feat: ClientHello JSON Unmarshaler rev

- Revised JSON ClientHello format
- Implemented `TLSExtensionJSON` interface for some more extensions

go.mod

@@ -4,6 +4,7 @@ go 1.19
 
 require (
 	github.com/andybalholm/brotli v1.0.4
+	github.com/gaukas/godicttls v0.0.3
 	github.com/klauspost/compress v1.15.15
 	golang.org/x/crypto v0.5.0
 	golang.org/x/net v0.7.0

go.sum

@@ -1,5 +1,7 @@
 github.com/andybalholm/brotli v1.0.4 h1:V7DdXeJtZscaqfNuAdSRuRFzuiKlHSC/Zh3zl9qY3JY=
 github.com/andybalholm/brotli v1.0.4/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHGRSepvi9Eig=
+github.com/gaukas/godicttls v0.0.3 h1:YNDIf0d9adcxOijiLrEzpfZGAkNwLRzPaG6OjU7EITk=
+github.com/gaukas/godicttls v0.0.3/go.mod h1:l6EenT4TLWgTdwslVb4sEMOCf7Bv0JAK67deKr9/NCI=
 github.com/klauspost/compress v1.15.15 h1:EF27CXIuDsYJ6mmvtBRlEuB2UVOqHG1tAXgZ7yIO+lw=
 github.com/klauspost/compress v1.15.15/go.mod h1:ZcK2JAFqKOpnBlxcLsJzYfrS9X1akm9fHZNnD9+Vo/4=
 golang.org/x/crypto v0.5.0 h1:U/0M97KRkSFvyD/3FSmdP5W5swImpNgle/EHFhOsQPE=

testdata/ClientHello-JSON-Chrome102.json

@@ -1,75 +1,75 @@
 {
 	"cipher_suites": [
-        {"id": 2570, "description": "GREASE"},
+        "GREASE",
-		{"id": 4865, "description": "TLS_AES_128_GCM_SHA256"},
+		"TLS_AES_128_GCM_SHA256",
-		{"id": 4866, "description": "TLS_AES_256_GCM_SHA384"},
+		"TLS_AES_256_GCM_SHA384",
-        {"id": 4867, "description": "TLS_CHACHA20_POLY1305_SHA256"},
+        "TLS_CHACHA20_POLY1305_SHA256",
-        {"id": 49195, "description": "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"},
+        "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-        {"id": 49199, "description": "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"},
+        "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-        {"id": 49196, "description": "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"},
+        "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-        {"id": 49200, "description": "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"},
+        "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-        {"id": 52393, "description": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305"},
+        "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-        {"id": 52392, "description": "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305"},
+        "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-        {"id": 49171, "description": "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"},
+        "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
-        {"id": 49172, "description": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"},
+        "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
-        {"id": 156, "description": "TLS_RSA_WITH_AES_128_GCM_SHA256"},
+        "TLS_RSA_WITH_AES_128_GCM_SHA256",
-        {"id": 157, "description": "TLS_RSA_WITH_AES_256_GCM_SHA384"},
+        "TLS_RSA_WITH_AES_256_GCM_SHA384",
-        {"id": 47, "description": "TLS_RSA_WITH_AES_128_CBC_SHA"},
+        "TLS_RSA_WITH_AES_128_CBC_SHA",
-        {"id": 53, "description": "TLS_RSA_WITH_AES_256_CBC_SHA"}
+        "TLS_RSA_WITH_AES_256_CBC_SHA"
 	],
 	"compression_methods": [
-		{"id": 0, "description": "null"}
+		"NULL"
 	],
 	"extensions": [
-		{"id": 31354, "description": "GREASE"},
+		{"name": "GREASE"},
-		{"id": 0, "description": "server_name"},
+		{"name": "server_name"},
-		{"id": 23, "description": "extended_master_secret"},
+		{"name": "extended_master_secret"},
-		{"id": 65281, "description": "renegotiation_info", "renegotiated_connection": []},
+		{"name": "renegotiation_info"},
-		{"id": 10, "description": "supported_groups", "named_group_list": [
+		{"name": "supported_groups", "named_group_list": [
-			{"id": 6682, "description": "GREASE"},
+			"GREASE",
-			{"id": 29, "description": "x25519"},
+			"x25519",
-			{"id": 23, "description": "secp256r1"},
+			"secp256r1",
-			{"id": 24, "description": "secp384r1"}
+			"secp384r1"
 		]},
-		{"id": 11, "description": "ec_point_formats", "ec_point_format_list": [
+		{"name": "ec_point_formats", "ec_point_format_list": [
-			{"id": 0, "description": "uncompressed"}
+			"uncompressed"
 		]},
-		{"id": 35, "description": "session_ticket"},
+		{"name": "session_ticket"},
-		{"id": 16, "description": "application_layer_protocol_negotiation", "protocol_name_list": [
+		{"name": "application_layer_protocol_negotiation", "protocol_name_list": [
 			"h2",
 			"http/1.1"
 		]},
-		{"id": 5, "description": "status_request"},
+		{"name": "status_request"},
-		{"id": 13, "description": "signature_algorithms", "supported_signature_algorithms": [
+		{"name": "signature_algorithms", "supported_signature_algorithms": [
-			{"id": 1027, "description": "ecdsa_secp256r1_sha256"},
+			"ecdsa_secp256r1_sha256",
-			{"id": 2052, "description": "rsa_pss_rsae_sha256"},
+			"rsa_pss_rsae_sha256",
-			{"id": 1025, "description": "rsa_pkcs1_sha256"},
+			"rsa_pkcs1_sha256",
-			{"id": 1283, "description": "ecdsa_secp384r1_sha384"},
+			"ecdsa_secp384r1_sha384",
-			{"id": 2053, "description": "rsa_pss_rsae_sha384"},
+			"rsa_pss_rsae_sha384",
-			{"id": 1281, "description": "rsa_pkcs1_sha384"},
+			"rsa_pkcs1_sha384",
-			{"id": 2054, "description": "rsa_pss_rsae_sha512"},
+			"rsa_pss_rsae_sha512",
-			{"id": 1537, "description": "rsa_pkcs1_sha512"}
+			"rsa_pkcs1_sha512"
 		]},
-		{"id": 18, "description": "signed_certificate_timestamp"},
+		{"name": "signed_certificate_timestamp"},
-		{"id": 51, "description": "key_share", "client_shares": [
+		{"name": "key_share", "client_shares": [
-			{"group": 10794, "description": "GREASE", "key_exchange": [0]},
+			{"group": "GREASE", "key_exchange": [0]},
-			{"group": 29, "description": "x25519"}
+			{"group": "x25519"}
 		]},
-		{"id": 45, "description": "psk_key_exchange_modes", "ke_modes": [
+		{"name": "psk_key_exchange_modes", "ke_modes": [
-			{"mode": 1, "description": "psk_dhe_ke"}
+			"psk_dhe_ke"
 		]},
-		{"id": 43, "description": "supported_versions", "versions": [
+		{"name": "supported_versions", "versions": [
-			{"version": 14906, "description": "GREASE"},
+			"GREASE",
-			{"version": 772, "description": "TLSv1.3"},
+			"TLS 1.3",
-			{"version": 771, "description": "TLSv1.2"}
+			"TLS 1.2"
 		]},
-		{"id": 27, "description": "compress_certificate", "algorithms": [
+		{"name": "compress_certificate", "algorithms": [
-			{"algorithm": 2, "description": "brotli"}
+			"brotli"
 		]},
-		{"id": 17513, "description": "application_settings", "supported_protocols": [
+		{"name": "application_settings", "supported_protocols": [
 			"h2"
 		]},
-		{"id": 19018, "description": "GREASE"},
+		{"name": "GREASE"},
-		{"id": 21, "description": "padding", "len": 0}
+		{"name": "padding", "len": 0}
 	]
 }

testdata/ClientHello-JSON-Edge106.json

@@ -0,0 +1,76 @@
+{
+	"cipher_suites": [
+        "GREASE",
+		"TLS_AES_128_GCM_SHA256",
+		"TLS_AES_256_GCM_SHA384",
+		"TLS_AES_256_GCM_SHA384",
+		"TLS_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+		"TLS_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_RSA_WITH_AES_256_CBC_SHA"
+	],
+	"compression_methods": [
+		"NULL"
+	],
+	"extensions": [
+		{"name": "GREASE"},
+		{"name": "server_name"},
+		{"name": "extended_master_secret"},
+		{"name": "renegotiation_info"},
+		{"name": "supported_groups", "named_group_list": [
+			"GREASE",
+			"x25519",
+			"secp256r1",
+			"secp384r1"
+		]},
+		{"name": "ec_point_formats", "ec_point_format_list": [
+			"uncompressed"
+		]},
+		{"name": "session_ticket"},
+		{"name": "application_layer_protocol_negotiation", "protocol_name_list": [
+			"h2",
+			"http/1.1"
+		]},
+		{"name": "status_request"},
+		{"name": "signature_algorithms", "supported_signature_algorithms": [
+			"ecdsa_secp256r1_sha256",
+			"rsa_pss_rsae_sha256",
+			"rsa_pkcs1_sha256",
+			"ecdsa_secp384r1_sha384",
+			"rsa_pss_rsae_sha384",
+			"rsa_pkcs1_sha384",
+			"rsa_pss_rsae_sha512",
+			"rsa_pkcs1_sha512"
+		]},
+		{"name": "signed_certificate_timestamp"},
+		{"name": "key_share", "client_shares": [
+			{"group": "GREASE", "key_exchange": [0]},
+			{"group": "x25519"}
+		]},
+		{"name": "psk_key_exchange_modes", "ke_modes": [
+			"psk_dhe_ke"
+		]},
+		{"name": "supported_versions", "versions": [
+			"GREASE",
+			"TLS 1.3",
+			"TLS 1.2"
+		]},
+		{"name": "compress_certificate", "algorithms": [
+			"brotli"
+		]},
+		{"name": "application_settings", "supported_protocols": [
+			"h2"
+		]},
+		{"name": "GREASE"},
+		{"name": "padding", "len": 0}
+	]
+}

testdata/ClientHello-JSON-Firefox105.json

@@ -0,0 +1,78 @@
+{
+	"cipher_suites": [
+        "TLS_AES_128_GCM_SHA256",
+		"TLS_CHACHA20_POLY1305_SHA256",
+		"TLS_AES_256_GCM_SHA384",
+		"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+		"TLS_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_RSA_WITH_AES_256_CBC_SHA"
+	],
+	"compression_methods": [
+		"NULL"
+	],
+	"extensions": [
+		{"name": "server_name"},
+		{"name": "extended_master_secret"},
+		{"name": "renegotiation_info"},
+		{"name": "supported_groups", "named_group_list": [
+			"x25519",
+			"secp256r1",
+			"secp384r1",
+			"secp521r1",
+			"ffdhe2048",
+	   		"ffdhe3072"
+		]},
+		{"name": "ec_point_formats", "ec_point_format_list": [
+			"uncompressed"
+		]},
+		{"name": "session_ticket"},
+		{"name": "application_layer_protocol_negotiation", "protocol_name_list": [
+			"h2",
+			"http/1.1"
+		]},
+		{"name": "status_request"},
+		{"name": "delegated_credentials", "supported_signature_algorithms": [
+			"ecdsa_secp256r1_sha256",
+			"ecdsa_secp384r1_sha384",
+			"ecdsa_secp521r1_sha512",
+			"ecdsa_sha1"
+		]},
+		{"name": "key_share", "client_shares": [
+			{"group": "x25519"},
+			{"group": "secp256r1"}
+		]},
+		{"name": "supported_versions", "versions": [
+			"TLS 1.3",
+			"TLS 1.2"
+		]},
+		{"name": "signature_algorithms", "supported_signature_algorithms": [
+			"ecdsa_secp256r1_sha256",
+			"ecdsa_secp384r1_sha384",
+			"ecdsa_secp521r1_sha512",
+			"rsa_pss_rsae_sha256",
+			"rsa_pss_rsae_sha384",
+			"rsa_pss_rsae_sha512",
+			"rsa_pkcs1_sha256",
+			"rsa_pkcs1_sha384",
+			"rsa_pkcs1_sha512",
+			"ecdsa_sha1",
+			"rsa_pkcs1_sha1"
+		]},
+		{"name": "psk_key_exchange_modes", "ke_modes": [
+			"psk_dhe_ke"
+		]},
+		{"name": "record_size_limit", "record_size_limit": 16385},
+		{"name": "padding", "len": 0}
+	]
+}

testdata/ClientHello-JSON-iOS14.json

@@ -0,0 +1,85 @@
+{
+	"cipher_suites": [
+        "GREASE",
+		"TLS_AES_128_GCM_SHA256",
+		"TLS_AES_256_GCM_SHA384",
+		"TLS_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",
+		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
+		"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",
+		"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
+		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
+		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",
+		"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
+		"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_RSA_WITH_AES_256_GCM_SHA384",
+		"TLS_RSA_WITH_AES_128_GCM_SHA256",
+		"TLS_RSA_WITH_AES_256_CBC_SHA256",
+		"TLS_RSA_WITH_AES_128_CBC_SHA256",
+		"TLS_RSA_WITH_AES_256_CBC_SHA",
+		"TLS_RSA_WITH_AES_128_CBC_SHA",
+		"TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",
+		"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",
+		"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
+	],
+	"compression_methods": [
+		"NULL"
+	],
+	"extensions": [
+		{"name": "GREASE"},
+		{"name": "server_name"},
+		{"name": "extended_master_secret"},
+		{"name": "renegotiation_info"},
+		{"name": "supported_groups", "named_group_list": [
+			"GREASE",
+			"x25519",
+			"secp256r1",
+			"secp384r1",
+			"secp521r1"
+		]},
+		{"name": "ec_point_formats", "ec_point_format_list": [
+			"uncompressed"
+		]},
+		{"name": "application_layer_protocol_negotiation", "protocol_name_list": [
+			"h2",
+			"http/1.1"
+		]},
+		{"name": "status_request"},
+		{"name": "signature_algorithms", "supported_signature_algorithms": [
+			"ecdsa_secp256r1_sha256",
+			"rsa_pss_rsae_sha256",
+			"rsa_pkcs1_sha256",
+			"ecdsa_secp384r1_sha384",
+			"ecdsa_sha1",
+			"rsa_pss_rsae_sha384",
+			"rsa_pss_rsae_sha384",
+			"rsa_pkcs1_sha384",
+			"rsa_pss_rsae_sha512",
+			"rsa_pkcs1_sha512",
+			"rsa_pkcs1_sha1"
+		]},
+		{"name": "signed_certificate_timestamp"},
+		{"name": "key_share", "client_shares": [
+			{"group": "GREASE", "key_exchange": [0]},
+			{"group": "x25519"}
+		]},
+		{"name": "psk_key_exchange_modes", "ke_modes": [
+			"psk_dhe_ke"
+		]},
+		{"name": "supported_versions", "versions": [
+			"GREASE",
+			"TLS 1.3",
+			"TLS 1.2",
+			"TLS 1.1",
+			"TLS 1.0"
+		]},
+		{"name": "GREASE"},
+		{"name": "padding"}
+	]
+}

u_clienthello_json.go

@@ -4,9 +4,12 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"os"
+
+	"github.com/gaukas/godicttls"
 )
 
-var ErrNoExtensionID = errors.New("no extension ID in JSON object")
+var ErrUnknownExtension = errors.New("extension name is unknown to the dictionary")
 
 type ClientHelloSpecJSONUnmarshaler struct {
 	CipherSuites       *CipherSuitesJSONUnmarshaler       `json:"cipher_suites"`
@@ -31,20 +34,24 @@ type CipherSuitesJSONUnmarshaler struct {
 }
 
 func (c *CipherSuitesJSONUnmarshaler) UnmarshalJSON(jsonStr []byte) error {
-	var accepters []struct {
+	var cipherSuiteNames []string
-		ID   uint16 `json:"id"`
+	if err := json.Unmarshal(jsonStr, &cipherSuiteNames); err != nil {
-		Name string `json:"name,omitempty"` // optional
-	}
-	if err := json.Unmarshal(jsonStr, &accepters); err != nil {
 		return err
 	}
 
-	var ciphers []uint16 = make([]uint16, 0, len(accepters))
+	for _, name := range cipherSuiteNames {
-	for _, accepter := range accepters {
+		if name == "GREASE" {
-		ciphers = append(ciphers, unGREASEUint16(accepter.ID))
+			c.cipherSuites = append(c.cipherSuites, GREASE_PLACEHOLDER)
+			continue
+		}
+
+		if id, ok := godicttls.DictCipherSuiteNameIndexed[name]; ok {
+			c.cipherSuites = append(c.cipherSuites, id)
+		} else {
+			return fmt.Errorf("unknown cipher suite name: %s", name)
+		}
 	}
 
-	c.cipherSuites = ciphers
 	return nil
 }
 
@@ -57,20 +64,19 @@ type CompressionMethodsJSONUnmarshaler struct {
 }
 
 func (c *CompressionMethodsJSONUnmarshaler) UnmarshalJSON(jsonStr []byte) error {
-	var accepters []struct {
+	var compressionMethodNames []string
-		ID   uint8  `json:"id"`
+	if err := json.Unmarshal(jsonStr, &compressionMethodNames); err != nil {
-		Name string `json:"name,omitempty"` // optional
-	}
-	if err := json.Unmarshal(jsonStr, &accepters); err != nil {
 		return err
 	}
 
-	var compressions []uint8 = make([]uint8, 0, len(accepters))
+	for _, name := range compressionMethodNames {
-	for _, accepter := range accepters {
+		if id, ok := godicttls.DictCompMethNameIndexed[name]; ok {
-		compressions = append(compressions, accepter.ID)
+			c.compressionMethods = append(c.compressionMethods, id)
+		} else {
+			return fmt.Errorf("unknown compression method name: %s", name)
+		}
 	}
 
-	c.compressionMethods = compressions
 	return nil
 }
 
@@ -90,27 +96,33 @@ func (e *TLSExtensionsJSONUnmarshaler) UnmarshalJSON(jsonStr []byte) error {
 
 	var exts []TLSExtensionJSON = make([]TLSExtensionJSON, 0, len(accepters))
 	for _, accepter := range accepters {
-		var extID uint16 = accepter.idDescObj.ID
+		if accepter.extNameOnly.Name == "GREASE" {
-		var extName string = accepter.idDescObj.Description
+			exts = append(exts, &UtlsGREASEExtension{})
-
+			continue
-		// get extension type from ID
-		var ext TLSExtension = ExtensionFromID(extID)
-		if ext == nil {
-			// fallback to generic extension
-			ext = genericExtension(extID, extName)
 		}
 
-		if extJsonCompatible, ok := ext.(TLSExtensionJSON); ok {
+		if extID, ok := godicttls.DictExtTypeNameIndexed[accepter.extNameOnly.Name]; !ok {
-			exts = append(exts, extJsonCompatible)
+			return fmt.Errorf("%w: %s", ErrUnknownExtension, accepter.extNameOnly.Name)
 		} else {
-			return fmt.Errorf("extension %d (%s) is not JSON compatible", extID, extName)
+			// get extension type from ID
+			var ext TLSExtension = ExtensionFromID(extID)
+			if ext == nil {
+				// fallback to generic extension
+				ext = genericExtension(extID, accepter.extNameOnly.Name)
+			}
+
+			if extJsonCompatible, ok := ext.(TLSExtensionJSON); ok {
+				exts = append(exts, extJsonCompatible)
+			} else {
+				return fmt.Errorf("extension %d (%s) is not JSON compatible", extID, accepter.extNameOnly.Name)
+			}
 		}
 	}
 
 	// unmashal extensions
 	for idx, ext := range exts {
 		// json.Unmarshal will call the UnmarshalJSON method of the extension
-		if err := json.Unmarshal(accepters[idx].jsonStr, ext); err != nil {
+		if err := json.Unmarshal(accepters[idx].origJsonInput, ext); err != nil {
 			return err
 		}
 	}
@@ -136,20 +148,21 @@ func genericExtension(id uint16, name string) TLSExtension {
 	warningMsg += "is falling back to generic extension"
 	warningMsg += "\n"
 
+	fmt.Fprint(os.Stderr, warningMsg)
+
 	// fallback to generic extension
 	return &GenericExtension{Id: id}
 }
 
 type tlsExtensionJSONAccepter struct {
-	idDescObj struct {
+	extNameOnly struct {
-		ID          uint16 `json:"id"`
+		Name string `json:"name"`
-		Description string `json:"description,omitempty"`
 	}
-	jsonStr []byte
+	origJsonInput []byte
 }
 
 func (t *tlsExtensionJSONAccepter) UnmarshalJSON(jsonStr []byte) error {
-	t.jsonStr = make([]byte, len(jsonStr))
+	t.origJsonInput = make([]byte, len(jsonStr))
-	copy(t.jsonStr, jsonStr)
+	copy(t.origJsonInput, jsonStr)
-	return json.Unmarshal(jsonStr, &t.idDescObj)
+	return json.Unmarshal(jsonStr, &t.extNameOnly)
 }

u_clienthello_json_test.go

@@ -8,11 +8,18 @@ import (
 )
 
 func TestClientHelloSpecJSONUnmarshaler(t *testing.T) {
-	testClientHelloSpecJSONUnmarshaler_Chrome102(t)
+	testClientHelloSpecJSONUnmarshaler(t, "testdata/ClientHello-JSON-Chrome102.json", HelloChrome_102)
+	testClientHelloSpecJSONUnmarshaler(t, "testdata/ClientHello-JSON-Firefox105.json", HelloFirefox_105)
+	testClientHelloSpecJSONUnmarshaler(t, "testdata/ClientHello-JSON-iOS14.json", HelloIOS_14)
+	testClientHelloSpecJSONUnmarshaler(t, "testdata/ClientHello-JSON-Edge106.json", HelloEdge_106)
 }
 
-func testClientHelloSpecJSONUnmarshaler_Chrome102(t *testing.T) {
+func testClientHelloSpecJSONUnmarshaler(
-	jsonCH, err := os.ReadFile("testdata/ClientHello-JSON-Chrome102.json")
+	t *testing.T,
+	jsonFilepath string,
+	truthClientHelloID ClientHelloID,
+) {
+	jsonCH, err := os.ReadFile(jsonFilepath)
 	if err != nil {
 		t.Fatal(err)
 	}
@@ -22,72 +29,95 @@ func testClientHelloSpecJSONUnmarshaler_Chrome102(t *testing.T) {
 		t.Fatal(err)
 	}
 
-	savedChrome102, _ := utlsIdToSpec(HelloChrome_102)
+	truthSpec, _ := utlsIdToSpec(truthClientHelloID)
-	jsonCHS := chsju.ClientHelloSpec()
+	jsonSpec := chsju.ClientHelloSpec()
 
 	// Compare CipherSuites
-	if !reflect.DeepEqual(jsonCHS.CipherSuites, savedChrome102.CipherSuites) {
+	if !reflect.DeepEqual(jsonSpec.CipherSuites, truthSpec.CipherSuites) {
-		t.Errorf("got %#v, want %#v", jsonCHS.CipherSuites, savedChrome102.CipherSuites)
+		t.Errorf("JSONUnmarshaler %s: got %#v, want %#v", clientHelloSpecJSONTestIdentifier(truthClientHelloID), jsonSpec.CipherSuites, truthSpec.CipherSuites)
 	}
 
 	// Compare CompressionMethods
-	if !reflect.DeepEqual(jsonCHS.CompressionMethods, savedChrome102.CompressionMethods) {
+	if !reflect.DeepEqual(jsonSpec.CompressionMethods, truthSpec.CompressionMethods) {
-		t.Errorf("got %#v, want %#v", jsonCHS.CompressionMethods, savedChrome102.CompressionMethods)
+		t.Errorf("JSONUnmarshaler %s: got %#v, want %#v", clientHelloSpecJSONTestIdentifier(truthClientHelloID), jsonSpec.CompressionMethods, truthSpec.CompressionMethods)
 	}
 
 	// Compare Extensions
-	if len(jsonCHS.Extensions) != len(savedChrome102.Extensions) {
+	if len(jsonSpec.Extensions) != len(truthSpec.Extensions) {
-		t.Errorf("len(jsonCHS.Extensions) = %d != %d = len(savedChrome102.Extensions)", len(jsonCHS.Extensions), len(savedChrome102.Extensions))
+		t.Errorf("JSONUnmarshaler %s: len(jsonExtensions) = %d != %d = len(truthExtensions)", clientHelloSpecJSONTestIdentifier(truthClientHelloID), len(jsonSpec.Extensions), len(truthSpec.Extensions))
 	}
 
-	for i := range jsonCHS.Extensions {
+	for i := range jsonSpec.Extensions {
-		if !reflect.DeepEqual(jsonCHS.Extensions[i], savedChrome102.Extensions[i]) {
+		if !reflect.DeepEqual(jsonSpec.Extensions[i], truthSpec.Extensions[i]) {
-			if _, ok := jsonCHS.Extensions[i].(*UtlsPaddingExtension); ok {
+			if _, ok := jsonSpec.Extensions[i].(*UtlsPaddingExtension); ok {
-				continue // UtlsPaddingExtension has non-nil function member
+				testedPaddingExt := jsonSpec.Extensions[i].(*UtlsPaddingExtension)
+				savedPaddingExt := truthSpec.Extensions[i].(*UtlsPaddingExtension)
+				if testedPaddingExt.PaddingLen != savedPaddingExt.PaddingLen || testedPaddingExt.WillPad != savedPaddingExt.WillPad {
+					t.Errorf("got %#v, want %#v", testedPaddingExt, savedPaddingExt)
+				} else {
+					continue // UtlsPaddingExtension has non-nil function member
+				}
 			}
-			t.Errorf("got %#v, want %#v", jsonCHS.Extensions[i], savedChrome102.Extensions[i])
+			t.Errorf("JSONUnmarshaler %s: got %#v, want %#v", clientHelloSpecJSONTestIdentifier(truthClientHelloID), jsonSpec.Extensions[i], truthSpec.Extensions[i])
 		}
 	}
 }
 
 func TestClientHelloSpecUnmarshalJSON(t *testing.T) {
-	testClientHelloSpecUnmarshalJSON_Chrome102(t)
+	testClientHelloSpecUnmarshalJSON(t, "testdata/ClientHello-JSON-Chrome102.json", HelloChrome_102)
+	testClientHelloSpecUnmarshalJSON(t, "testdata/ClientHello-JSON-Firefox105.json", HelloFirefox_105)
+	testClientHelloSpecUnmarshalJSON(t, "testdata/ClientHello-JSON-iOS14.json", HelloIOS_14)
+	testClientHelloSpecUnmarshalJSON(t, "testdata/ClientHello-JSON-Edge106.json", HelloEdge_106)
 }
 
-func testClientHelloSpecUnmarshalJSON_Chrome102(t *testing.T) {
+func testClientHelloSpecUnmarshalJSON(
-	var chs ClientHelloSpec
+	t *testing.T,
-	jsonCH, err := os.ReadFile("testdata/ClientHello-JSON-Chrome102.json")
+	jsonFilepath string,
+	truthClientHelloID ClientHelloID,
+) {
+	var jsonSpec ClientHelloSpec
+	jsonCH, err := os.ReadFile(jsonFilepath)
 	if err != nil {
 		t.Fatal(err)
 	}
 
-	if err := json.Unmarshal(jsonCH, &chs); err != nil {
+	if err := json.Unmarshal(jsonCH, &jsonSpec); err != nil {
 		t.Fatal(err)
 	}
 
-	savedChrome102, _ := utlsIdToSpec(HelloChrome_102)
+	truthSpec, _ := utlsIdToSpec(truthClientHelloID)
 
 	// Compare CipherSuites
-	if !reflect.DeepEqual(chs.CipherSuites, savedChrome102.CipherSuites) {
+	if !reflect.DeepEqual(jsonSpec.CipherSuites, truthSpec.CipherSuites) {
-		t.Errorf("got %#v, want %#v", chs.CipherSuites, savedChrome102.CipherSuites)
+		t.Errorf("UnmarshalJSON %s: got %#v, want %#v", clientHelloSpecJSONTestIdentifier(truthClientHelloID), jsonSpec.CipherSuites, truthSpec.CipherSuites)
 	}
 
 	// Compare CompressionMethods
-	if !reflect.DeepEqual(chs.CompressionMethods, savedChrome102.CompressionMethods) {
+	if !reflect.DeepEqual(jsonSpec.CompressionMethods, truthSpec.CompressionMethods) {
-		t.Errorf("got %#v, want %#v", chs.CompressionMethods, savedChrome102.CompressionMethods)
+		t.Errorf("UnmarshalJSON %s: got %#v, want %#v", clientHelloSpecJSONTestIdentifier(truthClientHelloID), jsonSpec.CompressionMethods, truthSpec.CompressionMethods)
 	}
 
 	// Compare Extensions
-	if len(chs.Extensions) != len(savedChrome102.Extensions) {
+	if len(jsonSpec.Extensions) != len(truthSpec.Extensions) {
-		t.Errorf("len(chs.Extensions) = %d != %d = len(savedChrome102.Extensions)", len(chs.Extensions), len(savedChrome102.Extensions))
+		t.Errorf("UnmarshalJSON %s: len(jsonExtensions) = %d != %d = len(truthExtensions)", jsonFilepath, len(jsonSpec.Extensions), len(truthSpec.Extensions))
 	}
 
-	for i := range chs.Extensions {
+	for i := range jsonSpec.Extensions {
-		if !reflect.DeepEqual(chs.Extensions[i], savedChrome102.Extensions[i]) {
+		if !reflect.DeepEqual(jsonSpec.Extensions[i], truthSpec.Extensions[i]) {
-			if _, ok := chs.Extensions[i].(*UtlsPaddingExtension); ok {
+			if _, ok := jsonSpec.Extensions[i].(*UtlsPaddingExtension); ok {
-				continue // UtlsPaddingExtension has non-nil function member
+				testedPaddingExt := jsonSpec.Extensions[i].(*UtlsPaddingExtension)
+				savedPaddingExt := truthSpec.Extensions[i].(*UtlsPaddingExtension)
+				if testedPaddingExt.PaddingLen != savedPaddingExt.PaddingLen || testedPaddingExt.WillPad != savedPaddingExt.WillPad {
+					t.Errorf("got %#v, want %#v", testedPaddingExt, savedPaddingExt)
+				} else {
+					continue // UtlsPaddingExtension has non-nil function member
+				}
 			}
-			t.Errorf("got %#v, want %#v", chs.Extensions[i], savedChrome102.Extensions[i])
+			t.Errorf("UnmarshalJSON %s: got %#v, want %#v", clientHelloSpecJSONTestIdentifier(truthClientHelloID), jsonSpec.Extensions[i], truthSpec.Extensions[i])
 		}
 	}
 }
+
+func clientHelloSpecJSONTestIdentifier(id ClientHelloID) string {
+	return id.Client + id.Version
+}

u_parrots.go

@@ -680,8 +680,8 @@ func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) {
 				&SessionTicketExtension{},
 				&ALPNExtension{AlpnProtocols: []string{"h2", "http/1.1"}}, //application_layer_protocol_negotiation
 				&StatusRequestExtension{},
-				&DelegatedCredentialsExtension{
+				&FakeDelegatedCredentialsExtension{
-					AlgorithmsSignature: []SignatureScheme{ //signature_algorithms
+					SupportedSignatureAlgorithms: []SignatureScheme{ //signature_algorithms
 						ECDSAWithP256AndSHA256,
 						ECDSAWithP384AndSHA384,
 						ECDSAWithP521AndSHA512,
@@ -761,8 +761,8 @@ func utlsIdToSpec(id ClientHelloID) (ClientHelloSpec, error) {
 				&SessionTicketExtension{},
 				&ALPNExtension{AlpnProtocols: []string{"h2"}}, //application_layer_protocol_negotiation
 				&StatusRequestExtension{},
-				&DelegatedCredentialsExtension{
+				&FakeDelegatedCredentialsExtension{
-					AlgorithmsSignature: []SignatureScheme{ //signature_algorithms
+					SupportedSignatureAlgorithms: []SignatureScheme{ //signature_algorithms
 						ECDSAWithP256AndSHA256,
 						ECDSAWithP384AndSHA384,
 						ECDSAWithP521AndSHA512,

u_public.go

@@ -565,8 +565,8 @@ func (KSS KeyShares) ToPrivate() []keyShare {
 // TLS 1.3 PSK Identity. Can be a Session Ticket, or a reference to a saved
 // session. See RFC 8446, Section 4.2.11.
 type PskIdentity struct {
-	Label               []byte
+	Label               []byte `json:"identity"`
-	ObfuscatedTicketAge uint32
+	ObfuscatedTicketAge uint32 `json:"obfuscated_ticket_age"`
 }
 
 type PskIdentities []PskIdentity