + break + } + } + } + if selectedGroup == 0 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: no ECDHE curve supported by both client and server") + } + if clientKeyShare == nil { + if err := hs.doHelloRetryRequest(selectedGroup); err != nil { + return err + } + clientKeyShare = &hs.clientHello.keyShares[0] + } + + if _, ok := curveForCurveID(selectedGroup); selectedGroup != X25519 && !ok { + c.sendAlert(alertInternalError) + return errors.New("tls: CurvePreferences includes unsupported curve") + } + params, err := generateECDHEParameters(c.config.rand(), selectedGroup) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + hs.hello.serverShare = keyShare{group: selectedGroup, data: params.PublicKey()} + sharedKey := params.SharedKey(clientKeyShare.data) + if sharedKey == nil { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: invalid client key share") + } + earlySecret := hs.suite.extract(nil, nil) + hs.handshakeSecret = hs.suite.extract(sharedKey, + hs.suite.deriveSecret(earlySecret, "derived", nil)) + + // This implements a very simplistic certificate selection strategy for now: + // getCertificate delegates to the application Config.GetCertificate, or + // selects based on the server_name only. If the selected certificate's + // public key does not match the client signature_algorithms, the handshake + // is aborted. No attention is given to signature_algorithms_cert, and it is + // not passed to the application Config.GetCertificate. This will need to + // improve according to RFC 8446, sections 4.4.2.2 and 4.2.3. + certificate, err := c.config.getCertificate(clientHelloInfo(c, hs.clientHello)) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + supportedAlgs := signatureSchemesForCertificate(certificate) + if supportedAlgs == nil { + c.sendAlert(alertInternalError) + return fmt.Errorf("tls: unsupported certificate key (%T)", certificate.PrivateKey) + } + // Pick signature scheme in client preference order, as the server + // preference order is not configurable. + for _, preferredAlg := range hs.clientHello.supportedSignatureAlgorithms { + if isSupportedSignatureAlgorithm(preferredAlg, supportedAlgs) { + hs.sigAlg = preferredAlg + break + } + } + if hs.sigAlg == 0 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: client doesn't support selected certificate") + } + hs.cert = certificate + + return nil +} + +func (hs *serverHandshakeStateTLS13) doHelloRetryRequest(selectedGroup CurveID) error { + c := hs.c + + // The first ClientHello gets double-hashed into the transcript upon a + // HelloRetryRequest. See RFC 8446, Section 4.4.1. + hs.transcript.Write(hs.clientHello.marshal()) + chHash := hs.transcript.Sum(nil) + hs.transcript.Reset() + hs.transcript.Write([]byte{typeMessageHash, 0, 0, uint8(len(chHash))}) + hs.transcript.Write(chHash) + + helloRetryRequest := &serverHelloMsg{ + vers: hs.hello.vers, + random: helloRetryRequestRandom, + sessionId: hs.hello.sessionId, + cipherSuite: hs.hello.cipherSuite, + compressionMethod: hs.hello.compressionMethod, + supportedVersion: hs.hello.supportedVersion, + selectedGroup: selectedGroup, + } + + hs.transcript.Write(helloRetryRequest.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, helloRetryRequest.marshal()); err != nil { + return err + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + + clientHello, ok := msg.(*clientHelloMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(clientHello, msg) + } + + if len(clientHello.keyShares) != 1 || clientHello.keyShares[0].group != selectedGroup { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client sent invalid key share in second ClientHello") + } + + if clientHello.earlyData { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client indicated early data in second ClientHello") + } + + if illegalClientHelloChange(clientHello, hs.clientHello) { + c.sendAlert(alertIllegalParameter) + return errors.New("tls: client illegally modified second ClientHello") + } + + hs.clientHello = clientHello + return nil +} + +// illegalClientHelloChange returns whether the two ClientHello messages are +// different, with the exception of the changes allowed before and after a +// HelloRetryRequest. See RFC 8446, Section 4.1.2. +func illegalClientHelloChange(ch, ch1 *clientHelloMsg) bool { + if len(ch.supportedVersions) != len(ch1.supportedVersions) || + len(ch.cipherSuites) != len(ch1.cipherSuites) || + len(ch.supportedCurves) != len(ch1.supportedCurves) || + len(ch.supportedSignatureAlgorithms) != len(ch1.supportedSignatureAlgorithms) || + len(ch.supportedSignatureAlgorithmsCert) != len(ch1.supportedSignatureAlgorithmsCert) || + len(ch.alpnProtocols) != len(ch1.alpnProtocols) { + return true + } + for i := range ch.supportedVersions { + if ch.supportedVersions[i] != ch1.supportedVersions[i] { + return true + } + } + for i := range ch.cipherSuites { + if ch.cipherSuites[i] != ch1.cipherSuites[i] { + return true + } + } + for i := range ch.supportedCurves { + if ch.supportedCurves[i] != ch1.supportedCurves[i] { + return true + } + } + for i := range ch.supportedSignatureAlgorithms { + if ch.supportedSignatureAlgorithms[i] != ch1.supportedSignatureAlgorithms[i] { + return true + } + } + for i := range ch.supportedSignatureAlgorithmsCert { + if ch.supportedSignatureAlgorithmsCert[i] != ch1.supportedSignatureAlgorithmsCert[i] { + return true + } + } + for i := range ch.alpnProtocols { + if ch.alpnProtocols[i] != ch1.alpnProtocols[i] { + return true + } + } + return ch.vers != ch1.vers || + !bytes.Equal(ch.random, ch1.random) || + !bytes.Equal(ch.sessionId, ch1.sessionId) || + !bytes.Equal(ch.compressionMethods, ch1.compressionMethods) || + ch.nextProtoNeg != ch1.nextProtoNeg || + ch.serverName != ch1.serverName || + ch.ocspStapling != ch1.ocspStapling || + !bytes.Equal(ch.supportedPoints, ch1.supportedPoints) || + ch.ticketSupported != ch1.ticketSupported || + !bytes.Equal(ch.sessionTicket, ch1.sessionTicket) || + ch.secureRenegotiationSupported != ch1.secureRenegotiationSupported || + !bytes.Equal(ch.secureRenegotiation, ch1.secureRenegotiation) || + ch.scts != ch1.scts || + !bytes.Equal(ch.cookie, ch1.cookie) || + !bytes.Equal(ch.pskModes, ch1.pskModes) +} + +func (hs *serverHandshakeStateTLS13) sendServerParameters() error { + c := hs.c + + hs.transcript.Write(hs.clientHello.marshal()) + hs.transcript.Write(hs.hello.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } + + clientSecret := hs.suite.deriveSecret(hs.handshakeSecret, + clientHandshakeTrafficLabel, hs.transcript) + c.in.setTrafficSecret(hs.suite, clientSecret) + serverSecret := hs.suite.deriveSecret(hs.handshakeSecret, + serverHandshakeTrafficLabel, hs.transcript) + c.out.setTrafficSecret(hs.suite, serverSecret) + + encryptedExtensions := new(encryptedExtensionsMsg) + + if len(hs.clientHello.alpnProtocols) > 0 { + if selectedProto, fallback := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); !fallback { + encryptedExtensions.alpnProtocol = selectedProto + c.clientProtocol = selectedProto + } + } + + hs.transcript.Write(encryptedExtensions.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, encryptedExtensions.marshal()); err != nil { + return err + } + + return nil +} + +func (hs *serverHandshakeStateTLS13) sendServerCertificate() error { + c := hs.c + + certMsg := new(certificateMsgTLS13) + + certMsg.certificate = *hs.cert + certMsg.scts = hs.clientHello.scts && len(hs.cert.SignedCertificateTimestamps) > 0 + certMsg.ocspStapling = hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 + + hs.transcript.Write(certMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + return err + } + + certVerifyMsg := new(certificateVerifyMsg) + certVerifyMsg.hasSignatureAlgorithm = true + certVerifyMsg.signatureAlgorithm = hs.sigAlg + + sigType := signatureFromSignatureScheme(hs.sigAlg) + sigHash, err := hashFromSignatureScheme(hs.sigAlg) + if sigType == 0 || err != nil { + c.sendAlert(alertInternalError) + return err + } + h := sigHash.New() + writeSignedMessage(h, serverSignatureContext, hs.transcript) + + signOpts := crypto.SignerOpts(sigHash) + if sigType == signatureRSAPSS { + signOpts = &rsa.PSSOptions{SaltLength: rsa.PSSSaltLengthEqualsHash, Hash: sigHash} + } + sig, err := hs.cert.PrivateKey.(crypto.Signer).Sign(c.config.rand(), h.Sum(nil), signOpts) + if err != nil { + c.sendAlert(alertInternalError) + return errors.New("tls: failed to sign handshake: " + err.Error()) + } + certVerifyMsg.signature = sig + + hs.transcript.Write(certVerifyMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certVerifyMsg.marshal()); err != nil { + return err + } + + return nil +} + +func (hs *serverHandshakeStateTLS13) sendServerFinished() error { + c := hs.c + + // See RFC 8446, sections 4.4.4 and 4.4. + finishedKey := hs.suite.expandLabel(c.out.trafficSecret, "finished", nil, hs.suite.hash.Size()) + verifyData := hmac.New(hs.suite.hash.New, finishedKey) + verifyData.Write(hs.transcript.Sum(nil)) + finished := &finishedMsg{ + verifyData: verifyData.Sum(nil), + } + + hs.transcript.Write(finished.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + return err + } + + // Derive secrets that take context through the server Finished. + + masterSecret := hs.suite.extract(nil, + hs.suite.deriveSecret(hs.handshakeSecret, "derived", nil)) + + hs.trafficSecret = hs.suite.deriveSecret(masterSecret, + clientApplicationTrafficLabel, hs.transcript) + serverSecret := hs.suite.deriveSecret(masterSecret, + serverApplicationTrafficLabel, hs.transcript) + c.out.setTrafficSecret(hs.suite, serverSecret) + + c.ekm = hs.suite.exportKeyingMaterial(masterSecret, hs.transcript) + + return nil +} + +func (hs *serverHandshakeStateTLS13) readClientFinished() error { + c := hs.c + + msg, err := c.readHandshake() + if err != nil { + return err + } + + finished, ok := msg.(*finishedMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(finished, msg) + } + + finishedKey := hs.suite.expandLabel(c.in.trafficSecret, "finished", nil, hs.suite.hash.Size()) + expectedMAC := hmac.New(hs.suite.hash.New, finishedKey) + expectedMAC.Write(hs.transcript.Sum(nil)) + if !hmac.Equal(expectedMAC.Sum(nil), finished.verifyData) { + c.sendAlert(alertDecryptError) + return errors.New("tls: invalid client finished hash") + } + + hs.transcript.Write(finished.marshal()) + + c.in.setTrafficSecret(hs.suite, hs.trafficSecret) + + return nil +} diff --git a/testdata/Server-TLSv12-P256 b/testdata/Server-TLSv12-P256 new file mode 100644 index 0000000..c97bae4 --- /dev/null +++ b/testdata/Server-TLSv12-P256 @@ -0,0 +1,85 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 8f 01 00 00 8b 03 03 74 08 f5 ee 24 |...........t...$| +00000010 cb c0 26 fc f1 11 c6 9d fb ac f5 ed d1 05 78 e6 |..&...........x.| +00000020 cf a6 cb f2 ed 1a 46 3a cf 25 8b 00 00 04 c0 2f |......F:.%...../| +00000030 00 ff 01 00 00 5e 00 00 00 0e 00 0c 00 00 09 31 |.....^.........1| +00000040 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000050 00 0a 00 04 00 02 00 17 00 16 00 00 00 17 00 00 |................| +00000060 00 0d 00 30 00 2e 04 03 05 03 06 03 08 07 08 08 |...0............| +00000070 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................| +00000080 06 01 03 03 02 03 03 01 02 01 03 02 02 02 04 02 |................| +00000090 05 02 06 02 |....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 cd 0c 00 00 c9 03 00 17 |;...............| +000002a0 41 04 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 |A...7...Q.5uq..T| +000002b0 5b 12 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 |[....g..$ >.V...| +000002c0 28 5e f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 |(^.+-O....lK[.V.| +000002d0 32 42 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc |2B.X..I..h.A.Vk.| +000002e0 5a 89 08 04 00 80 7b f8 9c bb af 20 2b b4 44 40 |Z.....{.... +.D@| +000002f0 0d bc 31 37 53 26 d4 74 b6 0b 5b 79 f5 a9 ea 2f |..17S&.t..[y.../| +00000300 e7 4f 58 42 a1 d1 43 96 bf 74 dd 2e 33 28 bd b1 |.OXB..C..t..3(..| +00000310 0b 8a eb d7 6c 1d 7a 71 3d 61 0b f1 8e 8c f8 32 |....l.zq=a.....2| +00000320 7a ec 60 ed 4a 84 67 ad 23 f0 c8 68 27 4d 82 d9 |z.`.J.g.#..h'M..| +00000330 15 58 38 cf 0a ec 5a 15 b8 14 e2 95 c6 6c b5 f3 |.X8...Z......l..| +00000340 5b ee 01 1c f7 00 83 ae e4 c8 89 77 8b 64 7b 9a |[..........w.d{.| +00000350 52 a3 c0 1c 6c 19 bc 3d 28 19 24 04 8d 2d 1c 7e |R...l..=(.$..-.~| +00000360 4d 56 01 64 f6 3c 16 03 03 00 04 0e 00 00 00 |MV.d.<.........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 46 10 00 00 42 41 04 06 a5 96 8c 26 |....F...BA.....&| +00000010 fb 4e 33 6d 4f 28 6a 84 af 17 7e 6c 36 ca be 3b |.N3mO(j...~l6..;| +00000020 a2 0b b1 82 1d 35 37 02 09 f3 f0 c4 88 a9 82 1f |.....57.........| +00000030 df b5 c2 09 ed a9 7a e5 80 71 76 14 a8 98 03 08 |......z..qv.....| +00000040 25 04 94 03 4a c0 2a cb 77 bd e2 14 03 03 00 01 |%...J.*.w.......| +00000050 01 16 03 03 00 28 f4 25 33 55 25 c7 6d c9 e5 68 |.....(.%3U%.m..h| +00000060 09 5c 05 c5 49 78 82 08 20 7b 96 1b f8 5c 1a 41 |.\..Ix.. {...\.A| +00000070 be a3 4d 4c 01 3d 16 fa 3a f6 dc 37 5e 3b |..ML.=..:..7^;| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 24 72 76 66 ac a0 75 a4 5b 80 c8 f8 52 |...$rvf..u.[...R| +00000020 4b e3 8f 5a 02 f1 44 16 18 e6 ef b8 d3 51 50 f0 |K..Z..D......QP.| +00000030 06 b7 22 17 03 03 00 25 00 00 00 00 00 00 00 01 |.."....%........| +00000040 a0 f8 ed 7c ec 72 b8 fb 2a 6f 8b 61 83 ce 10 a0 |...|.r..*o.a....| +00000050 0e 45 39 ce 20 c1 b4 6e e1 a9 a6 e9 13 15 03 03 |.E9. ..n........| +00000060 00 1a 00 00 00 00 00 00 00 02 ca ce 38 1c fe db |............8...| +00000070 f3 53 18 ff fd b2 31 17 07 4d 99 10 |.S....1..M..| diff --git a/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM b/testdata/Server-TLSv12-X25519 similarity index 100% rename from testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM rename to testdata/Server-TLSv12-X25519 diff --git a/testdata/Server-TLSv13-AES128-SHA256 b/testdata/Server-TLSv13-AES128-SHA256 new file mode 100644 index 0000000..049d2ff --- /dev/null +++ b/testdata/Server-TLSv13-AES128-SHA256 @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 f8 75 ee c1 65 |............u..e| +00000010 31 d9 dd 36 00 f6 b0 f0 a8 d6 a0 42 da d1 8a a3 |1..6.......B....| +00000020 17 82 1a 44 14 6e bc 43 e0 4b 89 20 88 b8 53 ac |...D.n.C.K. ..S.| +00000030 16 d5 64 58 23 21 20 c4 0b 8d 96 d7 db 59 44 3d |..dX#! ......YD=| +00000040 9e 67 9b f8 a8 21 6c 6d 02 54 a9 b6 00 04 13 01 |.g...!lm.T......| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 be 01 5d e4 e9 b4 66 52 bf 5f 5f ab 82 80 be | ..]...fR.__....| +000000d0 25 13 b3 e7 28 5e 00 a6 b0 a6 d5 f1 f0 20 42 e5 |%...(^....... B.| +000000e0 2e |.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 88 b8 53 ac |........... ..S.| +00000030 16 d5 64 58 23 21 20 c4 0b 8d 96 d7 db 59 44 3d |..dX#! ......YD=| +00000040 9e 67 9b f8 a8 21 6c 6d 02 54 a9 b6 13 01 00 00 |.g...!lm.T......| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 ff de 7b 26 44 70 00 05 64 fc 65 e3 |......{&Dp..d.e.| +00000090 23 fd ea 4b b3 d0 e6 80 db 2b 4c 17 03 03 02 6d |#..K.....+L....m| +000000a0 8f 7b 9c 1f b5 a8 26 b3 89 76 13 7f a2 9a 9b e3 |.{....&..v......| +000000b0 b8 06 c3 ff 02 c2 41 8e 29 fd f4 45 43 d3 57 23 |......A.)..EC.W#| +000000c0 71 32 03 31 24 2b 73 ca 7a df e9 79 4e 96 7c d5 |q2.1$+s.z..yN.|.| +000000d0 f1 19 05 11 1c cf 5f 85 30 e5 32 2c 61 2c d2 40 |......_.0.2,a,.@| +000000e0 25 c0 72 2c f8 ef d2 8d d9 4f 81 88 cc 9f c0 71 |%.r,.....O.....q| +000000f0 97 9e 79 f4 33 e8 75 47 1e 5a c1 02 20 48 6f a4 |..y.3.uG.Z.. Ho.| +00000100 41 d6 37 73 07 ad 90 37 80 d7 f9 c1 59 96 9f a8 |A.7s...7....Y...| +00000110 e4 f5 e4 65 99 02 a3 69 95 e1 39 07 fb a8 ac 6d |...e...i..9....m| +00000120 40 fb de 64 05 5b b4 32 ba 09 da 92 0a ba 1e 11 |@..d.[.2........| +00000130 3f d3 bd 6d 68 f7 15 d3 74 60 18 cd 96 04 2f db |?..mh...t`..../.| +00000140 c5 09 f2 05 5f 82 8b 23 65 00 7c b7 d5 ef 1d 0e |...._..#e.|.....| +00000150 3a 08 2b c9 6d 99 9b 9a a6 55 2c df 08 c0 4a b1 |:.+.m....U,...J.| +00000160 b3 69 9c d9 68 49 43 28 8e 00 c5 e1 60 07 25 4d |.i..hIC(....`.%M| +00000170 aa 61 2e 74 82 49 62 e0 a8 f0 53 6c 64 ea fc cc |.a.t.Ib...Sld...| +00000180 84 ab 26 b6 b8 ef 55 cd 3d 34 1a 65 25 8f 76 f4 |..&...U.=4.e%.v.| +00000190 dc 06 9b 67 98 59 c1 37 86 0f 24 34 86 b5 a3 dd |...g.Y.7..$4....| +000001a0 5b d4 c8 04 cb 73 e1 67 bb 66 d7 94 16 eb 3b 73 |[....s.g.f....;s| +000001b0 7e 67 8d 7f bf e9 f9 89 6d d8 6a a9 3c 97 eb 67 |~g......m.j.<..g| +000001c0 f0 6f fa 9b 4d f0 25 25 a2 30 1d 3c 93 14 6e 33 |.o..M.%%.0.<..n3| +000001d0 fa bf 5b 3c c3 cc f4 0e fa 55 e2 20 46 3f 1c b7 |..[<.....U. F?..| +000001e0 9d d3 ec d8 54 18 0b 4a be 45 bd 5e a1 3a f2 e9 |....T..J.E.^.:..| +000001f0 15 b0 15 a4 b4 a6 f5 52 36 9b 6b 18 ce ac 37 ae |.......R6.k...7.| +00000200 76 e6 2c d1 6b 3f 95 eb 37 79 fe ec cc a6 34 4a |v.,.k?..7y....4J| +00000210 27 68 0e d0 80 d8 5c 1c 9c ac aa 02 18 e7 c1 72 |'h....\........r| +00000220 08 52 07 63 04 65 13 53 23 51 ce 0e f4 1d 4f ca |.R.c.e.S#Q....O.| +00000230 51 13 ad 10 1b f3 a4 c3 69 ce c0 ed d1 25 6c 60 |Q.......i....%l`| +00000240 e7 21 9e d7 9f 8b a1 20 61 75 f6 e0 06 c4 dd bb |.!..... au......| +00000250 8e e2 05 86 ef fe 75 0e 47 ae 54 82 e9 32 9b 87 |......u.G.T..2..| +00000260 fb eb e4 14 e3 f0 90 1d 48 72 00 02 53 52 24 47 |........Hr..SR$G| +00000270 98 a1 cc b9 b3 8d ab a7 db b0 f5 83 db 56 a1 ad |.............V..| +00000280 7d 45 e7 5f 6a bd a9 65 87 8c 48 1f de dc b4 ce |}E._j..e..H.....| +00000290 47 7c ec 63 fb 77 f3 5a a0 3b 84 53 cf 8b 73 30 |G|.c.w.Z.;.S..s0| +000002a0 bd 0f ac 5a 9b e8 a1 88 f6 45 96 ca b9 48 c3 be |...Z.....E...H..| +000002b0 8b 7e f1 1a fd 8a 54 9e 5a 76 e7 9a bc 06 7e 04 |.~....T.Zv....~.| +000002c0 bd e1 a1 a3 4d 52 56 3b 64 29 70 87 89 c5 f5 ce |....MRV;d)p.....| +000002d0 1f 65 7d 55 9f 28 32 3e 6b c7 b6 17 0b dd 7e ea |.e}U.(2>k.....~.| +000002e0 ef 7b a0 f0 6f 84 2a 11 93 d5 d8 99 dc ee 17 57 |.{..o.*........W| +000002f0 3f d7 7f a7 da c0 30 77 13 31 60 9c ca 32 67 09 |?.....0w.1`..2g.| +00000300 70 ce 05 0d c8 b6 e1 a2 df e4 f1 3c 67 17 03 03 |p............d...B| +00000370 39 15 00 13 c3 c8 35 66 21 d0 1f 94 0b 21 79 22 |9.....5f!....!y"| +00000380 5b 32 89 d4 81 28 6c c7 55 74 a7 a4 22 62 a9 cb |[2...(l.Ut.."b..| +00000390 76 9f e9 af 55 d5 1f b5 51 f7 40 2c fb 3b 03 30 |v...U...Q.@,.;.0| +000003a0 13 ca a0 79 ba 80 1b 0e 57 3d 84 17 03 03 00 35 |...y....W=.....5| +000003b0 fb 34 92 6a 46 f2 59 1a 94 39 63 d1 9d 58 40 e8 |.4.jF.Y..9c..X@.| +000003c0 f0 bb e7 fe 4d 1c 42 a2 38 9e cd a2 01 1c b6 a7 |....M.B.8.......| +000003d0 e3 9a cb 28 73 5f 8a 1e b3 40 41 80 85 2c 49 54 |...(s_...@A..,IT| +000003e0 3d 13 dc cc 6c |=...l| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 c5 aa 6e cd 44 |..........5..n.D| +00000010 2f f6 09 74 33 13 e1 c1 32 6f 94 cd 55 2c 45 88 |/..t3...2o..U,E.| +00000020 f1 f8 51 c7 3e 64 62 e1 8a 48 cc bd c8 ac 91 a3 |..Q.>db..H......| +00000030 90 ea 45 1b 21 52 d4 81 84 88 0d ed a2 86 d4 64 |..E.!R.........d| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 4c e5 b2 aa 21 9e 56 24 62 da a7 |.....L...!.V$b..| +00000010 af ef 76 b5 8a 9a a1 3b 2e cd e8 68 27 ac 08 e1 |..v....;...h'...| +00000020 c1 37 52 17 03 03 00 13 8e 91 11 5b cf c4 28 e3 |.7R........[..(.| +00000030 a5 ea bb 89 93 fc 94 bc e6 28 32 |.........(2| diff --git a/testdata/Server-TLSv13-AES256-SHA384 b/testdata/Server-TLSv13-AES256-SHA384 new file mode 100644 index 0000000..ab98f48 --- /dev/null +++ b/testdata/Server-TLSv13-AES256-SHA384 @@ -0,0 +1,92 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 35 42 f3 56 6d |...........5B.Vm| +00000010 cd 58 c6 08 54 f1 6c 64 c5 16 eb 39 b0 d9 1b 22 |.X..T.ld...9..."| +00000020 88 d6 36 a7 70 a8 27 c8 e8 1a 20 20 cc c6 13 bc |..6.p.'... ....| +00000030 f4 3a ed 6a d2 59 ac 02 18 68 e9 80 50 4a a3 df |.:.j.Y...h..PJ..| +00000040 1e 6b 54 0c 85 3a 17 5c 23 7f e0 fc 00 04 13 02 |.kT..:.\#.......| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 de c8 19 7a 66 cb db c3 04 b9 96 f4 5c 2e 52 | ...zf.......\.R| +000000d0 1b 63 0b 11 87 a2 a9 14 f8 54 10 a4 de 5f 9f 13 |.c.......T..._..| +000000e0 09 |.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 cc c6 13 bc |........... ....| +00000030 f4 3a ed 6a d2 59 ac 02 18 68 e9 80 50 4a a3 df |.:.j.Y...h..PJ..| +00000040 1e 6b 54 0c 85 3a 17 5c 23 7f e0 fc 13 02 00 00 |.kT..:.\#.......| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 de 82 46 36 68 05 6c 4d 4c 79 da 2a |......F6h.lMLy.*| +00000090 a2 de 70 e3 64 66 79 ba 1d 4f d3 17 03 03 02 6d |..p.dfy..O.....m| +000000a0 66 1a 81 1c 38 21 0d 17 ef 4c 0f ad 52 c1 f3 d5 |f...8!...L..R...| +000000b0 d6 3f ee 05 dd bb ec e3 cd 00 a3 e5 42 90 f6 b8 |.?..........B...| +000000c0 2f d3 95 b8 27 3d 70 63 55 ef 32 e8 55 1a 20 0e |/...'=pcU.2.U. .| +000000d0 c8 47 7b 0c 15 30 86 37 72 25 d7 3b 97 a3 d1 90 |.G{..0.7r%.;....| +000000e0 5c a4 07 e4 b8 3c 3b bc 74 ea 93 d5 a8 30 dc bc |\....<;.t....0..| +000000f0 f9 2b 62 4e 15 84 c6 1c 67 a3 85 e2 8e 71 1d 6a |.+bN....g....q.j| +00000100 8d 26 97 96 ba 08 9d 09 e5 21 fa 4c 72 d9 7a df |.&.......!.Lr.z.| +00000110 39 69 02 82 58 0c ba 79 2a c1 73 d7 97 44 62 56 |9i..X..y*.s..DbV| +00000120 b6 7f 08 91 a3 ed 95 18 84 99 31 f6 64 54 59 bc |..........1.dTY.| +00000130 e0 c6 a2 e1 5f 51 5d 03 fd 5b cf 8f 97 1b 41 4b |...._Q]..[....AK| +00000140 c6 fa 78 06 c4 4d 3c e0 ba d9 3c 5f 5f f8 72 79 |..x..M<...<__.ry| +00000150 53 a0 cc bc aa 92 be 78 15 08 35 36 1f 53 91 89 |S......x..56.S..| +00000160 ec 74 0b b4 9e 97 85 86 d0 15 ff b6 62 9c 89 07 |.t..........b...| +00000170 9f 5d e8 9f 9d 7e b9 17 0e 33 78 06 ea 84 db 9e |.]...~...3x.....| +00000180 90 37 8a db c1 66 e2 a1 72 40 91 c5 49 e6 04 d9 |.7...f..r@..I...| +00000190 35 7c 50 1b 2e d6 63 44 c8 44 f9 e3 72 9c 1c 29 |5|P...cD.D..r..)| +000001a0 63 0f 5e fd a8 ab 09 c8 b8 02 7b 6f 40 35 85 3e |c.^.......{o@5.>| +000001b0 bb ae c9 b2 06 6d 0d 70 7e 65 b9 30 20 8f 54 da |.....m.p~e.0 .T.| +000001c0 9d 55 6e 70 7a a3 b0 15 5a 29 72 51 61 84 57 5c |.Unpz...Z)rQa.W\| +000001d0 f0 65 0a 9b 6e fb a4 d9 22 70 45 de c1 a6 5f 95 |.e..n..."pE..._.| +000001e0 3e 95 c8 3f 6b fa 69 01 ab e8 e0 61 6d 76 7b 5b |>..?k.i....amv{[| +000001f0 b2 33 e9 c1 67 99 33 99 03 75 e3 2c 29 b8 0f 75 |.3..g.3..u.,)..u| +00000200 b8 00 c5 dd cf f3 2e 24 fc 55 cc d5 d4 2d cc f4 |.......$.U...-..| +00000210 f1 59 20 d5 7a c1 ef f5 3b 8b b0 2a 0d c0 2a ad |.Y .z...;..*..*.| +00000220 2c ce c6 91 4d 17 1e 5c e8 d1 98 1e 58 cc d9 42 |,...M..\....X..B| +00000230 42 e9 ff b8 f7 33 f0 af df 8f 1e 7f 52 79 7e 4f |B....3......Ry~O| +00000240 48 e1 21 10 8c aa 7c 84 5d 42 f0 01 73 ff bb e1 |H.!...|.]B..s...| +00000250 de cb 61 a9 d0 9a be 2a cd 18 60 91 0c 20 86 db |..a....*..`.. ..| +00000260 4a e7 08 eb ab af 1b 7a bb 04 f6 49 29 b9 20 65 |J......z...I). e| +00000270 da a6 09 f3 8e 57 b4 5f b0 53 07 86 06 cf 44 de |.....W._.S....D.| +00000280 ba bd 16 ca 88 df 65 50 1a 0d 4b 30 41 ee 04 6a |......eP..K0A..j| +00000290 90 71 27 1b 05 b2 5e 0b 9c 77 ec fb 8a 02 82 18 |.q'...^..w......| +000002a0 34 3e af ea 43 71 4b 9c 12 75 f2 59 32 04 76 87 |4>..CqK..u.Y2.v.| +000002b0 2a ea 31 f6 c8 29 30 41 3f cf 4e c5 2b 38 d0 15 |*.1..)0A?.N.+8..| +000002c0 e6 fa 8d de 2a ec 3e 49 b9 bb 2e 46 ef 8b 8f a4 |....*.>I...F....| +000002d0 e0 96 39 67 d6 2f 56 fb 8b 9c 7c 49 65 3d b3 8e |..9g./V...|Ie=..| +000002e0 1f 48 02 24 53 10 43 49 6d 31 fc d6 99 f6 50 73 |.H.$S.CIm1....Ps| +000002f0 b3 fd b7 57 72 c6 81 a2 df 16 13 0a da 67 8f 3c |...Wr........g.<| +00000300 ff 94 b7 8a 26 0c f2 fe c9 f6 67 a2 f2 17 03 03 |....&.....g.....| +00000310 00 99 1d 59 bb 70 37 f6 a7 72 d1 27 3b 5a d5 1d |...Y.p7..r.';Z..| +00000320 f6 e6 02 84 3c 8b 24 0e 78 ed 88 73 e8 e4 d2 8d |....<.$.x..s....| +00000330 97 c4 cc a3 22 b7 c1 ba 2d df ef d4 84 0d 78 ce |...."...-.....x.| +00000340 70 c9 4f 60 dc fb 13 50 2d d1 52 ba e9 d4 5a 5e |p.O`...P-.R...Z^| +00000350 ed eb 93 ae 99 b8 08 91 61 ee a5 9c 3e 63 07 ed |........a...>c..| +00000360 17 b1 29 5f 03 ae 5b 0d a7 0a 4a 3a f5 6b 9c 6f |..)_..[...J:.k.o| +00000370 28 ad 16 6d f5 31 17 87 f5 10 b5 53 13 c8 a2 a1 |(..m.1.....S....| +00000380 7a 9a 12 10 04 0b e7 b6 c7 3b 55 25 05 d3 0c 5e |z........;U%...^| +00000390 32 60 bf 43 e6 62 d0 cc cd a6 61 9b 19 dc 83 34 |2`.C.b....a....4| +000003a0 9f f2 2d 8f ca 9e 96 73 4d e9 52 17 03 03 00 45 |..-....sM.R....E| +000003b0 28 21 db ab 2f da c8 33 af a5 44 5b f4 2f 18 bd |(!../..3..D[./..| +000003c0 72 74 6d a7 c0 16 fb 13 de 8b d4 f8 03 8f ba 28 |rtm............(| +000003d0 06 89 08 0f 82 14 9b 6d 9b 61 7c 6c c3 de 76 2e |.......m.a|l..v.| +000003e0 f3 2b ff db 2d bc 6f 84 75 19 b3 df eb a1 a7 69 |.+..-.o.u......i| +000003f0 a7 a7 70 27 48 |..p'H| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 5b 1d b7 49 6d |..........E[..Im| +00000010 d0 f1 9a 16 cc e8 08 84 c0 80 23 1f 4f fc 15 b1 |..........#.O...| +00000020 20 28 d0 65 1b 58 8b 67 fa 30 c2 37 86 ac b2 47 | (.e.X.g.0.7...G| +00000030 d6 b8 ac 8a 69 bc a3 09 10 c8 47 15 54 b3 a4 79 |....i.....G.T..y| +00000040 1f 12 2d c1 ca e1 ce 54 c0 ce e5 fc 61 f2 7c 07 |..-....T....a.|.| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e ba d7 68 39 2c 76 30 fb 0e 36 47 |.......h9,v0..6G| +00000010 d9 b8 7c 2d e2 1c fd 13 86 9b 2c 07 ab 66 03 2d |..|-......,..f.-| +00000020 1e 7d 69 17 03 03 00 13 eb 7b d8 47 8a 5e 53 83 |.}i......{.G.^S.| +00000030 17 87 b3 aa c5 80 71 ba df 1b 60 |......q...`| diff --git a/testdata/Server-TLSv13-ALPN b/testdata/Server-TLSv13-ALPN new file mode 100644 index 0000000..c78bf3e --- /dev/null +++ b/testdata/Server-TLSv13-ALPN @@ -0,0 +1,94 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f8 01 00 00 f4 03 03 c6 52 45 ca ae |............RE..| +00000010 9b 43 49 d4 01 e2 af b0 e8 9b f4 9b f6 ef 38 c6 |.CI...........8.| +00000020 71 9f ed 84 a6 2c 01 92 1f 3f 1b 20 5b cb 8a 16 |q....,...?. [...| +00000030 b3 d2 a8 19 41 d5 0c 6a fa 39 0a b2 6d 65 18 d1 |....A..j.9..me..| +00000040 67 88 16 6b e0 9b e4 7a d2 95 f9 93 00 08 13 02 |g..k...z........| +00000050 13 03 13 01 00 ff 01 00 00 a3 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000080 00 19 00 18 00 23 00 00 00 10 00 10 00 0e 06 70 |.....#.........p| +00000090 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....| +000000a0 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................| +000000b0 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................| +000000c0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.| +000000d0 02 01 01 00 33 00 26 00 24 00 1d 00 20 d8 72 8f |....3.&.$... .r.| +000000e0 a6 3b a1 1c f7 73 ea b0 d5 85 03 31 46 d6 6b 8b |.;...s.....1F.k.| +000000f0 e0 e6 e0 e6 20 09 a7 f8 a2 fd d1 a7 6b |.... .......k| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 5b cb 8a 16 |........... [...| +00000030 b3 d2 a8 19 41 d5 0c 6a fa 39 0a b2 6d 65 18 d1 |....A..j.9..me..| +00000040 67 88 16 6b e0 9b e4 7a d2 95 f9 93 13 02 00 00 |g..k...z........| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 24 9b af d8 42 6e 75 12 c4 10 c3 42 72 |...$...Bnu....Br| +00000090 de e6 50 f9 2b 15 68 6d b1 32 2f fb 63 b1 80 1a |..P.+.hm.2/.c...| +000000a0 f0 b3 3e 22 c9 d4 ed ba 17 03 03 02 6d c9 fc b7 |..>"........m...| +000000b0 3c 02 17 dc 26 56 b6 1f 3d 2c 07 0e 96 52 a8 9f |<...&V..=,...R..| +000000c0 a2 2a 6e e9 c7 93 2e c7 98 af 9b 63 99 25 14 f1 |.*n........c.%..| +000000d0 45 29 63 26 35 62 af d7 37 f3 33 03 2e a8 02 f2 |E)c&5b..7.3.....| +000000e0 a4 a5 9e 85 19 ad a8 20 81 85 6a 19 c5 bb 8f d7 |....... ..j.....| +000000f0 ea 4d af ee 9d 95 78 26 5a 24 da ee 5b 96 97 34 |.M....x&Z$..[..4| +00000100 7c e6 2c c1 b0 e8 d3 3a 7f 4c b5 c9 44 ad d5 35 ||.,....:.L..D..5| +00000110 99 b2 99 d9 c3 10 97 03 ac fe c9 6d cf 1a c0 6a |...........m...j| +00000120 ec d0 b7 ed b8 79 d6 48 8b eb df 0b 42 87 8e 50 |.....y.H....B..P| +00000130 9a c9 47 e7 e3 6a c6 03 85 8e b4 57 58 b2 aa 5f |..G..j.....WX.._| +00000140 53 8d 00 43 7e 36 4a 9b 2a 0a b7 45 e5 8b 4c 71 |S..C~6J.*..E..Lq| +00000150 62 b3 07 e1 1d 07 16 7b 4b c7 4b ac b3 e0 8b 4b |b......{K.K....K| +00000160 ec 3c 48 2f be eb 32 f6 f5 fa 24 86 76 e6 df ec |.r{.....S...|5| +000001f0 54 38 8a 0b 11 35 90 02 3c 2b ef 3c 9c 81 80 0b |T8...5..<+.<....| +00000200 9e a5 5a d0 07 37 ec b2 4b c9 2d 8a 22 45 20 60 |..Z..7..K.-."E `| +00000210 71 58 e0 a0 99 40 06 62 d4 19 cb 9d 62 65 a8 d6 |qX...@.b....be..| +00000220 dd bd 82 c9 01 ba ce 17 04 d2 09 3a 6b f6 12 9c |...........:k...| +00000230 41 1d 1f f9 f5 42 93 36 70 0b 3a ba 49 f9 54 dc |A....B.6p.:.I.T.| +00000240 d2 30 02 7d 04 0b 4a 3b 12 37 4e a7 96 8c 8b 8c |.0.}..J;.7N.....| +00000250 2e a7 84 78 22 18 d4 2d 93 0a da e1 97 bc ad b5 |...x"..-........| +00000260 2b 81 39 8e d3 5e 81 a1 51 c7 3e 40 3a fb ce 89 |+.9..^..Q.>@:...| +00000270 cf f3 dc 3e 18 0f f1 80 19 00 25 ca 5d e5 0e 0d |...>......%.]...| +00000280 76 4f de 4c eb 92 fa bf 4c 72 01 1d 26 38 88 f1 |vO.L....Lr..&8..| +00000290 9f d1 5f e4 ca e8 19 db dc f3 ba 0a 14 d4 63 b3 |.._...........c.| +000002a0 04 f4 4f ea 1c 0e 93 89 ad 6a 00 e0 64 fd 22 ae |..O......j..d.".| +000002b0 a7 58 dd e8 73 1e 89 b5 ed de ae b3 1e fb 54 1e |.X..s.........T.| +000002c0 70 ab 1e 38 2f bc 1d 16 3b e0 51 9f d9 dd 28 f2 |p..8/...;.Q...(.| +000002d0 2c 24 80 e7 76 b9 d2 25 53 5e c0 df 07 19 0a 8c |,$..v..%S^......| +000002e0 13 ed cd d7 0f dc 4d 92 66 49 41 b1 1f a8 92 c3 |......M.fIA.....| +000002f0 80 26 44 4f f8 49 86 b5 28 1e 3c 0c 1f 42 b9 ae |.&DO.I..(.<..B..| +00000300 27 57 f1 46 d3 61 23 8e 39 cf 50 ad fb 10 ba 7d |'W.F.a#.9.P....}| +00000310 a0 94 c5 b3 6e ad a1 15 71 00 17 03 03 00 99 87 |....n...q.......| +00000320 b6 bb fc 79 5f 53 43 73 bc 7f 0a 49 78 70 48 61 |...y_SCs...IxpHa| +00000330 22 e8 a5 f2 64 55 67 8b 68 de f4 12 64 52 2b 22 |"...dUg.h...dR+"| +00000340 e4 55 53 94 30 a4 7e 10 36 fc 98 9f 0a 32 df 02 |.US.0.~.6....2..| +00000350 b5 bf 58 34 cc 30 31 7b b8 79 54 56 38 48 94 1f |..X4.01{.yTV8H..| +00000360 df 98 b9 c6 dc 29 3c 94 12 ef 47 98 91 0a 81 44 |.....)<...G....D| +00000370 93 f4 96 a2 b2 05 09 d9 6e 25 9f 59 17 0f 41 8b |........n%.Y..A.| +00000380 f7 5c 81 e0 71 25 eb 24 eb bd cf 9a d9 24 8d c6 |.\..q%.$.....$..| +00000390 04 4e 10 0f 92 41 59 df 5c 77 c4 4d c8 30 e0 70 |.N...AY.\w.M.0.p| +000003a0 0c 5d 1b 49 b4 ea 06 bd c5 de 1d b5 19 63 46 72 |.].I.........cFr| +000003b0 98 72 48 e0 aa 76 6c d8 17 03 03 00 45 72 a8 f6 |.rH..vl.....Er..| +000003c0 c0 00 8a 52 91 57 bf 8d 63 87 31 df 97 17 af 41 |...R.W..c.1....A| +000003d0 88 44 19 1e 32 b9 32 d5 16 92 1b c7 6b 6e 29 8c |.D..2.2.....kn).| +000003e0 cc 42 59 05 8d 76 e4 4c 7e 46 5f 42 84 0d 28 37 |.BY..v.L~F_B..(7| +000003f0 15 53 d9 fc de 4b 04 d4 9a 14 6e 9f e8 c9 20 13 |.S...K....n... .| +00000400 00 c4 |..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 ac 55 3c 0a 23 |..........E.U<.#| +00000010 d7 29 fa 16 c2 df a7 42 9e 15 7e 93 a7 0a 31 79 |.).....B..~...1y| +00000020 38 96 95 4a 0b 61 d8 f5 bb e5 51 a8 c3 ea 2b 92 |8..J.a....Q...+.| +00000030 a2 b0 9c 59 e1 52 b9 80 26 1b 84 c3 1a 68 f4 40 |...Y.R..&....h.@| +00000040 82 45 42 47 2f c7 3d ba 77 88 8b 5c 3b 03 a8 a7 |.EBG/.=.w..\;...| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 86 2e cf 5b 32 e1 e0 db 51 51 55 |........[2...QQU| +00000010 ef c3 05 87 ea 90 a8 37 8c 28 5d da 9f 64 70 33 |.......7.(]..dp3| +00000020 8f 94 f0 17 03 03 00 13 ba 81 00 ec 23 57 05 42 |............#W.B| +00000030 aa f4 ca b2 4e 98 d0 22 3b fc 38 |....N..";.8| diff --git a/testdata/Server-TLSv13-ALPN-NoMatch b/testdata/Server-TLSv13-ALPN-NoMatch new file mode 100644 index 0000000..8d524a9 --- /dev/null +++ b/testdata/Server-TLSv13-ALPN-NoMatch @@ -0,0 +1,93 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f8 01 00 00 f4 03 03 7d 4e fc 70 f4 |...........}N.p.| +00000010 ca f8 bc d4 12 5d 8f 66 37 a0 c8 30 1a 4d 1b 4f |.....].f7..0.M.O| +00000020 0e 0b 86 1a 16 6d 77 2f ff eb a8 20 09 1f f5 06 |.....mw/... ....| +00000030 2c 4d 55 28 be dd 24 02 70 4c 0d 73 c4 c0 a1 d8 |,MU(..$.pL.s....| +00000040 b3 f0 13 26 76 df 47 bd 2e 27 1d 81 00 08 13 02 |...&v.G..'......| +00000050 13 03 13 01 00 ff 01 00 00 a3 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000080 00 19 00 18 00 23 00 00 00 10 00 10 00 0e 06 70 |.....#.........p| +00000090 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....| +000000a0 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................| +000000b0 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................| +000000c0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.| +000000d0 02 01 01 00 33 00 26 00 24 00 1d 00 20 a9 8a 27 |....3.&.$... ..'| +000000e0 a2 7c b7 26 1d c6 ad f7 3a d0 97 81 ac 05 6c 10 |.|.&....:.....l.| +000000f0 a0 0d 3c 96 24 ce 55 ef 43 76 87 d4 31 |..<.$.U.Cv..1| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 09 1f f5 06 |........... ....| +00000030 2c 4d 55 28 be dd 24 02 70 4c 0d 73 c4 c0 a1 d8 |,MU(..$.pL.s....| +00000040 b3 f0 13 26 76 df 47 bd 2e 27 1d 81 13 02 00 00 |...&v.G..'......| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 74 38 f2 8b ac 52 87 0d e3 a9 77 eb |....t8...R....w.| +00000090 af 7f 53 3e 5c 3c cf 49 0a f3 c1 17 03 03 02 6d |..S>\<.I.......m| +000000a0 1f aa 15 fd 9d 05 77 15 12 24 2d ca 2f 93 18 44 |......w..$-./..D| +000000b0 7a 7c e3 c2 57 33 62 fe dc 95 f7 67 c8 08 95 77 |z|..W3b....g...w| +000000c0 1d f3 17 51 80 bc d9 3a 5d f0 a1 f9 fb 4b 21 00 |...Q...:]....K!.| +000000d0 7a 11 2a 51 3d 83 45 ef 62 ce 31 c2 98 9e 20 95 |z.*Q=.E.b.1... .| +000000e0 66 31 a6 3c 37 3b 91 16 d9 3e 37 0e e4 99 a6 a5 |f1.<7;...>7.....| +000000f0 5c 71 42 79 7d de 3c 9c 51 66 ce 2d 6e 1b e4 1d |\qBy}.<.Qf.-n...| +00000100 d5 ee cd 2c ed f9 94 f9 46 9d d1 91 4d 1c 7f dc |...,....F...M...| +00000110 17 a6 5a 42 87 ee 7a bd f3 6a d4 aa 44 b8 97 6d |..ZB..z..j..D..m| +00000120 a7 a3 9f 2d 14 d1 6d 64 e5 8a ed cf c9 a2 da a9 |...-..md........| +00000130 1b f5 83 d4 c8 aa 53 6c e9 5a ee e3 c6 c3 41 df |......Sl.Z....A.| +00000140 a1 17 44 17 7f ca f0 a8 ac 87 fc 2e 6d ba 0f 85 |..D.........m...| +00000150 d4 6d 58 99 8c 19 c1 0a b1 d8 9f 2c 93 36 e3 d3 |.mX........,.6..| +00000160 b6 0e 16 f1 8f a5 04 ee 3a 4f c5 fb 4c 7d d9 1c |........:O..L}..| +00000170 d4 d0 dd b5 59 9e 11 df 46 6c 6c cb f6 76 7a 03 |....Y...Fll..vz.| +00000180 b3 3e a2 45 38 03 56 e6 5a 23 ff 83 ee 0e d1 51 |.>.E8.V.Z#.....Q| +00000190 cc 94 51 82 6c 1a 8b 15 7e bd cd 09 44 72 42 65 |..Q.l...~...DrBe| +000001a0 45 0c 6c ff d7 4d 32 8a b1 9c 3f fa c0 8e 9e 86 |E.l..M2...?.....| +000001b0 5c d7 23 29 bf dd 40 fa d6 db 25 cb 63 74 33 15 |\.#)..@...%.ct3.| +000001c0 23 79 ab 22 39 e2 9e 41 89 01 9f 2e 58 8c 4b fe |#y."9..A....X.K.| +000001d0 b9 a5 cd 5e df be b2 d1 36 9e 8a c5 3f c4 53 db |...^....6...?.S.| +000001e0 29 95 33 6f 24 dd 84 5d da c2 5c 2c 1d cc de 40 |).3o$..]..\,...@| +000001f0 6c e7 07 a5 e3 95 f9 08 62 75 db dd ca e1 4c ab |l.......bu....L.| +00000200 12 3a 16 14 4a b6 78 58 42 81 91 8e b9 48 e0 a3 |.:..J.xXB....H..| +00000210 e4 1e 5f 18 e1 cf 3b 2f b3 2d 81 4c 4c b5 e4 24 |.._...;/.-.LL..$| +00000220 2c f0 e6 b7 43 9c e2 e4 25 88 5d 07 be e3 7b e5 |,...C...%.]...{.| +00000230 d5 7f 2a ad 28 72 54 92 73 19 39 6e f4 d9 3e 13 |..*.(rT.s.9n..>.| +00000240 f3 ed 37 66 22 8a 89 df 7b 99 b3 34 18 0f 7a 76 |..7f"...{..4..zv| +00000250 86 d4 da bd fd b5 f9 75 70 51 de e9 28 75 72 00 |.......upQ..(ur.| +00000260 f5 3f 11 f7 15 01 7e b3 bd b5 a2 05 33 dc 9d 69 |.?....~.....3..i| +00000270 26 f3 cb 45 a8 68 37 0b c6 6f b1 ca 3c 52 01 3c |&..E.h7..o..*h...| +000002a0 c8 83 75 75 d1 95 84 83 c9 e1 2d 0e 1c 37 9f 14 |..uu......-..7..| +000002b0 3a 78 86 01 c6 bb 04 eb 68 c3 26 ed 96 b7 49 43 |:x......h.&...IC| +000002c0 a5 ae 54 c0 d3 23 40 08 26 2f 3a 7e 63 04 2f 62 |..T..#@.&/:~c./b| +000002d0 3e ce 3d b6 70 bb 79 c6 c9 dc 14 24 de 02 96 08 |>.=.p.y....$....| +000002e0 d9 64 a2 c6 26 29 9d 58 a1 85 63 16 db a6 8d 3b |.d..&).X..c....;| +000002f0 0b 1a 15 9c 13 cb 8c cb ff 22 aa 59 da bd 81 78 |.........".Y...x| +00000300 90 f4 86 52 ad ae fc e4 1c ec ff 08 47 17 03 03 |...R........G...| +00000310 00 99 e6 54 8e c8 05 45 8c cb d1 44 df 88 d8 7d |...T...E...D...}| +00000320 1b 07 e1 06 d1 2b c4 fb 75 dd 63 4c b0 14 ee a4 |.....+..u.cL....| +00000330 7f 05 f3 e6 76 04 04 0b 0a 31 23 27 b1 ee 65 36 |....v....1#'..e6| +00000340 50 d9 cb 12 90 a8 6c 73 37 91 3a 57 fa fd 80 79 |P.....ls7.:W...y| +00000350 17 42 f9 27 36 e3 8a 75 3d 95 d6 17 a3 4e 73 5c |.B.'6..u=....Ns\| +00000360 4b e8 fc 58 d3 56 a2 e2 32 26 a0 2d 69 24 31 1e |K..X.V..2&.-i$1.| +00000370 6a 83 8e 5f 3f c4 9f d9 8b f8 59 3e ec 27 d0 96 |j.._?.....Y>.'..| +00000380 6f d6 28 d1 54 e6 f5 14 b4 55 67 de 90 ee f7 ef |o.(.T....Ug.....| +00000390 69 03 b7 d7 80 bd a9 ee a5 30 89 d6 5b ce 07 9e |i........0..[...| +000003a0 0a 09 03 90 4e 5d 75 8c 02 f2 7d 17 03 03 00 45 |....N]u...}....E| +000003b0 43 81 6f 9c bf c2 3c 14 23 f4 4b 9e 1e 17 0e d4 |C.o...<.#.K.....| +000003c0 bd 3a eb 33 34 e3 59 ea 5c ec 9a 5d 86 27 d8 51 |.:.34.Y.\..].'.Q| +000003d0 1f 0c bb d1 80 e0 2e 41 e5 7d 0a 50 df 26 68 cb |.......A.}.P.&h.| +000003e0 d5 83 aa 94 e9 1a c3 0b ab 0d bd 13 b3 55 d8 89 |.............U..| +000003f0 e1 e2 3b fe 01 |..;..| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 ac 36 2d 53 3e |..........E.6-S>| +00000010 08 c7 41 f3 da 40 ad d6 03 05 c1 b5 71 86 82 df |..A..@......q...| +00000020 6a 84 9e df f4 c5 7f 52 29 b0 a5 97 45 69 6e 6a |j......R)...Einj| +00000030 69 1c 91 32 bc 5b e9 62 b1 b8 af 9b 48 06 bb 37 |i..2.[.b....H..7| +00000040 99 45 f5 a9 cd 25 5a 41 c3 49 10 36 af 4a 56 90 |.E...%ZA.I.6.JV.| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e b4 23 d9 cd 9b 2a a8 76 07 c0 1e |......#...*.v...| +00000010 54 bb 7f 63 d9 31 2f e8 7b 91 dc b6 c9 3c a1 48 |T..c.1/.{....<.H| +00000020 2b 82 11 17 03 03 00 13 ae 1b 32 f4 2f 9c 1d 8c |+.........2./...| +00000030 98 4e 1d 80 68 f0 e2 a9 25 db f7 |.N..h...%..| diff --git a/testdata/Server-TLSv13-CHACHA20-SHA256 b/testdata/Server-TLSv13-CHACHA20-SHA256 new file mode 100644 index 0000000..4aa6d6b --- /dev/null +++ b/testdata/Server-TLSv13-CHACHA20-SHA256 @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 1d 2a 53 ec f5 |............*S..| +00000010 20 a6 22 2e 35 9d c4 a8 9b f0 0f 89 70 ef af 2b | .".5.......p..+| +00000020 3c 8c 6b 8a 44 74 71 8f e2 b6 f5 20 34 ab 1d 74 |<.k.Dtq.... 4..t| +00000030 cc cf 78 1f 9a 92 0b 7b 77 6a 67 16 fa 45 d2 d8 |..x....{wjg..E..| +00000040 1f c2 15 c3 91 f7 b6 1f 01 62 3e d1 00 04 13 03 |.........b>.....| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 71 d3 74 f3 4c 75 f7 29 4d 65 5b 13 b4 ea 4a | q.t.Lu.)Me[...J| +000000d0 ad 25 d2 5c 36 e8 42 f5 1d 4e b3 3e 7c a0 87 48 |.%.\6.B..N.>|..H| +000000e0 29 |)| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 34 ab 1d 74 |........... 4..t| +00000030 cc cf 78 1f 9a 92 0b 7b 77 6a 67 16 fa 45 d2 d8 |..x....{wjg..E..| +00000040 1f c2 15 c3 91 f7 b6 1f 01 62 3e d1 13 03 00 00 |.........b>.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 ed 03 2b 35 ba 39 86 ae ee 50 9e 71 |......+5.9...P.q| +00000090 f6 0a 49 2d 6e cc f5 0a 25 00 fc 17 03 03 02 6d |..I-n...%......m| +000000a0 dd 4a 14 ec 14 0e 41 8c 98 3b 02 df cb 33 f1 33 |.J....A..;...3.3| +000000b0 49 04 d2 bb 10 a1 b6 bb 92 17 09 19 4d 1e 18 03 |I...........M...| +000000c0 0c 97 c3 f9 e1 35 fd 5e 09 58 07 e3 15 8c ca 6b |.....5.^.X.....k| +000000d0 19 7a e1 ac 17 84 f8 f3 1d f4 1c f7 53 d6 fc 54 |.z..........S..T| +000000e0 5a c5 a7 4b 67 58 b9 63 85 a8 12 e4 3e 7a 87 7e |Z..KgX.c....>z.~| +000000f0 d6 b0 7f b9 70 b8 6f 57 23 7c 03 69 61 0a 3e bb |....p.oW#|.ia.>.| +00000100 65 b7 e5 48 4c c5 a3 ae 34 46 cf a4 b1 5b a5 26 |e..HL...4F...[.&| +00000110 5b 50 01 0b b7 36 30 06 46 b1 3e ae f7 72 2b 44 |[P...60.F.>..r+D| +00000120 7b e7 4d d0 18 c0 07 53 d4 73 80 02 cf 10 1b c9 |{.M....S.s......| +00000130 10 a8 29 81 c4 89 78 cf ad 3a 90 92 e3 f2 ac 9c |..)...x..:......| +00000140 88 64 f6 1f 96 bf f7 a8 f4 a1 ec 26 52 a7 ab 3b |.d.........&R..;| +00000150 0c 33 0f 46 6b cf c0 07 80 ca 46 61 28 46 9e 5a |.3.Fk.....Fa(F.Z| +00000160 22 98 d7 cf 1f b8 c5 b4 d1 14 3f 71 0b e8 a3 3f |".........?q...?| +00000170 8a 69 a4 1c a7 5a e4 e0 a0 d8 ee e4 5c ef 6b 55 |.i...Z......\.kU| +00000180 55 e5 4e 6f 75 79 d0 53 b8 21 22 1d bf 86 65 15 |U.Nouy.S.!"...e.| +00000190 7a 24 7f 7c 4b 82 84 6d aa 08 9e 45 1a 5f 2b 34 |z$.|K..m...E._+4| +000001a0 66 f2 92 cc f0 7a 7a e5 d1 2a c2 2e cb 78 c5 aa |f....zz..*...x..| +000001b0 18 87 d3 45 6d 39 39 25 3c f3 aa db 6c 10 8c b4 |...Em99%<...l...| +000001c0 f7 f8 ea 49 5f 8a 5b 20 4d f2 e6 53 11 0f a5 3e |...I_.[ M..S...>| +000001d0 ab 0e 0f 6b fb 5f 43 cb 9f ed 0a f1 5e 21 0f 7c |...k._C.....^!.|| +000001e0 86 4f e0 62 cb 2e be 49 2a c0 3b 53 92 8c 58 c2 |.O.b...I*.;S..X.| +000001f0 53 82 bc 1b 84 e1 5f 85 2d 9e 5f 85 9f 4c 31 7d |S....._.-._..L1}| +00000200 20 ad a4 07 4f 08 06 7b e8 47 52 cf a0 4e e5 0f | ...O..{.GR..N..| +00000210 ff d2 5b f6 f2 a0 5d 08 92 98 f0 d9 a0 e9 4f cd |..[...].......O.| +00000220 c9 bb de d9 a0 b5 e1 ec a9 60 7b a9 37 2f 5c 77 |.........`{.7/\w| +00000230 60 62 de dd f8 e1 63 4e 0b 7f 92 ff 81 96 02 ab |`b....cN........| +00000240 86 e4 f8 4e 52 60 91 cf 75 fc 1d c5 b0 74 c2 06 |...NR`..u....t..| +00000250 15 4e be 1b f8 1c 14 ba 8c 2f 0b ab a2 cc 0e 9a |.N......./......| +00000260 ce fc 05 e9 21 e8 08 55 61 61 8e 98 c8 73 63 2c |....!..Uaa...sc,| +00000270 97 71 2e 74 a1 b1 42 dc fe 6e 26 0f 5b 9d 13 96 |.q.t..B..n&.[...| +00000280 47 03 5f 46 4b ae 81 d0 a0 d1 a7 a3 10 de e6 c6 |G._FK...........| +00000290 6c bc 01 65 04 6f e5 6c 35 72 4c 65 74 a9 2c b0 |l..e.o.l5rLet.,.| +000002a0 10 75 7b d5 c1 1a f0 f8 19 f5 7a 7e 28 f2 53 9d |.u{.......z~(.S.| +000002b0 a0 c4 c9 e3 e4 80 71 bc 5d cc 5f 3d 7b 2d 5f f0 |......q.]._={-_.| +000002c0 51 94 8c d8 8e 0f f6 b8 29 44 90 c3 99 9a dc de |Q.......)D......| +000002d0 b6 81 ac 65 70 2b ad 1d df 47 43 a5 a0 b6 51 6f |...ep+...GC...Qo| +000002e0 0e 29 de 9c cf b0 89 93 94 08 d8 f3 a5 05 b9 d3 |.)..............| +000002f0 a0 bd 92 81 82 91 89 2d 4e df 13 98 09 67 31 c1 |.......-N....g1.| +00000300 4d 28 d0 60 28 dc ae 40 c8 0f 33 d8 ac 17 03 03 |M(.`(..@..3.....| +00000310 00 99 22 21 e8 35 f9 9c 29 9d 3a aa 00 ca 0c a7 |.."!.5..).:.....| +00000320 d1 62 94 94 44 81 8f e0 56 13 29 5f c4 a9 2b ac |.b..D...V.)_..+.| +00000330 8a 67 fe 5f 32 4c 40 00 36 db ff 03 41 67 55 9f |.g._2L@.6...AgU.| +00000340 b5 a8 cc 52 89 0d 08 23 af c5 0f 02 70 3a 62 9f |...R...#....p:b.| +00000350 91 82 cc 1d 6f 57 d3 2b f6 3f 75 f3 65 6b c2 ca |....oW.+.?u.ek..| +00000360 e9 5f 0d 1c 5a 31 8f 8f f8 09 8f a8 4a 27 64 f7 |._..Z1......J'd.| +00000370 18 2d fb 29 09 cd 07 fb 7c 32 47 4e 8d e2 e0 47 |.-.)....|2GN...G| +00000380 60 76 f8 9e 2c 81 71 09 ac 7d 3a 10 30 27 07 06 |`v..,.q..}:.0'..| +00000390 c9 7c 9d 57 5c c2 83 be bf 67 28 70 15 4a fa b6 |.|.W\....g(p.J..| +000003a0 56 8b 15 a8 a6 c8 65 ab 8c a4 03 17 03 03 00 35 |V.....e........5| +000003b0 c6 0c 8f e5 57 46 d9 de 3a 13 7e 80 a9 06 76 e7 |....WF..:.~...v.| +000003c0 a7 6d 5d 0e d1 21 dc 20 8f 2c df 86 cf cd e6 6e |.m]..!. .,.....n| +000003d0 71 14 69 a5 63 a1 38 80 d4 28 20 76 31 37 c6 be |q.i.c.8..( v17..| +000003e0 d9 65 b9 0b 74 |.e..t| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 65 9c 9f 5e ef |..........5e..^.| +00000010 8f 90 79 3f a5 ff cb 00 55 e9 2d 94 62 d4 04 72 |..y?....U.-.b..r| +00000020 0e 93 d1 5b cf 53 80 0b 72 d1 b4 e9 09 0b 9a 0f |...[.S..r.......| +00000030 10 81 27 bf c5 d2 6c 5a 99 f5 04 b5 3e a7 ab 77 |..'...lZ....>..w| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 24 3a 1a 51 aa f2 9e 47 34 90 c7 |.....$:.Q...G4..| +00000010 d9 cc 02 40 89 15 7b 47 b6 45 4a 8b fb 8b b5 1a |...@..{G.EJ.....| +00000020 43 4c 1e 17 03 03 00 13 01 41 14 2e 85 26 f4 d0 |CL.......A...&..| +00000030 da a5 91 14 52 66 0c 7d 26 82 d0 |....Rf.}&..| diff --git a/testdata/Server-TLSv13-ECDHE-ECDSA-AES b/testdata/Server-TLSv13-ECDHE-ECDSA-AES new file mode 100644 index 0000000..152eb24 --- /dev/null +++ b/testdata/Server-TLSv13-ECDHE-ECDSA-AES @@ -0,0 +1,86 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 dc 01 00 00 d8 03 03 34 c0 8c 76 f5 |...........4..v.| +00000010 c3 94 de 34 58 f6 fe 27 51 28 2d cf be 74 61 8e |...4X..'Q(-..ta.| +00000020 5c 25 14 22 1b b2 70 4b c6 a5 e7 20 f5 d9 d5 d1 |\%."..pK... ....| +00000030 5c 24 ab df 36 f1 c8 b9 4a 66 aa 52 d3 6c 3b 07 |\$..6...Jf.R.l;.| +00000040 53 e2 e3 a5 6a bf ad 25 1e 93 06 40 00 04 13 01 |S...j..%...@....| +00000050 00 ff 01 00 00 8b 00 00 00 0e 00 0c 00 00 09 31 |...............1| +00000060 32 37 2e 30 2e 30 2e 31 00 0b 00 04 03 00 01 02 |27.0.0.1........| +00000070 00 0a 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 |................| +00000080 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 |................| +00000090 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 |................| +000000a0 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 |...........+....| +000000b0 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 |..-.....3.&.$...| +000000c0 20 09 5c dd 14 86 ba fa c5 6f ab b8 50 d5 1b 6f | .\......o..P..o| +000000d0 1b 49 12 c2 d6 e7 a0 8c ca 95 7e 5d 62 ab 5a c8 |.I........~]b.Z.| +000000e0 73 |s| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 f5 d9 d5 d1 |........... ....| +00000030 5c 24 ab df 36 f1 c8 b9 4a 66 aa 52 d3 6c 3b 07 |\$..6...Jf.R.l;.| +00000040 53 e2 e3 a5 6a bf ad 25 1e 93 06 40 13 01 00 00 |S...j..%...@....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 57 c3 ea 50 c5 f5 d6 1f 4f e9 7e 30 |....W..P....O.~0| +00000090 79 5b 6e 09 78 a7 f8 0d a4 20 3d 17 03 03 02 22 |y[n.x.... =...."| +000000a0 78 32 99 7b 8b 67 07 bc bf 86 bc 4e 6d ba 2b 2e |x2.{.g.....Nm.+.| +000000b0 ba c8 bb d4 c5 10 dc 5a 9a 38 13 38 92 6f 8b 8c |.......Z.8.8.o..| +000000c0 73 8e 97 5e 39 3e 4e 93 b7 76 c4 c7 75 67 43 c9 |s..^9>N..v..ugC.| +000000d0 80 a3 bb 88 71 e4 46 e2 dd 17 df a1 ba b8 af 2f |....q.F......../| +000000e0 47 e8 16 a5 04 08 69 66 34 f2 22 c9 28 06 70 b5 |G.....if4.".(.p.| +000000f0 f7 c8 90 61 f4 77 32 7a f7 e5 41 d2 dc e7 13 9b |...a.w2z..A.....| +00000100 41 09 df 97 e2 9a 31 33 ef 48 48 2c 64 d9 9c 11 |A.....13.HH,d...| +00000110 e7 13 2b 1e 6d 3f 73 20 c7 5a 2f 2b aa bd f6 29 |..+.m?s .Z/+...)| +00000120 49 c1 de 95 65 dc 7c a4 de d8 9b 80 1c 38 3b a4 |I...e.|......8;.| +00000130 0c 7b 31 9a 27 b4 6f 38 2a 58 15 82 97 f0 99 bd |.{1.'.o8*X......| +00000140 d0 61 ca c9 2f 3f 71 8f 29 a6 ed 74 32 73 10 38 |.a../?q.)..t2s.8| +00000150 c8 33 ba a0 9b c3 27 59 20 24 15 e5 02 27 b4 1c |.3....'Y $...'..| +00000160 62 72 9c 83 da 93 9e 03 a1 4a d3 50 df d0 5c 78 |br.......J.P..\x| +00000170 74 58 63 c7 f6 3b 6e ba da 13 5c 66 6e 3e cb d5 |tXc..;n...\fn>..| +00000180 7f b1 ed 62 11 60 a1 ed 20 d8 3b 07 d6 36 f0 f2 |...b.`.. .;..6..| +00000190 75 9a a4 3a 11 ac fa 6e a1 2e 06 fe 44 90 06 2e |u..:...n....D...| +000001a0 78 8e 93 97 7f 7a 5c e2 ac be 29 cd 0f ea d2 5c |x....z\...)....\| +000001b0 ca 96 a1 7e 6e b2 3e b3 80 79 fb 25 a4 ee 99 29 |...~n.>..y.%...)| +000001c0 85 f7 b7 1f dd 35 d4 3b fb d2 a9 a1 e9 67 0f 7a |.....5.;.....g.z| +000001d0 ee fd 61 65 79 fc b3 8a c2 32 1c b6 54 b9 c3 ab |..aey....2..T...| +000001e0 2b 32 32 2d 88 16 9e 10 60 ee ef 58 85 1a 65 eb |+22-....`..X..e.| +000001f0 5b 9f ae e3 fb da 37 7e ec 73 69 57 29 e1 ab 76 |[.....7~.siW)..v| +00000200 a3 bd fa 02 91 3d f8 6d 95 49 81 4a 44 2e d9 8c |.....=.m.I.JD...| +00000210 c7 00 0d ef 0c 84 a9 b2 16 ff 6a 52 79 99 37 6d |..........jRy.7m| +00000220 dc 5f c6 32 76 ac 3b 92 cc 21 6a 2b 26 03 43 66 |._.2v.;..!j+&.Cf| +00000230 b2 64 79 51 11 08 7f 3f 63 ec 22 79 d7 90 4f 84 |.dyQ...?c."y..O.| +00000240 ed 58 1f c3 fe e9 87 bf d1 80 66 25 5a 95 53 1f |.X........f%Z.S.| +00000250 08 88 0c b8 7e 3b 07 c3 c7 4b 13 80 23 b1 15 3e |....~;...K..#..>| +00000260 e7 94 9b 91 8e 56 37 47 99 5f 5f 45 2d 11 f7 fc |.....V7G.__E-...| +00000270 33 b6 1f 6a 05 d8 8c 9f 1a 5f 38 d7 e8 1a d0 83 |3..j....._8.....| +00000280 11 b6 bc 09 7b a9 31 19 b2 f1 a7 ea 8b a3 be a7 |....{.1.........| +00000290 72 97 fb 09 19 5a d0 87 9c 01 bb e6 6e 50 91 87 |r....Z......nP..| +000002a0 b1 e6 0c e0 83 af b2 e8 b9 fa 71 3e 3c 6e 59 91 |..........q>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 35 c1 5b 7a 5c 1b |..........5.[z\.| +00000010 3c 04 8b 1d 88 fb 64 28 08 47 4b 5e 18 f9 b9 25 |<.....d(.GK^...%| +00000020 39 61 50 21 9b 0a 7a af 2a 26 6e 46 30 66 50 db |9aP!..z.*&nF0fP.| +00000030 8e 3f de c3 9e 65 e3 00 51 cd cc 38 44 92 13 5c |.?...e..Q..8D..\| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 1c 4f 11 b2 e9 66 a3 ed 64 2d 23 |......O...f..d-#| +00000010 b6 11 b0 fa 27 55 53 93 3a 70 01 c8 33 58 f8 48 |....'US.:p..3X.H| +00000020 68 81 50 17 03 03 00 13 9c a6 6d 62 80 e3 55 f6 |h.P.......mb..U.| +00000030 22 d5 84 59 35 8f 79 6f 1f 5e 79 |"..Y5.yo.^y| diff --git a/testdata/Server-TLSv13-ExportKeyingMaterial b/testdata/Server-TLSv13-ExportKeyingMaterial new file mode 100644 index 0000000..b1a9405 --- /dev/null +++ b/testdata/Server-TLSv13-ExportKeyingMaterial @@ -0,0 +1,92 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 e4 01 00 00 e0 03 03 40 35 14 01 11 |...........@5...| +00000010 ea 27 ee ac 2d 8b d9 de 62 2d 94 4e 4f c6 97 09 |.'..-...b-.NO...| +00000020 8a 84 1d 96 ca 1e 1c a2 a5 9f 82 20 cf 5d fb ec |........... .]..| +00000030 d8 3d 23 2d 89 77 a9 7b 1a 9a 72 e6 bd 17 50 53 |.=#-.w.{..r...PS| +00000040 56 32 17 d3 50 38 0c 9d 0b e4 8d 9a 00 08 13 02 |V2..P8..........| +00000050 13 03 13 01 00 ff 01 00 00 8f 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000080 00 19 00 18 00 23 00 00 00 16 00 00 00 17 00 00 |.....#..........| +00000090 00 0d 00 1e 00 1c 04 03 05 03 06 03 08 07 08 08 |................| +000000a0 08 09 08 0a 08 0b 08 04 08 05 08 06 04 01 05 01 |................| +000000b0 06 01 00 2b 00 03 02 03 04 00 2d 00 02 01 01 00 |...+......-.....| +000000c0 33 00 26 00 24 00 1d 00 20 99 33 07 c3 2f 4d 4d |3.&.$... .3../MM| +000000d0 f1 3b 8a 93 f4 58 77 2b 69 e6 6e ae e8 1b 0a 30 |.;...Xw+i.n....0| +000000e0 a2 35 f5 1f 9e ed 34 ed 0c |.5....4..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 cf 5d fb ec |........... .]..| +00000030 d8 3d 23 2d 89 77 a9 7b 1a 9a 72 e6 bd 17 50 53 |.=#-.w.{..r...PS| +00000040 56 32 17 d3 50 38 0c 9d 0b e4 8d 9a 13 02 00 00 |V2..P8..........| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 57 f0 44 ca 0f b9 92 0d 8f 6f 1f 11 |....W.D......o..| +00000090 a1 03 28 76 f0 0c 46 87 5a c7 b5 17 03 03 02 6d |..(v..F.Z......m| +000000a0 78 f0 92 2b 56 5d b9 62 95 1b 04 8b d0 49 63 31 |x..+V].b.....Ic1| +000000b0 1f 1d 9a 37 b3 64 e5 11 21 58 4c e2 d2 da a4 e1 |...7.d..!XL.....| +000000c0 1b 26 e7 11 3f b5 46 18 62 46 35 8a ae b1 88 93 |.&..?.F.bF5.....| +000000d0 5c 97 6c 66 6e a7 5d 63 fb e2 07 07 f5 59 02 38 |\.lfn.]c.....Y.8| +000000e0 78 d5 52 97 9b 2f 06 d3 91 c0 a3 62 9b 74 7e f8 |x.R../.....b.t~.| +000000f0 41 0b 71 df f9 ed 42 1b 51 ec db 66 86 d7 db c0 |A.q...B.Q..f....| +00000100 a1 27 9e 51 95 fe 54 66 4a f2 72 7b d7 91 cd 00 |.'.Q..TfJ.r{....| +00000110 b1 fd 36 a1 6f c5 c4 31 3e b8 d8 ab 0b f5 57 bf |..6.o..1>.....W.| +00000120 63 91 99 5e 04 63 c7 fa c9 73 b5 23 0e e9 45 3a |c..^.c...s.#..E:| +00000130 15 2b a7 d3 f5 04 50 ab 17 65 40 d3 63 da 6e 2a |.+....P..e@.c.n*| +00000140 66 45 2d 41 1f 09 fa 62 67 86 8f e6 c5 7e 02 d0 |fE-A...bg....~..| +00000150 27 bf 43 e8 15 8e 4f 71 67 2e 9b 13 61 44 23 0b |'.C...Oqg...aD#.| +00000160 29 06 81 0c 9c 28 c5 a9 f1 6e 49 84 b3 75 90 93 |)....(...nI..u..| +00000170 0a f7 db 01 29 9f 73 5d 00 f5 41 a7 cb 0b b0 97 |....).s]..A.....| +00000180 d7 b6 d0 71 31 56 88 88 7b 16 3b 54 5e 82 2b 87 |...q1V..{.;T^.+.| +00000190 2c 74 2c 8f 0a ec 5f 2b ef a6 86 55 49 d9 a2 af |,t,..._+...UI...| +000001a0 4a 34 48 a4 65 b6 4f f3 7f b6 30 e8 c2 f1 03 f4 |J4H.e.O...0.....| +000001b0 89 90 02 b6 f2 6e 27 e8 33 5f c7 34 91 a7 fd 96 |.....n'.3_.4....| +000001c0 58 a1 4b 3a e5 73 92 1c ed 01 dd 15 a2 b5 61 01 |X.K:.s........a.| +000001d0 1b 1d 52 0d 10 1f 1e a8 3b a4 b8 cf 50 0b ff e6 |..R.....;...P...| +000001e0 cf b7 59 cf 60 55 f7 2d ad 1d 7a 76 dc c0 4d d3 |..Y.`U.-..zv..M.| +000001f0 5f 06 d2 1e 02 a8 23 12 6c ae 3a 90 d4 1a ef b1 |_.....#.l.:.....| +00000200 31 c8 82 5c ca 92 1d db c3 0c 5e 9e 80 1c 1d b2 |1..\......^.....| +00000210 f5 55 b5 55 92 94 9a 43 ef 60 86 ee f0 65 68 bd |.U.U...C.`...eh.| +00000220 ad f8 5d f2 06 3f 2d b5 52 26 71 33 bb 0a f2 31 |..]..?-.R&q3...1| +00000230 8a 98 41 8d 8d 59 d1 b7 c9 b1 3c e1 37 9e 70 0b |..A..Y....<.7.p.| +00000240 da ae 25 34 49 93 ce f3 a0 c9 b6 7e 06 34 53 07 |..%4I......~.4S.| +00000250 ef 61 43 9d 79 2c d0 02 5a 64 bd 4a 46 98 3c 42 |.aC.y,..Zd.JF.g.........x| +000003a0 3f eb 55 57 d9 7b 3a 31 c8 b9 d2 17 03 03 00 45 |?.UW.{:1.......E| +000003b0 ec 76 02 21 7b 96 9c ff a5 ea e9 2e 92 a7 d6 f4 |.v.!{...........| +000003c0 8e c0 a0 bc 21 11 44 df 84 dd 3c 21 5d cc 1b 2c |....!.D....| +000003f0 f0 29 1b 4b 6e |.).Kn| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 4a 89 ee af 15 |..........EJ....| +00000010 db cf 58 6f f9 5a cd 28 a7 57 08 38 7a a4 1a a6 |..Xo.Z.(.W.8z...| +00000020 d9 ed 5f f8 b1 f8 a9 aa 19 70 5f 8d 87 b9 d8 5c |.._......p_....\| +00000030 b6 4d d6 04 4b 66 1b 6a 57 25 58 bf a1 b6 72 81 |.M..Kf.jW%X...r.| +00000040 74 b9 c9 6f 02 c9 0b f6 b2 7f 70 72 78 a6 06 bd |t..o......prx...| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e ee 68 ad 7a 47 ba 93 80 26 01 37 |......h.zG...&.7| +00000010 1b 3b b8 61 aa 60 a1 0f 21 a4 81 51 16 a5 b1 36 |.;.a.`..!..Q...6| +00000020 b2 39 ca 17 03 03 00 13 5e 1c 9b a5 d1 02 68 96 |.9......^.....h.| +00000030 99 41 8c a1 9e 49 38 1d 97 b6 c8 |.A...I8....| diff --git a/testdata/Server-TLSv13-HelloRetryRequest b/testdata/Server-TLSv13-HelloRetryRequest new file mode 100644 index 0000000..b63a5f8 --- /dev/null +++ b/testdata/Server-TLSv13-HelloRetryRequest @@ -0,0 +1,118 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 da 01 00 00 d6 03 03 29 a2 7e 24 c3 |...........).~$.| +00000010 02 bf 2c 29 7b 47 08 06 bf 75 ef c5 59 2d a4 f0 |..,){G...u..Y-..| +00000020 2f fc 53 62 5d b8 4d 3c f1 31 2d 20 96 7c 00 da |/.Sb].M<.1- .|..| +00000030 35 8c 39 0a f8 1c 61 b8 4a a8 28 b4 a2 de 56 7b |5.9...a.J.(...V{| +00000040 a9 f3 ab 5d db 30 ca 2c d1 82 9e e2 00 08 13 02 |...].0.,........| +00000050 13 03 13 01 00 ff 01 00 00 85 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 06 00 04 00 1d 00 17 00 16 |................| +00000080 00 00 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 |................| +00000090 06 03 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 |................| +000000a0 08 06 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 |.........+......| +000000b0 2d 00 02 01 01 00 33 00 26 00 24 00 1d 00 20 dd |-.....3.&.$... .| +000000c0 c7 c6 35 0b c9 5f f0 7e 40 e8 f1 f7 6f e7 84 8f |..5.._.~@...o...| +000000d0 7f 32 2f 8c a3 22 c6 c1 b9 34 1c ef 17 e7 25 |.2/.."...4....%| +>>> Flow 2 (server to client) +00000000 16 03 03 00 58 02 00 00 54 03 03 cf 21 ad 74 e5 |....X...T...!.t.| +00000010 9a 61 11 be 1d 8c 02 1e 65 b8 91 c2 a2 11 16 7a |.a......e......z| +00000020 bb 8c 5e 07 9e 09 e2 c8 a8 33 9c 20 96 7c 00 da |..^......3. .|..| +00000030 35 8c 39 0a f8 1c 61 b8 4a a8 28 b4 a2 de 56 7b |5.9...a.J.(...V{| +00000040 a9 f3 ab 5d db 30 ca 2c d1 82 9e e2 13 02 00 00 |...].0.,........| +00000050 0c 00 2b 00 02 03 04 00 33 00 02 00 17 |..+.....3....| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 16 03 03 00 fb 01 00 00 f7 03 |................| +00000010 03 29 a2 7e 24 c3 02 bf 2c 29 7b 47 08 06 bf 75 |.).~$...,){G...u| +00000020 ef c5 59 2d a4 f0 2f fc 53 62 5d b8 4d 3c f1 31 |..Y-../.Sb].M<.1| +00000030 2d 20 96 7c 00 da 35 8c 39 0a f8 1c 61 b8 4a a8 |- .|..5.9...a.J.| +00000040 28 b4 a2 de 56 7b a9 f3 ab 5d db 30 ca 2c d1 82 |(...V{...].0.,..| +00000050 9e e2 00 08 13 02 13 03 13 01 00 ff 01 00 00 a6 |................| +00000060 00 00 00 0e 00 0c 00 00 09 31 32 37 2e 30 2e 30 |.........127.0.0| +00000070 2e 31 00 0b 00 04 03 00 01 02 00 0a 00 06 00 04 |.1..............| +00000080 00 1d 00 17 00 16 00 00 00 17 00 00 00 0d 00 1e |................| +00000090 00 1c 04 03 05 03 06 03 08 07 08 08 08 09 08 0a |................| +000000a0 08 0b 08 04 08 05 08 06 04 01 05 01 06 01 00 2b |...............+| +000000b0 00 03 02 03 04 00 2d 00 02 01 01 00 33 00 47 00 |......-.....3.G.| +000000c0 45 00 17 00 41 04 30 30 c4 62 c9 14 6b f7 28 88 |E...A.00.b..k.(.| +000000d0 ff c8 3f 87 2b 9f 24 a3 46 9b 2f 86 c7 df 3f 05 |..?.+.$.F./...?.| +000000e0 6b 8e a7 80 64 ff 66 b7 4d 80 62 fd b4 ba de 27 |k...d.f.M.b....'| +000000f0 44 7f 7a a4 c7 4a f0 81 25 52 3f 8a 8a 48 1e ff |D.z..J..%R?..H..| +00000100 6f 11 ad a9 fe bd |o.....| +>>> Flow 4 (server to client) +00000000 16 03 03 00 9b 02 00 00 97 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 96 7c 00 da |........... .|..| +00000030 35 8c 39 0a f8 1c 61 b8 4a a8 28 b4 a2 de 56 7b |5.9...a.J.(...V{| +00000040 a9 f3 ab 5d db 30 ca 2c d1 82 9e e2 13 02 00 00 |...].0.,........| +00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.| +00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.| +00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^| +00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B| +00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.| +000000a0 17 03 03 00 17 74 86 c5 4d 7f f0 06 2b fa a3 03 |.....t..M...+...| +000000b0 4d 27 46 e7 33 ce 70 32 ba 61 55 61 17 03 03 02 |M'F.3.p2.aUa....| +000000c0 6d c5 ac cc 02 19 b0 92 c1 bc 6a fe 1d 94 a6 75 |m.........j....u| +000000d0 66 6a 88 b0 87 76 da 3f f9 07 40 67 c7 e5 b8 b7 |fj...v.?..@g....| +000000e0 70 38 41 0e 11 3b cf db 0b 76 73 58 10 93 0e 06 |p8A..;...vsX....| +000000f0 cb 31 75 d0 a8 2f 20 35 b4 c2 87 5f 42 94 e1 18 |.1u../ 5..._B...| +00000100 d5 f8 bc 11 d7 7c 9b ff 0b fe 59 8b 78 1e ef 52 |.....|....Y.x..R| +00000110 6f ea 39 e5 f5 55 93 8b 0b 65 87 05 d3 0d a3 6d |o.9..U...e.....m| +00000120 2e 10 79 1d 60 61 ba 43 13 cd 5a 58 28 cb 32 df |..y.`a.C..ZX(.2.| +00000130 74 3a 58 4e e0 21 d4 d0 2f 6f 63 72 1c 82 18 16 |t:XN.!../ocr....| +00000140 12 4c e7 0b 5e 21 ce e4 de 26 6c d2 91 c1 fd 85 |.L..^!...&l.....| +00000150 5a f4 b7 5d 5a c6 fe 8c 05 fe f7 2a ae a1 67 73 |Z..]Z......*..gs| +00000160 8a 66 60 07 57 35 46 ed cf e1 58 f3 22 94 57 26 |.f`.W5F...X.".W&| +00000170 ae 81 3c ea 42 1c ef 56 ca 0e 35 5a 4c 97 49 36 |..<.B..V..5ZL.I6| +00000180 73 e2 be 8b ad 55 42 a3 8f 50 65 8a 7a 9d cf 7c |s....UB..Pe.z..|| +00000190 4f d9 4b db 0d a4 0e 57 99 08 72 0a 1f cf 9d 19 |O.K....W..r.....| +000001a0 ad 24 7b 64 9b ef d2 9f 8f 42 d4 ca a8 84 2f 15 |.${d.....B..../.| +000001b0 3a 10 8e 1e 22 b8 fc 9f 77 0b 8e 82 22 bd 08 f2 |:..."...w..."...| +000001c0 3e 4c a7 f1 d0 46 a8 fb fb 5e f6 0d 32 8e 2d e4 |>L...F...^..2.-.| +000001d0 3b 17 b8 da 71 03 cb d9 b8 12 9b 70 a0 3a 07 19 |;...q......p.:..| +000001e0 f6 c1 66 1e b8 e2 b2 5a 50 50 c5 51 8f f3 91 e7 |..f....ZPP.Q....| +000001f0 bc ba a2 ee ca a8 71 24 5f f2 25 79 c3 a2 23 70 |......q$_.%y..#p| +00000200 03 0b 8b 99 4d 33 92 f1 ff 64 cd cc 31 b2 13 a9 |....M3...d..1...| +00000210 d3 c2 37 b7 11 17 7f d7 64 ba da 6d 46 b1 a2 03 |..7.....d..mF...| +00000220 fe 8d 4d e3 cd eb a3 2f af 89 f4 a4 af 82 0e e3 |..M..../........| +00000230 65 c3 64 38 33 6a bd c9 13 77 9d 37 c7 c8 1d 55 |e.d83j...w.7...U| +00000240 f9 a6 b8 fc 57 0f f7 94 76 1f bd 4f 4a 74 fe 0a |....W...v..OJt..| +00000250 98 be e9 d9 2e d2 c0 c9 fb d2 3b 27 fb 37 14 f5 |..........;'.7..| +00000260 29 d5 f4 88 a5 b0 98 1d 0c 85 9e 1f ad 29 cf 36 |)............).6| +00000270 3d 2f c0 54 93 1f 14 8b 1e a3 93 aa 53 af da d1 |=/.T........S...| +00000280 da 0b 2b e4 01 fe 8e 48 df 8b 97 fe 92 ab 32 80 |..+....H......2.| +00000290 c3 d2 84 1a 45 a7 0d f3 f8 07 e3 7d a3 27 62 67 |....E......}.'bg| +000002a0 10 4b 3e 09 ee 22 77 0d 54 71 8b 6f 68 6a a9 cc |.K>.."w.Tq.ohj..| +000002b0 80 34 5e 35 36 b0 cb d5 8b 04 6f 0f 28 82 5f 69 |.4^56.....o.(._i| +000002c0 d3 66 cd 19 db 39 1d 73 c2 28 36 94 5f 1b 24 c6 |.f...9.s.(6._.$.| +000002d0 9a 62 34 0f ec 9a f9 c5 8c 72 5c c3 a0 c7 d6 5b |.b4......r\....[| +000002e0 1d 2e 4b 31 cd 2e 8b 37 cc 9a b2 ca e9 5d b0 f9 |..K1...7.....]..| +000002f0 b4 2c ba 27 08 c3 d6 90 1b 51 0c 83 72 0b 8a 72 |.,.'.....Q..r..r| +00000300 a1 12 ab 5c 91 a8 b2 76 f1 c1 09 d3 74 fb bc e5 |...\...v....t...| +00000310 33 96 59 91 3e e0 89 cf 99 7c 40 c4 af 0e 8d 58 |3.Y.>....|@....X| +00000320 20 ea d9 0d 0e 64 10 2c c8 ad ed 38 b0 fa 17 03 | ....d.,...8....| +00000330 03 00 99 f0 80 72 33 a3 53 2f c6 7f 68 e5 42 ee |.....r3.S/..h.B.| +00000340 d0 81 00 07 8b b7 69 ec 0d 9e 5a dc f5 0b 40 82 |......i...Z...@.| +00000350 0e a5 bc ce dd 13 1e 15 4c 10 d8 62 00 42 45 eb |........L..b.BE.| +00000360 2b f1 aa d4 43 4e 29 02 a8 0e b8 3d 17 88 84 0c |+...CN)....=....| +00000370 2d d0 49 48 ff f5 83 8f 0d da 7f 81 d6 e7 93 d5 |-.IH............| +00000380 12 c0 59 1c ed b7 35 7f 9e 1f 9c 39 e6 56 ce a2 |..Y...5....9.V..| +00000390 98 ca 74 72 49 65 7f 69 16 a7 13 67 b3 11 fe 32 |..trIe.i...g...2| +000003a0 99 23 c6 8f 37 e5 18 e8 5e 3b e3 25 84 cd f5 9f |.#..7...^;.%....| +000003b0 de 4c f0 b1 cb 25 31 86 73 07 48 f8 30 7e 7c 7b |.L...%1.s.H.0~|{| +000003c0 04 0f a5 5c 15 c2 25 00 43 18 6e 35 17 03 03 00 |...\..%.C.n5....| +000003d0 45 e0 8a a3 17 a4 5d 29 0d da b8 c1 e8 b9 19 cf |E.....])........| +000003e0 4b 08 e6 d8 5c 0e 9e ed b4 ea cc 95 68 54 6b 4b |K...\.......hTkK| +000003f0 0f 1f 32 3e f0 68 10 a1 9f aa 4b 44 86 3f 3b 66 |..2>.h....KD.?;f| +00000400 08 cd cb d0 92 a2 07 df 64 f9 f2 88 f9 c2 63 9f |........d.....c.| +00000410 01 98 a7 58 41 e6 |...XA.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 45 64 f9 84 9e cc d0 58 bd 27 48 4f |....Ed.....X.'HO| +00000010 5c fb 26 21 50 37 f7 eb 80 fc 86 a9 a7 00 d7 0f |\.&!P7..........| +00000020 c4 4e e8 2d 4a cf 0b 57 34 10 f4 ea df a0 91 31 |.N.-J..W4......1| +00000030 80 45 78 20 38 1c cd dd 16 5d f5 6c 83 a6 ee f4 |.Ex 8....].l....| +00000040 24 c7 3f f1 0a f8 2d 78 7e b4 |$.?...-x~.| +>>> Flow 6 (server to client) +00000000 17 03 03 00 1e fe 3e da ac 07 b3 a8 37 ca 6d 3a |......>.....7.m:| +00000010 21 3a 2e 52 e4 1c ee 1c 49 e8 c5 a4 ef 10 bb 92 |!:.R....I.......| +00000020 7b 45 ba 17 03 03 00 13 4d f6 22 39 83 19 74 a8 |{E......M."9..t.| +00000030 86 55 bb 07 4d db 37 a6 f1 9f 13 |.U..M.7....| diff --git a/testdata/Server-TLSv13-P256 b/testdata/Server-TLSv13-P256 new file mode 100644 index 0000000..433327b --- /dev/null +++ b/testdata/Server-TLSv13-P256 @@ -0,0 +1,95 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f9 01 00 00 f5 03 03 9b 17 e9 d1 ef |................| +00000010 4d bc 9c 08 44 87 d5 43 09 b5 bd f3 7c a6 52 59 |M...D..C....|.RY| +00000020 ae d3 af 09 c4 24 18 12 7f 4a 03 20 af 3e 04 1d |.....$...J. .>..| +00000030 3a 26 d4 bb 9c 02 71 32 c4 19 a6 ef 46 26 0f d6 |:&....q2....F&..| +00000040 ab 9e 49 4f b5 06 37 92 7a 0a 37 5e 00 08 13 02 |..IO..7.z.7^....| +00000050 13 03 13 01 00 ff 01 00 00 a4 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 04 00 02 00 17 00 16 00 00 |................| +00000080 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................| +00000090 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................| +000000a0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.| +000000b0 02 01 01 00 33 00 47 00 45 00 17 00 41 04 ec c3 |....3.G.E...A...| +000000c0 f4 ab c7 58 b2 1c b4 8d d9 62 5f eb b9 b8 8f 33 |...X.....b_....3| +000000d0 e3 77 4a e5 57 1d 03 ce 2b bb 9d e6 b3 e4 b6 b6 |.wJ.W...+.......| +000000e0 10 01 03 df c6 b4 ac 26 c8 58 9a a8 97 1d e7 92 |.......&.X......| +000000f0 15 d3 78 a4 40 12 8f e1 c0 0a 80 2b 06 c5 |..x.@......+..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 9b 02 00 00 97 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 af 3e 04 1d |........... .>..| +00000030 3a 26 d4 bb 9c 02 71 32 c4 19 a6 ef 46 26 0f d6 |:&....q2....F&..| +00000040 ab 9e 49 4f b5 06 37 92 7a 0a 37 5e 13 02 00 00 |..IO..7.z.7^....| +00000050 4f 00 2b 00 02 03 04 00 33 00 45 00 17 00 41 04 |O.+.....3.E...A.| +00000060 1e 18 37 ef 0d 19 51 88 35 75 71 b5 e5 54 5b 12 |..7...Q.5uq..T[.| +00000070 2e 8f 09 67 fd a7 24 20 3e b2 56 1c ce 97 28 5e |...g..$ >.V...(^| +00000080 f8 2b 2d 4f 9e f1 07 9f 6c 4b 5b 83 56 e2 32 42 |.+-O....lK[.V.2B| +00000090 e9 58 b6 d7 49 a6 b5 68 1a 41 03 56 6b dc 5a 89 |.X..I..h.A.Vk.Z.| +000000a0 17 03 03 00 17 42 79 da 18 8e 38 c1 2c a4 2a 9c |.....By...8.,.*.| +000000b0 fd 94 6a a6 b3 08 51 aa 7b 2d 19 a7 17 03 03 02 |..j...Q.{-......| +000000c0 6d 57 f7 92 34 01 09 13 e8 f8 ef 75 ad ba e8 a5 |mW..4......u....| +000000d0 9b cd e9 6c ab 48 b5 4d 33 1e 0b 95 47 74 78 9d |...l.H.M3...Gtx.| +000000e0 3c bb 27 a8 87 1c fb 11 80 91 93 ad 0f 0d 1c 98 |<.'.............| +000000f0 44 cc 36 bc 00 0d eb c0 8b 73 40 11 dd c5 9a a9 |D.6......s@.....| +00000100 90 55 81 e8 55 69 e0 73 97 49 c3 2b ee 56 3c c0 |.U..Ui.s.I.+.V<.| +00000110 c3 b7 4a 18 a3 e4 45 c9 7f 0c 7d ba b4 52 9a a8 |..J...E...}..R..| +00000120 b1 26 4e 57 3b fb 5b 30 28 b0 95 c9 72 35 2d 10 |.&NW;.[0(...r5-.| +00000130 24 8e 70 bb c6 2a 33 83 1c 78 c1 91 c4 6b 06 c0 |$.p..*3..x...k..| +00000140 d0 65 b5 d5 21 21 02 21 86 df 24 d0 99 90 24 12 |.e..!!.!..$...$.| +00000150 9f c8 a4 8d e9 29 5c 84 52 82 4b 11 a6 de 7f 88 |.....)\.R.K.....| +00000160 d9 35 b3 1b d5 c9 0a 54 f2 64 a7 43 13 19 61 0f |.5.....T.d.C..a.| +00000170 28 11 39 3f b1 2a 49 f7 0f de cb f8 ff ad b6 90 |(.9?.*I.........| +00000180 5a af 2a 17 9a 40 c7 c8 32 88 5d e1 af 54 92 3a |Z.*..@..2.]..T.:| +00000190 8b b9 8a 50 93 dd 73 89 cf 0f bf ae 7e ad ba bf |...P..s.....~...| +000001a0 ed 2a f1 47 e0 e5 77 92 27 e5 5b bd 7f 7e a5 47 |.*.G..w.'.[..~.G| +000001b0 af dd d7 ab 72 db 1a bb 83 f8 18 ba 46 92 74 a2 |....r.......F.t.| +000001c0 9e 7a 5c 4d e8 b9 c0 6e ed 20 6d ec 8f 3d 65 d6 |.z\M...n. m..=e.| +000001d0 d5 48 4b 24 14 00 10 2c f2 31 c1 94 ce b6 f8 e2 |.HK$...,.1......| +000001e0 e1 d3 8c e7 38 3c 4b 34 1f 78 8d e0 9b d3 9d 21 |....8>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 b1 15 d9 f0 b0 |..........E.....| +00000010 cf 81 8f de 00 84 97 be 1b 6f af 52 3b d2 34 1b |.........o.R;.4.| +00000020 4d bb d3 b8 c2 09 60 21 e1 61 d3 d9 a1 80 68 77 |M.....`!.a....hw| +00000030 6c 37 6a 87 0e e7 b7 de fe b6 70 eb d3 36 92 c3 |l7j.......p..6..| +00000040 e9 e9 02 e9 cf d0 d4 be 75 9b f3 84 51 fe da 78 |........u...Q..x| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 7f 61 7b 92 ca 8f 9e c7 96 b0 a5 |......a{........| +00000010 9b 3f cf c3 0e 7a 8d 2c 9f 5c 40 8a 99 6d 71 45 |.?...z.,.\@..mqE| +00000020 9a 9c 96 17 03 03 00 13 01 42 62 3a 49 1a b5 5b |.........Bb:I..[| +00000030 43 0f ec 5b 46 0a e9 1c 6f a6 e2 |C..[F...o..| diff --git a/testdata/Server-TLSv13-RSA-RSAPSS b/testdata/Server-TLSv13-RSA-RSAPSS new file mode 100644 index 0000000..01cc230 --- /dev/null +++ b/testdata/Server-TLSv13-RSA-RSAPSS @@ -0,0 +1,90 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 c6 01 00 00 c2 03 03 f0 a4 89 8f b9 |................| +00000010 fd ba d7 9f 2d ca bf f0 7a 6e 04 6a b4 54 9d f4 |....-...zn.j.T..| +00000020 dd b5 e5 c9 f7 4f e1 a4 0c a9 72 20 57 d4 f7 3a |.....O....r W..:| +00000030 88 0a d3 95 c7 3a 4c 7c e3 0c ac 99 bc 24 d7 ad |.....:L|.....$..| +00000040 3f 53 07 08 00 aa c3 e5 2c 2b d3 2f 00 08 13 02 |?S......,+./....| +00000050 13 03 13 01 00 ff 01 00 00 71 00 00 00 0e 00 0c |.........q......| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 0c 00 0a 00 1d 00 17 00 1e |................| +00000080 00 19 00 18 00 16 00 00 00 17 00 00 00 0d 00 04 |................| +00000090 00 02 08 04 00 2b 00 03 02 03 04 00 2d 00 02 01 |.....+......-...| +000000a0 01 00 33 00 26 00 24 00 1d 00 20 ef 5d 96 0f 42 |..3.&.$... .]..B| +000000b0 9a fe c1 40 ee 31 cd 34 6d 11 d2 ad e9 99 9b b6 |...@.1.4m.......| +000000c0 70 27 8f dc 81 c2 a6 ac 90 3f 4b |p'.......?K| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 57 d4 f7 3a |........... W..:| +00000030 88 0a d3 95 c7 3a 4c 7c e3 0c ac 99 bc 24 d7 ad |.....:L|.....$..| +00000040 3f 53 07 08 00 aa c3 e5 2c 2b d3 2f 13 02 00 00 |?S......,+./....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 e9 da 29 cf f2 21 32 b3 92 c0 18 5b |......)..!2....[| +00000090 26 f6 c8 ed eb 67 5c 9c df 5c f2 17 03 03 02 6d |&....g\..\.....m| +000000a0 c8 d6 15 36 38 ef 64 62 1b 49 c8 c9 bc ce f7 99 |...68.db.I......| +000000b0 da da 8e d0 2f 98 b1 cf 9a fa 53 cf 8a 20 11 6c |..../.....S.. .l| +000000c0 25 10 fc fd b2 f1 22 ea 42 64 21 b5 2f 94 9a 0a |%.....".Bd!./...| +000000d0 d3 3e 3b 14 4e b1 d1 3e fb 40 03 54 af d3 9e ea |.>;.N..>.@.T....| +000000e0 c8 fb b2 ed ff fa c1 1d 7e 72 fb bd dd 04 b2 0c |........~r......| +000000f0 ac 33 4c 1b e4 65 2f 91 c1 3e f1 1a 8f e0 92 23 |.3L..e/..>.....#| +00000100 3a 4d 04 f2 4f 14 d4 bb fe f7 fe 6a 69 8b aa 15 |:M..O......ji...| +00000110 c4 97 dd 06 3c 79 1c c9 aa 77 51 ac 95 8e 50 f8 |....| +00000150 2a be aa 06 e7 22 cd 8c f1 46 2a 54 6e 54 bf 90 |*...."...F*TnT..| +00000160 89 01 5e e4 e2 aa 7b d7 bc e9 37 d4 ee 75 18 57 |..^...{...7..u.W| +00000170 0c f7 8b fb 70 b2 cc 1c e2 ed 64 20 22 56 7a d3 |....p.....d "Vz.| +00000180 24 eb 25 0d 29 6f 8b be 5a 99 89 eb aa 04 18 8c |$.%.)o..Z.......| +00000190 bd c8 b3 95 57 5d 5b 00 55 d8 ef a0 22 f8 cb 26 |....W][.U..."..&| +000001a0 8d e0 9a 25 a7 77 6d 25 27 c3 aa 75 f7 51 15 c5 |...%.wm%'..u.Q..| +000001b0 30 72 57 ef d4 41 3e cf dd fc 77 d9 d8 08 41 87 |0rW..A>...w...A.| +000001c0 b6 9a 06 c6 f2 00 c5 a2 14 e9 f3 52 91 65 db 69 |...........R.e.i| +000001d0 a7 2e fb 32 5c 3f 13 c8 ea 65 3a 3a 4d 65 a9 69 |...2\?...e::Me.i| +000001e0 3f 7b f8 7c ee 1e a2 87 81 10 5c 7f 8d 37 1a 75 |?{.|......\..7.u| +000001f0 29 8a 78 58 8a d7 f7 af 75 ee 3d f2 58 c2 de a5 |).xX....u.=.X...| +00000200 60 e7 f9 a3 a1 66 cf df 76 2f 2a cf 5e 6e 80 a3 |`....f..v/*.^n..| +00000210 47 16 c9 c9 d1 b5 02 38 63 0a 86 fc f2 e8 0b 16 |G......8c.......| +00000220 d6 43 8e d1 68 b8 01 a0 63 69 01 c8 d3 1e eb 48 |.C..h...ci.....H| +00000230 28 5e 82 24 3a 19 62 f2 48 65 13 82 77 8c 9a ca |(^.$:.b.He..w...| +00000240 69 84 27 4d fd 88 81 79 74 8a a7 ef 2e be 6c c7 |i.'M...yt.....l.| +00000250 89 9d 19 ab 44 fa 35 99 cc 8e af c3 c0 98 85 85 |....D.5.........| +00000260 e7 92 45 84 39 c3 2d 27 a1 55 98 81 3a 09 1f f3 |..E.9.-'.U..:...| +00000270 9a 86 e5 53 f4 7d 35 8d 1f 2e 06 ef ed bf eb cb |...S.}5.........| +00000280 54 41 b7 9c d9 df 1b 75 00 f3 81 29 27 e4 ed 90 |TA.....u...)'...| +00000290 bd 16 39 96 15 22 c3 19 35 5c 88 db 00 05 38 77 |..9.."..5\....8w| +000002a0 8e ef 42 f5 b2 8c 0a 6c 7f 38 7a f7 c1 13 a6 3d |..B....l.8z....=| +000002b0 80 3c 62 aa 26 d0 80 08 31 b0 f4 84 36 c1 8d 51 |.>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 93 78 a6 3d 50 |..........E.x.=P| +00000010 bd bf cb d5 f5 2d af d7 1a 04 5a 7c 18 57 5f ce |.....-....Z|.W_.| +00000020 bf aa f3 25 1d 19 29 3a 90 06 9b 9a ad bb 03 92 |...%..):........| +00000030 58 62 1f db 30 3b db 83 bf 21 dc 32 50 7a cc c1 |Xb..0;...!.2Pz..| +00000040 51 2d 46 a4 41 eb 07 b3 91 54 55 23 bd 1b c9 82 |Q-F.A....TU#....| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e 94 17 fa b4 46 cf 05 18 36 1e 2c |.........F...6.,| +00000010 fa b8 76 fd 66 4f d0 6c df 7d 35 ea cc 5f 8c fb |..v.fO.l.}5.._..| +00000020 6f 31 cc 17 03 03 00 13 7e 91 d1 39 ce 2c 4d e4 |o1......~..9.,M.| +00000030 49 90 a1 a6 c1 12 bf 0b 12 80 40 |I.........@| diff --git a/testdata/Server-TLSv13-X25519 b/testdata/Server-TLSv13-X25519 new file mode 100644 index 0000000..e2ede18 --- /dev/null +++ b/testdata/Server-TLSv13-X25519 @@ -0,0 +1,91 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 d8 01 00 00 d4 03 03 7b 32 49 3a 30 |...........{2I:0| +00000010 09 44 1d e3 d6 4e c0 2e ec e1 ce fc d9 70 6d 47 |.D...N.......pmG| +00000020 32 61 92 e3 4b 0e 02 96 0a b4 b6 20 18 b5 42 4e |2a..K...... ..BN| +00000030 a4 06 40 82 76 bc 30 6b 5c ef 16 94 e4 bb fa 0b |..@.v.0k\.......| +00000040 49 d4 b1 c5 df 0d 01 92 be 99 6f f2 00 08 13 02 |I.........o.....| +00000050 13 03 13 01 00 ff 01 00 00 83 00 00 00 0e 00 0c |................| +00000060 00 00 09 31 32 37 2e 30 2e 30 2e 31 00 0b 00 04 |...127.0.0.1....| +00000070 03 00 01 02 00 0a 00 04 00 02 00 1d 00 16 00 00 |................| +00000080 00 17 00 00 00 0d 00 1e 00 1c 04 03 05 03 06 03 |................| +00000090 08 07 08 08 08 09 08 0a 08 0b 08 04 08 05 08 06 |................| +000000a0 04 01 05 01 06 01 00 2b 00 03 02 03 04 00 2d 00 |.......+......-.| +000000b0 02 01 01 00 33 00 26 00 24 00 1d 00 20 32 8d 5d |....3.&.$... 2.]| +000000c0 3b f5 8f b3 7b 41 92 90 e9 3f 4f aa 61 a8 91 f6 |;...{A...?O.a...| +000000d0 85 c1 70 d6 1a 94 8d 16 1d 4e c8 ea 54 |..p......N..T| +>>> Flow 2 (server to client) +00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 18 b5 42 4e |........... ..BN| +00000030 a4 06 40 82 76 bc 30 6b 5c ef 16 94 e4 bb fa 0b |..@.v.0k\.......| +00000040 49 d4 b1 c5 df 0d 01 92 be 99 6f f2 13 02 00 00 |I.........o.....| +00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /| +00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0| +00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 17 |.........._X.;t.| +00000080 03 03 00 17 7c ee 15 67 75 36 92 d7 4a d6 56 f5 |....|..gu6..J.V.| +00000090 6d ef 3d e1 2e 94 de 7d 72 dc 2f 17 03 03 02 6d |m.=....}r./....m| +000000a0 a4 38 eb 50 27 ef fa 47 59 74 d0 ad 55 e2 19 15 |.8.P'..GYt..U...| +000000b0 a8 9e 12 dc c5 70 7c fd b7 1c cd 56 b7 44 cc 9c |.....p|....V.D..| +000000c0 4c b7 6c 99 0a 20 8d db fc 5b 4d 97 27 b3 64 61 |L.l.. ...[M.'.da| +000000d0 fd e6 99 9b d7 1f 2c 86 a3 b7 23 16 8c f0 f0 a4 |......,...#.....| +000000e0 70 e1 0e 70 61 db 2d c2 60 10 30 21 eb 3c f4 d4 |p..pa.-.`.0!.<..| +000000f0 07 27 f2 54 bd e7 b8 7a 13 10 47 10 41 46 3d 6f |.'.T...z..G.AF=o| +00000100 20 3b 16 07 d6 0d 16 d0 06 34 a4 b9 eb 6a 3d 1b | ;.......4...j=.| +00000110 69 fd 7b f2 2d a8 8d 56 51 cf 0e 58 c3 19 ce 88 |i.{.-..VQ..X....| +00000120 9f 6c c6 38 11 24 81 2f da c1 f2 57 32 2f 5c 1e |.l.8.$./...W2/\.| +00000130 e1 04 56 58 fd 5c ca b8 c6 f1 bd 66 84 a9 2d 48 |..VX.\.....f..-H| +00000140 4f 4c 08 b3 92 ba 5d 89 95 ce 3d b2 de 76 00 01 |OL....]...=..v..| +00000150 95 56 56 2c 39 1a 65 68 f5 28 4e d2 e9 cc 85 2e |.VV,9.eh.(N.....| +00000160 f0 d9 e6 40 f3 f2 88 10 24 5b 92 5e 18 2d 4c e5 |...@....$[.^.-L.| +00000170 36 dd c6 09 d1 ca ae 44 84 7a 9b dd f3 c9 ac 44 |6......D.z.....D| +00000180 7d 77 e9 41 8b b2 26 93 16 e9 d4 06 8b f5 ab c5 |}w.A..&.........| +00000190 8d ad f4 61 5f 1c ab f0 ff 86 20 f0 4d 90 f5 cb |...a_..... .M...| +000001a0 0f d8 fe 3f 2e 78 5e 11 bf 82 0d 55 a2 9a 7b 4b |...?.x^....U..{K| +000001b0 5d a0 b7 6c b1 d3 98 67 81 c2 ef fa 22 2f a4 68 |]..l...g...."/.h| +000001c0 b4 bd 38 08 68 b8 08 2e 95 70 64 e1 c0 4a 29 2b |..8.h....pd..J)+| +000001d0 d0 5d 0c 2a f0 df 87 e9 7c bd f5 bc a5 e2 56 56 |.].*....|.....VV| +000001e0 e6 79 0e f9 ce 42 9a 7c d9 e4 3a b2 c9 c7 54 f7 |.y...B.|..:...T.| +000001f0 a2 f8 af b0 8d 56 2b 9d 3a de da 22 7a f6 56 b9 |.....V+.:.."z.V.| +00000200 6f cf 61 b1 9f 49 91 1e aa da 27 cb bd 81 f9 a0 |o.a..I....'.....| +00000210 01 8c e0 ad d6 3f ef 8a 2e 8c 4b da 77 83 b7 7a |.....?....K.w..z| +00000220 69 83 62 2e 48 00 d2 dc 96 46 ef e1 c5 1a 49 eb |i.b.H....F....I.| +00000230 3c 6d b9 a6 c1 45 21 a6 7a cb 46 23 57 b1 21 d9 || +00000340 e7 dd b0 e3 9f ee 2d e7 f4 fa 11 56 01 27 86 04 |......-....V.'..| +00000350 4d 76 58 61 e5 1e b3 61 07 1e 50 2f 38 2e 2e 86 |MvXa...a..P/8...| +00000360 b9 c5 77 c5 c5 bf 54 4d b8 50 9f 03 fb 5f 8d 60 |..w...TM.P..._.`| +00000370 49 ed 98 90 34 d5 66 e1 0a 17 9c 55 3f 7a 7e 31 |I...4.f....U?z~1| +00000380 dd b5 d9 12 9d 8c 00 6e 37 d4 3e 45 ad da 6d 30 |.......n7.>E..m0| +00000390 47 2c 70 95 10 a4 d2 1e 20 37 04 6a 58 96 34 0d |G,p..... 7.jX.4.| +000003a0 2c 93 09 de 7b 1b a0 5c 25 19 c5 17 03 03 00 45 |,...{..\%......E| +000003b0 ba 0f cd 55 4f 62 24 0a f9 7d 58 93 69 4f 5f c4 |...UOb$..}X.iO_.| +000003c0 d2 bd 95 3e 10 15 57 1d c1 16 e3 4d 46 8b fd d1 |...>..W....MF...| +000003d0 16 d1 4a 83 4b d5 ed d2 00 90 90 c3 8f 91 43 81 |..J.K.........C.| +000003e0 a1 90 16 3b c9 54 6c 3c 0f 71 c7 5f 2c b0 3f c3 |...;.Tl<.q._,.?.| +000003f0 9b 69 ce 6c 60 |.i.l`| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 17 03 03 00 45 bf 5b 81 15 24 |..........E.[..$| +00000010 3b be 70 41 4d ea 7c 04 a7 31 84 d3 38 b0 e4 cb |;.pAM.|..1..8...| +00000020 42 05 b7 a8 07 1a d5 4f f3 e7 50 56 e8 73 63 1a |B......O..PV.sc.| +00000030 d8 a0 76 5e 10 c8 73 07 fa 88 86 65 69 40 81 37 |..v^..s....ei@.7| +00000040 a2 00 89 b6 ff f1 49 1d 69 e5 63 2e bc 5a eb e6 |......I.i.c..Z..| +>>> Flow 4 (server to client) +00000000 17 03 03 00 1e ca eb a0 6a b4 a5 eb ca 28 14 25 |........j....(.%| +00000010 07 18 47 3d f0 f6 22 2e 7f 9c 09 73 8c a7 f8 63 |..G=.."....s...c| +00000020 e7 41 fd 17 03 03 00 13 ba f6 ed 7e 36 b5 f2 c6 |.A.........~6...| +00000030 15 27 34 2d 8d bd ea 99 29 81 ee |.'4-....)..|