From da09099f71172aafd6e7db62ada6d99e237d1b0d Mon Sep 17 00:00:00 2001 From: Sergey Frolov Date: Thu, 22 Jun 2017 18:00:11 -0400 Subject: [PATCH] Initial commit: clone of crypto/tls --- alert.go | 81 + cipher_suites.go | 396 +++++ common.go | 971 ++++++++++ conn.go | 1387 +++++++++++++++ conn_test.go | 274 +++ example_test.go | 115 ++ generate_cert.go | 161 ++ handshake_client.go | 867 +++++++++ handshake_client_test.go | 1565 ++++++++++++++++ handshake_messages.go | 1568 +++++++++++++++++ handshake_messages_test.go | 329 ++++ handshake_server.go | 838 +++++++++ handshake_server_test.go | 1318 ++++++++++++++ handshake_test.go | 226 +++ key_agreement.go | 473 +++++ prf.go | 368 ++++ prf_test.go | 140 ++ testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA | 128 ++ testdata/Client-TLSv10-ClientCert-ECDSA-RSA | 132 ++ testdata/Client-TLSv10-ClientCert-RSA-ECDSA | 127 ++ testdata/Client-TLSv10-ClientCert-RSA-RSA | 131 ++ testdata/Client-TLSv10-ECDHE-ECDSA-AES | 85 + testdata/Client-TLSv10-ECDHE-RSA-AES | 89 + testdata/Client-TLSv10-RSA-RC4 | 78 + testdata/Client-TLSv11-ECDHE-ECDSA-AES | 87 + testdata/Client-TLSv11-ECDHE-RSA-AES | 91 + testdata/Client-TLSv11-RSA-RC4 | 78 + testdata/Client-TLSv12-AES128-GCM-SHA256 | 80 + testdata/Client-TLSv12-AES128-SHA256 | 89 + testdata/Client-TLSv12-AES256-GCM-SHA384 | 80 + testdata/Client-TLSv12-ALPN | 86 + testdata/Client-TLSv12-ALPN-NoMatch | 91 + testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA | 132 ++ testdata/Client-TLSv12-ClientCert-ECDSA-RSA | 132 ++ ...nt-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 | 130 ++ testdata/Client-TLSv12-ClientCert-RSA-ECDSA | 131 ++ testdata/Client-TLSv12-ClientCert-RSA-RSA | 130 ++ testdata/Client-TLSv12-ECDHE-ECDSA-AES | 87 + testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM | 82 + .../Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 | 91 + ...lient-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 | 82 + ...lient-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 | 77 + testdata/Client-TLSv12-ECDHE-RSA-AES | 91 + .../Client-TLSv12-ECDHE-RSA-AES128-SHA256 | 95 + .../Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 | 81 + testdata/Client-TLSv12-RSA-RC4 | 78 + testdata/Client-TLSv12-RenegotiateOnce | 231 +++ testdata/Client-TLSv12-RenegotiateTwice | 376 ++++ .../Client-TLSv12-RenegotiateTwiceRejected | 234 +++ testdata/Client-TLSv12-RenegotiationRejected | 89 + testdata/Client-TLSv12-SCT | 107 ++ .../Client-TLSv12-X25519-ECDHE-RSA-AES-GCM | 85 + testdata/Server-SSLv3-RSA-3DES | 76 + testdata/Server-SSLv3-RSA-AES | 77 + testdata/Server-SSLv3-RSA-RC4 | 72 + testdata/Server-TLSv10-ECDHE-ECDSA-AES | 78 + testdata/Server-TLSv10-RSA-3DES | 72 + testdata/Server-TLSv10-RSA-AES | 75 + testdata/Server-TLSv10-RSA-RC4 | 69 + testdata/Server-TLSv11-FallbackSCSV | 10 + testdata/Server-TLSv11-RSA-RC4 | 69 + testdata/Server-TLSv12-ALPN | 94 + testdata/Server-TLSv12-ALPN-NoMatch | 94 + ...rver-TLSv12-CipherSuiteCertPreferenceECDSA | 85 + ...Server-TLSv12-CipherSuiteCertPreferenceRSA | 89 + ...er-TLSv12-ClientAuthRequestedAndECDSAGiven | 124 ++ .../Server-TLSv12-ClientAuthRequestedAndGiven | 123 ++ .../Server-TLSv12-ClientAuthRequestedNotGiven | 83 + testdata/Server-TLSv12-ECDHE-ECDSA-AES | 82 + testdata/Server-TLSv12-IssueTicket | 89 + testdata/Server-TLSv12-IssueTicketPreDisable | 89 + testdata/Server-TLSv12-RSA-3DES | 76 + testdata/Server-TLSv12-RSA-AES | 80 + testdata/Server-TLSv12-RSA-AES-GCM | 79 + testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 | 79 + testdata/Server-TLSv12-RSA-RC4 | 72 + testdata/Server-TLSv12-Resume | 41 + testdata/Server-TLSv12-ResumeDisabled | 89 + testdata/Server-TLSv12-SNI | 81 + testdata/Server-TLSv12-SNI-GetCertificate | 81 + .../Server-TLSv12-SNI-GetCertificateNotFound | 81 + .../Server-TLSv12-X25519-ECDHE-RSA-AES-GCM | 79 + ticket.go | 200 +++ tls.go | 297 ++++ tls_test.go | 857 +++++++++ 85 files changed, 18812 insertions(+) create mode 100644 alert.go create mode 100644 cipher_suites.go create mode 100644 common.go create mode 100644 conn.go create mode 100644 conn_test.go create mode 100644 example_test.go create mode 100644 generate_cert.go create mode 100644 handshake_client.go create mode 100644 handshake_client_test.go create mode 100644 handshake_messages.go create mode 100644 handshake_messages_test.go create mode 100644 handshake_server.go create mode 100644 handshake_server_test.go create mode 100644 handshake_test.go create mode 100644 key_agreement.go create mode 100644 prf.go create mode 100644 prf_test.go create mode 100644 testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA create mode 100644 testdata/Client-TLSv10-ClientCert-ECDSA-RSA create mode 100644 testdata/Client-TLSv10-ClientCert-RSA-ECDSA create mode 100644 testdata/Client-TLSv10-ClientCert-RSA-RSA create mode 100644 testdata/Client-TLSv10-ECDHE-ECDSA-AES create mode 100644 testdata/Client-TLSv10-ECDHE-RSA-AES create mode 100644 testdata/Client-TLSv10-RSA-RC4 create mode 100644 testdata/Client-TLSv11-ECDHE-ECDSA-AES create mode 100644 testdata/Client-TLSv11-ECDHE-RSA-AES create mode 100644 testdata/Client-TLSv11-RSA-RC4 create mode 100644 testdata/Client-TLSv12-AES128-GCM-SHA256 create mode 100644 testdata/Client-TLSv12-AES128-SHA256 create mode 100644 testdata/Client-TLSv12-AES256-GCM-SHA384 create mode 100644 testdata/Client-TLSv12-ALPN create mode 100644 testdata/Client-TLSv12-ALPN-NoMatch create mode 100644 testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA create mode 100644 testdata/Client-TLSv12-ClientCert-ECDSA-RSA create mode 100644 testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 create mode 100644 testdata/Client-TLSv12-ClientCert-RSA-ECDSA create mode 100644 testdata/Client-TLSv12-ClientCert-RSA-RSA create mode 100644 testdata/Client-TLSv12-ECDHE-ECDSA-AES create mode 100644 testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM create mode 100644 testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 create mode 100644 testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 create mode 100644 testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 create mode 100644 testdata/Client-TLSv12-ECDHE-RSA-AES create mode 100644 testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 create mode 100644 testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 create mode 100644 testdata/Client-TLSv12-RSA-RC4 create mode 100644 testdata/Client-TLSv12-RenegotiateOnce create mode 100644 testdata/Client-TLSv12-RenegotiateTwice create mode 100644 testdata/Client-TLSv12-RenegotiateTwiceRejected create mode 100644 testdata/Client-TLSv12-RenegotiationRejected create mode 100644 testdata/Client-TLSv12-SCT create mode 100644 testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM create mode 100644 testdata/Server-SSLv3-RSA-3DES create mode 100644 testdata/Server-SSLv3-RSA-AES create mode 100644 testdata/Server-SSLv3-RSA-RC4 create mode 100644 testdata/Server-TLSv10-ECDHE-ECDSA-AES create mode 100644 testdata/Server-TLSv10-RSA-3DES create mode 100644 testdata/Server-TLSv10-RSA-AES create mode 100644 testdata/Server-TLSv10-RSA-RC4 create mode 100644 testdata/Server-TLSv11-FallbackSCSV create mode 100644 testdata/Server-TLSv11-RSA-RC4 create mode 100644 testdata/Server-TLSv12-ALPN create mode 100644 testdata/Server-TLSv12-ALPN-NoMatch create mode 100644 testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA create mode 100644 testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA create mode 100644 testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven create mode 100644 testdata/Server-TLSv12-ClientAuthRequestedAndGiven create mode 100644 testdata/Server-TLSv12-ClientAuthRequestedNotGiven create mode 100644 testdata/Server-TLSv12-ECDHE-ECDSA-AES create mode 100644 testdata/Server-TLSv12-IssueTicket create mode 100644 testdata/Server-TLSv12-IssueTicketPreDisable create mode 100644 testdata/Server-TLSv12-RSA-3DES create mode 100644 testdata/Server-TLSv12-RSA-AES create mode 100644 testdata/Server-TLSv12-RSA-AES-GCM create mode 100644 testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 create mode 100644 testdata/Server-TLSv12-RSA-RC4 create mode 100644 testdata/Server-TLSv12-Resume create mode 100644 testdata/Server-TLSv12-ResumeDisabled create mode 100644 testdata/Server-TLSv12-SNI create mode 100644 testdata/Server-TLSv12-SNI-GetCertificate create mode 100644 testdata/Server-TLSv12-SNI-GetCertificateNotFound create mode 100644 testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM create mode 100644 ticket.go create mode 100644 tls.go create mode 100644 tls_test.go diff --git a/alert.go b/alert.go new file mode 100644 index 0000000..4929868 --- /dev/null +++ b/alert.go @@ -0,0 +1,81 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import "strconv" + +type alert uint8 + +const ( + // alert level + alertLevelWarning = 1 + alertLevelError = 2 +) + +const ( + alertCloseNotify alert = 0 + alertUnexpectedMessage alert = 10 + alertBadRecordMAC alert = 20 + alertDecryptionFailed alert = 21 + alertRecordOverflow alert = 22 + alertDecompressionFailure alert = 30 + alertHandshakeFailure alert = 40 + alertBadCertificate alert = 42 + alertUnsupportedCertificate alert = 43 + alertCertificateRevoked alert = 44 + alertCertificateExpired alert = 45 + alertCertificateUnknown alert = 46 + alertIllegalParameter alert = 47 + alertUnknownCA alert = 48 + alertAccessDenied alert = 49 + alertDecodeError alert = 50 + alertDecryptError alert = 51 + alertProtocolVersion alert = 70 + alertInsufficientSecurity alert = 71 + alertInternalError alert = 80 + alertInappropriateFallback alert = 86 + alertUserCanceled alert = 90 + alertNoRenegotiation alert = 100 + alertNoApplicationProtocol alert = 120 +) + +var alertText = map[alert]string{ + alertCloseNotify: "close notify", + alertUnexpectedMessage: "unexpected message", + alertBadRecordMAC: "bad record MAC", + alertDecryptionFailed: "decryption failed", + alertRecordOverflow: "record overflow", + alertDecompressionFailure: "decompression failure", + alertHandshakeFailure: "handshake failure", + alertBadCertificate: "bad certificate", + alertUnsupportedCertificate: "unsupported certificate", + alertCertificateRevoked: "revoked certificate", + alertCertificateExpired: "expired certificate", + alertCertificateUnknown: "unknown certificate", + alertIllegalParameter: "illegal parameter", + alertUnknownCA: "unknown certificate authority", + alertAccessDenied: "access denied", + alertDecodeError: "error decoding message", + alertDecryptError: "error decrypting message", + alertProtocolVersion: "protocol version not supported", + alertInsufficientSecurity: "insufficient security level", + alertInternalError: "internal error", + alertInappropriateFallback: "inappropriate fallback", + alertUserCanceled: "user canceled", + alertNoRenegotiation: "no renegotiation", + alertNoApplicationProtocol: "no application protocol", +} + +func (e alert) String() string { + s, ok := alertText[e] + if ok { + return "tls: " + s + } + return "tls: alert(" + strconv.Itoa(int(e)) + ")" +} + +func (e alert) Error() string { + return e.String() +} diff --git a/cipher_suites.go b/cipher_suites.go new file mode 100644 index 0000000..beb0f19 --- /dev/null +++ b/cipher_suites.go @@ -0,0 +1,396 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "crypto/aes" + "crypto/cipher" + "crypto/des" + "crypto/hmac" + "crypto/rc4" + "crypto/sha1" + "crypto/sha256" + "crypto/x509" + "hash" + + "golang_org/x/crypto/chacha20poly1305" +) + +// a keyAgreement implements the client and server side of a TLS key agreement +// protocol by generating and processing key exchange messages. +type keyAgreement interface { + // On the server side, the first two methods are called in order. + + // In the case that the key agreement protocol doesn't use a + // ServerKeyExchange message, generateServerKeyExchange can return nil, + // nil. + generateServerKeyExchange(*Config, *Certificate, *clientHelloMsg, *serverHelloMsg) (*serverKeyExchangeMsg, error) + processClientKeyExchange(*Config, *Certificate, *clientKeyExchangeMsg, uint16) ([]byte, error) + + // On the client side, the next two methods are called in order. + + // This method may not be called if the server doesn't send a + // ServerKeyExchange message. + processServerKeyExchange(*Config, *clientHelloMsg, *serverHelloMsg, *x509.Certificate, *serverKeyExchangeMsg) error + generateClientKeyExchange(*Config, *clientHelloMsg, *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) +} + +const ( + // suiteECDH indicates that the cipher suite involves elliptic curve + // Diffie-Hellman. This means that it should only be selected when the + // client indicates that it supports ECC with a curve and point format + // that we're happy with. + suiteECDHE = 1 << iota + // suiteECDSA indicates that the cipher suite involves an ECDSA + // signature and therefore may only be selected when the server's + // certificate is ECDSA. If this is not set then the cipher suite is + // RSA based. + suiteECDSA + // suiteTLS12 indicates that the cipher suite should only be advertised + // and accepted when using TLS 1.2. + suiteTLS12 + // suiteSHA384 indicates that the cipher suite uses SHA384 as the + // handshake hash. + suiteSHA384 + // suiteDefaultOff indicates that this cipher suite is not included by + // default. + suiteDefaultOff +) + +// A cipherSuite is a specific combination of key agreement, cipher and MAC +// function. All cipher suites currently assume RSA key agreement. +type cipherSuite struct { + id uint16 + // the lengths, in bytes, of the key material needed for each component. + keyLen int + macLen int + ivLen int + ka func(version uint16) keyAgreement + // flags is a bitmask of the suite* values, above. + flags int + cipher func(key, iv []byte, isRead bool) interface{} + mac func(version uint16, macKey []byte) macFunction + aead func(key, fixedNonce []byte) cipher.AEAD +} + +var cipherSuites = []*cipherSuite{ + // Ciphersuite order is chosen so that ECDHE comes before plain RSA and + // AEADs are the top preference. + {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, + {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, 32, 0, 12, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadChaCha20Poly1305}, + {TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheRSAKA, suiteECDHE | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 16, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheRSAKA, suiteECDHE, cipherAES, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 32, 20, 16, ecdheECDSAKA, suiteECDHE | suiteECDSA, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_128_GCM_SHA256, 16, 0, 4, rsaKA, suiteTLS12, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_AES_256_GCM_SHA384, 32, 0, 4, rsaKA, suiteTLS12 | suiteSHA384, nil, nil, aeadAESGCM}, + {TLS_RSA_WITH_AES_128_CBC_SHA256, 16, 32, 16, rsaKA, suiteTLS12 | suiteDefaultOff, cipherAES, macSHA256, nil}, + {TLS_RSA_WITH_AES_128_CBC_SHA, 16, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_RSA_WITH_AES_256_CBC_SHA, 32, 20, 16, rsaKA, 0, cipherAES, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, ecdheRSAKA, suiteECDHE, cipher3DES, macSHA1, nil}, + {TLS_RSA_WITH_3DES_EDE_CBC_SHA, 24, 20, 8, rsaKA, 0, cipher3DES, macSHA1, nil}, + + // RC4-based cipher suites are disabled by default. + {TLS_RSA_WITH_RC4_128_SHA, 16, 20, 0, rsaKA, suiteDefaultOff, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_RSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheRSAKA, suiteECDHE | suiteDefaultOff, cipherRC4, macSHA1, nil}, + {TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 16, 20, 0, ecdheECDSAKA, suiteECDHE | suiteECDSA | suiteDefaultOff, cipherRC4, macSHA1, nil}, +} + +func cipherRC4(key, iv []byte, isRead bool) interface{} { + cipher, _ := rc4.NewCipher(key) + return cipher +} + +func cipher3DES(key, iv []byte, isRead bool) interface{} { + block, _ := des.NewTripleDESCipher(key) + if isRead { + return cipher.NewCBCDecrypter(block, iv) + } + return cipher.NewCBCEncrypter(block, iv) +} + +func cipherAES(key, iv []byte, isRead bool) interface{} { + block, _ := aes.NewCipher(key) + if isRead { + return cipher.NewCBCDecrypter(block, iv) + } + return cipher.NewCBCEncrypter(block, iv) +} + +// macSHA1 returns a macFunction for the given protocol version. +func macSHA1(version uint16, key []byte) macFunction { + if version == VersionSSL30 { + mac := ssl30MAC{ + h: sha1.New(), + key: make([]byte, len(key)), + } + copy(mac.key, key) + return mac + } + return tls10MAC{hmac.New(newConstantTimeHash(sha1.New), key)} +} + +// macSHA256 returns a SHA-256 based MAC. These are only supported in TLS 1.2 +// so the given version is ignored. +func macSHA256(version uint16, key []byte) macFunction { + return tls10MAC{hmac.New(sha256.New, key)} +} + +type macFunction interface { + Size() int + MAC(digestBuf, seq, header, data, extra []byte) []byte +} + +type aead interface { + cipher.AEAD + + // explicitIVLen returns the number of bytes used by the explicit nonce + // that is included in the record. This is eight for older AEADs and + // zero for modern ones. + explicitNonceLen() int +} + +// fixedNonceAEAD wraps an AEAD and prefixes a fixed portion of the nonce to +// each call. +type fixedNonceAEAD struct { + // nonce contains the fixed part of the nonce in the first four bytes. + nonce [12]byte + aead cipher.AEAD +} + +func (f *fixedNonceAEAD) NonceSize() int { return 8 } +func (f *fixedNonceAEAD) Overhead() int { return f.aead.Overhead() } +func (f *fixedNonceAEAD) explicitNonceLen() int { return 8 } + +func (f *fixedNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { + copy(f.nonce[4:], nonce) + return f.aead.Seal(out, f.nonce[:], plaintext, additionalData) +} + +func (f *fixedNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) { + copy(f.nonce[4:], nonce) + return f.aead.Open(out, f.nonce[:], plaintext, additionalData) +} + +// xoredNonceAEAD wraps an AEAD by XORing in a fixed pattern to the nonce +// before each call. +type xorNonceAEAD struct { + nonceMask [12]byte + aead cipher.AEAD +} + +func (f *xorNonceAEAD) NonceSize() int { return 8 } +func (f *xorNonceAEAD) Overhead() int { return f.aead.Overhead() } +func (f *xorNonceAEAD) explicitNonceLen() int { return 0 } + +func (f *xorNonceAEAD) Seal(out, nonce, plaintext, additionalData []byte) []byte { + for i, b := range nonce { + f.nonceMask[4+i] ^= b + } + result := f.aead.Seal(out, f.nonceMask[:], plaintext, additionalData) + for i, b := range nonce { + f.nonceMask[4+i] ^= b + } + + return result +} + +func (f *xorNonceAEAD) Open(out, nonce, plaintext, additionalData []byte) ([]byte, error) { + for i, b := range nonce { + f.nonceMask[4+i] ^= b + } + result, err := f.aead.Open(out, f.nonceMask[:], plaintext, additionalData) + for i, b := range nonce { + f.nonceMask[4+i] ^= b + } + + return result, err +} + +func aeadAESGCM(key, fixedNonce []byte) cipher.AEAD { + aes, err := aes.NewCipher(key) + if err != nil { + panic(err) + } + aead, err := cipher.NewGCM(aes) + if err != nil { + panic(err) + } + + ret := &fixedNonceAEAD{aead: aead} + copy(ret.nonce[:], fixedNonce) + return ret +} + +func aeadChaCha20Poly1305(key, fixedNonce []byte) cipher.AEAD { + aead, err := chacha20poly1305.New(key) + if err != nil { + panic(err) + } + + ret := &xorNonceAEAD{aead: aead} + copy(ret.nonceMask[:], fixedNonce) + return ret +} + +// ssl30MAC implements the SSLv3 MAC function, as defined in +// www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 5.2.3.1 +type ssl30MAC struct { + h hash.Hash + key []byte +} + +func (s ssl30MAC) Size() int { + return s.h.Size() +} + +var ssl30Pad1 = [48]byte{0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36} + +var ssl30Pad2 = [48]byte{0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c} + +// MAC does not offer constant timing guarantees for SSL v3.0, since it's deemed +// useless considering the similar, protocol-level POODLE vulnerability. +func (s ssl30MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte { + padLength := 48 + if s.h.Size() == 20 { + padLength = 40 + } + + s.h.Reset() + s.h.Write(s.key) + s.h.Write(ssl30Pad1[:padLength]) + s.h.Write(seq) + s.h.Write(header[:1]) + s.h.Write(header[3:5]) + s.h.Write(data) + digestBuf = s.h.Sum(digestBuf[:0]) + + s.h.Reset() + s.h.Write(s.key) + s.h.Write(ssl30Pad2[:padLength]) + s.h.Write(digestBuf) + return s.h.Sum(digestBuf[:0]) +} + +type constantTimeHash interface { + hash.Hash + ConstantTimeSum(b []byte) []byte +} + +// cthWrapper wraps any hash.Hash that implements ConstantTimeSum, and replaces +// with that all calls to Sum. It's used to obtain a ConstantTimeSum-based HMAC. +type cthWrapper struct { + h constantTimeHash +} + +func (c *cthWrapper) Size() int { return c.h.Size() } +func (c *cthWrapper) BlockSize() int { return c.h.BlockSize() } +func (c *cthWrapper) Reset() { c.h.Reset() } +func (c *cthWrapper) Write(p []byte) (int, error) { return c.h.Write(p) } +func (c *cthWrapper) Sum(b []byte) []byte { return c.h.ConstantTimeSum(b) } + +func newConstantTimeHash(h func() hash.Hash) func() hash.Hash { + return func() hash.Hash { + return &cthWrapper{h().(constantTimeHash)} + } +} + +// tls10MAC implements the TLS 1.0 MAC function. RFC 2246, section 6.2.3. +type tls10MAC struct { + h hash.Hash +} + +func (s tls10MAC) Size() int { + return s.h.Size() +} + +// MAC is guaranteed to take constant time, as long as +// len(seq)+len(header)+len(data)+len(extra) is constant. extra is not fed into +// the MAC, but is only provided to make the timing profile constant. +func (s tls10MAC) MAC(digestBuf, seq, header, data, extra []byte) []byte { + s.h.Reset() + s.h.Write(seq) + s.h.Write(header) + s.h.Write(data) + res := s.h.Sum(digestBuf[:0]) + if extra != nil { + s.h.Write(extra) + } + return res +} + +func rsaKA(version uint16) keyAgreement { + return rsaKeyAgreement{} +} + +func ecdheECDSAKA(version uint16) keyAgreement { + return &ecdheKeyAgreement{ + sigType: signatureECDSA, + version: version, + } +} + +func ecdheRSAKA(version uint16) keyAgreement { + return &ecdheKeyAgreement{ + sigType: signatureRSA, + version: version, + } +} + +// mutualCipherSuite returns a cipherSuite given a list of supported +// ciphersuites and the id requested by the peer. +func mutualCipherSuite(have []uint16, want uint16) *cipherSuite { + for _, id := range have { + if id == want { + for _, suite := range cipherSuites { + if suite.id == want { + return suite + } + } + return nil + } + } + return nil +} + +// A list of cipher suite IDs that are, or have been, implemented by this +// package. +// +// Taken from http://www.iana.org/assignments/tls-parameters/tls-parameters.xml +const ( + TLS_RSA_WITH_RC4_128_SHA uint16 = 0x0005 + TLS_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0x000a + TLS_RSA_WITH_AES_128_CBC_SHA uint16 = 0x002f + TLS_RSA_WITH_AES_256_CBC_SHA uint16 = 0x0035 + TLS_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0x003c + TLS_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0x009c + TLS_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0x009d + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA uint16 = 0xc007 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA uint16 = 0xc009 + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA uint16 = 0xc00a + TLS_ECDHE_RSA_WITH_RC4_128_SHA uint16 = 0xc011 + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA uint16 = 0xc012 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA uint16 = 0xc013 + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA uint16 = 0xc014 + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc023 + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 uint16 = 0xc027 + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02f + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 uint16 = 0xc02b + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc030 + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 uint16 = 0xc02c + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca8 + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305 uint16 = 0xcca9 + + // TLS_FALLBACK_SCSV isn't a standard cipher suite but an indicator + // that the client is doing version fallback. See + // https://tools.ietf.org/html/rfc7507. + TLS_FALLBACK_SCSV uint16 = 0x5600 +) diff --git a/common.go b/common.go new file mode 100644 index 0000000..5860838 --- /dev/null +++ b/common.go @@ -0,0 +1,971 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "container/list" + "crypto" + "crypto/internal/cipherhw" + "crypto/rand" + "crypto/sha512" + "crypto/x509" + "errors" + "fmt" + "io" + "math/big" + "net" + "strings" + "sync" + "time" +) + +const ( + VersionSSL30 = 0x0300 + VersionTLS10 = 0x0301 + VersionTLS11 = 0x0302 + VersionTLS12 = 0x0303 +) + +const ( + maxPlaintext = 16384 // maximum plaintext payload length + maxCiphertext = 16384 + 2048 // maximum ciphertext payload length + recordHeaderLen = 5 // record header length + maxHandshake = 65536 // maximum handshake we support (protocol max is 16 MB) + + minVersion = VersionTLS10 + maxVersion = VersionTLS12 +) + +// TLS record types. +type recordType uint8 + +const ( + recordTypeChangeCipherSpec recordType = 20 + recordTypeAlert recordType = 21 + recordTypeHandshake recordType = 22 + recordTypeApplicationData recordType = 23 +) + +// TLS handshake message types. +const ( + typeHelloRequest uint8 = 0 + typeClientHello uint8 = 1 + typeServerHello uint8 = 2 + typeNewSessionTicket uint8 = 4 + typeCertificate uint8 = 11 + typeServerKeyExchange uint8 = 12 + typeCertificateRequest uint8 = 13 + typeServerHelloDone uint8 = 14 + typeCertificateVerify uint8 = 15 + typeClientKeyExchange uint8 = 16 + typeFinished uint8 = 20 + typeCertificateStatus uint8 = 22 + typeNextProtocol uint8 = 67 // Not IANA assigned +) + +// TLS compression types. +const ( + compressionNone uint8 = 0 +) + +// TLS extension numbers +const ( + extensionServerName uint16 = 0 + extensionStatusRequest uint16 = 5 + extensionSupportedCurves uint16 = 10 + extensionSupportedPoints uint16 = 11 + extensionSignatureAlgorithms uint16 = 13 + extensionALPN uint16 = 16 + extensionSCT uint16 = 18 // https://tools.ietf.org/html/rfc6962#section-6 + extensionSessionTicket uint16 = 35 + extensionNextProtoNeg uint16 = 13172 // not IANA assigned + extensionRenegotiationInfo uint16 = 0xff01 +) + +// TLS signaling cipher suite values +const ( + scsvRenegotiation uint16 = 0x00ff +) + +// CurveID is the type of a TLS identifier for an elliptic curve. See +// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8 +type CurveID uint16 + +const ( + CurveP256 CurveID = 23 + CurveP384 CurveID = 24 + CurveP521 CurveID = 25 + X25519 CurveID = 29 +) + +// TLS Elliptic Curve Point Formats +// http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-9 +const ( + pointFormatUncompressed uint8 = 0 +) + +// TLS CertificateStatusType (RFC 3546) +const ( + statusTypeOCSP uint8 = 1 +) + +// Certificate types (for certificateRequestMsg) +const ( + certTypeRSASign = 1 // A certificate containing an RSA key + certTypeDSSSign = 2 // A certificate containing a DSA key + certTypeRSAFixedDH = 3 // A certificate containing a static DH key + certTypeDSSFixedDH = 4 // A certificate containing a static DH key + + // See RFC 4492 sections 3 and 5.5. + certTypeECDSASign = 64 // A certificate containing an ECDSA-capable public key, signed with ECDSA. + certTypeRSAFixedECDH = 65 // A certificate containing an ECDH-capable public key, signed with RSA. + certTypeECDSAFixedECDH = 66 // A certificate containing an ECDH-capable public key, signed with ECDSA. + + // Rest of these are reserved by the TLS spec +) + +// Hash functions for TLS 1.2 (See RFC 5246, section A.4.1) +const ( + hashSHA1 uint8 = 2 + hashSHA256 uint8 = 4 + hashSHA384 uint8 = 5 +) + +// Signature algorithms for TLS 1.2 (See RFC 5246, section A.4.1) +const ( + signatureRSA uint8 = 1 + signatureECDSA uint8 = 3 +) + +// signatureAndHash mirrors the TLS 1.2, SignatureAndHashAlgorithm struct. See +// RFC 5246, section A.4.1. +type signatureAndHash struct { + hash, signature uint8 +} + +// supportedSignatureAlgorithms contains the signature and hash algorithms that +// the code advertises as supported in a TLS 1.2 ClientHello and in a TLS 1.2 +// CertificateRequest. +var supportedSignatureAlgorithms = []signatureAndHash{ + {hashSHA256, signatureRSA}, + {hashSHA256, signatureECDSA}, + {hashSHA384, signatureRSA}, + {hashSHA384, signatureECDSA}, + {hashSHA1, signatureRSA}, + {hashSHA1, signatureECDSA}, +} + +// ConnectionState records basic TLS details about the connection. +type ConnectionState struct { + Version uint16 // TLS version used by the connection (e.g. VersionTLS12) + HandshakeComplete bool // TLS handshake is complete + DidResume bool // connection resumes a previous TLS connection + CipherSuite uint16 // cipher suite in use (TLS_RSA_WITH_RC4_128_SHA, ...) + NegotiatedProtocol string // negotiated next protocol (not guaranteed to be from Config.NextProtos) + NegotiatedProtocolIsMutual bool // negotiated protocol was advertised by server (client side only) + ServerName string // server name requested by client, if any (server side only) + PeerCertificates []*x509.Certificate // certificate chain presented by remote peer + VerifiedChains [][]*x509.Certificate // verified chains built from PeerCertificates + SignedCertificateTimestamps [][]byte // SCTs from the server, if any + OCSPResponse []byte // stapled OCSP response from server, if any + + // TLSUnique contains the "tls-unique" channel binding value (see RFC + // 5929, section 3). For resumed sessions this value will be nil + // because resumption does not include enough context (see + // https://mitls.org/pages/attacks/3SHAKE#channelbindings). This will + // change in future versions of Go once the TLS master-secret fix has + // been standardized and implemented. + TLSUnique []byte +} + +// ClientAuthType declares the policy the server will follow for +// TLS Client Authentication. +type ClientAuthType int + +const ( + NoClientCert ClientAuthType = iota + RequestClientCert + RequireAnyClientCert + VerifyClientCertIfGiven + RequireAndVerifyClientCert +) + +// ClientSessionState contains the state needed by clients to resume TLS +// sessions. +type ClientSessionState struct { + sessionTicket []uint8 // Encrypted ticket used for session resumption with server + vers uint16 // SSL/TLS version negotiated for the session + cipherSuite uint16 // Ciphersuite negotiated for the session + masterSecret []byte // MasterSecret generated by client on a full handshake + serverCertificates []*x509.Certificate // Certificate chain presented by the server + verifiedChains [][]*x509.Certificate // Certificate chains we built for verification +} + +// ClientSessionCache is a cache of ClientSessionState objects that can be used +// by a client to resume a TLS session with a given server. ClientSessionCache +// implementations should expect to be called concurrently from different +// goroutines. Only ticket-based resumption is supported, not SessionID-based +// resumption. +type ClientSessionCache interface { + // Get searches for a ClientSessionState associated with the given key. + // On return, ok is true if one was found. + Get(sessionKey string) (session *ClientSessionState, ok bool) + + // Put adds the ClientSessionState to the cache with the given key. + Put(sessionKey string, cs *ClientSessionState) +} + +// SignatureScheme identifies a signature algorithm supported by TLS. See +// https://tools.ietf.org/html/draft-ietf-tls-tls13-18#section-4.2.3. +type SignatureScheme uint16 + +const ( + PKCS1WithSHA1 SignatureScheme = 0x0201 + PKCS1WithSHA256 SignatureScheme = 0x0401 + PKCS1WithSHA384 SignatureScheme = 0x0501 + PKCS1WithSHA512 SignatureScheme = 0x0601 + + PSSWithSHA256 SignatureScheme = 0x0804 + PSSWithSHA384 SignatureScheme = 0x0805 + PSSWithSHA512 SignatureScheme = 0x0806 + + ECDSAWithP256AndSHA256 SignatureScheme = 0x0403 + ECDSAWithP384AndSHA384 SignatureScheme = 0x0503 + ECDSAWithP521AndSHA512 SignatureScheme = 0x0603 +) + +// ClientHelloInfo contains information from a ClientHello message in order to +// guide certificate selection in the GetCertificate callback. +type ClientHelloInfo struct { + // CipherSuites lists the CipherSuites supported by the client (e.g. + // TLS_RSA_WITH_RC4_128_SHA). + CipherSuites []uint16 + + // ServerName indicates the name of the server requested by the client + // in order to support virtual hosting. ServerName is only set if the + // client is using SNI (see + // http://tools.ietf.org/html/rfc4366#section-3.1). + ServerName string + + // SupportedCurves lists the elliptic curves supported by the client. + // SupportedCurves is set only if the Supported Elliptic Curves + // Extension is being used (see + // http://tools.ietf.org/html/rfc4492#section-5.1.1). + SupportedCurves []CurveID + + // SupportedPoints lists the point formats supported by the client. + // SupportedPoints is set only if the Supported Point Formats Extension + // is being used (see + // http://tools.ietf.org/html/rfc4492#section-5.1.2). + SupportedPoints []uint8 + + // SignatureSchemes lists the signature and hash schemes that the client + // is willing to verify. SignatureSchemes is set only if the Signature + // Algorithms Extension is being used (see + // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1). + SignatureSchemes []SignatureScheme + + // SupportedProtos lists the application protocols supported by the client. + // SupportedProtos is set only if the Application-Layer Protocol + // Negotiation Extension is being used (see + // https://tools.ietf.org/html/rfc7301#section-3.1). + // + // Servers can select a protocol by setting Config.NextProtos in a + // GetConfigForClient return value. + SupportedProtos []string + + // SupportedVersions lists the TLS versions supported by the client. + // For TLS versions less than 1.3, this is extrapolated from the max + // version advertised by the client, so values other than the greatest + // might be rejected if used. + SupportedVersions []uint16 + + // Conn is the underlying net.Conn for the connection. Do not read + // from, or write to, this connection; that will cause the TLS + // connection to fail. + Conn net.Conn +} + +// CertificateRequestInfo contains information from a server's +// CertificateRequest message, which is used to demand a certificate and proof +// of control from a client. +type CertificateRequestInfo struct { + // AcceptableCAs contains zero or more, DER-encoded, X.501 + // Distinguished Names. These are the names of root or intermediate CAs + // that the server wishes the returned certificate to be signed by. An + // empty slice indicates that the server has no preference. + AcceptableCAs [][]byte + + // SignatureSchemes lists the signature schemes that the server is + // willing to verify. + SignatureSchemes []SignatureScheme +} + +// RenegotiationSupport enumerates the different levels of support for TLS +// renegotiation. TLS renegotiation is the act of performing subsequent +// handshakes on a connection after the first. This significantly complicates +// the state machine and has been the source of numerous, subtle security +// issues. Initiating a renegotiation is not supported, but support for +// accepting renegotiation requests may be enabled. +// +// Even when enabled, the server may not change its identity between handshakes +// (i.e. the leaf certificate must be the same). Additionally, concurrent +// handshake and application data flow is not permitted so renegotiation can +// only be used with protocols that synchronise with the renegotiation, such as +// HTTPS. +type RenegotiationSupport int + +const ( + // RenegotiateNever disables renegotiation. + RenegotiateNever RenegotiationSupport = iota + + // RenegotiateOnceAsClient allows a remote server to request + // renegotiation once per connection. + RenegotiateOnceAsClient + + // RenegotiateFreelyAsClient allows a remote server to repeatedly + // request renegotiation. + RenegotiateFreelyAsClient +) + +// A Config structure is used to configure a TLS client or server. +// After one has been passed to a TLS function it must not be +// modified. A Config may be reused; the tls package will also not +// modify it. +type Config struct { + // Rand provides the source of entropy for nonces and RSA blinding. + // If Rand is nil, TLS uses the cryptographic random reader in package + // crypto/rand. + // The Reader must be safe for use by multiple goroutines. + Rand io.Reader + + // Time returns the current time as the number of seconds since the epoch. + // If Time is nil, TLS uses time.Now. + Time func() time.Time + + // Certificates contains one or more certificate chains to present to + // the other side of the connection. Server configurations must include + // at least one certificate or else set GetCertificate. Clients doing + // client-authentication may set either Certificates or + // GetClientCertificate. + Certificates []Certificate + + // NameToCertificate maps from a certificate name to an element of + // Certificates. Note that a certificate name can be of the form + // '*.example.com' and so doesn't have to be a domain name as such. + // See Config.BuildNameToCertificate + // The nil value causes the first element of Certificates to be used + // for all connections. + NameToCertificate map[string]*Certificate + + // GetCertificate returns a Certificate based on the given + // ClientHelloInfo. It will only be called if the client supplies SNI + // information or if Certificates is empty. + // + // If GetCertificate is nil or returns nil, then the certificate is + // retrieved from NameToCertificate. If NameToCertificate is nil, the + // first element of Certificates will be used. + GetCertificate func(*ClientHelloInfo) (*Certificate, error) + + // GetClientCertificate, if not nil, is called when a server requests a + // certificate from a client. If set, the contents of Certificates will + // be ignored. + // + // If GetClientCertificate returns an error, the handshake will be + // aborted and that error will be returned. Otherwise + // GetClientCertificate must return a non-nil Certificate. If + // Certificate.Certificate is empty then no certificate will be sent to + // the server. If this is unacceptable to the server then it may abort + // the handshake. + // + // GetClientCertificate may be called multiple times for the same + // connection if renegotiation occurs or if TLS 1.3 is in use. + GetClientCertificate func(*CertificateRequestInfo) (*Certificate, error) + + // GetConfigForClient, if not nil, is called after a ClientHello is + // received from a client. It may return a non-nil Config in order to + // change the Config that will be used to handle this connection. If + // the returned Config is nil, the original Config will be used. The + // Config returned by this callback may not be subsequently modified. + // + // If GetConfigForClient is nil, the Config passed to Server() will be + // used for all connections. + // + // Uniquely for the fields in the returned Config, session ticket keys + // will be duplicated from the original Config if not set. + // Specifically, if SetSessionTicketKeys was called on the original + // config but not on the returned config then the ticket keys from the + // original config will be copied into the new config before use. + // Otherwise, if SessionTicketKey was set in the original config but + // not in the returned config then it will be copied into the returned + // config before use. If neither of those cases applies then the key + // material from the returned config will be used for session tickets. + GetConfigForClient func(*ClientHelloInfo) (*Config, error) + + // VerifyPeerCertificate, if not nil, is called after normal + // certificate verification by either a TLS client or server. It + // receives the raw ASN.1 certificates provided by the peer and also + // any verified chains that normal processing found. If it returns a + // non-nil error, the handshake is aborted and that error results. + // + // If normal verification fails then the handshake will abort before + // considering this callback. If normal verification is disabled by + // setting InsecureSkipVerify then this callback will be considered but + // the verifiedChains argument will always be nil. + VerifyPeerCertificate func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error + + // RootCAs defines the set of root certificate authorities + // that clients use when verifying server certificates. + // If RootCAs is nil, TLS uses the host's root CA set. + RootCAs *x509.CertPool + + // NextProtos is a list of supported, application level protocols. + NextProtos []string + + // ServerName is used to verify the hostname on the returned + // certificates unless InsecureSkipVerify is given. It is also included + // in the client's handshake to support virtual hosting unless it is + // an IP address. + ServerName string + + // ClientAuth determines the server's policy for + // TLS Client Authentication. The default is NoClientCert. + ClientAuth ClientAuthType + + // ClientCAs defines the set of root certificate authorities + // that servers use if required to verify a client certificate + // by the policy in ClientAuth. + ClientCAs *x509.CertPool + + // InsecureSkipVerify controls whether a client verifies the + // server's certificate chain and host name. + // If InsecureSkipVerify is true, TLS accepts any certificate + // presented by the server and any host name in that certificate. + // In this mode, TLS is susceptible to man-in-the-middle attacks. + // This should be used only for testing. + InsecureSkipVerify bool + + // CipherSuites is a list of supported cipher suites. If CipherSuites + // is nil, TLS uses a list of suites supported by the implementation. + CipherSuites []uint16 + + // PreferServerCipherSuites controls whether the server selects the + // client's most preferred ciphersuite, or the server's most preferred + // ciphersuite. If true then the server's preference, as expressed in + // the order of elements in CipherSuites, is used. + PreferServerCipherSuites bool + + // SessionTicketsDisabled may be set to true to disable session ticket + // (resumption) support. + SessionTicketsDisabled bool + + // SessionTicketKey is used by TLS servers to provide session + // resumption. See RFC 5077. If zero, it will be filled with + // random data before the first server handshake. + // + // If multiple servers are terminating connections for the same host + // they should all have the same SessionTicketKey. If the + // SessionTicketKey leaks, previously recorded and future TLS + // connections using that key are compromised. + SessionTicketKey [32]byte + + // SessionCache is a cache of ClientSessionState entries for TLS session + // resumption. + ClientSessionCache ClientSessionCache + + // MinVersion contains the minimum SSL/TLS version that is acceptable. + // If zero, then TLS 1.0 is taken as the minimum. + MinVersion uint16 + + // MaxVersion contains the maximum SSL/TLS version that is acceptable. + // If zero, then the maximum version supported by this package is used, + // which is currently TLS 1.2. + MaxVersion uint16 + + // CurvePreferences contains the elliptic curves that will be used in + // an ECDHE handshake, in preference order. If empty, the default will + // be used. + CurvePreferences []CurveID + + // DynamicRecordSizingDisabled disables adaptive sizing of TLS records. + // When true, the largest possible TLS record size is always used. When + // false, the size of TLS records may be adjusted in an attempt to + // improve latency. + DynamicRecordSizingDisabled bool + + // Renegotiation controls what types of renegotiation are supported. + // The default, none, is correct for the vast majority of applications. + Renegotiation RenegotiationSupport + + // KeyLogWriter optionally specifies a destination for TLS master secrets + // in NSS key log format that can be used to allow external programs + // such as Wireshark to decrypt TLS connections. + // See https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format. + // Use of KeyLogWriter compromises security and should only be + // used for debugging. + KeyLogWriter io.Writer + + serverInitOnce sync.Once // guards calling (*Config).serverInit + + // mutex protects sessionTicketKeys. + mutex sync.RWMutex + // sessionTicketKeys contains zero or more ticket keys. If the length + // is zero, SessionTicketsDisabled must be true. The first key is used + // for new tickets and any subsequent keys can be used to decrypt old + // tickets. + sessionTicketKeys []ticketKey +} + +// ticketKeyNameLen is the number of bytes of identifier that is prepended to +// an encrypted session ticket in order to identify the key used to encrypt it. +const ticketKeyNameLen = 16 + +// ticketKey is the internal representation of a session ticket key. +type ticketKey struct { + // keyName is an opaque byte string that serves to identify the session + // ticket key. It's exposed as plaintext in every session ticket. + keyName [ticketKeyNameLen]byte + aesKey [16]byte + hmacKey [16]byte +} + +// ticketKeyFromBytes converts from the external representation of a session +// ticket key to a ticketKey. Externally, session ticket keys are 32 random +// bytes and this function expands that into sufficient name and key material. +func ticketKeyFromBytes(b [32]byte) (key ticketKey) { + hashed := sha512.Sum512(b[:]) + copy(key.keyName[:], hashed[:ticketKeyNameLen]) + copy(key.aesKey[:], hashed[ticketKeyNameLen:ticketKeyNameLen+16]) + copy(key.hmacKey[:], hashed[ticketKeyNameLen+16:ticketKeyNameLen+32]) + return key +} + +// Clone returns a shallow clone of c. It is safe to clone a Config that is +// being used concurrently by a TLS client or server. +func (c *Config) Clone() *Config { + // Running serverInit ensures that it's safe to read + // SessionTicketsDisabled. + c.serverInitOnce.Do(func() { c.serverInit(nil) }) + + var sessionTicketKeys []ticketKey + c.mutex.RLock() + sessionTicketKeys = c.sessionTicketKeys + c.mutex.RUnlock() + + return &Config{ + Rand: c.Rand, + Time: c.Time, + Certificates: c.Certificates, + NameToCertificate: c.NameToCertificate, + GetCertificate: c.GetCertificate, + GetClientCertificate: c.GetClientCertificate, + GetConfigForClient: c.GetConfigForClient, + VerifyPeerCertificate: c.VerifyPeerCertificate, + RootCAs: c.RootCAs, + NextProtos: c.NextProtos, + ServerName: c.ServerName, + ClientAuth: c.ClientAuth, + ClientCAs: c.ClientCAs, + InsecureSkipVerify: c.InsecureSkipVerify, + CipherSuites: c.CipherSuites, + PreferServerCipherSuites: c.PreferServerCipherSuites, + SessionTicketsDisabled: c.SessionTicketsDisabled, + SessionTicketKey: c.SessionTicketKey, + ClientSessionCache: c.ClientSessionCache, + MinVersion: c.MinVersion, + MaxVersion: c.MaxVersion, + CurvePreferences: c.CurvePreferences, + DynamicRecordSizingDisabled: c.DynamicRecordSizingDisabled, + Renegotiation: c.Renegotiation, + KeyLogWriter: c.KeyLogWriter, + sessionTicketKeys: sessionTicketKeys, + } +} + +// serverInit is run under c.serverInitOnce to do initialization of c. If c was +// returned by a GetConfigForClient callback then the argument should be the +// Config that was passed to Server, otherwise it should be nil. +func (c *Config) serverInit(originalConfig *Config) { + if c.SessionTicketsDisabled || len(c.ticketKeys()) != 0 { + return + } + + alreadySet := false + for _, b := range c.SessionTicketKey { + if b != 0 { + alreadySet = true + break + } + } + + if !alreadySet { + if originalConfig != nil { + copy(c.SessionTicketKey[:], originalConfig.SessionTicketKey[:]) + } else if _, err := io.ReadFull(c.rand(), c.SessionTicketKey[:]); err != nil { + c.SessionTicketsDisabled = true + return + } + } + + if originalConfig != nil { + originalConfig.mutex.RLock() + c.sessionTicketKeys = originalConfig.sessionTicketKeys + originalConfig.mutex.RUnlock() + } else { + c.sessionTicketKeys = []ticketKey{ticketKeyFromBytes(c.SessionTicketKey)} + } +} + +func (c *Config) ticketKeys() []ticketKey { + c.mutex.RLock() + // c.sessionTicketKeys is constant once created. SetSessionTicketKeys + // will only update it by replacing it with a new value. + ret := c.sessionTicketKeys + c.mutex.RUnlock() + return ret +} + +// SetSessionTicketKeys updates the session ticket keys for a server. The first +// key will be used when creating new tickets, while all keys can be used for +// decrypting tickets. It is safe to call this function while the server is +// running in order to rotate the session ticket keys. The function will panic +// if keys is empty. +func (c *Config) SetSessionTicketKeys(keys [][32]byte) { + if len(keys) == 0 { + panic("tls: keys must have at least one key") + } + + newKeys := make([]ticketKey, len(keys)) + for i, bytes := range keys { + newKeys[i] = ticketKeyFromBytes(bytes) + } + + c.mutex.Lock() + c.sessionTicketKeys = newKeys + c.mutex.Unlock() +} + +func (c *Config) rand() io.Reader { + r := c.Rand + if r == nil { + return rand.Reader + } + return r +} + +func (c *Config) time() time.Time { + t := c.Time + if t == nil { + t = time.Now + } + return t() +} + +func (c *Config) cipherSuites() []uint16 { + s := c.CipherSuites + if s == nil { + s = defaultCipherSuites() + } + return s +} + +func (c *Config) minVersion() uint16 { + if c == nil || c.MinVersion == 0 { + return minVersion + } + return c.MinVersion +} + +func (c *Config) maxVersion() uint16 { + if c == nil || c.MaxVersion == 0 { + return maxVersion + } + return c.MaxVersion +} + +var defaultCurvePreferences = []CurveID{X25519, CurveP256, CurveP384, CurveP521} + +func (c *Config) curvePreferences() []CurveID { + if c == nil || len(c.CurvePreferences) == 0 { + return defaultCurvePreferences + } + return c.CurvePreferences +} + +// mutualVersion returns the protocol version to use given the advertised +// version of the peer. +func (c *Config) mutualVersion(vers uint16) (uint16, bool) { + minVersion := c.minVersion() + maxVersion := c.maxVersion() + + if vers < minVersion { + return 0, false + } + if vers > maxVersion { + vers = maxVersion + } + return vers, true +} + +// getCertificate returns the best certificate for the given ClientHelloInfo, +// defaulting to the first element of c.Certificates. +func (c *Config) getCertificate(clientHello *ClientHelloInfo) (*Certificate, error) { + if c.GetCertificate != nil && + (len(c.Certificates) == 0 || len(clientHello.ServerName) > 0) { + cert, err := c.GetCertificate(clientHello) + if cert != nil || err != nil { + return cert, err + } + } + + if len(c.Certificates) == 0 { + return nil, errors.New("tls: no certificates configured") + } + + if len(c.Certificates) == 1 || c.NameToCertificate == nil { + // There's only one choice, so no point doing any work. + return &c.Certificates[0], nil + } + + name := strings.ToLower(clientHello.ServerName) + for len(name) > 0 && name[len(name)-1] == '.' { + name = name[:len(name)-1] + } + + if cert, ok := c.NameToCertificate[name]; ok { + return cert, nil + } + + // try replacing labels in the name with wildcards until we get a + // match. + labels := strings.Split(name, ".") + for i := range labels { + labels[i] = "*" + candidate := strings.Join(labels, ".") + if cert, ok := c.NameToCertificate[candidate]; ok { + return cert, nil + } + } + + // If nothing matches, return the first certificate. + return &c.Certificates[0], nil +} + +// BuildNameToCertificate parses c.Certificates and builds c.NameToCertificate +// from the CommonName and SubjectAlternateName fields of each of the leaf +// certificates. +func (c *Config) BuildNameToCertificate() { + c.NameToCertificate = make(map[string]*Certificate) + for i := range c.Certificates { + cert := &c.Certificates[i] + x509Cert, err := x509.ParseCertificate(cert.Certificate[0]) + if err != nil { + continue + } + if len(x509Cert.Subject.CommonName) > 0 { + c.NameToCertificate[x509Cert.Subject.CommonName] = cert + } + for _, san := range x509Cert.DNSNames { + c.NameToCertificate[san] = cert + } + } +} + +// writeKeyLog logs client random and master secret if logging was enabled by +// setting c.KeyLogWriter. +func (c *Config) writeKeyLog(clientRandom, masterSecret []byte) error { + if c.KeyLogWriter == nil { + return nil + } + + logLine := []byte(fmt.Sprintf("CLIENT_RANDOM %x %x\n", clientRandom, masterSecret)) + + writerMutex.Lock() + _, err := c.KeyLogWriter.Write(logLine) + writerMutex.Unlock() + + return err +} + +// writerMutex protects all KeyLogWriters globally. It is rarely enabled, +// and is only for debugging, so a global mutex saves space. +var writerMutex sync.Mutex + +// A Certificate is a chain of one or more certificates, leaf first. +type Certificate struct { + Certificate [][]byte + // PrivateKey contains the private key corresponding to the public key + // in Leaf. For a server, this must implement crypto.Signer and/or + // crypto.Decrypter, with an RSA or ECDSA PublicKey. For a client + // (performing client authentication), this must be a crypto.Signer + // with an RSA or ECDSA PublicKey. + PrivateKey crypto.PrivateKey + // OCSPStaple contains an optional OCSP response which will be served + // to clients that request it. + OCSPStaple []byte + // SignedCertificateTimestamps contains an optional list of Signed + // Certificate Timestamps which will be served to clients that request it. + SignedCertificateTimestamps [][]byte + // Leaf is the parsed form of the leaf certificate, which may be + // initialized using x509.ParseCertificate to reduce per-handshake + // processing for TLS clients doing client authentication. If nil, the + // leaf certificate will be parsed as needed. + Leaf *x509.Certificate +} + +type handshakeMessage interface { + marshal() []byte + unmarshal([]byte) bool +} + +// lruSessionCache is a ClientSessionCache implementation that uses an LRU +// caching strategy. +type lruSessionCache struct { + sync.Mutex + + m map[string]*list.Element + q *list.List + capacity int +} + +type lruSessionCacheEntry struct { + sessionKey string + state *ClientSessionState +} + +// NewLRUClientSessionCache returns a ClientSessionCache with the given +// capacity that uses an LRU strategy. If capacity is < 1, a default capacity +// is used instead. +func NewLRUClientSessionCache(capacity int) ClientSessionCache { + const defaultSessionCacheCapacity = 64 + + if capacity < 1 { + capacity = defaultSessionCacheCapacity + } + return &lruSessionCache{ + m: make(map[string]*list.Element), + q: list.New(), + capacity: capacity, + } +} + +// Put adds the provided (sessionKey, cs) pair to the cache. +func (c *lruSessionCache) Put(sessionKey string, cs *ClientSessionState) { + c.Lock() + defer c.Unlock() + + if elem, ok := c.m[sessionKey]; ok { + entry := elem.Value.(*lruSessionCacheEntry) + entry.state = cs + c.q.MoveToFront(elem) + return + } + + if c.q.Len() < c.capacity { + entry := &lruSessionCacheEntry{sessionKey, cs} + c.m[sessionKey] = c.q.PushFront(entry) + return + } + + elem := c.q.Back() + entry := elem.Value.(*lruSessionCacheEntry) + delete(c.m, entry.sessionKey) + entry.sessionKey = sessionKey + entry.state = cs + c.q.MoveToFront(elem) + c.m[sessionKey] = elem +} + +// Get returns the ClientSessionState value associated with a given key. It +// returns (nil, false) if no value is found. +func (c *lruSessionCache) Get(sessionKey string) (*ClientSessionState, bool) { + c.Lock() + defer c.Unlock() + + if elem, ok := c.m[sessionKey]; ok { + c.q.MoveToFront(elem) + return elem.Value.(*lruSessionCacheEntry).state, true + } + return nil, false +} + +// TODO(jsing): Make these available to both crypto/x509 and crypto/tls. +type dsaSignature struct { + R, S *big.Int +} + +type ecdsaSignature dsaSignature + +var emptyConfig Config + +func defaultConfig() *Config { + return &emptyConfig +} + +var ( + once sync.Once + varDefaultCipherSuites []uint16 +) + +func defaultCipherSuites() []uint16 { + once.Do(initDefaultCipherSuites) + return varDefaultCipherSuites +} + +func initDefaultCipherSuites() { + var topCipherSuites []uint16 + if cipherhw.AESGCMSupport() { + // If AES-GCM hardware is provided then prioritise AES-GCM + // cipher suites. + topCipherSuites = []uint16{ + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + } + } else { + // Without AES-GCM hardware, we put the ChaCha20-Poly1305 + // cipher suites first. + topCipherSuites = []uint16{ + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, + TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, + } + } + + varDefaultCipherSuites = make([]uint16, 0, len(cipherSuites)) + varDefaultCipherSuites = append(varDefaultCipherSuites, topCipherSuites...) + +NextCipherSuite: + for _, suite := range cipherSuites { + if suite.flags&suiteDefaultOff != 0 { + continue + } + for _, existing := range varDefaultCipherSuites { + if existing == suite.id { + continue NextCipherSuite + } + } + varDefaultCipherSuites = append(varDefaultCipherSuites, suite.id) + } +} + +func unexpectedMessageError(wanted, got interface{}) error { + return fmt.Errorf("tls: received unexpected handshake message of type %T when waiting for %T", got, wanted) +} + +func isSupportedSignatureAndHash(sigHash signatureAndHash, sigHashes []signatureAndHash) bool { + for _, s := range sigHashes { + if s == sigHash { + return true + } + } + return false +} diff --git a/conn.go b/conn.go new file mode 100644 index 0000000..e6d85aa --- /dev/null +++ b/conn.go @@ -0,0 +1,1387 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// TLS low level connection and record layer + +package tls + +import ( + "bytes" + "crypto/cipher" + "crypto/subtle" + "crypto/x509" + "errors" + "fmt" + "io" + "net" + "sync" + "sync/atomic" + "time" +) + +// A Conn represents a secured connection. +// It implements the net.Conn interface. +type Conn struct { + // constant + conn net.Conn + isClient bool + + // constant after handshake; protected by handshakeMutex + handshakeMutex sync.Mutex // handshakeMutex < in.Mutex, out.Mutex, errMutex + // handshakeCond, if not nil, indicates that a goroutine is committed + // to running the handshake for this Conn. Other goroutines that need + // to wait for the handshake can wait on this, under handshakeMutex. + handshakeCond *sync.Cond + handshakeErr error // error resulting from handshake + vers uint16 // TLS version + haveVers bool // version has been negotiated + config *Config // configuration passed to constructor + // handshakeComplete is true if the connection is currently transferring + // application data (i.e. is not currently processing a handshake). + handshakeComplete bool + // handshakes counts the number of handshakes performed on the + // connection so far. If renegotiation is disabled then this is either + // zero or one. + handshakes int + didResume bool // whether this connection was a session resumption + cipherSuite uint16 + ocspResponse []byte // stapled OCSP response + scts [][]byte // signed certificate timestamps from server + peerCertificates []*x509.Certificate + // verifiedChains contains the certificate chains that we built, as + // opposed to the ones presented by the server. + verifiedChains [][]*x509.Certificate + // serverName contains the server name indicated by the client, if any. + serverName string + // secureRenegotiation is true if the server echoed the secure + // renegotiation extension. (This is meaningless as a server because + // renegotiation is not supported in that case.) + secureRenegotiation bool + + // clientFinishedIsFirst is true if the client sent the first Finished + // message during the most recent handshake. This is recorded because + // the first transmitted Finished message is the tls-unique + // channel-binding value. + clientFinishedIsFirst bool + + // closeNotifyErr is any error from sending the alertCloseNotify record. + closeNotifyErr error + // closeNotifySent is true if the Conn attempted to send an + // alertCloseNotify record. + closeNotifySent bool + + // clientFinished and serverFinished contain the Finished message sent + // by the client or server in the most recent handshake. This is + // retained to support the renegotiation extension and tls-unique + // channel-binding. + clientFinished [12]byte + serverFinished [12]byte + + clientProtocol string + clientProtocolFallback bool + + // input/output + in, out halfConn // in.Mutex < out.Mutex + rawInput *block // raw input, right off the wire + input *block // application data waiting to be read + hand bytes.Buffer // handshake data waiting to be read + buffering bool // whether records are buffered in sendBuf + sendBuf []byte // a buffer of records waiting to be sent + + // bytesSent counts the bytes of application data sent. + // packetsSent counts packets. + bytesSent int64 + packetsSent int64 + + // activeCall is an atomic int32; the low bit is whether Close has + // been called. the rest of the bits are the number of goroutines + // in Conn.Write. + activeCall int32 + + tmp [16]byte +} + +// Access to net.Conn methods. +// Cannot just embed net.Conn because that would +// export the struct field too. + +// LocalAddr returns the local network address. +func (c *Conn) LocalAddr() net.Addr { + return c.conn.LocalAddr() +} + +// RemoteAddr returns the remote network address. +func (c *Conn) RemoteAddr() net.Addr { + return c.conn.RemoteAddr() +} + +// SetDeadline sets the read and write deadlines associated with the connection. +// A zero value for t means Read and Write will not time out. +// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error. +func (c *Conn) SetDeadline(t time.Time) error { + return c.conn.SetDeadline(t) +} + +// SetReadDeadline sets the read deadline on the underlying connection. +// A zero value for t means Read will not time out. +func (c *Conn) SetReadDeadline(t time.Time) error { + return c.conn.SetReadDeadline(t) +} + +// SetWriteDeadline sets the write deadline on the underlying connection. +// A zero value for t means Write will not time out. +// After a Write has timed out, the TLS state is corrupt and all future writes will return the same error. +func (c *Conn) SetWriteDeadline(t time.Time) error { + return c.conn.SetWriteDeadline(t) +} + +// A halfConn represents one direction of the record layer +// connection, either sending or receiving. +type halfConn struct { + sync.Mutex + + err error // first permanent error + version uint16 // protocol version + cipher interface{} // cipher algorithm + mac macFunction + seq [8]byte // 64-bit sequence number + bfree *block // list of free blocks + additionalData [13]byte // to avoid allocs; interface method args escape + + nextCipher interface{} // next encryption state + nextMac macFunction // next MAC algorithm + + // used to save allocating a new buffer for each MAC. + inDigestBuf, outDigestBuf []byte +} + +func (hc *halfConn) setErrorLocked(err error) error { + hc.err = err + return err +} + +// prepareCipherSpec sets the encryption and MAC states +// that a subsequent changeCipherSpec will use. +func (hc *halfConn) prepareCipherSpec(version uint16, cipher interface{}, mac macFunction) { + hc.version = version + hc.nextCipher = cipher + hc.nextMac = mac +} + +// changeCipherSpec changes the encryption and MAC states +// to the ones previously passed to prepareCipherSpec. +func (hc *halfConn) changeCipherSpec() error { + if hc.nextCipher == nil { + return alertInternalError + } + hc.cipher = hc.nextCipher + hc.mac = hc.nextMac + hc.nextCipher = nil + hc.nextMac = nil + for i := range hc.seq { + hc.seq[i] = 0 + } + return nil +} + +// incSeq increments the sequence number. +func (hc *halfConn) incSeq() { + for i := 7; i >= 0; i-- { + hc.seq[i]++ + if hc.seq[i] != 0 { + return + } + } + + // Not allowed to let sequence number wrap. + // Instead, must renegotiate before it does. + // Not likely enough to bother. + panic("TLS: sequence number wraparound") +} + +// extractPadding returns, in constant time, the length of the padding to remove +// from the end of payload. It also returns a byte which is equal to 255 if the +// padding was valid and 0 otherwise. See RFC 2246, section 6.2.3.2 +func extractPadding(payload []byte) (toRemove int, good byte) { + if len(payload) < 1 { + return 0, 0 + } + + paddingLen := payload[len(payload)-1] + t := uint(len(payload)-1) - uint(paddingLen) + // if len(payload) >= (paddingLen - 1) then the MSB of t is zero + good = byte(int32(^t) >> 31) + + toCheck := 255 // the maximum possible padding length + // The length of the padded data is public, so we can use an if here + if toCheck+1 > len(payload) { + toCheck = len(payload) - 1 + } + + for i := 0; i < toCheck; i++ { + t := uint(paddingLen) - uint(i) + // if i <= paddingLen then the MSB of t is zero + mask := byte(int32(^t) >> 31) + b := payload[len(payload)-1-i] + good &^= mask&paddingLen ^ mask&b + } + + // We AND together the bits of good and replicate the result across + // all the bits. + good &= good << 4 + good &= good << 2 + good &= good << 1 + good = uint8(int8(good) >> 7) + + toRemove = int(paddingLen) + 1 + return +} + +// extractPaddingSSL30 is a replacement for extractPadding in the case that the +// protocol version is SSLv3. In this version, the contents of the padding +// are random and cannot be checked. +func extractPaddingSSL30(payload []byte) (toRemove int, good byte) { + if len(payload) < 1 { + return 0, 0 + } + + paddingLen := int(payload[len(payload)-1]) + 1 + if paddingLen > len(payload) { + return 0, 0 + } + + return paddingLen, 255 +} + +func roundUp(a, b int) int { + return a + (b-a%b)%b +} + +// cbcMode is an interface for block ciphers using cipher block chaining. +type cbcMode interface { + cipher.BlockMode + SetIV([]byte) +} + +// decrypt checks and strips the mac and decrypts the data in b. Returns a +// success boolean, the number of bytes to skip from the start of the record in +// order to get the application payload, and an optional alert value. +func (hc *halfConn) decrypt(b *block) (ok bool, prefixLen int, alertValue alert) { + // pull out payload + payload := b.data[recordHeaderLen:] + + macSize := 0 + if hc.mac != nil { + macSize = hc.mac.Size() + } + + paddingGood := byte(255) + paddingLen := 0 + explicitIVLen := 0 + + // decrypt + if hc.cipher != nil { + switch c := hc.cipher.(type) { + case cipher.Stream: + c.XORKeyStream(payload, payload) + case aead: + explicitIVLen = c.explicitNonceLen() + if len(payload) < explicitIVLen { + return false, 0, alertBadRecordMAC + } + nonce := payload[:explicitIVLen] + payload = payload[explicitIVLen:] + + if len(nonce) == 0 { + nonce = hc.seq[:] + } + + copy(hc.additionalData[:], hc.seq[:]) + copy(hc.additionalData[8:], b.data[:3]) + n := len(payload) - c.Overhead() + hc.additionalData[11] = byte(n >> 8) + hc.additionalData[12] = byte(n) + var err error + payload, err = c.Open(payload[:0], nonce, payload, hc.additionalData[:]) + if err != nil { + return false, 0, alertBadRecordMAC + } + b.resize(recordHeaderLen + explicitIVLen + len(payload)) + case cbcMode: + blockSize := c.BlockSize() + if hc.version >= VersionTLS11 { + explicitIVLen = blockSize + } + + if len(payload)%blockSize != 0 || len(payload) < roundUp(explicitIVLen+macSize+1, blockSize) { + return false, 0, alertBadRecordMAC + } + + if explicitIVLen > 0 { + c.SetIV(payload[:explicitIVLen]) + payload = payload[explicitIVLen:] + } + c.CryptBlocks(payload, payload) + if hc.version == VersionSSL30 { + paddingLen, paddingGood = extractPaddingSSL30(payload) + } else { + paddingLen, paddingGood = extractPadding(payload) + + // To protect against CBC padding oracles like Lucky13, the data + // past paddingLen (which is secret) is passed to the MAC + // function as extra data, to be fed into the HMAC after + // computing the digest. This makes the MAC constant time as + // long as the digest computation is constant time and does not + // affect the subsequent write. + } + default: + panic("unknown cipher type") + } + } + + // check, strip mac + if hc.mac != nil { + if len(payload) < macSize { + return false, 0, alertBadRecordMAC + } + + // strip mac off payload, b.data + n := len(payload) - macSize - paddingLen + n = subtle.ConstantTimeSelect(int(uint32(n)>>31), 0, n) // if n < 0 { n = 0 } + b.data[3] = byte(n >> 8) + b.data[4] = byte(n) + remoteMAC := payload[n : n+macSize] + localMAC := hc.mac.MAC(hc.inDigestBuf, hc.seq[0:], b.data[:recordHeaderLen], payload[:n], payload[n+macSize:]) + + if subtle.ConstantTimeCompare(localMAC, remoteMAC) != 1 || paddingGood != 255 { + return false, 0, alertBadRecordMAC + } + hc.inDigestBuf = localMAC + + b.resize(recordHeaderLen + explicitIVLen + n) + } + hc.incSeq() + + return true, recordHeaderLen + explicitIVLen, 0 +} + +// padToBlockSize calculates the needed padding block, if any, for a payload. +// On exit, prefix aliases payload and extends to the end of the last full +// block of payload. finalBlock is a fresh slice which contains the contents of +// any suffix of payload as well as the needed padding to make finalBlock a +// full block. +func padToBlockSize(payload []byte, blockSize int) (prefix, finalBlock []byte) { + overrun := len(payload) % blockSize + paddingLen := blockSize - overrun + prefix = payload[:len(payload)-overrun] + finalBlock = make([]byte, blockSize) + copy(finalBlock, payload[len(payload)-overrun:]) + for i := overrun; i < blockSize; i++ { + finalBlock[i] = byte(paddingLen - 1) + } + return +} + +// encrypt encrypts and macs the data in b. +func (hc *halfConn) encrypt(b *block, explicitIVLen int) (bool, alert) { + // mac + if hc.mac != nil { + mac := hc.mac.MAC(hc.outDigestBuf, hc.seq[0:], b.data[:recordHeaderLen], b.data[recordHeaderLen+explicitIVLen:], nil) + + n := len(b.data) + b.resize(n + len(mac)) + copy(b.data[n:], mac) + hc.outDigestBuf = mac + } + + payload := b.data[recordHeaderLen:] + + // encrypt + if hc.cipher != nil { + switch c := hc.cipher.(type) { + case cipher.Stream: + c.XORKeyStream(payload, payload) + case aead: + payloadLen := len(b.data) - recordHeaderLen - explicitIVLen + b.resize(len(b.data) + c.Overhead()) + nonce := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] + if len(nonce) == 0 { + nonce = hc.seq[:] + } + payload := b.data[recordHeaderLen+explicitIVLen:] + payload = payload[:payloadLen] + + copy(hc.additionalData[:], hc.seq[:]) + copy(hc.additionalData[8:], b.data[:3]) + hc.additionalData[11] = byte(payloadLen >> 8) + hc.additionalData[12] = byte(payloadLen) + + c.Seal(payload[:0], nonce, payload, hc.additionalData[:]) + case cbcMode: + blockSize := c.BlockSize() + if explicitIVLen > 0 { + c.SetIV(payload[:explicitIVLen]) + payload = payload[explicitIVLen:] + } + prefix, finalBlock := padToBlockSize(payload, blockSize) + b.resize(recordHeaderLen + explicitIVLen + len(prefix) + len(finalBlock)) + c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen:], prefix) + c.CryptBlocks(b.data[recordHeaderLen+explicitIVLen+len(prefix):], finalBlock) + default: + panic("unknown cipher type") + } + } + + // update length to include MAC and any block padding needed. + n := len(b.data) - recordHeaderLen + b.data[3] = byte(n >> 8) + b.data[4] = byte(n) + hc.incSeq() + + return true, 0 +} + +// A block is a simple data buffer. +type block struct { + data []byte + off int // index for Read + link *block +} + +// resize resizes block to be n bytes, growing if necessary. +func (b *block) resize(n int) { + if n > cap(b.data) { + b.reserve(n) + } + b.data = b.data[0:n] +} + +// reserve makes sure that block contains a capacity of at least n bytes. +func (b *block) reserve(n int) { + if cap(b.data) >= n { + return + } + m := cap(b.data) + if m == 0 { + m = 1024 + } + for m < n { + m *= 2 + } + data := make([]byte, len(b.data), m) + copy(data, b.data) + b.data = data +} + +// readFromUntil reads from r into b until b contains at least n bytes +// or else returns an error. +func (b *block) readFromUntil(r io.Reader, n int) error { + // quick case + if len(b.data) >= n { + return nil + } + + // read until have enough. + b.reserve(n) + for { + m, err := r.Read(b.data[len(b.data):cap(b.data)]) + b.data = b.data[0 : len(b.data)+m] + if len(b.data) >= n { + // TODO(bradfitz,agl): slightly suspicious + // that we're throwing away r.Read's err here. + break + } + if err != nil { + return err + } + } + return nil +} + +func (b *block) Read(p []byte) (n int, err error) { + n = copy(p, b.data[b.off:]) + b.off += n + return +} + +// newBlock allocates a new block, from hc's free list if possible. +func (hc *halfConn) newBlock() *block { + b := hc.bfree + if b == nil { + return new(block) + } + hc.bfree = b.link + b.link = nil + b.resize(0) + return b +} + +// freeBlock returns a block to hc's free list. +// The protocol is such that each side only has a block or two on +// its free list at a time, so there's no need to worry about +// trimming the list, etc. +func (hc *halfConn) freeBlock(b *block) { + b.link = hc.bfree + hc.bfree = b +} + +// splitBlock splits a block after the first n bytes, +// returning a block with those n bytes and a +// block with the remainder. the latter may be nil. +func (hc *halfConn) splitBlock(b *block, n int) (*block, *block) { + if len(b.data) <= n { + return b, nil + } + bb := hc.newBlock() + bb.resize(len(b.data) - n) + copy(bb.data, b.data[n:]) + b.data = b.data[0:n] + return b, bb +} + +// RecordHeaderError results when a TLS record header is invalid. +type RecordHeaderError struct { + // Msg contains a human readable string that describes the error. + Msg string + // RecordHeader contains the five bytes of TLS record header that + // triggered the error. + RecordHeader [5]byte +} + +func (e RecordHeaderError) Error() string { return "tls: " + e.Msg } + +func (c *Conn) newRecordHeaderError(msg string) (err RecordHeaderError) { + err.Msg = msg + copy(err.RecordHeader[:], c.rawInput.data) + return err +} + +// readRecord reads the next TLS record from the connection +// and updates the record layer state. +// c.in.Mutex <= L; c.input == nil. +func (c *Conn) readRecord(want recordType) error { + // Caller must be in sync with connection: + // handshake data if handshake not yet completed, + // else application data. + switch want { + default: + c.sendAlert(alertInternalError) + return c.in.setErrorLocked(errors.New("tls: unknown record type requested")) + case recordTypeHandshake, recordTypeChangeCipherSpec: + if c.handshakeComplete { + c.sendAlert(alertInternalError) + return c.in.setErrorLocked(errors.New("tls: handshake or ChangeCipherSpec requested while not in handshake")) + } + case recordTypeApplicationData: + if !c.handshakeComplete { + c.sendAlert(alertInternalError) + return c.in.setErrorLocked(errors.New("tls: application data record requested while in handshake")) + } + } + +Again: + if c.rawInput == nil { + c.rawInput = c.in.newBlock() + } + b := c.rawInput + + // Read header, payload. + if err := b.readFromUntil(c.conn, recordHeaderLen); err != nil { + // RFC suggests that EOF without an alertCloseNotify is + // an error, but popular web sites seem to do this, + // so we can't make it an error. + // if err == io.EOF { + // err = io.ErrUnexpectedEOF + // } + if e, ok := err.(net.Error); !ok || !e.Temporary() { + c.in.setErrorLocked(err) + } + return err + } + typ := recordType(b.data[0]) + + // No valid TLS record has a type of 0x80, however SSLv2 handshakes + // start with a uint16 length where the MSB is set and the first record + // is always < 256 bytes long. Therefore typ == 0x80 strongly suggests + // an SSLv2 client. + if want == recordTypeHandshake && typ == 0x80 { + c.sendAlert(alertProtocolVersion) + return c.in.setErrorLocked(c.newRecordHeaderError("unsupported SSLv2 handshake received")) + } + + vers := uint16(b.data[1])<<8 | uint16(b.data[2]) + n := int(b.data[3])<<8 | int(b.data[4]) + if c.haveVers && vers != c.vers { + c.sendAlert(alertProtocolVersion) + msg := fmt.Sprintf("received record with version %x when expecting version %x", vers, c.vers) + return c.in.setErrorLocked(c.newRecordHeaderError(msg)) + } + if n > maxCiphertext { + c.sendAlert(alertRecordOverflow) + msg := fmt.Sprintf("oversized record received with length %d", n) + return c.in.setErrorLocked(c.newRecordHeaderError(msg)) + } + if !c.haveVers { + // First message, be extra suspicious: this might not be a TLS + // client. Bail out before reading a full 'body', if possible. + // The current max version is 3.3 so if the version is >= 16.0, + // it's probably not real. + if (typ != recordTypeAlert && typ != want) || vers >= 0x1000 { + c.sendAlert(alertUnexpectedMessage) + return c.in.setErrorLocked(c.newRecordHeaderError("first record does not look like a TLS handshake")) + } + } + if err := b.readFromUntil(c.conn, recordHeaderLen+n); err != nil { + if err == io.EOF { + err = io.ErrUnexpectedEOF + } + if e, ok := err.(net.Error); !ok || !e.Temporary() { + c.in.setErrorLocked(err) + } + return err + } + + // Process message. + b, c.rawInput = c.in.splitBlock(b, recordHeaderLen+n) + ok, off, alertValue := c.in.decrypt(b) + if !ok { + c.in.freeBlock(b) + return c.in.setErrorLocked(c.sendAlert(alertValue)) + } + b.off = off + data := b.data[b.off:] + if len(data) > maxPlaintext { + err := c.sendAlert(alertRecordOverflow) + c.in.freeBlock(b) + return c.in.setErrorLocked(err) + } + + switch typ { + default: + c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + + case recordTypeAlert: + if len(data) != 2 { + c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + break + } + if alert(data[1]) == alertCloseNotify { + c.in.setErrorLocked(io.EOF) + break + } + switch data[0] { + case alertLevelWarning: + // drop on the floor + c.in.freeBlock(b) + goto Again + case alertLevelError: + c.in.setErrorLocked(&net.OpError{Op: "remote error", Err: alert(data[1])}) + default: + c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + + case recordTypeChangeCipherSpec: + if typ != want || len(data) != 1 || data[0] != 1 { + c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + break + } + err := c.in.changeCipherSpec() + if err != nil { + c.in.setErrorLocked(c.sendAlert(err.(alert))) + } + + case recordTypeApplicationData: + if typ != want { + c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + break + } + c.input = b + b = nil + + case recordTypeHandshake: + // TODO(rsc): Should at least pick off connection close. + if typ != want && !(c.isClient && c.config.Renegotiation != RenegotiateNever) { + return c.in.setErrorLocked(c.sendAlert(alertNoRenegotiation)) + } + c.hand.Write(data) + } + + if b != nil { + c.in.freeBlock(b) + } + return c.in.err +} + +// sendAlert sends a TLS alert message. +// c.out.Mutex <= L. +func (c *Conn) sendAlertLocked(err alert) error { + switch err { + case alertNoRenegotiation, alertCloseNotify: + c.tmp[0] = alertLevelWarning + default: + c.tmp[0] = alertLevelError + } + c.tmp[1] = byte(err) + + _, writeErr := c.writeRecordLocked(recordTypeAlert, c.tmp[0:2]) + if err == alertCloseNotify { + // closeNotify is a special case in that it isn't an error. + return writeErr + } + + return c.out.setErrorLocked(&net.OpError{Op: "local error", Err: err}) +} + +// sendAlert sends a TLS alert message. +// L < c.out.Mutex. +func (c *Conn) sendAlert(err alert) error { + c.out.Lock() + defer c.out.Unlock() + return c.sendAlertLocked(err) +} + +const ( + // tcpMSSEstimate is a conservative estimate of the TCP maximum segment + // size (MSS). A constant is used, rather than querying the kernel for + // the actual MSS, to avoid complexity. The value here is the IPv6 + // minimum MTU (1280 bytes) minus the overhead of an IPv6 header (40 + // bytes) and a TCP header with timestamps (32 bytes). + tcpMSSEstimate = 1208 + + // recordSizeBoostThreshold is the number of bytes of application data + // sent after which the TLS record size will be increased to the + // maximum. + recordSizeBoostThreshold = 128 * 1024 +) + +// maxPayloadSizeForWrite returns the maximum TLS payload size to use for the +// next application data record. There is the following trade-off: +// +// - For latency-sensitive applications, such as web browsing, each TLS +// record should fit in one TCP segment. +// - For throughput-sensitive applications, such as large file transfers, +// larger TLS records better amortize framing and encryption overheads. +// +// A simple heuristic that works well in practice is to use small records for +// the first 1MB of data, then use larger records for subsequent data, and +// reset back to smaller records after the connection becomes idle. See "High +// Performance Web Networking", Chapter 4, or: +// https://www.igvita.com/2013/10/24/optimizing-tls-record-size-and-buffering-latency/ +// +// In the interests of simplicity and determinism, this code does not attempt +// to reset the record size once the connection is idle, however. +// +// c.out.Mutex <= L. +func (c *Conn) maxPayloadSizeForWrite(typ recordType, explicitIVLen int) int { + if c.config.DynamicRecordSizingDisabled || typ != recordTypeApplicationData { + return maxPlaintext + } + + if c.bytesSent >= recordSizeBoostThreshold { + return maxPlaintext + } + + // Subtract TLS overheads to get the maximum payload size. + macSize := 0 + if c.out.mac != nil { + macSize = c.out.mac.Size() + } + + payloadBytes := tcpMSSEstimate - recordHeaderLen - explicitIVLen + if c.out.cipher != nil { + switch ciph := c.out.cipher.(type) { + case cipher.Stream: + payloadBytes -= macSize + case cipher.AEAD: + payloadBytes -= ciph.Overhead() + case cbcMode: + blockSize := ciph.BlockSize() + // The payload must fit in a multiple of blockSize, with + // room for at least one padding byte. + payloadBytes = (payloadBytes & ^(blockSize - 1)) - 1 + // The MAC is appended before padding so affects the + // payload size directly. + payloadBytes -= macSize + default: + panic("unknown cipher type") + } + } + + // Allow packet growth in arithmetic progression up to max. + pkt := c.packetsSent + c.packetsSent++ + if pkt > 1000 { + return maxPlaintext // avoid overflow in multiply below + } + + n := payloadBytes * int(pkt+1) + if n > maxPlaintext { + n = maxPlaintext + } + return n +} + +// c.out.Mutex <= L. +func (c *Conn) write(data []byte) (int, error) { + if c.buffering { + c.sendBuf = append(c.sendBuf, data...) + return len(data), nil + } + + n, err := c.conn.Write(data) + c.bytesSent += int64(n) + return n, err +} + +func (c *Conn) flush() (int, error) { + if len(c.sendBuf) == 0 { + return 0, nil + } + + n, err := c.conn.Write(c.sendBuf) + c.bytesSent += int64(n) + c.sendBuf = nil + c.buffering = false + return n, err +} + +// writeRecordLocked writes a TLS record with the given type and payload to the +// connection and updates the record layer state. +// c.out.Mutex <= L. +func (c *Conn) writeRecordLocked(typ recordType, data []byte) (int, error) { + b := c.out.newBlock() + defer c.out.freeBlock(b) + + var n int + for len(data) > 0 { + explicitIVLen := 0 + explicitIVIsSeq := false + + var cbc cbcMode + if c.out.version >= VersionTLS11 { + var ok bool + if cbc, ok = c.out.cipher.(cbcMode); ok { + explicitIVLen = cbc.BlockSize() + } + } + if explicitIVLen == 0 { + if c, ok := c.out.cipher.(aead); ok { + explicitIVLen = c.explicitNonceLen() + + // The AES-GCM construction in TLS has an + // explicit nonce so that the nonce can be + // random. However, the nonce is only 8 bytes + // which is too small for a secure, random + // nonce. Therefore we use the sequence number + // as the nonce. + explicitIVIsSeq = explicitIVLen > 0 + } + } + m := len(data) + if maxPayload := c.maxPayloadSizeForWrite(typ, explicitIVLen); m > maxPayload { + m = maxPayload + } + b.resize(recordHeaderLen + explicitIVLen + m) + b.data[0] = byte(typ) + vers := c.vers + if vers == 0 { + // Some TLS servers fail if the record version is + // greater than TLS 1.0 for the initial ClientHello. + vers = VersionTLS10 + } + b.data[1] = byte(vers >> 8) + b.data[2] = byte(vers) + b.data[3] = byte(m >> 8) + b.data[4] = byte(m) + if explicitIVLen > 0 { + explicitIV := b.data[recordHeaderLen : recordHeaderLen+explicitIVLen] + if explicitIVIsSeq { + copy(explicitIV, c.out.seq[:]) + } else { + if _, err := io.ReadFull(c.config.rand(), explicitIV); err != nil { + return n, err + } + } + } + copy(b.data[recordHeaderLen+explicitIVLen:], data) + c.out.encrypt(b, explicitIVLen) + if _, err := c.write(b.data); err != nil { + return n, err + } + n += m + data = data[m:] + } + + if typ == recordTypeChangeCipherSpec { + if err := c.out.changeCipherSpec(); err != nil { + return n, c.sendAlertLocked(err.(alert)) + } + } + + return n, nil +} + +// writeRecord writes a TLS record with the given type and payload to the +// connection and updates the record layer state. +// L < c.out.Mutex. +func (c *Conn) writeRecord(typ recordType, data []byte) (int, error) { + c.out.Lock() + defer c.out.Unlock() + + return c.writeRecordLocked(typ, data) +} + +// readHandshake reads the next handshake message from +// the record layer. +// c.in.Mutex < L; c.out.Mutex < L. +func (c *Conn) readHandshake() (interface{}, error) { + for c.hand.Len() < 4 { + if err := c.in.err; err != nil { + return nil, err + } + if err := c.readRecord(recordTypeHandshake); err != nil { + return nil, err + } + } + + data := c.hand.Bytes() + n := int(data[1])<<16 | int(data[2])<<8 | int(data[3]) + if n > maxHandshake { + c.sendAlertLocked(alertInternalError) + return nil, c.in.setErrorLocked(fmt.Errorf("tls: handshake message of length %d bytes exceeds maximum of %d bytes", n, maxHandshake)) + } + for c.hand.Len() < 4+n { + if err := c.in.err; err != nil { + return nil, err + } + if err := c.readRecord(recordTypeHandshake); err != nil { + return nil, err + } + } + data = c.hand.Next(4 + n) + var m handshakeMessage + switch data[0] { + case typeHelloRequest: + m = new(helloRequestMsg) + case typeClientHello: + m = new(clientHelloMsg) + case typeServerHello: + m = new(serverHelloMsg) + case typeNewSessionTicket: + m = new(newSessionTicketMsg) + case typeCertificate: + m = new(certificateMsg) + case typeCertificateRequest: + m = &certificateRequestMsg{ + hasSignatureAndHash: c.vers >= VersionTLS12, + } + case typeCertificateStatus: + m = new(certificateStatusMsg) + case typeServerKeyExchange: + m = new(serverKeyExchangeMsg) + case typeServerHelloDone: + m = new(serverHelloDoneMsg) + case typeClientKeyExchange: + m = new(clientKeyExchangeMsg) + case typeCertificateVerify: + m = &certificateVerifyMsg{ + hasSignatureAndHash: c.vers >= VersionTLS12, + } + case typeNextProtocol: + m = new(nextProtoMsg) + case typeFinished: + m = new(finishedMsg) + default: + return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + + // The handshake message unmarshalers + // expect to be able to keep references to data, + // so pass in a fresh copy that won't be overwritten. + data = append([]byte(nil), data...) + + if !m.unmarshal(data) { + return nil, c.in.setErrorLocked(c.sendAlert(alertUnexpectedMessage)) + } + return m, nil +} + +var ( + errClosed = errors.New("tls: use of closed connection") + errShutdown = errors.New("tls: protocol is shutdown") +) + +// Write writes data to the connection. +func (c *Conn) Write(b []byte) (int, error) { + // interlock with Close below + for { + x := atomic.LoadInt32(&c.activeCall) + if x&1 != 0 { + return 0, errClosed + } + if atomic.CompareAndSwapInt32(&c.activeCall, x, x+2) { + defer atomic.AddInt32(&c.activeCall, -2) + break + } + } + + if err := c.Handshake(); err != nil { + return 0, err + } + + c.out.Lock() + defer c.out.Unlock() + + if err := c.out.err; err != nil { + return 0, err + } + + if !c.handshakeComplete { + return 0, alertInternalError + } + + if c.closeNotifySent { + return 0, errShutdown + } + + // SSL 3.0 and TLS 1.0 are susceptible to a chosen-plaintext + // attack when using block mode ciphers due to predictable IVs. + // This can be prevented by splitting each Application Data + // record into two records, effectively randomizing the IV. + // + // http://www.openssl.org/~bodo/tls-cbc.txt + // https://bugzilla.mozilla.org/show_bug.cgi?id=665814 + // http://www.imperialviolet.org/2012/01/15/beastfollowup.html + + var m int + if len(b) > 1 && c.vers <= VersionTLS10 { + if _, ok := c.out.cipher.(cipher.BlockMode); ok { + n, err := c.writeRecordLocked(recordTypeApplicationData, b[:1]) + if err != nil { + return n, c.out.setErrorLocked(err) + } + m, b = 1, b[1:] + } + } + + n, err := c.writeRecordLocked(recordTypeApplicationData, b) + return n + m, c.out.setErrorLocked(err) +} + +// handleRenegotiation processes a HelloRequest handshake message. +// c.in.Mutex <= L +func (c *Conn) handleRenegotiation() error { + msg, err := c.readHandshake() + if err != nil { + return err + } + + _, ok := msg.(*helloRequestMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return alertUnexpectedMessage + } + + if !c.isClient { + return c.sendAlert(alertNoRenegotiation) + } + + switch c.config.Renegotiation { + case RenegotiateNever: + return c.sendAlert(alertNoRenegotiation) + case RenegotiateOnceAsClient: + if c.handshakes > 1 { + return c.sendAlert(alertNoRenegotiation) + } + case RenegotiateFreelyAsClient: + // Ok. + default: + c.sendAlert(alertInternalError) + return errors.New("tls: unknown Renegotiation value") + } + + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + + c.handshakeComplete = false + if c.handshakeErr = c.clientHandshake(); c.handshakeErr == nil { + c.handshakes++ + } + return c.handshakeErr +} + +// Read can be made to time out and return a net.Error with Timeout() == true +// after a fixed time limit; see SetDeadline and SetReadDeadline. +func (c *Conn) Read(b []byte) (n int, err error) { + if err = c.Handshake(); err != nil { + return + } + if len(b) == 0 { + // Put this after Handshake, in case people were calling + // Read(nil) for the side effect of the Handshake. + return + } + + c.in.Lock() + defer c.in.Unlock() + + // Some OpenSSL servers send empty records in order to randomize the + // CBC IV. So this loop ignores a limited number of empty records. + const maxConsecutiveEmptyRecords = 100 + for emptyRecordCount := 0; emptyRecordCount <= maxConsecutiveEmptyRecords; emptyRecordCount++ { + for c.input == nil && c.in.err == nil { + if err := c.readRecord(recordTypeApplicationData); err != nil { + // Soft error, like EAGAIN + return 0, err + } + if c.hand.Len() > 0 { + // We received handshake bytes, indicating the + // start of a renegotiation. + if err := c.handleRenegotiation(); err != nil { + return 0, err + } + } + } + if err := c.in.err; err != nil { + return 0, err + } + + n, err = c.input.Read(b) + if c.input.off >= len(c.input.data) { + c.in.freeBlock(c.input) + c.input = nil + } + + // If a close-notify alert is waiting, read it so that + // we can return (n, EOF) instead of (n, nil), to signal + // to the HTTP response reading goroutine that the + // connection is now closed. This eliminates a race + // where the HTTP response reading goroutine would + // otherwise not observe the EOF until its next read, + // by which time a client goroutine might have already + // tried to reuse the HTTP connection for a new + // request. + // See https://codereview.appspot.com/76400046 + // and https://golang.org/issue/3514 + if ri := c.rawInput; ri != nil && + n != 0 && err == nil && + c.input == nil && len(ri.data) > 0 && recordType(ri.data[0]) == recordTypeAlert { + if recErr := c.readRecord(recordTypeApplicationData); recErr != nil { + err = recErr // will be io.EOF on closeNotify + } + } + + if n != 0 || err != nil { + return n, err + } + } + + return 0, io.ErrNoProgress +} + +// Close closes the connection. +func (c *Conn) Close() error { + // Interlock with Conn.Write above. + var x int32 + for { + x = atomic.LoadInt32(&c.activeCall) + if x&1 != 0 { + return errClosed + } + if atomic.CompareAndSwapInt32(&c.activeCall, x, x|1) { + break + } + } + if x != 0 { + // io.Writer and io.Closer should not be used concurrently. + // If Close is called while a Write is currently in-flight, + // interpret that as a sign that this Close is really just + // being used to break the Write and/or clean up resources and + // avoid sending the alertCloseNotify, which may block + // waiting on handshakeMutex or the c.out mutex. + return c.conn.Close() + } + + var alertErr error + + c.handshakeMutex.Lock() + if c.handshakeComplete { + alertErr = c.closeNotify() + } + c.handshakeMutex.Unlock() + + if err := c.conn.Close(); err != nil { + return err + } + return alertErr +} + +var errEarlyCloseWrite = errors.New("tls: CloseWrite called before handshake complete") + +// CloseWrite shuts down the writing side of the connection. It should only be +// called once the handshake has completed and does not call CloseWrite on the +// underlying connection. Most callers should just use Close. +func (c *Conn) CloseWrite() error { + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + if !c.handshakeComplete { + return errEarlyCloseWrite + } + + return c.closeNotify() +} + +func (c *Conn) closeNotify() error { + c.out.Lock() + defer c.out.Unlock() + + if !c.closeNotifySent { + c.closeNotifyErr = c.sendAlertLocked(alertCloseNotify) + c.closeNotifySent = true + } + return c.closeNotifyErr +} + +// Handshake runs the client or server handshake +// protocol if it has not yet been run. +// Most uses of this package need not call Handshake +// explicitly: the first Read or Write will call it automatically. +func (c *Conn) Handshake() error { + // c.handshakeErr and c.handshakeComplete are protected by + // c.handshakeMutex. In order to perform a handshake, we need to lock + // c.in also and c.handshakeMutex must be locked after c.in. + // + // However, if a Read() operation is hanging then it'll be holding the + // lock on c.in and so taking it here would cause all operations that + // need to check whether a handshake is pending (such as Write) to + // block. + // + // Thus we first take c.handshakeMutex to check whether a handshake is + // needed. + // + // If so then, previously, this code would unlock handshakeMutex and + // then lock c.in and handshakeMutex in the correct order to run the + // handshake. The problem was that it was possible for a Read to + // complete the handshake once handshakeMutex was unlocked and then + // keep c.in while waiting for network data. Thus a concurrent + // operation could be blocked on c.in. + // + // Thus handshakeCond is used to signal that a goroutine is committed + // to running the handshake and other goroutines can wait on it if they + // need. handshakeCond is protected by handshakeMutex. + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + + for { + if err := c.handshakeErr; err != nil { + return err + } + if c.handshakeComplete { + return nil + } + if c.handshakeCond == nil { + break + } + + c.handshakeCond.Wait() + } + + // Set handshakeCond to indicate that this goroutine is committing to + // running the handshake. + c.handshakeCond = sync.NewCond(&c.handshakeMutex) + c.handshakeMutex.Unlock() + + c.in.Lock() + defer c.in.Unlock() + + c.handshakeMutex.Lock() + + // The handshake cannot have completed when handshakeMutex was unlocked + // because this goroutine set handshakeCond. + if c.handshakeErr != nil || c.handshakeComplete { + panic("handshake should not have been able to complete after handshakeCond was set") + } + + if c.isClient { + c.handshakeErr = c.clientHandshake() + } else { + c.handshakeErr = c.serverHandshake() + } + if c.handshakeErr == nil { + c.handshakes++ + } else { + // If an error occurred during the hadshake try to flush the + // alert that might be left in the buffer. + c.flush() + } + + if c.handshakeErr == nil && !c.handshakeComplete { + panic("handshake should have had a result.") + } + + // Wake any other goroutines that are waiting for this handshake to + // complete. + c.handshakeCond.Broadcast() + c.handshakeCond = nil + + return c.handshakeErr +} + +// ConnectionState returns basic TLS details about the connection. +func (c *Conn) ConnectionState() ConnectionState { + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + + var state ConnectionState + state.HandshakeComplete = c.handshakeComplete + state.ServerName = c.serverName + + if c.handshakeComplete { + state.Version = c.vers + state.NegotiatedProtocol = c.clientProtocol + state.DidResume = c.didResume + state.NegotiatedProtocolIsMutual = !c.clientProtocolFallback + state.CipherSuite = c.cipherSuite + state.PeerCertificates = c.peerCertificates + state.VerifiedChains = c.verifiedChains + state.SignedCertificateTimestamps = c.scts + state.OCSPResponse = c.ocspResponse + if !c.didResume { + if c.clientFinishedIsFirst { + state.TLSUnique = c.clientFinished[:] + } else { + state.TLSUnique = c.serverFinished[:] + } + } + } + + return state +} + +// OCSPResponse returns the stapled OCSP response from the TLS server, if +// any. (Only valid for client connections.) +func (c *Conn) OCSPResponse() []byte { + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + + return c.ocspResponse +} + +// VerifyHostname checks that the peer certificate chain is valid for +// connecting to host. If so, it returns nil; if not, it returns an error +// describing the problem. +func (c *Conn) VerifyHostname(host string) error { + c.handshakeMutex.Lock() + defer c.handshakeMutex.Unlock() + if !c.isClient { + return errors.New("tls: VerifyHostname called on TLS server connection") + } + if !c.handshakeComplete { + return errors.New("tls: handshake has not yet been performed") + } + if len(c.verifiedChains) == 0 { + return errors.New("tls: handshake did not verify certificate chain") + } + return c.peerCertificates[0].VerifyHostname(host) +} diff --git a/conn_test.go b/conn_test.go new file mode 100644 index 0000000..e27c541 --- /dev/null +++ b/conn_test.go @@ -0,0 +1,274 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "io" + "net" + "testing" +) + +func TestRoundUp(t *testing.T) { + if roundUp(0, 16) != 0 || + roundUp(1, 16) != 16 || + roundUp(15, 16) != 16 || + roundUp(16, 16) != 16 || + roundUp(17, 16) != 32 { + t.Error("roundUp broken") + } +} + +var paddingTests = []struct { + in []byte + good bool + expectedLen int +}{ + {[]byte{1, 2, 3, 4, 0}, true, 4}, + {[]byte{1, 2, 3, 4, 0, 1}, false, 0}, + {[]byte{1, 2, 3, 4, 99, 99}, false, 0}, + {[]byte{1, 2, 3, 4, 1, 1}, true, 4}, + {[]byte{1, 2, 3, 2, 2, 2}, true, 3}, + {[]byte{1, 2, 3, 3, 3, 3}, true, 2}, + {[]byte{1, 2, 3, 4, 3, 3}, false, 0}, + {[]byte{1, 4, 4, 4, 4, 4}, true, 1}, + {[]byte{5, 5, 5, 5, 5, 5}, true, 0}, + {[]byte{6, 6, 6, 6, 6, 6}, false, 0}, +} + +func TestRemovePadding(t *testing.T) { + for i, test := range paddingTests { + paddingLen, good := extractPadding(test.in) + expectedGood := byte(255) + if !test.good { + expectedGood = 0 + } + if good != expectedGood { + t.Errorf("#%d: wrong validity, want:%d got:%d", i, expectedGood, good) + } + if good == 255 && len(test.in)-paddingLen != test.expectedLen { + t.Errorf("#%d: got %d, want %d", i, len(test.in)-paddingLen, test.expectedLen) + } + } +} + +var certExampleCom = `308201713082011ba003020102021005a75ddf21014d5f417083b7a010ba2e300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343135335a170d3137303831373231343135335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b37f0fdd67e715bf532046ac34acbd8fdc4dabe2b598588f3f58b1f12e6219a16cbfe54d2b4b665396013589262360b6721efa27d546854f17cc9aeec6751db10203010001a34d304b300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030160603551d11040f300d820b6578616d706c652e636f6d300d06092a864886f70d01010b050003410059fc487866d3d855503c8e064ca32aac5e9babcece89ec597f8b2b24c17867f4a5d3b4ece06e795bfc5448ccbd2ffca1b3433171ebf3557a4737b020565350a0` + +var certWildcardExampleCom = `308201743082011ea003020102021100a7aa6297c9416a4633af8bec2958c607300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343231395a170d3137303831373231343231395a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100b105afc859a711ee864114e7d2d46c2dcbe392d3506249f6c2285b0eb342cc4bf2d803677c61c0abde443f084745c1a6d62080e5664ef2cc8f50ad8a0ab8870b0203010001a34f304d300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff0402300030180603551d110411300f820d2a2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100af26088584d266e3f6566360cf862c7fecc441484b098b107439543144a2b93f20781988281e108c6d7656934e56950e1e5f2bcf38796b814ccb729445856c34` + +var certFooExampleCom = `308201753082011fa00302010202101bbdb6070b0aeffc49008cde74deef29300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343234345a170d3137303831373231343234345a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100f00ac69d8ca2829f26216c7b50f1d4bbabad58d447706476cd89a2f3e1859943748aa42c15eedc93ac7c49e40d3b05ed645cb6b81c4efba60d961f44211a54eb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f666f6f2e6578616d706c652e636f6d300d06092a864886f70d01010b0500034100a0957fca6d1e0f1ef4b247348c7a8ca092c29c9c0ecc1898ea6b8065d23af6d922a410dd2335a0ea15edd1394cef9f62c9e876a21e35250a0b4fe1ddceba0f36` + +var certDoubleWildcardExampleCom = `308201753082011fa003020102021039d262d8538db8ffba30d204e02ddeb5300d06092a864886f70d01010b050030123110300e060355040a130741636d6520436f301e170d3136303831373231343331335a170d3137303831373231343331335a30123110300e060355040a130741636d6520436f305c300d06092a864886f70d0101010500034b003048024100abb6bd84b8b9be3fb9415d00f22b4ddcaec7c99855b9d818c09003e084578430e5cfd2e35faa3561f036d496aa43a9ca6e6cf23c72a763c04ae324004f6cbdbb0203010001a351304f300e0603551d0f0101ff0404030205a030130603551d25040c300a06082b06010505070301300c0603551d130101ff04023000301a0603551d1104133011820f2a2e2a2e6578616d706c652e636f6d300d06092a864886f70d01010b05000341004837521004a5b6bc7ad5d6c0dae60bb7ee0fa5e4825be35e2bb6ef07ee29396ca30ceb289431bcfd363888ba2207139933ac7c6369fa8810c819b2e2966abb4b` + +func TestCertificateSelection(t *testing.T) { + config := Config{ + Certificates: []Certificate{ + { + Certificate: [][]byte{fromHex(certExampleCom)}, + }, + { + Certificate: [][]byte{fromHex(certWildcardExampleCom)}, + }, + { + Certificate: [][]byte{fromHex(certFooExampleCom)}, + }, + { + Certificate: [][]byte{fromHex(certDoubleWildcardExampleCom)}, + }, + }, + } + + config.BuildNameToCertificate() + + pointerToIndex := func(c *Certificate) int { + for i := range config.Certificates { + if c == &config.Certificates[i] { + return i + } + } + return -1 + } + + certificateForName := func(name string) *Certificate { + clientHello := &ClientHelloInfo{ + ServerName: name, + } + if cert, err := config.getCertificate(clientHello); err != nil { + t.Errorf("unable to get certificate for name '%s': %s", name, err) + return nil + } else { + return cert + } + } + + if n := pointerToIndex(certificateForName("example.com")); n != 0 { + t.Errorf("example.com returned certificate %d, not 0", n) + } + if n := pointerToIndex(certificateForName("bar.example.com")); n != 1 { + t.Errorf("bar.example.com returned certificate %d, not 1", n) + } + if n := pointerToIndex(certificateForName("foo.example.com")); n != 2 { + t.Errorf("foo.example.com returned certificate %d, not 2", n) + } + if n := pointerToIndex(certificateForName("foo.bar.example.com")); n != 3 { + t.Errorf("foo.bar.example.com returned certificate %d, not 3", n) + } + if n := pointerToIndex(certificateForName("foo.bar.baz.example.com")); n != 0 { + t.Errorf("foo.bar.baz.example.com returned certificate %d, not 0", n) + } +} + +// Run with multiple crypto configs to test the logic for computing TLS record overheads. +func runDynamicRecordSizingTest(t *testing.T, config *Config) { + clientConn, serverConn := net.Pipe() + + serverConfig := config.Clone() + serverConfig.DynamicRecordSizingDisabled = false + tlsConn := Server(serverConn, serverConfig) + + recordSizesChan := make(chan []int, 1) + go func() { + // This goroutine performs a TLS handshake over clientConn and + // then reads TLS records until EOF. It writes a slice that + // contains all the record sizes to recordSizesChan. + defer close(recordSizesChan) + defer clientConn.Close() + + tlsConn := Client(clientConn, config) + if err := tlsConn.Handshake(); err != nil { + t.Errorf("Error from client handshake: %v", err) + return + } + + var recordHeader [recordHeaderLen]byte + var record []byte + var recordSizes []int + + for { + n, err := io.ReadFull(clientConn, recordHeader[:]) + if err == io.EOF { + break + } + if err != nil || n != len(recordHeader) { + t.Errorf("io.ReadFull = %d, %v", n, err) + return + } + + length := int(recordHeader[3])<<8 | int(recordHeader[4]) + if len(record) < length { + record = make([]byte, length) + } + + n, err = io.ReadFull(clientConn, record[:length]) + if err != nil || n != length { + t.Errorf("io.ReadFull = %d, %v", n, err) + return + } + + // The last record will be a close_notify alert, which + // we don't wish to record. + if recordType(recordHeader[0]) == recordTypeApplicationData { + recordSizes = append(recordSizes, recordHeaderLen+length) + } + } + + recordSizesChan <- recordSizes + }() + + if err := tlsConn.Handshake(); err != nil { + t.Fatalf("Error from server handshake: %s", err) + } + + // The server writes these plaintexts in order. + plaintext := bytes.Join([][]byte{ + bytes.Repeat([]byte("x"), recordSizeBoostThreshold), + bytes.Repeat([]byte("y"), maxPlaintext*2), + bytes.Repeat([]byte("z"), maxPlaintext), + }, nil) + + if _, err := tlsConn.Write(plaintext); err != nil { + t.Fatalf("Error from server write: %s", err) + } + if err := tlsConn.Close(); err != nil { + t.Fatalf("Error from server close: %s", err) + } + + recordSizes := <-recordSizesChan + if recordSizes == nil { + t.Fatalf("Client encountered an error") + } + + // Drop the size of last record, which is likely to be truncated. + recordSizes = recordSizes[:len(recordSizes)-1] + + // recordSizes should contain a series of records smaller than + // tcpMSSEstimate followed by some larger than maxPlaintext. + seenLargeRecord := false + for i, size := range recordSizes { + if !seenLargeRecord { + if size > (i+1)*tcpMSSEstimate { + t.Fatalf("Record #%d has size %d, which is too large too soon", i, size) + } + if size >= maxPlaintext { + seenLargeRecord = true + } + } else if size <= maxPlaintext { + t.Fatalf("Record #%d has size %d but should be full sized", i, size) + } + } + + if !seenLargeRecord { + t.Fatalf("No large records observed") + } +} + +func TestDynamicRecordSizingWithStreamCipher(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_RSA_WITH_RC4_128_SHA} + runDynamicRecordSizingTest(t, config) +} + +func TestDynamicRecordSizingWithCBC(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_RSA_WITH_AES_256_CBC_SHA} + runDynamicRecordSizingTest(t, config) +} + +func TestDynamicRecordSizingWithAEAD(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256} + runDynamicRecordSizingTest(t, config) +} + +// hairpinConn is a net.Conn that makes a “hairpin” call when closed, back into +// the tls.Conn which is calling it. +type hairpinConn struct { + net.Conn + tlsConn *Conn +} + +func (conn *hairpinConn) Close() error { + conn.tlsConn.ConnectionState() + return nil +} + +func TestHairpinInClose(t *testing.T) { + // This tests that the underlying net.Conn can call back into the + // tls.Conn when being closed without deadlocking. + client, server := net.Pipe() + defer server.Close() + defer client.Close() + + conn := &hairpinConn{client, nil} + tlsConn := Server(conn, &Config{ + GetCertificate: func(*ClientHelloInfo) (*Certificate, error) { + panic("unreachable") + }, + }) + conn.tlsConn = tlsConn + + // This call should not deadlock. + tlsConn.Close() +} diff --git a/example_test.go b/example_test.go new file mode 100644 index 0000000..02d0f18 --- /dev/null +++ b/example_test.go @@ -0,0 +1,115 @@ +// Copyright 2014 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls_test + +import ( + "crypto/tls" + "crypto/x509" + "log" + "net/http" + "net/http/httptest" + "os" +) + +// zeroSource is an io.Reader that returns an unlimited number of zero bytes. +type zeroSource struct{} + +func (zeroSource) Read(b []byte) (n int, err error) { + for i := range b { + b[i] = 0 + } + + return len(b), nil +} + +func ExampleDial() { + // Connecting with a custom root-certificate set. + + const rootPEM = ` +-----BEGIN CERTIFICATE----- +MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT +MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i +YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG +EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy +bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB +AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP +VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv +h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE +ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ +EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC +DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7 +qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD +VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g +K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI +KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n +ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB +BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY +/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/ +zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza +HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto +WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6 +yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx +-----END CERTIFICATE-----` + + // First, create the set of root certificates. For this example we only + // have one. It's also possible to omit this in order to use the + // default root set of the current operating system. + roots := x509.NewCertPool() + ok := roots.AppendCertsFromPEM([]byte(rootPEM)) + if !ok { + panic("failed to parse root certificate") + } + + conn, err := tls.Dial("tcp", "mail.google.com:443", &tls.Config{ + RootCAs: roots, + }) + if err != nil { + panic("failed to connect: " + err.Error()) + } + conn.Close() +} + +func ExampleConfig_keyLogWriter() { + // Debugging TLS applications by decrypting a network traffic capture. + + // WARNING: Use of KeyLogWriter compromises security and should only be + // used for debugging. + + // Dummy test HTTP server for the example with insecure random so output is + // reproducible. + server := httptest.NewUnstartedServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})) + server.TLS = &tls.Config{ + Rand: zeroSource{}, // for example only; don't do this. + } + server.StartTLS() + defer server.Close() + + // Typically the log would go to an open file: + // w, err := os.OpenFile("tls-secrets.txt", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + w := os.Stdout + + client := &http.Client{ + Transport: &http.Transport{ + TLSClientConfig: &tls.Config{ + KeyLogWriter: w, + + Rand: zeroSource{}, // for reproducible output; don't do this. + InsecureSkipVerify: true, // test server certificate is not trusted. + }, + }, + } + resp, err := client.Get(server.URL) + if err != nil { + log.Fatalf("Failed to get URL: %v", err) + } + resp.Body.Close() + + // The resulting file can be used with Wireshark to decrypt the TLS + // connection by setting (Pre)-Master-Secret log filename in SSL Protocol + // preferences. + + // Output: + // CLIENT_RANDOM 0000000000000000000000000000000000000000000000000000000000000000 baca0df460a688e44ce018b025183cc2353ae01f89755ef766eedd3ecc302888ee3b3a22962e45f48c20df15a98c0e80 +} diff --git a/generate_cert.go b/generate_cert.go new file mode 100644 index 0000000..8ee2b59 --- /dev/null +++ b/generate_cert.go @@ -0,0 +1,161 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// +build ignore + +// Generate a self-signed X.509 certificate for a TLS server. Outputs to +// 'cert.pem' and 'key.pem' and will overwrite existing files. + +package main + +import ( + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rand" + "crypto/rsa" + "crypto/x509" + "crypto/x509/pkix" + "encoding/pem" + "flag" + "fmt" + "log" + "math/big" + "net" + "os" + "strings" + "time" +) + +var ( + host = flag.String("host", "", "Comma-separated hostnames and IPs to generate a certificate for") + validFrom = flag.String("start-date", "", "Creation date formatted as Jan 1 15:04:05 2011") + validFor = flag.Duration("duration", 365*24*time.Hour, "Duration that certificate is valid for") + isCA = flag.Bool("ca", false, "whether this cert should be its own Certificate Authority") + rsaBits = flag.Int("rsa-bits", 2048, "Size of RSA key to generate. Ignored if --ecdsa-curve is set") + ecdsaCurve = flag.String("ecdsa-curve", "", "ECDSA curve to use to generate a key. Valid values are P224, P256 (recommended), P384, P521") +) + +func publicKey(priv interface{}) interface{} { + switch k := priv.(type) { + case *rsa.PrivateKey: + return &k.PublicKey + case *ecdsa.PrivateKey: + return &k.PublicKey + default: + return nil + } +} + +func pemBlockForKey(priv interface{}) *pem.Block { + switch k := priv.(type) { + case *rsa.PrivateKey: + return &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(k)} + case *ecdsa.PrivateKey: + b, err := x509.MarshalECPrivateKey(k) + if err != nil { + fmt.Fprintf(os.Stderr, "Unable to marshal ECDSA private key: %v", err) + os.Exit(2) + } + return &pem.Block{Type: "EC PRIVATE KEY", Bytes: b} + default: + return nil + } +} + +func main() { + flag.Parse() + + if len(*host) == 0 { + log.Fatalf("Missing required --host parameter") + } + + var priv interface{} + var err error + switch *ecdsaCurve { + case "": + priv, err = rsa.GenerateKey(rand.Reader, *rsaBits) + case "P224": + priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader) + case "P256": + priv, err = ecdsa.GenerateKey(elliptic.P256(), rand.Reader) + case "P384": + priv, err = ecdsa.GenerateKey(elliptic.P384(), rand.Reader) + case "P521": + priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader) + default: + fmt.Fprintf(os.Stderr, "Unrecognized elliptic curve: %q", *ecdsaCurve) + os.Exit(1) + } + if err != nil { + log.Fatalf("failed to generate private key: %s", err) + } + + var notBefore time.Time + if len(*validFrom) == 0 { + notBefore = time.Now() + } else { + notBefore, err = time.Parse("Jan 2 15:04:05 2006", *validFrom) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to parse creation date: %s\n", err) + os.Exit(1) + } + } + + notAfter := notBefore.Add(*validFor) + + serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128) + serialNumber, err := rand.Int(rand.Reader, serialNumberLimit) + if err != nil { + log.Fatalf("failed to generate serial number: %s", err) + } + + template := x509.Certificate{ + SerialNumber: serialNumber, + Subject: pkix.Name{ + Organization: []string{"Acme Co"}, + }, + NotBefore: notBefore, + NotAfter: notAfter, + + KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature, + ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, + BasicConstraintsValid: true, + } + + hosts := strings.Split(*host, ",") + for _, h := range hosts { + if ip := net.ParseIP(h); ip != nil { + template.IPAddresses = append(template.IPAddresses, ip) + } else { + template.DNSNames = append(template.DNSNames, h) + } + } + + if *isCA { + template.IsCA = true + template.KeyUsage |= x509.KeyUsageCertSign + } + + derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, publicKey(priv), priv) + if err != nil { + log.Fatalf("Failed to create certificate: %s", err) + } + + certOut, err := os.Create("cert.pem") + if err != nil { + log.Fatalf("failed to open cert.pem for writing: %s", err) + } + pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes}) + certOut.Close() + log.Print("written cert.pem\n") + + keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600) + if err != nil { + log.Print("failed to open key.pem for writing:", err) + return + } + pem.Encode(keyOut, pemBlockForKey(priv)) + keyOut.Close() + log.Print("written key.pem\n") +} diff --git a/handshake_client.go b/handshake_client.go new file mode 100644 index 0000000..284a776 --- /dev/null +++ b/handshake_client.go @@ -0,0 +1,867 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto" + "crypto/ecdsa" + "crypto/rsa" + "crypto/subtle" + "crypto/x509" + "errors" + "fmt" + "io" + "net" + "strconv" + "strings" +) + +type clientHandshakeState struct { + c *Conn + serverHello *serverHelloMsg + hello *clientHelloMsg + suite *cipherSuite + finishedHash finishedHash + masterSecret []byte + session *ClientSessionState +} + +func makeClientHello(config *Config) (*clientHelloMsg, error) { + if config == nil { + config = defaultConfig() + } + if len(config.ServerName) == 0 && !config.InsecureSkipVerify { + return nil, errors.New("tls: either ServerName or InsecureSkipVerify must be specified in the tls.Config") + } + + nextProtosLength := 0 + for _, proto := range config.NextProtos { + if l := len(proto); l == 0 || l > 255 { + return nil, errors.New("tls: invalid NextProtos value") + } else { + nextProtosLength += 1 + l + } + } + if nextProtosLength > 0xffff { + return nil, errors.New("tls: NextProtos values too large") + } + + hello := &clientHelloMsg{ + vers: config.maxVersion(), + compressionMethods: []uint8{compressionNone}, + random: make([]byte, 32), + ocspStapling: true, + scts: true, + serverName: hostnameInSNI(config.ServerName), + supportedCurves: config.curvePreferences(), + supportedPoints: []uint8{pointFormatUncompressed}, + nextProtoNeg: len(config.NextProtos) > 0, + secureRenegotiationSupported: true, + alpnProtocols: config.NextProtos, + } + possibleCipherSuites := config.cipherSuites() + hello.cipherSuites = make([]uint16, 0, len(possibleCipherSuites)) + +NextCipherSuite: + for _, suiteId := range possibleCipherSuites { + for _, suite := range cipherSuites { + if suite.id != suiteId { + continue + } + // Don't advertise TLS 1.2-only cipher suites unless + // we're attempting TLS 1.2. + if hello.vers < VersionTLS12 && suite.flags&suiteTLS12 != 0 { + continue + } + hello.cipherSuites = append(hello.cipherSuites, suiteId) + continue NextCipherSuite + } + } + + _, err := io.ReadFull(config.rand(), hello.random) + if err != nil { + return nil, errors.New("tls: short read from Rand: " + err.Error()) + } + + if hello.vers >= VersionTLS12 { + hello.signatureAndHashes = supportedSignatureAlgorithms + } + return hello, nil + +} + +// c.out.Mutex <= L; c.handshakeMutex <= L. +func (c *Conn) clientHandshake() error { + if c.config == nil { + c.config = defaultConfig() + } + + // This may be a renegotiation handshake, in which case some fields + // need to be reset. + c.didResume = false + + hello, err := makeClientHello(c.config) + if err != nil { + return err + } + + if c.handshakes > 0 { + hello.secureRenegotiation = c.clientFinished[:] + } + + var session *ClientSessionState + var cacheKey string + sessionCache := c.config.ClientSessionCache + if c.config.SessionTicketsDisabled { + sessionCache = nil + } + + if sessionCache != nil { + hello.ticketSupported = true + } + + // Session resumption is not allowed if renegotiating because + // renegotiation is primarily used to allow a client to send a client + // certificate, which would be skipped if session resumption occurred. + if sessionCache != nil && c.handshakes == 0 { + // Try to resume a previously negotiated TLS session, if + // available. + cacheKey = clientSessionCacheKey(c.conn.RemoteAddr(), c.config) + candidateSession, ok := sessionCache.Get(cacheKey) + if ok { + // Check that the ciphersuite/version used for the + // previous session are still valid. + cipherSuiteOk := false + for _, id := range hello.cipherSuites { + if id == candidateSession.cipherSuite { + cipherSuiteOk = true + break + } + } + + versOk := candidateSession.vers >= c.config.minVersion() && + candidateSession.vers <= c.config.maxVersion() + if versOk && cipherSuiteOk { + session = candidateSession + } + } + } + + if session != nil { + hello.sessionTicket = session.sessionTicket + // A random session ID is used to detect when the + // server accepted the ticket and is resuming a session + // (see RFC 5077). + hello.sessionId = make([]byte, 16) + if _, err := io.ReadFull(c.config.rand(), hello.sessionId); err != nil { + return errors.New("tls: short read from Rand: " + err.Error()) + } + } + + hs := &clientHandshakeState{ + c: c, + hello: hello, + session: session, + } + + if err = hs.handshake(); err != nil { + return err + } + + // If we had a successful handshake and hs.session is different from the one already cached - cache a new one + if sessionCache != nil && hs.session != nil && session != hs.session { + sessionCache.Put(cacheKey, hs.session) + } + return nil +} + +// Does the handshake, either a full one or resumes old session. +// Requires hs.c, hs.hello, and, optionally, hs.session to be set. +func (hs *clientHandshakeState) handshake() error { + if hs.c == nil { + return errors.New("tls: corrupted clientHandshakeState: hs.c is unset") + } + c := hs.c + + if hs.hello == nil { + return errors.New("tls: corrupted clientHandshakeState: hs.hello is unset") + } + + // send ClientHello + if _, err := hs.c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } + + msg, err := hs.c.readHandshake() + if err != nil { + return err + } + + serverHello, ok := msg.(*serverHelloMsg) + if !ok { + hs.c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(serverHello, msg) + } + hs.serverHello = serverHello + + if err = hs.pickTLSVersion(); err != nil { + return err + } + + if err = hs.pickCipherSuite(); err != nil { + return err + } + + var isResume bool + if isResume, err = hs.processServerHello(); err != nil { + return err + } + + hs.finishedHash = newFinishedHash(c.vers, hs.suite) + // No signatures of the handshake are needed in a resumption. + // Otherwise, in a full handshake, if we don't have any certificates + // configured then we will never send a CertificateVerify message and + // thus no signatures are needed in that case either. + if isResume || (len(c.config.Certificates) == 0 && c.config.GetClientCertificate == nil) { + hs.finishedHash.discardHandshakeBuffer() + } + + hs.finishedHash.Write(hs.hello.marshal()) + hs.finishedHash.Write(hs.serverHello.marshal()) + + c.buffering = true + if isResume { + if err := hs.establishKeys(); err != nil { + return err + } + if err := hs.readSessionTicket(); err != nil { + return err + } + if err := hs.readFinished(c.serverFinished[:]); err != nil { + return err + } + c.clientFinishedIsFirst = false + if err := hs.sendFinished(c.clientFinished[:]); err != nil { + return err + } + if _, err := c.flush(); err != nil { + return err + } + } else { + if err := hs.doFullHandshake(); err != nil { + return err + } + if err := hs.establishKeys(); err != nil { + return err + } + if err := hs.sendFinished(c.clientFinished[:]); err != nil { + return err + } + if _, err := c.flush(); err != nil { + return err + } + c.clientFinishedIsFirst = true + if err := hs.readSessionTicket(); err != nil { + return err + } + if err := hs.readFinished(c.serverFinished[:]); err != nil { + return err + } + } + + c.didResume = isResume + c.handshakeComplete = true + + return nil +} + +func (hs *clientHandshakeState) pickTLSVersion() error { + vers, ok := hs.c.config.mutualVersion(hs.serverHello.vers) + if !ok || vers < VersionTLS10 { + // TLS 1.0 is the minimum version supported as a client. + hs.c.sendAlert(alertProtocolVersion) + return fmt.Errorf("tls: server selected unsupported protocol version %x", hs.serverHello.vers) + } + hs.c.vers = vers + hs.c.haveVers = true + return nil +} + +func (hs *clientHandshakeState) pickCipherSuite() error { + suite := mutualCipherSuite(hs.hello.cipherSuites, hs.serverHello.cipherSuite) + if suite == nil { + hs.c.sendAlert(alertHandshakeFailure) + return errors.New("tls: server chose an unconfigured cipher suite") + } + hs.suite = suite + hs.c.cipherSuite = suite.id + return nil +} + +func (hs *clientHandshakeState) doFullHandshake() error { + c := hs.c + + msg, err := c.readHandshake() + if err != nil { + return err + } + certMsg, ok := msg.(*certificateMsg) + if !ok || len(certMsg.certificates) == 0 { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certMsg, msg) + } + hs.finishedHash.Write(certMsg.marshal()) + + if c.handshakes == 0 { + // If this is the first handshake on a connection, process and + // (optionally) verify the server's certificates. + certs := make([]*x509.Certificate, len(certMsg.certificates)) + for i, asn1Data := range certMsg.certificates { + cert, err := x509.ParseCertificate(asn1Data) + if err != nil { + c.sendAlert(alertBadCertificate) + return errors.New("tls: failed to parse certificate from server: " + err.Error()) + } + certs[i] = cert + } + + if !c.config.InsecureSkipVerify { + opts := x509.VerifyOptions{ + Roots: c.config.RootCAs, + CurrentTime: c.config.time(), + DNSName: c.config.ServerName, + Intermediates: x509.NewCertPool(), + } + + for i, cert := range certs { + if i == 0 { + continue + } + opts.Intermediates.AddCert(cert) + } + c.verifiedChains, err = certs[0].Verify(opts) + if err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + + if c.config.VerifyPeerCertificate != nil { + if err := c.config.VerifyPeerCertificate(certMsg.certificates, c.verifiedChains); err != nil { + c.sendAlert(alertBadCertificate) + return err + } + } + + switch certs[0].PublicKey.(type) { + case *rsa.PublicKey, *ecdsa.PublicKey: + break + default: + c.sendAlert(alertUnsupportedCertificate) + return fmt.Errorf("tls: server's certificate contains an unsupported type of public key: %T", certs[0].PublicKey) + } + + c.peerCertificates = certs + } else { + // This is a renegotiation handshake. We require that the + // server's identity (i.e. leaf certificate) is unchanged and + // thus any previous trust decision is still valid. + // + // See https://mitls.org/pages/attacks/3SHAKE for the + // motivation behind this requirement. + if !bytes.Equal(c.peerCertificates[0].Raw, certMsg.certificates[0]) { + c.sendAlert(alertBadCertificate) + return errors.New("tls: server's identity changed during renegotiation") + } + } + + if hs.serverHello.ocspStapling { + msg, err = c.readHandshake() + if err != nil { + return err + } + cs, ok := msg.(*certificateStatusMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(cs, msg) + } + hs.finishedHash.Write(cs.marshal()) + + if cs.statusType == statusTypeOCSP { + c.ocspResponse = cs.response + } + } + + msg, err = c.readHandshake() + if err != nil { + return err + } + + keyAgreement := hs.suite.ka(c.vers) + + skx, ok := msg.(*serverKeyExchangeMsg) + if ok { + hs.finishedHash.Write(skx.marshal()) + err = keyAgreement.processServerKeyExchange(c.config, hs.hello, hs.serverHello, c.peerCertificates[0], skx) + if err != nil { + c.sendAlert(alertUnexpectedMessage) + return err + } + + msg, err = c.readHandshake() + if err != nil { + return err + } + } + + var chainToSend *Certificate + var certRequested bool + certReq, ok := msg.(*certificateRequestMsg) + if ok { + certRequested = true + hs.finishedHash.Write(certReq.marshal()) + + if chainToSend, err = hs.getCertificate(certReq); err != nil { + c.sendAlert(alertInternalError) + return err + } + + msg, err = c.readHandshake() + if err != nil { + return err + } + } + + shd, ok := msg.(*serverHelloDoneMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(shd, msg) + } + hs.finishedHash.Write(shd.marshal()) + + // If the server requested a certificate then we have to send a + // Certificate message, even if it's empty because we don't have a + // certificate to send. + if certRequested { + certMsg = new(certificateMsg) + certMsg.certificates = chainToSend.Certificate + hs.finishedHash.Write(certMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + return err + } + } + + preMasterSecret, ckx, err := keyAgreement.generateClientKeyExchange(c.config, hs.hello, c.peerCertificates[0]) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + if ckx != nil { + hs.finishedHash.Write(ckx.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, ckx.marshal()); err != nil { + return err + } + } + + if chainToSend != nil && len(chainToSend.Certificate) > 0 { + certVerify := &certificateVerifyMsg{ + hasSignatureAndHash: c.vers >= VersionTLS12, + } + + key, ok := chainToSend.PrivateKey.(crypto.Signer) + if !ok { + c.sendAlert(alertInternalError) + return fmt.Errorf("tls: client certificate private key of type %T does not implement crypto.Signer", chainToSend.PrivateKey) + } + + var signatureType uint8 + switch key.Public().(type) { + case *ecdsa.PublicKey: + signatureType = signatureECDSA + case *rsa.PublicKey: + signatureType = signatureRSA + default: + c.sendAlert(alertInternalError) + return fmt.Errorf("tls: failed to sign handshake with client certificate: unknown client certificate key type: %T", key) + } + + certVerify.signatureAndHash, err = hs.finishedHash.selectClientCertSignatureAlgorithm(certReq.signatureAndHashes, signatureType) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + digest, hashFunc, err := hs.finishedHash.hashForClientCertificate(certVerify.signatureAndHash, hs.masterSecret) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + certVerify.signature, err = key.Sign(c.config.rand(), digest, hashFunc) + if err != nil { + c.sendAlert(alertInternalError) + return err + } + + hs.finishedHash.Write(certVerify.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certVerify.marshal()); err != nil { + return err + } + } + + hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.hello.random, hs.serverHello.random) + if err := c.config.writeKeyLog(hs.hello.random, hs.masterSecret); err != nil { + c.sendAlert(alertInternalError) + return errors.New("tls: failed to write to key log: " + err.Error()) + } + + hs.finishedHash.discardHandshakeBuffer() + + return nil +} + +func (hs *clientHandshakeState) establishKeys() error { + c := hs.c + + clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV := + keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.hello.random, hs.serverHello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen) + var clientCipher, serverCipher interface{} + var clientHash, serverHash macFunction + if hs.suite.cipher != nil { + clientCipher = hs.suite.cipher(clientKey, clientIV, false /* not for reading */) + clientHash = hs.suite.mac(c.vers, clientMAC) + serverCipher = hs.suite.cipher(serverKey, serverIV, true /* for reading */) + serverHash = hs.suite.mac(c.vers, serverMAC) + } else { + clientCipher = hs.suite.aead(clientKey, clientIV) + serverCipher = hs.suite.aead(serverKey, serverIV) + } + + c.in.prepareCipherSpec(c.vers, serverCipher, serverHash) + c.out.prepareCipherSpec(c.vers, clientCipher, clientHash) + return nil +} + +func (hs *clientHandshakeState) serverResumedSession() bool { + // If the server responded with the same sessionId then it means the + // sessionTicket is being used to resume a TLS session. + return hs.session != nil && hs.hello.sessionId != nil && + bytes.Equal(hs.serverHello.sessionId, hs.hello.sessionId) +} + +func (hs *clientHandshakeState) processServerHello() (bool, error) { + c := hs.c + + if hs.serverHello.compressionMethod != compressionNone { + c.sendAlert(alertUnexpectedMessage) + return false, errors.New("tls: server selected unsupported compression format") + } + + if c.handshakes == 0 && hs.serverHello.secureRenegotiationSupported { + c.secureRenegotiation = true + if len(hs.serverHello.secureRenegotiation) != 0 { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: initial handshake had non-empty renegotiation extension") + } + } + + if c.handshakes > 0 && c.secureRenegotiation { + var expectedSecureRenegotiation [24]byte + copy(expectedSecureRenegotiation[:], c.clientFinished[:]) + copy(expectedSecureRenegotiation[12:], c.serverFinished[:]) + if !bytes.Equal(hs.serverHello.secureRenegotiation, expectedSecureRenegotiation[:]) { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: incorrect renegotiation extension contents") + } + } + + clientDidNPN := hs.hello.nextProtoNeg + clientDidALPN := len(hs.hello.alpnProtocols) > 0 + serverHasNPN := hs.serverHello.nextProtoNeg + serverHasALPN := len(hs.serverHello.alpnProtocol) > 0 + + if !clientDidNPN && serverHasNPN { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: server advertised unrequested NPN extension") + } + + if !clientDidALPN && serverHasALPN { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: server advertised unrequested ALPN extension") + } + + if serverHasNPN && serverHasALPN { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: server advertised both NPN and ALPN extensions") + } + + if serverHasALPN { + c.clientProtocol = hs.serverHello.alpnProtocol + c.clientProtocolFallback = false + } + c.scts = hs.serverHello.scts + + if !hs.serverResumedSession() { + return false, nil + } + + if hs.session.vers != c.vers { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: server resumed a session with a different version") + } + + if hs.session.cipherSuite != hs.suite.id { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: server resumed a session with a different cipher suite") + } + + // Restore masterSecret and peerCerts from previous state + hs.masterSecret = hs.session.masterSecret + c.peerCertificates = hs.session.serverCertificates + c.verifiedChains = hs.session.verifiedChains + return true, nil +} + +func (hs *clientHandshakeState) readFinished(out []byte) error { + c := hs.c + + c.readRecord(recordTypeChangeCipherSpec) + if c.in.err != nil { + return c.in.err + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + serverFinished, ok := msg.(*finishedMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(serverFinished, msg) + } + + verify := hs.finishedHash.serverSum(hs.masterSecret) + if len(verify) != len(serverFinished.verifyData) || + subtle.ConstantTimeCompare(verify, serverFinished.verifyData) != 1 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: server's Finished message was incorrect") + } + hs.finishedHash.Write(serverFinished.marshal()) + copy(out, verify) + return nil +} + +func (hs *clientHandshakeState) readSessionTicket() error { + if !hs.serverHello.ticketSupported { + return nil + } + + c := hs.c + msg, err := c.readHandshake() + if err != nil { + return err + } + sessionTicketMsg, ok := msg.(*newSessionTicketMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(sessionTicketMsg, msg) + } + hs.finishedHash.Write(sessionTicketMsg.marshal()) + + hs.session = &ClientSessionState{ + sessionTicket: sessionTicketMsg.ticket, + vers: c.vers, + cipherSuite: hs.suite.id, + masterSecret: hs.masterSecret, + serverCertificates: c.peerCertificates, + verifiedChains: c.verifiedChains, + } + + return nil +} + +func (hs *clientHandshakeState) sendFinished(out []byte) error { + c := hs.c + + if _, err := c.writeRecord(recordTypeChangeCipherSpec, []byte{1}); err != nil { + return err + } + if hs.serverHello.nextProtoNeg { + nextProto := new(nextProtoMsg) + proto, fallback := mutualProtocol(c.config.NextProtos, hs.serverHello.nextProtos) + nextProto.proto = proto + c.clientProtocol = proto + c.clientProtocolFallback = fallback + + hs.finishedHash.Write(nextProto.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, nextProto.marshal()); err != nil { + return err + } + } + + finished := new(finishedMsg) + finished.verifyData = hs.finishedHash.clientSum(hs.masterSecret) + hs.finishedHash.Write(finished.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + return err + } + copy(out, finished.verifyData) + return nil +} + +// tls11SignatureSchemes contains the signature schemes that we synthesise for +// a TLS <= 1.1 connection, based on the supported certificate types. +var tls11SignatureSchemes = []SignatureScheme{ECDSAWithP256AndSHA256, ECDSAWithP384AndSHA384, ECDSAWithP521AndSHA512, PKCS1WithSHA256, PKCS1WithSHA384, PKCS1WithSHA512, PKCS1WithSHA1} + +const ( + // tls11SignatureSchemesNumECDSA is the number of initial elements of + // tls11SignatureSchemes that use ECDSA. + tls11SignatureSchemesNumECDSA = 3 + // tls11SignatureSchemesNumRSA is the number of trailing elements of + // tls11SignatureSchemes that use RSA. + tls11SignatureSchemesNumRSA = 4 +) + +func (hs *clientHandshakeState) getCertificate(certReq *certificateRequestMsg) (*Certificate, error) { + c := hs.c + + var rsaAvail, ecdsaAvail bool + for _, certType := range certReq.certificateTypes { + switch certType { + case certTypeRSASign: + rsaAvail = true + case certTypeECDSASign: + ecdsaAvail = true + } + } + + if c.config.GetClientCertificate != nil { + var signatureSchemes []SignatureScheme + + if !certReq.hasSignatureAndHash { + // Prior to TLS 1.2, the signature schemes were not + // included in the certificate request message. In this + // case we use a plausible list based on the acceptable + // certificate types. + signatureSchemes = tls11SignatureSchemes + if !ecdsaAvail { + signatureSchemes = signatureSchemes[tls11SignatureSchemesNumECDSA:] + } + if !rsaAvail { + signatureSchemes = signatureSchemes[:len(signatureSchemes)-tls11SignatureSchemesNumRSA] + } + } else { + signatureSchemes = make([]SignatureScheme, 0, len(certReq.signatureAndHashes)) + for _, sah := range certReq.signatureAndHashes { + signatureSchemes = append(signatureSchemes, SignatureScheme(sah.hash)<<8+SignatureScheme(sah.signature)) + } + } + + return c.config.GetClientCertificate(&CertificateRequestInfo{ + AcceptableCAs: certReq.certificateAuthorities, + SignatureSchemes: signatureSchemes, + }) + } + + // RFC 4346 on the certificateAuthorities field: A list of the + // distinguished names of acceptable certificate authorities. + // These distinguished names may specify a desired + // distinguished name for a root CA or for a subordinate CA; + // thus, this message can be used to describe both known roots + // and a desired authorization space. If the + // certificate_authorities list is empty then the client MAY + // send any certificate of the appropriate + // ClientCertificateType, unless there is some external + // arrangement to the contrary. + + // We need to search our list of client certs for one + // where SignatureAlgorithm is acceptable to the server and the + // Issuer is in certReq.certificateAuthorities +findCert: + for i, chain := range c.config.Certificates { + if !rsaAvail && !ecdsaAvail { + continue + } + + for j, cert := range chain.Certificate { + x509Cert := chain.Leaf + // parse the certificate if this isn't the leaf + // node, or if chain.Leaf was nil + if j != 0 || x509Cert == nil { + var err error + if x509Cert, err = x509.ParseCertificate(cert); err != nil { + c.sendAlert(alertInternalError) + return nil, errors.New("tls: failed to parse client certificate #" + strconv.Itoa(i) + ": " + err.Error()) + } + } + + switch { + case rsaAvail && x509Cert.PublicKeyAlgorithm == x509.RSA: + case ecdsaAvail && x509Cert.PublicKeyAlgorithm == x509.ECDSA: + default: + continue findCert + } + + if len(certReq.certificateAuthorities) == 0 { + // they gave us an empty list, so just take the + // first cert from c.config.Certificates + return &chain, nil + } + + for _, ca := range certReq.certificateAuthorities { + if bytes.Equal(x509Cert.RawIssuer, ca) { + return &chain, nil + } + } + } + } + + // No acceptable certificate found. Don't send a certificate. + return new(Certificate), nil +} + +// clientSessionCacheKey returns a key used to cache sessionTickets that could +// be used to resume previously negotiated TLS sessions with a server. +func clientSessionCacheKey(serverAddr net.Addr, config *Config) string { + if len(config.ServerName) > 0 { + return config.ServerName + } + return serverAddr.String() +} + +// mutualProtocol finds the mutual Next Protocol Negotiation or ALPN protocol +// given list of possible protocols and a list of the preference order. The +// first list must not be empty. It returns the resulting protocol and flag +// indicating if the fallback case was reached. +func mutualProtocol(protos, preferenceProtos []string) (string, bool) { + for _, s := range preferenceProtos { + for _, c := range protos { + if s == c { + return s, false + } + } + } + + return protos[0], true +} + +// hostnameInSNI converts name into an approriate hostname for SNI. +// Literal IP addresses and absolute FQDNs are not permitted as SNI values. +// See https://tools.ietf.org/html/rfc6066#section-3. +func hostnameInSNI(name string) string { + host := name + if len(host) > 0 && host[0] == '[' && host[len(host)-1] == ']' { + host = host[1 : len(host)-1] + } + if i := strings.LastIndex(host, "%"); i > 0 { + host = host[:i] + } + if net.ParseIP(host) != nil { + return "" + } + for len(name) > 0 && name[len(name)-1] == '.' { + name = name[:len(name)-1] + } + return name +} diff --git a/handshake_client_test.go b/handshake_client_test.go new file mode 100644 index 0000000..5851f89 --- /dev/null +++ b/handshake_client_test.go @@ -0,0 +1,1565 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto/ecdsa" + "crypto/rsa" + "crypto/x509" + "encoding/base64" + "encoding/binary" + "encoding/pem" + "errors" + "fmt" + "io" + "math/big" + "net" + "os" + "os/exec" + "path/filepath" + "strconv" + "strings" + "sync" + "testing" + "time" +) + +// Note: see comment in handshake_test.go for details of how the reference +// tests work. + +// opensslInputEvent enumerates possible inputs that can be sent to an `openssl +// s_client` process. +type opensslInputEvent int + +const ( + // opensslRenegotiate causes OpenSSL to request a renegotiation of the + // connection. + opensslRenegotiate opensslInputEvent = iota + + // opensslSendBanner causes OpenSSL to send the contents of + // opensslSentinel on the connection. + opensslSendSentinel +) + +const opensslSentinel = "SENTINEL\n" + +type opensslInput chan opensslInputEvent + +func (i opensslInput) Read(buf []byte) (n int, err error) { + for event := range i { + switch event { + case opensslRenegotiate: + return copy(buf, []byte("R\n")), nil + case opensslSendSentinel: + return copy(buf, []byte(opensslSentinel)), nil + default: + panic("unknown event") + } + } + + return 0, io.EOF +} + +// opensslOutputSink is an io.Writer that receives the stdout and stderr from +// an `openssl` process and sends a value to handshakeComplete when it sees a +// log message from a completed server handshake. +type opensslOutputSink struct { + handshakeComplete chan struct{} + all []byte + line []byte +} + +func newOpensslOutputSink() *opensslOutputSink { + return &opensslOutputSink{make(chan struct{}), nil, nil} +} + +// opensslEndOfHandshake is a message that the “openssl s_server” tool will +// print when a handshake completes if run with “-state”. +const opensslEndOfHandshake = "SSL_accept:SSLv3/TLS write finished" + +func (o *opensslOutputSink) Write(data []byte) (n int, err error) { + o.line = append(o.line, data...) + o.all = append(o.all, data...) + + for { + i := bytes.Index(o.line, []byte{'\n'}) + if i < 0 { + break + } + + if bytes.Equal([]byte(opensslEndOfHandshake), o.line[:i]) { + o.handshakeComplete <- struct{}{} + } + o.line = o.line[i+1:] + } + + return len(data), nil +} + +func (o *opensslOutputSink) WriteTo(w io.Writer) (int64, error) { + n, err := w.Write(o.all) + return int64(n), err +} + +// clientTest represents a test of the TLS client handshake against a reference +// implementation. +type clientTest struct { + // name is a freeform string identifying the test and the file in which + // the expected results will be stored. + name string + // command, if not empty, contains a series of arguments for the + // command to run for the reference server. + command []string + // config, if not nil, contains a custom Config to use for this test. + config *Config + // cert, if not empty, contains a DER-encoded certificate for the + // reference server. + cert []byte + // key, if not nil, contains either a *rsa.PrivateKey or + // *ecdsa.PrivateKey which is the private key for the reference server. + key interface{} + // extensions, if not nil, contains a list of extension data to be returned + // from the ServerHello. The data should be in standard TLS format with + // a 2-byte uint16 type, 2-byte data length, followed by the extension data. + extensions [][]byte + // validate, if not nil, is a function that will be called with the + // ConnectionState of the resulting connection. It returns a non-nil + // error if the ConnectionState is unacceptable. + validate func(ConnectionState) error + // numRenegotiations is the number of times that the connection will be + // renegotiated. + numRenegotiations int + // renegotiationExpectedToFail, if not zero, is the number of the + // renegotiation attempt that is expected to fail. + renegotiationExpectedToFail int + // checkRenegotiationError, if not nil, is called with any error + // arising from renegotiation. It can map expected errors to nil to + // ignore them. + checkRenegotiationError func(renegotiationNum int, err error) error +} + +var defaultServerCommand = []string{"openssl", "s_server"} + +// connFromCommand starts the reference server process, connects to it and +// returns a recordingConn for the connection. The stdin return value is an +// opensslInput for the stdin of the child process. It must be closed before +// Waiting for child. +func (test *clientTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, stdin opensslInput, stdout *opensslOutputSink, err error) { + cert := testRSACertificate + if len(test.cert) > 0 { + cert = test.cert + } + certPath := tempFile(string(cert)) + defer os.Remove(certPath) + + var key interface{} = testRSAPrivateKey + if test.key != nil { + key = test.key + } + var pemType string + var derBytes []byte + switch key := key.(type) { + case *rsa.PrivateKey: + pemType = "RSA" + derBytes = x509.MarshalPKCS1PrivateKey(key) + case *ecdsa.PrivateKey: + pemType = "EC" + var err error + derBytes, err = x509.MarshalECPrivateKey(key) + if err != nil { + panic(err) + } + default: + panic("unknown key type") + } + + var pemOut bytes.Buffer + pem.Encode(&pemOut, &pem.Block{Type: pemType + " PRIVATE KEY", Bytes: derBytes}) + + keyPath := tempFile(string(pemOut.Bytes())) + defer os.Remove(keyPath) + + var command []string + if len(test.command) > 0 { + command = append(command, test.command...) + } else { + command = append(command, defaultServerCommand...) + } + command = append(command, "-cert", certPath, "-certform", "DER", "-key", keyPath) + // serverPort contains the port that OpenSSL will listen on. OpenSSL + // can't take "0" as an argument here so we have to pick a number and + // hope that it's not in use on the machine. Since this only occurs + // when -update is given and thus when there's a human watching the + // test, this isn't too bad. + const serverPort = 24323 + command = append(command, "-accept", strconv.Itoa(serverPort)) + + if len(test.extensions) > 0 { + var serverInfo bytes.Buffer + for _, ext := range test.extensions { + pem.Encode(&serverInfo, &pem.Block{ + Type: fmt.Sprintf("SERVERINFO FOR EXTENSION %d", binary.BigEndian.Uint16(ext)), + Bytes: ext, + }) + } + serverInfoPath := tempFile(serverInfo.String()) + defer os.Remove(serverInfoPath) + command = append(command, "-serverinfo", serverInfoPath) + } + + if test.numRenegotiations > 0 { + found := false + for _, flag := range command[1:] { + if flag == "-state" { + found = true + break + } + } + + if !found { + panic("-state flag missing to OpenSSL. You need this if testing renegotiation") + } + } + + cmd := exec.Command(command[0], command[1:]...) + stdin = opensslInput(make(chan opensslInputEvent)) + cmd.Stdin = stdin + out := newOpensslOutputSink() + cmd.Stdout = out + cmd.Stderr = out + if err := cmd.Start(); err != nil { + return nil, nil, nil, nil, err + } + + // OpenSSL does print an "ACCEPT" banner, but it does so *before* + // opening the listening socket, so we can't use that to wait until it + // has started listening. Thus we are forced to poll until we get a + // connection. + var tcpConn net.Conn + for i := uint(0); i < 5; i++ { + tcpConn, err = net.DialTCP("tcp", nil, &net.TCPAddr{ + IP: net.IPv4(127, 0, 0, 1), + Port: serverPort, + }) + if err == nil { + break + } + time.Sleep((1 << i) * 5 * time.Millisecond) + } + if err != nil { + close(stdin) + out.WriteTo(os.Stdout) + cmd.Process.Kill() + return nil, nil, nil, nil, cmd.Wait() + } + + record := &recordingConn{ + Conn: tcpConn, + } + + return record, cmd, stdin, out, nil +} + +func (test *clientTest) dataPath() string { + return filepath.Join("testdata", "Client-"+test.name) +} + +func (test *clientTest) loadData() (flows [][]byte, err error) { + in, err := os.Open(test.dataPath()) + if err != nil { + return nil, err + } + defer in.Close() + return parseTestData(in) +} + +func (test *clientTest) run(t *testing.T, write bool) { + checkOpenSSLVersion(t) + + var clientConn, serverConn net.Conn + var recordingConn *recordingConn + var childProcess *exec.Cmd + var stdin opensslInput + var stdout *opensslOutputSink + + if write { + var err error + recordingConn, childProcess, stdin, stdout, err = test.connFromCommand() + if err != nil { + t.Fatalf("Failed to start subcommand: %s", err) + } + clientConn = recordingConn + } else { + clientConn, serverConn = net.Pipe() + } + + config := test.config + if config == nil { + config = testConfig + } + client := Client(clientConn, config) + + doneChan := make(chan bool) + go func() { + defer func() { doneChan <- true }() + defer clientConn.Close() + defer client.Close() + + if _, err := client.Write([]byte("hello\n")); err != nil { + t.Errorf("Client.Write failed: %s", err) + return + } + + for i := 1; i <= test.numRenegotiations; i++ { + // The initial handshake will generate a + // handshakeComplete signal which needs to be quashed. + if i == 1 && write { + <-stdout.handshakeComplete + } + + // OpenSSL will try to interleave application data and + // a renegotiation if we send both concurrently. + // Therefore: ask OpensSSL to start a renegotiation, run + // a goroutine to call client.Read and thus process the + // renegotiation request, watch for OpenSSL's stdout to + // indicate that the handshake is complete and, + // finally, have OpenSSL write something to cause + // client.Read to complete. + if write { + stdin <- opensslRenegotiate + } + + signalChan := make(chan struct{}) + + go func() { + defer func() { signalChan <- struct{}{} }() + + buf := make([]byte, 256) + n, err := client.Read(buf) + + if test.checkRenegotiationError != nil { + newErr := test.checkRenegotiationError(i, err) + if err != nil && newErr == nil { + return + } + err = newErr + } + + if err != nil { + t.Errorf("Client.Read failed after renegotiation #%d: %s", i, err) + return + } + + buf = buf[:n] + if !bytes.Equal([]byte(opensslSentinel), buf) { + t.Errorf("Client.Read returned %q, but wanted %q", string(buf), opensslSentinel) + } + + if expected := i + 1; client.handshakes != expected { + t.Errorf("client should have recorded %d handshakes, but believes that %d have occurred", expected, client.handshakes) + } + }() + + if write && test.renegotiationExpectedToFail != i { + <-stdout.handshakeComplete + stdin <- opensslSendSentinel + } + <-signalChan + } + + if test.validate != nil { + if err := test.validate(client.ConnectionState()); err != nil { + t.Errorf("validate callback returned error: %s", err) + } + } + }() + + if !write { + flows, err := test.loadData() + if err != nil { + t.Fatalf("%s: failed to load data from %s: %v", test.name, test.dataPath(), err) + } + for i, b := range flows { + if i%2 == 1 { + serverConn.Write(b) + continue + } + bb := make([]byte, len(b)) + _, err := io.ReadFull(serverConn, bb) + if err != nil { + t.Fatalf("%s #%d: %s", test.name, i, err) + } + if !bytes.Equal(b, bb) { + t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i, bb, b) + } + } + serverConn.Close() + } + + <-doneChan + + if write { + path := test.dataPath() + out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) + if err != nil { + t.Fatalf("Failed to create output file: %s", err) + } + defer out.Close() + recordingConn.Close() + close(stdin) + childProcess.Process.Kill() + childProcess.Wait() + if len(recordingConn.flows) < 3 { + os.Stdout.Write(childProcess.Stdout.(*opensslOutputSink).all) + t.Fatalf("Client connection didn't work") + } + recordingConn.WriteTo(out) + fmt.Printf("Wrote %s\n", path) + } +} + +var ( + didParMu sync.Mutex + didPar = map[*testing.T]bool{} +) + +// setParallel calls t.Parallel once. If you call it twice, it would +// panic. +func setParallel(t *testing.T) { + didParMu.Lock() + v := didPar[t] + didPar[t] = true + didParMu.Unlock() + if !v { + t.Parallel() + } +} + +func runClientTestForVersion(t *testing.T, template *clientTest, prefix, option string) { + setParallel(t) + + test := *template + test.name = prefix + test.name + if len(test.command) == 0 { + test.command = defaultClientCommand + } + test.command = append([]string(nil), test.command...) + test.command = append(test.command, option) + test.run(t, *update) +} + +func runClientTestTLS10(t *testing.T, template *clientTest) { + runClientTestForVersion(t, template, "TLSv10-", "-tls1") +} + +func runClientTestTLS11(t *testing.T, template *clientTest) { + runClientTestForVersion(t, template, "TLSv11-", "-tls1_1") +} + +func runClientTestTLS12(t *testing.T, template *clientTest) { + runClientTestForVersion(t, template, "TLSv12-", "-tls1_2") +} + +func TestHandshakeClientRSARC4(t *testing.T) { + test := &clientTest{ + name: "RSA-RC4", + command: []string{"openssl", "s_server", "-cipher", "RC4-SHA"}, + } + runClientTestTLS10(t, test) + runClientTestTLS11(t, test) + runClientTestTLS12(t, test) +} + +func TestHandshakeClientRSAAES128GCM(t *testing.T) { + test := &clientTest{ + name: "AES128-GCM-SHA256", + command: []string{"openssl", "s_server", "-cipher", "AES128-GCM-SHA256"}, + } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientRSAAES256GCM(t *testing.T) { + test := &clientTest{ + name: "AES256-GCM-SHA384", + command: []string{"openssl", "s_server", "-cipher", "AES256-GCM-SHA384"}, + } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHERSAAES(t *testing.T) { + test := &clientTest{ + name: "ECDHE-RSA-AES", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES128-SHA"}, + } + runClientTestTLS10(t, test) + runClientTestTLS11(t, test) + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHEECDSAAES(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + runClientTestTLS10(t, test) + runClientTestTLS11(t, test) + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHEECDSAAESGCM(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES-GCM", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-GCM-SHA256"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientAES256GCMSHA384(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES256-GCM-SHA384", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES256-GCM-SHA384"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientAES128CBCSHA256(t *testing.T) { + test := &clientTest{ + name: "AES128-SHA256", + command: []string{"openssl", "s_server", "-cipher", "AES128-SHA256"}, + } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHERSAAES128CBCSHA256(t *testing.T) { + test := &clientTest{ + name: "ECDHE-RSA-AES128-SHA256", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES128-SHA256"}, + } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHEECDSAAES128CBCSHA256(t *testing.T) { + test := &clientTest{ + name: "ECDHE-ECDSA-AES128-SHA256", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA256"}, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + runClientTestTLS12(t, test) +} + +func TestHandshakeClientX25519(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{X25519} + + test := &clientTest{ + name: "X25519-ECDHE-RSA-AES-GCM", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"}, + config: config, + } + + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHERSAChaCha20(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305} + + test := &clientTest{ + name: "ECDHE-RSA-CHACHA20-POLY1305", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-CHACHA20-POLY1305"}, + config: config, + } + + runClientTestTLS12(t, test) +} + +func TestHandshakeClientECDHEECDSAChaCha20(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305} + + test := &clientTest{ + name: "ECDHE-ECDSA-CHACHA20-POLY1305", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-CHACHA20-POLY1305"}, + config: config, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + + runClientTestTLS12(t, test) +} + +func TestHandshakeClientCertRSA(t *testing.T) { + config := testConfig.Clone() + cert, _ := X509KeyPair([]byte(clientCertificatePEM), []byte(clientKeyPEM)) + config.Certificates = []Certificate{cert} + + test := &clientTest{ + name: "ClientCert-RSA-RSA", + command: []string{"openssl", "s_server", "-cipher", "AES128", "-verify", "1"}, + config: config, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) + + test = &clientTest{ + name: "ClientCert-RSA-ECDSA", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"}, + config: config, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) + + test = &clientTest{ + name: "ClientCert-RSA-AES256-GCM-SHA384", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384", "-verify", "1"}, + config: config, + cert: testRSACertificate, + key: testRSAPrivateKey, + } + + runClientTestTLS12(t, test) +} + +func TestHandshakeClientCertECDSA(t *testing.T) { + config := testConfig.Clone() + cert, _ := X509KeyPair([]byte(clientECDSACertificatePEM), []byte(clientECDSAKeyPEM)) + config.Certificates = []Certificate{cert} + + test := &clientTest{ + name: "ClientCert-ECDSA-RSA", + command: []string{"openssl", "s_server", "-cipher", "AES128", "-verify", "1"}, + config: config, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) + + test = &clientTest{ + name: "ClientCert-ECDSA-ECDSA", + command: []string{"openssl", "s_server", "-cipher", "ECDHE-ECDSA-AES128-SHA", "-verify", "1"}, + config: config, + cert: testECDSACertificate, + key: testECDSAPrivateKey, + } + + runClientTestTLS10(t, test) + runClientTestTLS12(t, test) +} + +func TestClientResumption(t *testing.T) { + serverConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + Certificates: testConfig.Certificates, + } + + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + + rootCAs := x509.NewCertPool() + rootCAs.AddCert(issuer) + + clientConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + ClientSessionCache: NewLRUClientSessionCache(32), + RootCAs: rootCAs, + ServerName: "example.golang", + } + + testResumeState := func(test string, didResume bool) { + _, hs, err := testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("%s: handshake failed: %s", test, err) + } + if hs.DidResume != didResume { + t.Fatalf("%s resumed: %v, expected: %v", test, hs.DidResume, didResume) + } + if didResume && (hs.PeerCertificates == nil || hs.VerifiedChains == nil) { + t.Fatalf("expected non-nil certificates after resumption. Got peerCertificates: %#v, verifiedCertificates: %#v", hs.PeerCertificates, hs.VerifiedChains) + } + } + + getTicket := func() []byte { + return clientConfig.ClientSessionCache.(*lruSessionCache).q.Front().Value.(*lruSessionCacheEntry).state.sessionTicket + } + randomKey := func() [32]byte { + var k [32]byte + if _, err := io.ReadFull(serverConfig.rand(), k[:]); err != nil { + t.Fatalf("Failed to read new SessionTicketKey: %s", err) + } + return k + } + + testResumeState("Handshake", false) + ticket := getTicket() + testResumeState("Resume", true) + if !bytes.Equal(ticket, getTicket()) { + t.Fatal("first ticket doesn't match ticket after resumption") + } + + key1 := randomKey() + serverConfig.SetSessionTicketKeys([][32]byte{key1}) + + testResumeState("InvalidSessionTicketKey", false) + testResumeState("ResumeAfterInvalidSessionTicketKey", true) + + key2 := randomKey() + serverConfig.SetSessionTicketKeys([][32]byte{key2, key1}) + ticket = getTicket() + testResumeState("KeyChange", true) + if bytes.Equal(ticket, getTicket()) { + t.Fatal("new ticket wasn't included while resuming") + } + testResumeState("KeyChangeFinish", true) + + // Reset serverConfig to ensure that calling SetSessionTicketKeys + // before the serverConfig is used works. + serverConfig = &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + Certificates: testConfig.Certificates, + } + serverConfig.SetSessionTicketKeys([][32]byte{key2}) + + testResumeState("FreshConfig", true) + + clientConfig.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_RC4_128_SHA} + testResumeState("DifferentCipherSuite", false) + testResumeState("DifferentCipherSuiteRecovers", true) + + clientConfig.ClientSessionCache = nil + testResumeState("WithoutSessionCache", false) +} + +func TestLRUClientSessionCache(t *testing.T) { + // Initialize cache of capacity 4. + cache := NewLRUClientSessionCache(4) + cs := make([]ClientSessionState, 6) + keys := []string{"0", "1", "2", "3", "4", "5", "6"} + + // Add 4 entries to the cache and look them up. + for i := 0; i < 4; i++ { + cache.Put(keys[i], &cs[i]) + } + for i := 0; i < 4; i++ { + if s, ok := cache.Get(keys[i]); !ok || s != &cs[i] { + t.Fatalf("session cache failed lookup for added key: %s", keys[i]) + } + } + + // Add 2 more entries to the cache. First 2 should be evicted. + for i := 4; i < 6; i++ { + cache.Put(keys[i], &cs[i]) + } + for i := 0; i < 2; i++ { + if s, ok := cache.Get(keys[i]); ok || s != nil { + t.Fatalf("session cache should have evicted key: %s", keys[i]) + } + } + + // Touch entry 2. LRU should evict 3 next. + cache.Get(keys[2]) + cache.Put(keys[0], &cs[0]) + if s, ok := cache.Get(keys[3]); ok || s != nil { + t.Fatalf("session cache should have evicted key 3") + } + + // Update entry 0 in place. + cache.Put(keys[0], &cs[3]) + if s, ok := cache.Get(keys[0]); !ok || s != &cs[3] { + t.Fatalf("session cache failed update for key 0") + } + + // Adding a nil entry is valid. + cache.Put(keys[0], nil) + if s, ok := cache.Get(keys[0]); !ok || s != nil { + t.Fatalf("failed to add nil entry to cache") + } +} + +func TestKeyLog(t *testing.T) { + var serverBuf, clientBuf bytes.Buffer + + clientConfig := testConfig.Clone() + clientConfig.KeyLogWriter = &clientBuf + + serverConfig := testConfig.Clone() + serverConfig.KeyLogWriter = &serverBuf + + c, s := net.Pipe() + done := make(chan bool) + + go func() { + defer close(done) + + if err := Server(s, serverConfig).Handshake(); err != nil { + t.Errorf("server: %s", err) + return + } + s.Close() + }() + + if err := Client(c, clientConfig).Handshake(); err != nil { + t.Fatalf("client: %s", err) + } + + c.Close() + <-done + + checkKeylogLine := func(side, loggedLine string) { + if len(loggedLine) == 0 { + t.Fatalf("%s: no keylog line was produced", side) + } + const expectedLen = 13 /* "CLIENT_RANDOM" */ + + 1 /* space */ + + 32*2 /* hex client nonce */ + + 1 /* space */ + + 48*2 /* hex master secret */ + + 1 /* new line */ + if len(loggedLine) != expectedLen { + t.Fatalf("%s: keylog line has incorrect length (want %d, got %d): %q", side, expectedLen, len(loggedLine), loggedLine) + } + if !strings.HasPrefix(loggedLine, "CLIENT_RANDOM "+strings.Repeat("0", 64)+" ") { + t.Fatalf("%s: keylog line has incorrect structure or nonce: %q", side, loggedLine) + } + } + + checkKeylogLine("client", string(clientBuf.Bytes())) + checkKeylogLine("server", string(serverBuf.Bytes())) +} + +func TestHandshakeClientALPNMatch(t *testing.T) { + config := testConfig.Clone() + config.NextProtos = []string{"proto2", "proto1"} + + test := &clientTest{ + name: "ALPN", + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -alpn flag. + command: []string{"openssl", "s_server", "-alpn", "proto1,proto2"}, + config: config, + validate: func(state ConnectionState) error { + // The server's preferences should override the client. + if state.NegotiatedProtocol != "proto1" { + return fmt.Errorf("Got protocol %q, wanted proto1", state.NegotiatedProtocol) + } + return nil + }, + } + runClientTestTLS12(t, test) +} + +// sctsBase64 contains data from `openssl s_client -serverinfo 18 -connect ritter.vg:443` +const sctsBase64 = "ABIBaQFnAHUApLkJkLQYWBSHuxOizGdwCjw1mAT5G9+443fNDsgN3BAAAAFHl5nuFgAABAMARjBEAiAcS4JdlW5nW9sElUv2zvQyPoZ6ejKrGGB03gjaBZFMLwIgc1Qbbn+hsH0RvObzhS+XZhr3iuQQJY8S9G85D9KeGPAAdgBo9pj4H2SCvjqM7rkoHUz8cVFdZ5PURNEKZ6y7T0/7xAAAAUeX4bVwAAAEAwBHMEUCIDIhFDgG2HIuADBkGuLobU5a4dlCHoJLliWJ1SYT05z6AiEAjxIoZFFPRNWMGGIjskOTMwXzQ1Wh2e7NxXE1kd1J0QsAdgDuS723dc5guuFCaR+r4Z5mow9+X7By2IMAxHuJeqj9ywAAAUhcZIqHAAAEAwBHMEUCICmJ1rBT09LpkbzxtUC+Hi7nXLR0J+2PmwLp+sJMuqK+AiEAr0NkUnEVKVhAkccIFpYDqHOlZaBsuEhWWrYpg2RtKp0=" + +func TestHandshakClientSCTs(t *testing.T) { + config := testConfig.Clone() + + scts, err := base64.StdEncoding.DecodeString(sctsBase64) + if err != nil { + t.Fatal(err) + } + + test := &clientTest{ + name: "SCT", + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -serverinfo flag. + command: []string{"openssl", "s_server"}, + config: config, + extensions: [][]byte{scts}, + validate: func(state ConnectionState) error { + expectedSCTs := [][]byte{ + scts[8:125], + scts[127:245], + scts[247:], + } + if n := len(state.SignedCertificateTimestamps); n != len(expectedSCTs) { + return fmt.Errorf("Got %d scts, wanted %d", n, len(expectedSCTs)) + } + for i, expected := range expectedSCTs { + if sct := state.SignedCertificateTimestamps[i]; !bytes.Equal(sct, expected) { + return fmt.Errorf("SCT #%d contained %x, expected %x", i, sct, expected) + } + } + return nil + }, + } + runClientTestTLS12(t, test) +} + +func TestRenegotiationRejected(t *testing.T) { + config := testConfig.Clone() + test := &clientTest{ + name: "RenegotiationRejected", + command: []string{"openssl", "s_server", "-state"}, + config: config, + numRenegotiations: 1, + renegotiationExpectedToFail: 1, + checkRenegotiationError: func(renegotiationNum int, err error) error { + if err == nil { + return errors.New("expected error from renegotiation but got nil") + } + if !strings.Contains(err.Error(), "no renegotiation") { + return fmt.Errorf("expected renegotiation to be rejected but got %q", err) + } + return nil + }, + } + + runClientTestTLS12(t, test) +} + +func TestRenegotiateOnce(t *testing.T) { + config := testConfig.Clone() + config.Renegotiation = RenegotiateOnceAsClient + + test := &clientTest{ + name: "RenegotiateOnce", + command: []string{"openssl", "s_server", "-state"}, + config: config, + numRenegotiations: 1, + } + + runClientTestTLS12(t, test) +} + +func TestRenegotiateTwice(t *testing.T) { + config := testConfig.Clone() + config.Renegotiation = RenegotiateFreelyAsClient + + test := &clientTest{ + name: "RenegotiateTwice", + command: []string{"openssl", "s_server", "-state"}, + config: config, + numRenegotiations: 2, + } + + runClientTestTLS12(t, test) +} + +func TestRenegotiateTwiceRejected(t *testing.T) { + config := testConfig.Clone() + config.Renegotiation = RenegotiateOnceAsClient + + test := &clientTest{ + name: "RenegotiateTwiceRejected", + command: []string{"openssl", "s_server", "-state"}, + config: config, + numRenegotiations: 2, + renegotiationExpectedToFail: 2, + checkRenegotiationError: func(renegotiationNum int, err error) error { + if renegotiationNum == 1 { + return err + } + + if err == nil { + return errors.New("expected error from renegotiation but got nil") + } + if !strings.Contains(err.Error(), "no renegotiation") { + return fmt.Errorf("expected renegotiation to be rejected but got %q", err) + } + return nil + }, + } + + runClientTestTLS12(t, test) +} + +var hostnameInSNITests = []struct { + in, out string +}{ + // Opaque string + {"", ""}, + {"localhost", "localhost"}, + {"foo, bar, baz and qux", "foo, bar, baz and qux"}, + + // DNS hostname + {"golang.org", "golang.org"}, + {"golang.org.", "golang.org"}, + + // Literal IPv4 address + {"1.2.3.4", ""}, + + // Literal IPv6 address + {"::1", ""}, + {"::1%lo0", ""}, // with zone identifier + {"[::1]", ""}, // as per RFC 5952 we allow the [] style as IPv6 literal + {"[::1%lo0]", ""}, +} + +func TestHostnameInSNI(t *testing.T) { + for _, tt := range hostnameInSNITests { + c, s := net.Pipe() + + go func(host string) { + Client(c, &Config{ServerName: host, InsecureSkipVerify: true}).Handshake() + }(tt.in) + + var header [5]byte + if _, err := io.ReadFull(s, header[:]); err != nil { + t.Fatal(err) + } + recordLen := int(header[3])<<8 | int(header[4]) + + record := make([]byte, recordLen) + if _, err := io.ReadFull(s, record[:]); err != nil { + t.Fatal(err) + } + + c.Close() + s.Close() + + var m clientHelloMsg + if !m.unmarshal(record) { + t.Errorf("unmarshaling ClientHello for %q failed", tt.in) + continue + } + if tt.in != tt.out && m.serverName == tt.in { + t.Errorf("prohibited %q found in ClientHello: %x", tt.in, record) + } + if m.serverName != tt.out { + t.Errorf("expected %q not found in ClientHello: %x", tt.out, record) + } + } +} + +func TestServerSelectingUnconfiguredCipherSuite(t *testing.T) { + // This checks that the server can't select a cipher suite that the + // client didn't offer. See #13174. + + c, s := net.Pipe() + errChan := make(chan error, 1) + + go func() { + client := Client(c, &Config{ + ServerName: "foo", + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_GCM_SHA256}, + }) + errChan <- client.Handshake() + }() + + var header [5]byte + if _, err := io.ReadFull(s, header[:]); err != nil { + t.Fatal(err) + } + recordLen := int(header[3])<<8 | int(header[4]) + + record := make([]byte, recordLen) + if _, err := io.ReadFull(s, record); err != nil { + t.Fatal(err) + } + + // Create a ServerHello that selects a different cipher suite than the + // sole one that the client offered. + serverHello := &serverHelloMsg{ + vers: VersionTLS12, + random: make([]byte, 32), + cipherSuite: TLS_RSA_WITH_AES_256_GCM_SHA384, + } + serverHelloBytes := serverHello.marshal() + + s.Write([]byte{ + byte(recordTypeHandshake), + byte(VersionTLS12 >> 8), + byte(VersionTLS12 & 0xff), + byte(len(serverHelloBytes) >> 8), + byte(len(serverHelloBytes)), + }) + s.Write(serverHelloBytes) + s.Close() + + if err := <-errChan; !strings.Contains(err.Error(), "unconfigured cipher") { + t.Fatalf("Expected error about unconfigured cipher suite but got %q", err) + } +} + +func TestVerifyPeerCertificate(t *testing.T) { + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + + rootCAs := x509.NewCertPool() + rootCAs.AddCert(issuer) + + now := func() time.Time { return time.Unix(1476984729, 0) } + + sentinelErr := errors.New("TestVerifyPeerCertificate") + + verifyCallback := func(called *bool, rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { + if l := len(rawCerts); l != 1 { + return fmt.Errorf("got len(rawCerts) = %d, wanted 1", l) + } + if len(validatedChains) == 0 { + return errors.New("got len(validatedChains) = 0, wanted non-zero") + } + *called = true + return nil + } + + tests := []struct { + configureServer func(*Config, *bool) + configureClient func(*Config, *bool) + validate func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) + }{ + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { + return verifyCallback(called, rawCerts, validatedChains) + } + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { + return verifyCallback(called, rawCerts, validatedChains) + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != nil { + t.Errorf("test[%d]: client handshake failed: %v", testNo, clientErr) + } + if serverErr != nil { + t.Errorf("test[%d]: server handshake failed: %v", testNo, serverErr) + } + if !clientCalled { + t.Errorf("test[%d]: client did not call callback", testNo) + } + if !serverCalled { + t.Errorf("test[%d]: server did not call callback", testNo) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { + return sentinelErr + } + }, + configureClient: func(config *Config, called *bool) { + config.VerifyPeerCertificate = nil + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if serverErr != sentinelErr { + t.Errorf("#%d: got server error %v, wanted sentinelErr", testNo, serverErr) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + }, + configureClient: func(config *Config, called *bool) { + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { + return sentinelErr + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != sentinelErr { + t.Errorf("#%d: got client error %v, wanted sentinelErr", testNo, clientErr) + } + }, + }, + { + configureServer: func(config *Config, called *bool) { + config.InsecureSkipVerify = false + }, + configureClient: func(config *Config, called *bool) { + config.InsecureSkipVerify = true + config.VerifyPeerCertificate = func(rawCerts [][]byte, validatedChains [][]*x509.Certificate) error { + if l := len(rawCerts); l != 1 { + return fmt.Errorf("got len(rawCerts) = %d, wanted 1", l) + } + // With InsecureSkipVerify set, this + // callback should still be called but + // validatedChains must be empty. + if l := len(validatedChains); l != 0 { + return errors.New("got len(validatedChains) = 0, wanted zero") + } + *called = true + return nil + } + }, + validate: func(t *testing.T, testNo int, clientCalled, serverCalled bool, clientErr, serverErr error) { + if clientErr != nil { + t.Errorf("test[%d]: client handshake failed: %v", testNo, clientErr) + } + if serverErr != nil { + t.Errorf("test[%d]: server handshake failed: %v", testNo, serverErr) + } + if !clientCalled { + t.Errorf("test[%d]: client did not call callback", testNo) + } + }, + }, + } + + for i, test := range tests { + c, s := net.Pipe() + done := make(chan error) + + var clientCalled, serverCalled bool + + go func() { + config := testConfig.Clone() + config.ServerName = "example.golang" + config.ClientAuth = RequireAndVerifyClientCert + config.ClientCAs = rootCAs + config.Time = now + test.configureServer(config, &serverCalled) + + err = Server(s, config).Handshake() + s.Close() + done <- err + }() + + config := testConfig.Clone() + config.ServerName = "example.golang" + config.RootCAs = rootCAs + config.Time = now + test.configureClient(config, &clientCalled) + clientErr := Client(c, config).Handshake() + c.Close() + serverErr := <-done + + test.validate(t, i, clientCalled, serverCalled, clientErr, serverErr) + } +} + +// brokenConn wraps a net.Conn and causes all Writes after a certain number to +// fail with brokenConnErr. +type brokenConn struct { + net.Conn + + // breakAfter is the number of successful writes that will be allowed + // before all subsequent writes fail. + breakAfter int + + // numWrites is the number of writes that have been done. + numWrites int +} + +// brokenConnErr is the error that brokenConn returns once exhausted. +var brokenConnErr = errors.New("too many writes to brokenConn") + +func (b *brokenConn) Write(data []byte) (int, error) { + if b.numWrites >= b.breakAfter { + return 0, brokenConnErr + } + + b.numWrites++ + return b.Conn.Write(data) +} + +func TestFailedWrite(t *testing.T) { + // Test that a write error during the handshake is returned. + for _, breakAfter := range []int{0, 1} { + c, s := net.Pipe() + done := make(chan bool) + + go func() { + Server(s, testConfig).Handshake() + s.Close() + done <- true + }() + + brokenC := &brokenConn{Conn: c, breakAfter: breakAfter} + err := Client(brokenC, testConfig).Handshake() + if err != brokenConnErr { + t.Errorf("#%d: expected error from brokenConn but got %q", breakAfter, err) + } + brokenC.Close() + + <-done + } +} + +// writeCountingConn wraps a net.Conn and counts the number of Write calls. +type writeCountingConn struct { + net.Conn + + // numWrites is the number of writes that have been done. + numWrites int +} + +func (wcc *writeCountingConn) Write(data []byte) (int, error) { + wcc.numWrites++ + return wcc.Conn.Write(data) +} + +func TestBuffering(t *testing.T) { + c, s := net.Pipe() + done := make(chan bool) + + clientWCC := &writeCountingConn{Conn: c} + serverWCC := &writeCountingConn{Conn: s} + + go func() { + Server(serverWCC, testConfig).Handshake() + serverWCC.Close() + done <- true + }() + + err := Client(clientWCC, testConfig).Handshake() + if err != nil { + t.Fatal(err) + } + clientWCC.Close() + <-done + + if n := clientWCC.numWrites; n != 2 { + t.Errorf("expected client handshake to complete with only two writes, but saw %d", n) + } + + if n := serverWCC.numWrites; n != 2 { + t.Errorf("expected server handshake to complete with only two writes, but saw %d", n) + } +} + +func TestAlertFlushing(t *testing.T) { + c, s := net.Pipe() + done := make(chan bool) + + clientWCC := &writeCountingConn{Conn: c} + serverWCC := &writeCountingConn{Conn: s} + + serverConfig := testConfig.Clone() + + // Cause a signature-time error + brokenKey := rsa.PrivateKey{PublicKey: testRSAPrivateKey.PublicKey} + brokenKey.D = big.NewInt(42) + serverConfig.Certificates = []Certificate{{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: &brokenKey, + }} + + go func() { + Server(serverWCC, serverConfig).Handshake() + serverWCC.Close() + done <- true + }() + + err := Client(clientWCC, testConfig).Handshake() + if err == nil { + t.Fatal("client unexpectedly returned no error") + } + + const expectedError = "remote error: tls: handshake failure" + if e := err.Error(); !strings.Contains(e, expectedError) { + t.Fatalf("expected to find %q in error but error was %q", expectedError, e) + } + clientWCC.Close() + <-done + + if n := clientWCC.numWrites; n != 1 { + t.Errorf("expected client handshake to complete with one write, but saw %d", n) + } + + if n := serverWCC.numWrites; n != 1 { + t.Errorf("expected server handshake to complete with one write, but saw %d", n) + } +} + +func TestHandshakeRace(t *testing.T) { + t.Parallel() + // This test races a Read and Write to try and complete a handshake in + // order to provide some evidence that there are no races or deadlocks + // in the handshake locking. + for i := 0; i < 32; i++ { + c, s := net.Pipe() + + go func() { + server := Server(s, testConfig) + if err := server.Handshake(); err != nil { + panic(err) + } + + var request [1]byte + if n, err := server.Read(request[:]); err != nil || n != 1 { + panic(err) + } + + server.Write(request[:]) + server.Close() + }() + + startWrite := make(chan struct{}) + startRead := make(chan struct{}) + readDone := make(chan struct{}) + + client := Client(c, testConfig) + go func() { + <-startWrite + var request [1]byte + client.Write(request[:]) + }() + + go func() { + <-startRead + var reply [1]byte + if n, err := client.Read(reply[:]); err != nil || n != 1 { + panic(err) + } + c.Close() + readDone <- struct{}{} + }() + + if i&1 == 1 { + startWrite <- struct{}{} + startRead <- struct{}{} + } else { + startRead <- struct{}{} + startWrite <- struct{}{} + } + <-readDone + } +} + +func TestTLS11SignatureSchemes(t *testing.T) { + expected := tls11SignatureSchemesNumECDSA + tls11SignatureSchemesNumRSA + if expected != len(tls11SignatureSchemes) { + t.Errorf("expected to find %d TLS 1.1 signature schemes, but found %d", expected, len(tls11SignatureSchemes)) + } +} + +var getClientCertificateTests = []struct { + setup func(*Config) + expectedClientError string + verify func(*testing.T, int, *ConnectionState) +}{ + { + func(clientConfig *Config) { + // Returning a Certificate with no certificate data + // should result in an empty message being sent to the + // server. + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + if len(cri.SignatureSchemes) == 0 { + panic("empty SignatureSchemes") + } + return new(Certificate), nil + } + }, + "", + func(t *testing.T, testNum int, cs *ConnectionState) { + if l := len(cs.PeerCertificates); l != 0 { + t.Errorf("#%d: expected no certificates but got %d", testNum, l) + } + }, + }, + { + func(clientConfig *Config) { + // With TLS 1.1, the SignatureSchemes should be + // synthesised from the supported certificate types. + clientConfig.MaxVersion = VersionTLS11 + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + if len(cri.SignatureSchemes) == 0 { + panic("empty SignatureSchemes") + } + return new(Certificate), nil + } + }, + "", + func(t *testing.T, testNum int, cs *ConnectionState) { + if l := len(cs.PeerCertificates); l != 0 { + t.Errorf("#%d: expected no certificates but got %d", testNum, l) + } + }, + }, + { + func(clientConfig *Config) { + // Returning an error should abort the handshake with + // that error. + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + return nil, errors.New("GetClientCertificate") + } + }, + "GetClientCertificate", + func(t *testing.T, testNum int, cs *ConnectionState) { + }, + }, + { + func(clientConfig *Config) { + clientConfig.GetClientCertificate = func(cri *CertificateRequestInfo) (*Certificate, error) { + return &testConfig.Certificates[0], nil + } + }, + "", + func(t *testing.T, testNum int, cs *ConnectionState) { + if l := len(cs.VerifiedChains); l != 0 { + t.Errorf("#%d: expected some verified chains, but found none", testNum) + } + }, + }, +} + +func TestGetClientCertificate(t *testing.T) { + issuer, err := x509.ParseCertificate(testRSACertificateIssuer) + if err != nil { + panic(err) + } + + for i, test := range getClientCertificateTests { + serverConfig := testConfig.Clone() + serverConfig.ClientAuth = RequestClientCert + serverConfig.RootCAs = x509.NewCertPool() + serverConfig.RootCAs.AddCert(issuer) + + clientConfig := testConfig.Clone() + + test.setup(clientConfig) + + type serverResult struct { + cs ConnectionState + err error + } + + c, s := net.Pipe() + done := make(chan serverResult) + + go func() { + defer s.Close() + server := Server(s, serverConfig) + err := server.Handshake() + + var cs ConnectionState + if err == nil { + cs = server.ConnectionState() + } + done <- serverResult{cs, err} + }() + + clientErr := Client(c, clientConfig).Handshake() + c.Close() + + result := <-done + + if clientErr != nil { + if len(test.expectedClientError) == 0 { + t.Errorf("#%d: client error: %v", i, clientErr) + } else if got := clientErr.Error(); got != test.expectedClientError { + t.Errorf("#%d: expected client error %q, but got %q", i, test.expectedClientError, got) + } + } else if len(test.expectedClientError) > 0 { + t.Errorf("#%d: expected client error %q, but got no error", i, test.expectedClientError) + } else if err := result.err; err != nil { + t.Errorf("#%d: server error: %v", i, err) + } else { + test.verify(t, i, &result.cs) + } + } +} diff --git a/handshake_messages.go b/handshake_messages.go new file mode 100644 index 0000000..0c7581f --- /dev/null +++ b/handshake_messages.go @@ -0,0 +1,1568 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "strings" +) + +type clientHelloMsg struct { + raw []byte + vers uint16 + random []byte + sessionId []byte + cipherSuites []uint16 + compressionMethods []uint8 + nextProtoNeg bool + serverName string + ocspStapling bool + scts bool + supportedCurves []CurveID + supportedPoints []uint8 + ticketSupported bool + sessionTicket []uint8 + signatureAndHashes []signatureAndHash + secureRenegotiation []byte + secureRenegotiationSupported bool + alpnProtocols []string +} + +func (m *clientHelloMsg) equal(i interface{}) bool { + m1, ok := i.(*clientHelloMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + m.vers == m1.vers && + bytes.Equal(m.random, m1.random) && + bytes.Equal(m.sessionId, m1.sessionId) && + eqUint16s(m.cipherSuites, m1.cipherSuites) && + bytes.Equal(m.compressionMethods, m1.compressionMethods) && + m.nextProtoNeg == m1.nextProtoNeg && + m.serverName == m1.serverName && + m.ocspStapling == m1.ocspStapling && + m.scts == m1.scts && + eqCurveIDs(m.supportedCurves, m1.supportedCurves) && + bytes.Equal(m.supportedPoints, m1.supportedPoints) && + m.ticketSupported == m1.ticketSupported && + bytes.Equal(m.sessionTicket, m1.sessionTicket) && + eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) && + m.secureRenegotiationSupported == m1.secureRenegotiationSupported && + bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) && + eqStrings(m.alpnProtocols, m1.alpnProtocols) +} + +func (m *clientHelloMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + + length := 2 + 32 + 1 + len(m.sessionId) + 2 + len(m.cipherSuites)*2 + 1 + len(m.compressionMethods) + numExtensions := 0 + extensionsLength := 0 + if m.nextProtoNeg { + numExtensions++ + } + if m.ocspStapling { + extensionsLength += 1 + 2 + 2 + numExtensions++ + } + if len(m.serverName) > 0 { + extensionsLength += 5 + len(m.serverName) + numExtensions++ + } + if len(m.supportedCurves) > 0 { + extensionsLength += 2 + 2*len(m.supportedCurves) + numExtensions++ + } + if len(m.supportedPoints) > 0 { + extensionsLength += 1 + len(m.supportedPoints) + numExtensions++ + } + if m.ticketSupported { + extensionsLength += len(m.sessionTicket) + numExtensions++ + } + if len(m.signatureAndHashes) > 0 { + extensionsLength += 2 + 2*len(m.signatureAndHashes) + numExtensions++ + } + if m.secureRenegotiationSupported { + extensionsLength += 1 + len(m.secureRenegotiation) + numExtensions++ + } + if len(m.alpnProtocols) > 0 { + extensionsLength += 2 + for _, s := range m.alpnProtocols { + if l := len(s); l == 0 || l > 255 { + panic("invalid ALPN protocol") + } + extensionsLength++ + extensionsLength += len(s) + } + numExtensions++ + } + if m.scts { + numExtensions++ + } + if numExtensions > 0 { + extensionsLength += 4 * numExtensions + length += 2 + extensionsLength + } + + x := make([]byte, 4+length) + x[0] = typeClientHello + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + x[4] = uint8(m.vers >> 8) + x[5] = uint8(m.vers) + copy(x[6:38], m.random) + x[38] = uint8(len(m.sessionId)) + copy(x[39:39+len(m.sessionId)], m.sessionId) + y := x[39+len(m.sessionId):] + y[0] = uint8(len(m.cipherSuites) >> 7) + y[1] = uint8(len(m.cipherSuites) << 1) + for i, suite := range m.cipherSuites { + y[2+i*2] = uint8(suite >> 8) + y[3+i*2] = uint8(suite) + } + z := y[2+len(m.cipherSuites)*2:] + z[0] = uint8(len(m.compressionMethods)) + copy(z[1:], m.compressionMethods) + + z = z[1+len(m.compressionMethods):] + if numExtensions > 0 { + z[0] = byte(extensionsLength >> 8) + z[1] = byte(extensionsLength) + z = z[2:] + } + if m.nextProtoNeg { + z[0] = byte(extensionNextProtoNeg >> 8) + z[1] = byte(extensionNextProtoNeg & 0xff) + // The length is always 0 + z = z[4:] + } + if len(m.serverName) > 0 { + z[0] = byte(extensionServerName >> 8) + z[1] = byte(extensionServerName & 0xff) + l := len(m.serverName) + 5 + z[2] = byte(l >> 8) + z[3] = byte(l) + z = z[4:] + + // RFC 3546, section 3.1 + // + // struct { + // NameType name_type; + // select (name_type) { + // case host_name: HostName; + // } name; + // } ServerName; + // + // enum { + // host_name(0), (255) + // } NameType; + // + // opaque HostName<1..2^16-1>; + // + // struct { + // ServerName server_name_list<1..2^16-1> + // } ServerNameList; + + z[0] = byte((len(m.serverName) + 3) >> 8) + z[1] = byte(len(m.serverName) + 3) + z[3] = byte(len(m.serverName) >> 8) + z[4] = byte(len(m.serverName)) + copy(z[5:], []byte(m.serverName)) + z = z[l:] + } + if m.ocspStapling { + // RFC 4366, section 3.6 + z[0] = byte(extensionStatusRequest >> 8) + z[1] = byte(extensionStatusRequest) + z[2] = 0 + z[3] = 5 + z[4] = 1 // OCSP type + // Two zero valued uint16s for the two lengths. + z = z[9:] + } + if len(m.supportedCurves) > 0 { + // http://tools.ietf.org/html/rfc4492#section-5.5.1 + z[0] = byte(extensionSupportedCurves >> 8) + z[1] = byte(extensionSupportedCurves) + l := 2 + 2*len(m.supportedCurves) + z[2] = byte(l >> 8) + z[3] = byte(l) + l -= 2 + z[4] = byte(l >> 8) + z[5] = byte(l) + z = z[6:] + for _, curve := range m.supportedCurves { + z[0] = byte(curve >> 8) + z[1] = byte(curve) + z = z[2:] + } + } + if len(m.supportedPoints) > 0 { + // http://tools.ietf.org/html/rfc4492#section-5.5.2 + z[0] = byte(extensionSupportedPoints >> 8) + z[1] = byte(extensionSupportedPoints) + l := 1 + len(m.supportedPoints) + z[2] = byte(l >> 8) + z[3] = byte(l) + l-- + z[4] = byte(l) + z = z[5:] + for _, pointFormat := range m.supportedPoints { + z[0] = pointFormat + z = z[1:] + } + } + if m.ticketSupported { + // http://tools.ietf.org/html/rfc5077#section-3.2 + z[0] = byte(extensionSessionTicket >> 8) + z[1] = byte(extensionSessionTicket) + l := len(m.sessionTicket) + z[2] = byte(l >> 8) + z[3] = byte(l) + z = z[4:] + copy(z, m.sessionTicket) + z = z[len(m.sessionTicket):] + } + if len(m.signatureAndHashes) > 0 { + // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + z[0] = byte(extensionSignatureAlgorithms >> 8) + z[1] = byte(extensionSignatureAlgorithms) + l := 2 + 2*len(m.signatureAndHashes) + z[2] = byte(l >> 8) + z[3] = byte(l) + z = z[4:] + + l -= 2 + z[0] = byte(l >> 8) + z[1] = byte(l) + z = z[2:] + for _, sigAndHash := range m.signatureAndHashes { + z[0] = sigAndHash.hash + z[1] = sigAndHash.signature + z = z[2:] + } + } + if m.secureRenegotiationSupported { + z[0] = byte(extensionRenegotiationInfo >> 8) + z[1] = byte(extensionRenegotiationInfo & 0xff) + z[2] = 0 + z[3] = byte(len(m.secureRenegotiation) + 1) + z[4] = byte(len(m.secureRenegotiation)) + z = z[5:] + copy(z, m.secureRenegotiation) + z = z[len(m.secureRenegotiation):] + } + if len(m.alpnProtocols) > 0 { + z[0] = byte(extensionALPN >> 8) + z[1] = byte(extensionALPN & 0xff) + lengths := z[2:] + z = z[6:] + + stringsLength := 0 + for _, s := range m.alpnProtocols { + l := len(s) + z[0] = byte(l) + copy(z[1:], s) + z = z[1+l:] + stringsLength += 1 + l + } + + lengths[2] = byte(stringsLength >> 8) + lengths[3] = byte(stringsLength) + stringsLength += 2 + lengths[0] = byte(stringsLength >> 8) + lengths[1] = byte(stringsLength) + } + if m.scts { + // https://tools.ietf.org/html/rfc6962#section-3.3.1 + z[0] = byte(extensionSCT >> 8) + z[1] = byte(extensionSCT) + // zero uint16 for the zero-length extension_data + z = z[4:] + } + + m.raw = x + + return x +} + +func (m *clientHelloMsg) unmarshal(data []byte) bool { + if len(data) < 42 { + return false + } + m.raw = data + m.vers = uint16(data[4])<<8 | uint16(data[5]) + m.random = data[6:38] + sessionIdLen := int(data[38]) + if sessionIdLen > 32 || len(data) < 39+sessionIdLen { + return false + } + m.sessionId = data[39 : 39+sessionIdLen] + data = data[39+sessionIdLen:] + if len(data) < 2 { + return false + } + // cipherSuiteLen is the number of bytes of cipher suite numbers. Since + // they are uint16s, the number must be even. + cipherSuiteLen := int(data[0])<<8 | int(data[1]) + if cipherSuiteLen%2 == 1 || len(data) < 2+cipherSuiteLen { + return false + } + numCipherSuites := cipherSuiteLen / 2 + m.cipherSuites = make([]uint16, numCipherSuites) + for i := 0; i < numCipherSuites; i++ { + m.cipherSuites[i] = uint16(data[2+2*i])<<8 | uint16(data[3+2*i]) + if m.cipherSuites[i] == scsvRenegotiation { + m.secureRenegotiationSupported = true + } + } + data = data[2+cipherSuiteLen:] + if len(data) < 1 { + return false + } + compressionMethodsLen := int(data[0]) + if len(data) < 1+compressionMethodsLen { + return false + } + m.compressionMethods = data[1 : 1+compressionMethodsLen] + + data = data[1+compressionMethodsLen:] + + m.nextProtoNeg = false + m.serverName = "" + m.ocspStapling = false + m.ticketSupported = false + m.sessionTicket = nil + m.signatureAndHashes = nil + m.alpnProtocols = nil + m.scts = false + + if len(data) == 0 { + // ClientHello is optionally followed by extension data + return true + } + if len(data) < 2 { + return false + } + + extensionsLength := int(data[0])<<8 | int(data[1]) + data = data[2:] + if extensionsLength != len(data) { + return false + } + + for len(data) != 0 { + if len(data) < 4 { + return false + } + extension := uint16(data[0])<<8 | uint16(data[1]) + length := int(data[2])<<8 | int(data[3]) + data = data[4:] + if len(data) < length { + return false + } + + switch extension { + case extensionServerName: + d := data[:length] + if len(d) < 2 { + return false + } + namesLen := int(d[0])<<8 | int(d[1]) + d = d[2:] + if len(d) != namesLen { + return false + } + for len(d) > 0 { + if len(d) < 3 { + return false + } + nameType := d[0] + nameLen := int(d[1])<<8 | int(d[2]) + d = d[3:] + if len(d) < nameLen { + return false + } + if nameType == 0 { + m.serverName = string(d[:nameLen]) + // An SNI value may not include a + // trailing dot. See + // https://tools.ietf.org/html/rfc6066#section-3. + if strings.HasSuffix(m.serverName, ".") { + return false + } + break + } + d = d[nameLen:] + } + case extensionNextProtoNeg: + if length > 0 { + return false + } + m.nextProtoNeg = true + case extensionStatusRequest: + m.ocspStapling = length > 0 && data[0] == statusTypeOCSP + case extensionSupportedCurves: + // http://tools.ietf.org/html/rfc4492#section-5.5.1 + if length < 2 { + return false + } + l := int(data[0])<<8 | int(data[1]) + if l%2 == 1 || length != l+2 { + return false + } + numCurves := l / 2 + m.supportedCurves = make([]CurveID, numCurves) + d := data[2:] + for i := 0; i < numCurves; i++ { + m.supportedCurves[i] = CurveID(d[0])<<8 | CurveID(d[1]) + d = d[2:] + } + case extensionSupportedPoints: + // http://tools.ietf.org/html/rfc4492#section-5.5.2 + if length < 1 { + return false + } + l := int(data[0]) + if length != l+1 { + return false + } + m.supportedPoints = make([]uint8, l) + copy(m.supportedPoints, data[1:]) + case extensionSessionTicket: + // http://tools.ietf.org/html/rfc5077#section-3.2 + m.ticketSupported = true + m.sessionTicket = data[:length] + case extensionSignatureAlgorithms: + // https://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + if length < 2 || length&1 != 0 { + return false + } + l := int(data[0])<<8 | int(data[1]) + if l != length-2 { + return false + } + n := l / 2 + d := data[2:] + m.signatureAndHashes = make([]signatureAndHash, n) + for i := range m.signatureAndHashes { + m.signatureAndHashes[i].hash = d[0] + m.signatureAndHashes[i].signature = d[1] + d = d[2:] + } + case extensionRenegotiationInfo: + if length == 0 { + return false + } + d := data[:length] + l := int(d[0]) + d = d[1:] + if l != len(d) { + return false + } + + m.secureRenegotiation = d + m.secureRenegotiationSupported = true + case extensionALPN: + if length < 2 { + return false + } + l := int(data[0])<<8 | int(data[1]) + if l != length-2 { + return false + } + d := data[2:length] + for len(d) != 0 { + stringLen := int(d[0]) + d = d[1:] + if stringLen == 0 || stringLen > len(d) { + return false + } + m.alpnProtocols = append(m.alpnProtocols, string(d[:stringLen])) + d = d[stringLen:] + } + case extensionSCT: + m.scts = true + if length != 0 { + return false + } + } + data = data[length:] + } + + return true +} + +type serverHelloMsg struct { + raw []byte + vers uint16 + random []byte + sessionId []byte + cipherSuite uint16 + compressionMethod uint8 + nextProtoNeg bool + nextProtos []string + ocspStapling bool + scts [][]byte + ticketSupported bool + secureRenegotiation []byte + secureRenegotiationSupported bool + alpnProtocol string +} + +func (m *serverHelloMsg) equal(i interface{}) bool { + m1, ok := i.(*serverHelloMsg) + if !ok { + return false + } + + if len(m.scts) != len(m1.scts) { + return false + } + for i, sct := range m.scts { + if !bytes.Equal(sct, m1.scts[i]) { + return false + } + } + + return bytes.Equal(m.raw, m1.raw) && + m.vers == m1.vers && + bytes.Equal(m.random, m1.random) && + bytes.Equal(m.sessionId, m1.sessionId) && + m.cipherSuite == m1.cipherSuite && + m.compressionMethod == m1.compressionMethod && + m.nextProtoNeg == m1.nextProtoNeg && + eqStrings(m.nextProtos, m1.nextProtos) && + m.ocspStapling == m1.ocspStapling && + m.ticketSupported == m1.ticketSupported && + m.secureRenegotiationSupported == m1.secureRenegotiationSupported && + bytes.Equal(m.secureRenegotiation, m1.secureRenegotiation) && + m.alpnProtocol == m1.alpnProtocol +} + +func (m *serverHelloMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + + length := 38 + len(m.sessionId) + numExtensions := 0 + extensionsLength := 0 + + nextProtoLen := 0 + if m.nextProtoNeg { + numExtensions++ + for _, v := range m.nextProtos { + nextProtoLen += len(v) + } + nextProtoLen += len(m.nextProtos) + extensionsLength += nextProtoLen + } + if m.ocspStapling { + numExtensions++ + } + if m.ticketSupported { + numExtensions++ + } + if m.secureRenegotiationSupported { + extensionsLength += 1 + len(m.secureRenegotiation) + numExtensions++ + } + if alpnLen := len(m.alpnProtocol); alpnLen > 0 { + if alpnLen >= 256 { + panic("invalid ALPN protocol") + } + extensionsLength += 2 + 1 + alpnLen + numExtensions++ + } + sctLen := 0 + if len(m.scts) > 0 { + for _, sct := range m.scts { + sctLen += len(sct) + 2 + } + extensionsLength += 2 + sctLen + numExtensions++ + } + + if numExtensions > 0 { + extensionsLength += 4 * numExtensions + length += 2 + extensionsLength + } + + x := make([]byte, 4+length) + x[0] = typeServerHello + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + x[4] = uint8(m.vers >> 8) + x[5] = uint8(m.vers) + copy(x[6:38], m.random) + x[38] = uint8(len(m.sessionId)) + copy(x[39:39+len(m.sessionId)], m.sessionId) + z := x[39+len(m.sessionId):] + z[0] = uint8(m.cipherSuite >> 8) + z[1] = uint8(m.cipherSuite) + z[2] = m.compressionMethod + + z = z[3:] + if numExtensions > 0 { + z[0] = byte(extensionsLength >> 8) + z[1] = byte(extensionsLength) + z = z[2:] + } + if m.nextProtoNeg { + z[0] = byte(extensionNextProtoNeg >> 8) + z[1] = byte(extensionNextProtoNeg & 0xff) + z[2] = byte(nextProtoLen >> 8) + z[3] = byte(nextProtoLen) + z = z[4:] + + for _, v := range m.nextProtos { + l := len(v) + if l > 255 { + l = 255 + } + z[0] = byte(l) + copy(z[1:], []byte(v[0:l])) + z = z[1+l:] + } + } + if m.ocspStapling { + z[0] = byte(extensionStatusRequest >> 8) + z[1] = byte(extensionStatusRequest) + z = z[4:] + } + if m.ticketSupported { + z[0] = byte(extensionSessionTicket >> 8) + z[1] = byte(extensionSessionTicket) + z = z[4:] + } + if m.secureRenegotiationSupported { + z[0] = byte(extensionRenegotiationInfo >> 8) + z[1] = byte(extensionRenegotiationInfo & 0xff) + z[2] = 0 + z[3] = byte(len(m.secureRenegotiation) + 1) + z[4] = byte(len(m.secureRenegotiation)) + z = z[5:] + copy(z, m.secureRenegotiation) + z = z[len(m.secureRenegotiation):] + } + if alpnLen := len(m.alpnProtocol); alpnLen > 0 { + z[0] = byte(extensionALPN >> 8) + z[1] = byte(extensionALPN & 0xff) + l := 2 + 1 + alpnLen + z[2] = byte(l >> 8) + z[3] = byte(l) + l -= 2 + z[4] = byte(l >> 8) + z[5] = byte(l) + l -= 1 + z[6] = byte(l) + copy(z[7:], []byte(m.alpnProtocol)) + z = z[7+alpnLen:] + } + if sctLen > 0 { + z[0] = byte(extensionSCT >> 8) + z[1] = byte(extensionSCT) + l := sctLen + 2 + z[2] = byte(l >> 8) + z[3] = byte(l) + z[4] = byte(sctLen >> 8) + z[5] = byte(sctLen) + + z = z[6:] + for _, sct := range m.scts { + z[0] = byte(len(sct) >> 8) + z[1] = byte(len(sct)) + copy(z[2:], sct) + z = z[len(sct)+2:] + } + } + + m.raw = x + + return x +} + +func (m *serverHelloMsg) unmarshal(data []byte) bool { + if len(data) < 42 { + return false + } + m.raw = data + m.vers = uint16(data[4])<<8 | uint16(data[5]) + m.random = data[6:38] + sessionIdLen := int(data[38]) + if sessionIdLen > 32 || len(data) < 39+sessionIdLen { + return false + } + m.sessionId = data[39 : 39+sessionIdLen] + data = data[39+sessionIdLen:] + if len(data) < 3 { + return false + } + m.cipherSuite = uint16(data[0])<<8 | uint16(data[1]) + m.compressionMethod = data[2] + data = data[3:] + + m.nextProtoNeg = false + m.nextProtos = nil + m.ocspStapling = false + m.scts = nil + m.ticketSupported = false + m.alpnProtocol = "" + + if len(data) == 0 { + // ServerHello is optionally followed by extension data + return true + } + if len(data) < 2 { + return false + } + + extensionsLength := int(data[0])<<8 | int(data[1]) + data = data[2:] + if len(data) != extensionsLength { + return false + } + + for len(data) != 0 { + if len(data) < 4 { + return false + } + extension := uint16(data[0])<<8 | uint16(data[1]) + length := int(data[2])<<8 | int(data[3]) + data = data[4:] + if len(data) < length { + return false + } + + switch extension { + case extensionNextProtoNeg: + m.nextProtoNeg = true + d := data[:length] + for len(d) > 0 { + l := int(d[0]) + d = d[1:] + if l == 0 || l > len(d) { + return false + } + m.nextProtos = append(m.nextProtos, string(d[:l])) + d = d[l:] + } + case extensionStatusRequest: + if length > 0 { + return false + } + m.ocspStapling = true + case extensionSessionTicket: + if length > 0 { + return false + } + m.ticketSupported = true + case extensionRenegotiationInfo: + if length == 0 { + return false + } + d := data[:length] + l := int(d[0]) + d = d[1:] + if l != len(d) { + return false + } + + m.secureRenegotiation = d + m.secureRenegotiationSupported = true + case extensionALPN: + d := data[:length] + if len(d) < 3 { + return false + } + l := int(d[0])<<8 | int(d[1]) + if l != len(d)-2 { + return false + } + d = d[2:] + l = int(d[0]) + if l != len(d)-1 { + return false + } + d = d[1:] + if len(d) == 0 { + // ALPN protocols must not be empty. + return false + } + m.alpnProtocol = string(d) + case extensionSCT: + d := data[:length] + + if len(d) < 2 { + return false + } + l := int(d[0])<<8 | int(d[1]) + d = d[2:] + if len(d) != l || l == 0 { + return false + } + + m.scts = make([][]byte, 0, 3) + for len(d) != 0 { + if len(d) < 2 { + return false + } + sctLen := int(d[0])<<8 | int(d[1]) + d = d[2:] + if sctLen == 0 || len(d) < sctLen { + return false + } + m.scts = append(m.scts, d[:sctLen]) + d = d[sctLen:] + } + } + data = data[length:] + } + + return true +} + +type certificateMsg struct { + raw []byte + certificates [][]byte +} + +func (m *certificateMsg) equal(i interface{}) bool { + m1, ok := i.(*certificateMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + eqByteSlices(m.certificates, m1.certificates) +} + +func (m *certificateMsg) marshal() (x []byte) { + if m.raw != nil { + return m.raw + } + + var i int + for _, slice := range m.certificates { + i += len(slice) + } + + length := 3 + 3*len(m.certificates) + i + x = make([]byte, 4+length) + x[0] = typeCertificate + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + + certificateOctets := length - 3 + x[4] = uint8(certificateOctets >> 16) + x[5] = uint8(certificateOctets >> 8) + x[6] = uint8(certificateOctets) + + y := x[7:] + for _, slice := range m.certificates { + y[0] = uint8(len(slice) >> 16) + y[1] = uint8(len(slice) >> 8) + y[2] = uint8(len(slice)) + copy(y[3:], slice) + y = y[3+len(slice):] + } + + m.raw = x + return +} + +func (m *certificateMsg) unmarshal(data []byte) bool { + if len(data) < 7 { + return false + } + + m.raw = data + certsLen := uint32(data[4])<<16 | uint32(data[5])<<8 | uint32(data[6]) + if uint32(len(data)) != certsLen+7 { + return false + } + + numCerts := 0 + d := data[7:] + for certsLen > 0 { + if len(d) < 4 { + return false + } + certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2]) + if uint32(len(d)) < 3+certLen { + return false + } + d = d[3+certLen:] + certsLen -= 3 + certLen + numCerts++ + } + + m.certificates = make([][]byte, numCerts) + d = data[7:] + for i := 0; i < numCerts; i++ { + certLen := uint32(d[0])<<16 | uint32(d[1])<<8 | uint32(d[2]) + m.certificates[i] = d[3 : 3+certLen] + d = d[3+certLen:] + } + + return true +} + +type serverKeyExchangeMsg struct { + raw []byte + key []byte +} + +func (m *serverKeyExchangeMsg) equal(i interface{}) bool { + m1, ok := i.(*serverKeyExchangeMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + bytes.Equal(m.key, m1.key) +} + +func (m *serverKeyExchangeMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + length := len(m.key) + x := make([]byte, length+4) + x[0] = typeServerKeyExchange + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + copy(x[4:], m.key) + + m.raw = x + return x +} + +func (m *serverKeyExchangeMsg) unmarshal(data []byte) bool { + m.raw = data + if len(data) < 4 { + return false + } + m.key = data[4:] + return true +} + +type certificateStatusMsg struct { + raw []byte + statusType uint8 + response []byte +} + +func (m *certificateStatusMsg) equal(i interface{}) bool { + m1, ok := i.(*certificateStatusMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + m.statusType == m1.statusType && + bytes.Equal(m.response, m1.response) +} + +func (m *certificateStatusMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + + var x []byte + if m.statusType == statusTypeOCSP { + x = make([]byte, 4+4+len(m.response)) + x[0] = typeCertificateStatus + l := len(m.response) + 4 + x[1] = byte(l >> 16) + x[2] = byte(l >> 8) + x[3] = byte(l) + x[4] = statusTypeOCSP + + l -= 4 + x[5] = byte(l >> 16) + x[6] = byte(l >> 8) + x[7] = byte(l) + copy(x[8:], m.response) + } else { + x = []byte{typeCertificateStatus, 0, 0, 1, m.statusType} + } + + m.raw = x + return x +} + +func (m *certificateStatusMsg) unmarshal(data []byte) bool { + m.raw = data + if len(data) < 5 { + return false + } + m.statusType = data[4] + + m.response = nil + if m.statusType == statusTypeOCSP { + if len(data) < 8 { + return false + } + respLen := uint32(data[5])<<16 | uint32(data[6])<<8 | uint32(data[7]) + if uint32(len(data)) != 4+4+respLen { + return false + } + m.response = data[8:] + } + return true +} + +type serverHelloDoneMsg struct{} + +func (m *serverHelloDoneMsg) equal(i interface{}) bool { + _, ok := i.(*serverHelloDoneMsg) + return ok +} + +func (m *serverHelloDoneMsg) marshal() []byte { + x := make([]byte, 4) + x[0] = typeServerHelloDone + return x +} + +func (m *serverHelloDoneMsg) unmarshal(data []byte) bool { + return len(data) == 4 +} + +type clientKeyExchangeMsg struct { + raw []byte + ciphertext []byte +} + +func (m *clientKeyExchangeMsg) equal(i interface{}) bool { + m1, ok := i.(*clientKeyExchangeMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + bytes.Equal(m.ciphertext, m1.ciphertext) +} + +func (m *clientKeyExchangeMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + length := len(m.ciphertext) + x := make([]byte, length+4) + x[0] = typeClientKeyExchange + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + copy(x[4:], m.ciphertext) + + m.raw = x + return x +} + +func (m *clientKeyExchangeMsg) unmarshal(data []byte) bool { + m.raw = data + if len(data) < 4 { + return false + } + l := int(data[1])<<16 | int(data[2])<<8 | int(data[3]) + if l != len(data)-4 { + return false + } + m.ciphertext = data[4:] + return true +} + +type finishedMsg struct { + raw []byte + verifyData []byte +} + +func (m *finishedMsg) equal(i interface{}) bool { + m1, ok := i.(*finishedMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + bytes.Equal(m.verifyData, m1.verifyData) +} + +func (m *finishedMsg) marshal() (x []byte) { + if m.raw != nil { + return m.raw + } + + x = make([]byte, 4+len(m.verifyData)) + x[0] = typeFinished + x[3] = byte(len(m.verifyData)) + copy(x[4:], m.verifyData) + m.raw = x + return +} + +func (m *finishedMsg) unmarshal(data []byte) bool { + m.raw = data + if len(data) < 4 { + return false + } + m.verifyData = data[4:] + return true +} + +type nextProtoMsg struct { + raw []byte + proto string +} + +func (m *nextProtoMsg) equal(i interface{}) bool { + m1, ok := i.(*nextProtoMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + m.proto == m1.proto +} + +func (m *nextProtoMsg) marshal() []byte { + if m.raw != nil { + return m.raw + } + l := len(m.proto) + if l > 255 { + l = 255 + } + + padding := 32 - (l+2)%32 + length := l + padding + 2 + x := make([]byte, length+4) + x[0] = typeNextProtocol + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + + y := x[4:] + y[0] = byte(l) + copy(y[1:], []byte(m.proto[0:l])) + y = y[1+l:] + y[0] = byte(padding) + + m.raw = x + + return x +} + +func (m *nextProtoMsg) unmarshal(data []byte) bool { + m.raw = data + + if len(data) < 5 { + return false + } + data = data[4:] + protoLen := int(data[0]) + data = data[1:] + if len(data) < protoLen { + return false + } + m.proto = string(data[0:protoLen]) + data = data[protoLen:] + + if len(data) < 1 { + return false + } + paddingLen := int(data[0]) + data = data[1:] + if len(data) != paddingLen { + return false + } + + return true +} + +type certificateRequestMsg struct { + raw []byte + // hasSignatureAndHash indicates whether this message includes a list + // of signature and hash functions. This change was introduced with TLS + // 1.2. + hasSignatureAndHash bool + + certificateTypes []byte + signatureAndHashes []signatureAndHash + certificateAuthorities [][]byte +} + +func (m *certificateRequestMsg) equal(i interface{}) bool { + m1, ok := i.(*certificateRequestMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + bytes.Equal(m.certificateTypes, m1.certificateTypes) && + eqByteSlices(m.certificateAuthorities, m1.certificateAuthorities) && + eqSignatureAndHashes(m.signatureAndHashes, m1.signatureAndHashes) +} + +func (m *certificateRequestMsg) marshal() (x []byte) { + if m.raw != nil { + return m.raw + } + + // See http://tools.ietf.org/html/rfc4346#section-7.4.4 + length := 1 + len(m.certificateTypes) + 2 + casLength := 0 + for _, ca := range m.certificateAuthorities { + casLength += 2 + len(ca) + } + length += casLength + + if m.hasSignatureAndHash { + length += 2 + 2*len(m.signatureAndHashes) + } + + x = make([]byte, 4+length) + x[0] = typeCertificateRequest + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + + x[4] = uint8(len(m.certificateTypes)) + + copy(x[5:], m.certificateTypes) + y := x[5+len(m.certificateTypes):] + + if m.hasSignatureAndHash { + n := len(m.signatureAndHashes) * 2 + y[0] = uint8(n >> 8) + y[1] = uint8(n) + y = y[2:] + for _, sigAndHash := range m.signatureAndHashes { + y[0] = sigAndHash.hash + y[1] = sigAndHash.signature + y = y[2:] + } + } + + y[0] = uint8(casLength >> 8) + y[1] = uint8(casLength) + y = y[2:] + for _, ca := range m.certificateAuthorities { + y[0] = uint8(len(ca) >> 8) + y[1] = uint8(len(ca)) + y = y[2:] + copy(y, ca) + y = y[len(ca):] + } + + m.raw = x + return +} + +func (m *certificateRequestMsg) unmarshal(data []byte) bool { + m.raw = data + + if len(data) < 5 { + return false + } + + length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) + if uint32(len(data))-4 != length { + return false + } + + numCertTypes := int(data[4]) + data = data[5:] + if numCertTypes == 0 || len(data) <= numCertTypes { + return false + } + + m.certificateTypes = make([]byte, numCertTypes) + if copy(m.certificateTypes, data) != numCertTypes { + return false + } + + data = data[numCertTypes:] + + if m.hasSignatureAndHash { + if len(data) < 2 { + return false + } + sigAndHashLen := uint16(data[0])<<8 | uint16(data[1]) + data = data[2:] + if sigAndHashLen&1 != 0 { + return false + } + if len(data) < int(sigAndHashLen) { + return false + } + numSigAndHash := sigAndHashLen / 2 + m.signatureAndHashes = make([]signatureAndHash, numSigAndHash) + for i := range m.signatureAndHashes { + m.signatureAndHashes[i].hash = data[0] + m.signatureAndHashes[i].signature = data[1] + data = data[2:] + } + } + + if len(data) < 2 { + return false + } + casLength := uint16(data[0])<<8 | uint16(data[1]) + data = data[2:] + if len(data) < int(casLength) { + return false + } + cas := make([]byte, casLength) + copy(cas, data) + data = data[casLength:] + + m.certificateAuthorities = nil + for len(cas) > 0 { + if len(cas) < 2 { + return false + } + caLen := uint16(cas[0])<<8 | uint16(cas[1]) + cas = cas[2:] + + if len(cas) < int(caLen) { + return false + } + + m.certificateAuthorities = append(m.certificateAuthorities, cas[:caLen]) + cas = cas[caLen:] + } + + return len(data) == 0 +} + +type certificateVerifyMsg struct { + raw []byte + hasSignatureAndHash bool + signatureAndHash signatureAndHash + signature []byte +} + +func (m *certificateVerifyMsg) equal(i interface{}) bool { + m1, ok := i.(*certificateVerifyMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + m.hasSignatureAndHash == m1.hasSignatureAndHash && + m.signatureAndHash.hash == m1.signatureAndHash.hash && + m.signatureAndHash.signature == m1.signatureAndHash.signature && + bytes.Equal(m.signature, m1.signature) +} + +func (m *certificateVerifyMsg) marshal() (x []byte) { + if m.raw != nil { + return m.raw + } + + // See http://tools.ietf.org/html/rfc4346#section-7.4.8 + siglength := len(m.signature) + length := 2 + siglength + if m.hasSignatureAndHash { + length += 2 + } + x = make([]byte, 4+length) + x[0] = typeCertificateVerify + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + y := x[4:] + if m.hasSignatureAndHash { + y[0] = m.signatureAndHash.hash + y[1] = m.signatureAndHash.signature + y = y[2:] + } + y[0] = uint8(siglength >> 8) + y[1] = uint8(siglength) + copy(y[2:], m.signature) + + m.raw = x + + return +} + +func (m *certificateVerifyMsg) unmarshal(data []byte) bool { + m.raw = data + + if len(data) < 6 { + return false + } + + length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) + if uint32(len(data))-4 != length { + return false + } + + data = data[4:] + if m.hasSignatureAndHash { + m.signatureAndHash.hash = data[0] + m.signatureAndHash.signature = data[1] + data = data[2:] + } + + if len(data) < 2 { + return false + } + siglength := int(data[0])<<8 + int(data[1]) + data = data[2:] + if len(data) != siglength { + return false + } + + m.signature = data + + return true +} + +type newSessionTicketMsg struct { + raw []byte + ticket []byte +} + +func (m *newSessionTicketMsg) equal(i interface{}) bool { + m1, ok := i.(*newSessionTicketMsg) + if !ok { + return false + } + + return bytes.Equal(m.raw, m1.raw) && + bytes.Equal(m.ticket, m1.ticket) +} + +func (m *newSessionTicketMsg) marshal() (x []byte) { + if m.raw != nil { + return m.raw + } + + // See http://tools.ietf.org/html/rfc5077#section-3.3 + ticketLen := len(m.ticket) + length := 2 + 4 + ticketLen + x = make([]byte, 4+length) + x[0] = typeNewSessionTicket + x[1] = uint8(length >> 16) + x[2] = uint8(length >> 8) + x[3] = uint8(length) + x[8] = uint8(ticketLen >> 8) + x[9] = uint8(ticketLen) + copy(x[10:], m.ticket) + + m.raw = x + + return +} + +func (m *newSessionTicketMsg) unmarshal(data []byte) bool { + m.raw = data + + if len(data) < 10 { + return false + } + + length := uint32(data[1])<<16 | uint32(data[2])<<8 | uint32(data[3]) + if uint32(len(data))-4 != length { + return false + } + + ticketLen := int(data[8])<<8 + int(data[9]) + if len(data)-10 != ticketLen { + return false + } + + m.ticket = data[10:] + + return true +} + +type helloRequestMsg struct { +} + +func (*helloRequestMsg) marshal() []byte { + return []byte{typeHelloRequest, 0, 0, 0} +} + +func (*helloRequestMsg) unmarshal(data []byte) bool { + return len(data) == 4 +} + +func eqUint16s(x, y []uint16) bool { + if len(x) != len(y) { + return false + } + for i, v := range x { + if y[i] != v { + return false + } + } + return true +} + +func eqCurveIDs(x, y []CurveID) bool { + if len(x) != len(y) { + return false + } + for i, v := range x { + if y[i] != v { + return false + } + } + return true +} + +func eqStrings(x, y []string) bool { + if len(x) != len(y) { + return false + } + for i, v := range x { + if y[i] != v { + return false + } + } + return true +} + +func eqByteSlices(x, y [][]byte) bool { + if len(x) != len(y) { + return false + } + for i, v := range x { + if !bytes.Equal(v, y[i]) { + return false + } + } + return true +} + +func eqSignatureAndHashes(x, y []signatureAndHash) bool { + if len(x) != len(y) { + return false + } + for i, v := range x { + v2 := y[i] + if v.hash != v2.hash || v.signature != v2.signature { + return false + } + } + return true +} diff --git a/handshake_messages_test.go b/handshake_messages_test.go new file mode 100644 index 0000000..7add97c --- /dev/null +++ b/handshake_messages_test.go @@ -0,0 +1,329 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "math/rand" + "reflect" + "strings" + "testing" + "testing/quick" +) + +var tests = []interface{}{ + &clientHelloMsg{}, + &serverHelloMsg{}, + &finishedMsg{}, + + &certificateMsg{}, + &certificateRequestMsg{}, + &certificateVerifyMsg{}, + &certificateStatusMsg{}, + &clientKeyExchangeMsg{}, + &nextProtoMsg{}, + &newSessionTicketMsg{}, + &sessionState{}, +} + +type testMessage interface { + marshal() []byte + unmarshal([]byte) bool + equal(interface{}) bool +} + +func TestMarshalUnmarshal(t *testing.T) { + rand := rand.New(rand.NewSource(0)) + + for i, iface := range tests { + ty := reflect.ValueOf(iface).Type() + + n := 100 + if testing.Short() { + n = 5 + } + for j := 0; j < n; j++ { + v, ok := quick.Value(ty, rand) + if !ok { + t.Errorf("#%d: failed to create value", i) + break + } + + m1 := v.Interface().(testMessage) + marshaled := m1.marshal() + m2 := iface.(testMessage) + if !m2.unmarshal(marshaled) { + t.Errorf("#%d failed to unmarshal %#v %x", i, m1, marshaled) + break + } + m2.marshal() // to fill any marshal cache in the message + + if !m1.equal(m2) { + t.Errorf("#%d got:%#v want:%#v %x", i, m2, m1, marshaled) + break + } + + if i >= 3 { + // The first three message types (ClientHello, + // ServerHello and Finished) are allowed to + // have parsable prefixes because the extension + // data is optional and the length of the + // Finished varies across versions. + for j := 0; j < len(marshaled); j++ { + if m2.unmarshal(marshaled[0:j]) { + t.Errorf("#%d unmarshaled a prefix of length %d of %#v", i, j, m1) + break + } + } + } + } + } +} + +func TestFuzz(t *testing.T) { + rand := rand.New(rand.NewSource(0)) + for _, iface := range tests { + m := iface.(testMessage) + + for j := 0; j < 1000; j++ { + len := rand.Intn(100) + bytes := randomBytes(len, rand) + // This just looks for crashes due to bounds errors etc. + m.unmarshal(bytes) + } + } +} + +func randomBytes(n int, rand *rand.Rand) []byte { + r := make([]byte, n) + for i := 0; i < n; i++ { + r[i] = byte(rand.Int31()) + } + return r +} + +func randomString(n int, rand *rand.Rand) string { + b := randomBytes(n, rand) + return string(b) +} + +func (*clientHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &clientHelloMsg{} + m.vers = uint16(rand.Intn(65536)) + m.random = randomBytes(32, rand) + m.sessionId = randomBytes(rand.Intn(32), rand) + m.cipherSuites = make([]uint16, rand.Intn(63)+1) + for i := 0; i < len(m.cipherSuites); i++ { + m.cipherSuites[i] = uint16(rand.Int31()) + } + m.compressionMethods = randomBytes(rand.Intn(63)+1, rand) + if rand.Intn(10) > 5 { + m.nextProtoNeg = true + } + if rand.Intn(10) > 5 { + m.serverName = randomString(rand.Intn(255), rand) + for strings.HasSuffix(m.serverName, ".") { + m.serverName = m.serverName[:len(m.serverName)-1] + } + } + m.ocspStapling = rand.Intn(10) > 5 + m.supportedPoints = randomBytes(rand.Intn(5)+1, rand) + m.supportedCurves = make([]CurveID, rand.Intn(5)+1) + for i := range m.supportedCurves { + m.supportedCurves[i] = CurveID(rand.Intn(30000)) + } + if rand.Intn(10) > 5 { + m.ticketSupported = true + if rand.Intn(10) > 5 { + m.sessionTicket = randomBytes(rand.Intn(300), rand) + } + } + if rand.Intn(10) > 5 { + m.signatureAndHashes = supportedSignatureAlgorithms + } + m.alpnProtocols = make([]string, rand.Intn(5)) + for i := range m.alpnProtocols { + m.alpnProtocols[i] = randomString(rand.Intn(20)+1, rand) + } + if rand.Intn(10) > 5 { + m.scts = true + } + + return reflect.ValueOf(m) +} + +func (*serverHelloMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &serverHelloMsg{} + m.vers = uint16(rand.Intn(65536)) + m.random = randomBytes(32, rand) + m.sessionId = randomBytes(rand.Intn(32), rand) + m.cipherSuite = uint16(rand.Int31()) + m.compressionMethod = uint8(rand.Intn(256)) + + if rand.Intn(10) > 5 { + m.nextProtoNeg = true + + n := rand.Intn(10) + m.nextProtos = make([]string, n) + for i := 0; i < n; i++ { + m.nextProtos[i] = randomString(20, rand) + } + } + + if rand.Intn(10) > 5 { + m.ocspStapling = true + } + if rand.Intn(10) > 5 { + m.ticketSupported = true + } + m.alpnProtocol = randomString(rand.Intn(32)+1, rand) + + if rand.Intn(10) > 5 { + numSCTs := rand.Intn(4) + m.scts = make([][]byte, numSCTs) + for i := range m.scts { + m.scts[i] = randomBytes(rand.Intn(500), rand) + } + } + + return reflect.ValueOf(m) +} + +func (*certificateMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &certificateMsg{} + numCerts := rand.Intn(20) + m.certificates = make([][]byte, numCerts) + for i := 0; i < numCerts; i++ { + m.certificates[i] = randomBytes(rand.Intn(10)+1, rand) + } + return reflect.ValueOf(m) +} + +func (*certificateRequestMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &certificateRequestMsg{} + m.certificateTypes = randomBytes(rand.Intn(5)+1, rand) + numCAs := rand.Intn(100) + m.certificateAuthorities = make([][]byte, numCAs) + for i := 0; i < numCAs; i++ { + m.certificateAuthorities[i] = randomBytes(rand.Intn(15)+1, rand) + } + return reflect.ValueOf(m) +} + +func (*certificateVerifyMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &certificateVerifyMsg{} + m.signature = randomBytes(rand.Intn(15)+1, rand) + return reflect.ValueOf(m) +} + +func (*certificateStatusMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &certificateStatusMsg{} + if rand.Intn(10) > 5 { + m.statusType = statusTypeOCSP + m.response = randomBytes(rand.Intn(10)+1, rand) + } else { + m.statusType = 42 + } + return reflect.ValueOf(m) +} + +func (*clientKeyExchangeMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &clientKeyExchangeMsg{} + m.ciphertext = randomBytes(rand.Intn(1000)+1, rand) + return reflect.ValueOf(m) +} + +func (*finishedMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &finishedMsg{} + m.verifyData = randomBytes(12, rand) + return reflect.ValueOf(m) +} + +func (*nextProtoMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &nextProtoMsg{} + m.proto = randomString(rand.Intn(255), rand) + return reflect.ValueOf(m) +} + +func (*newSessionTicketMsg) Generate(rand *rand.Rand, size int) reflect.Value { + m := &newSessionTicketMsg{} + m.ticket = randomBytes(rand.Intn(4), rand) + return reflect.ValueOf(m) +} + +func (*sessionState) Generate(rand *rand.Rand, size int) reflect.Value { + s := &sessionState{} + s.vers = uint16(rand.Intn(10000)) + s.cipherSuite = uint16(rand.Intn(10000)) + s.masterSecret = randomBytes(rand.Intn(100), rand) + numCerts := rand.Intn(20) + s.certificates = make([][]byte, numCerts) + for i := 0; i < numCerts; i++ { + s.certificates[i] = randomBytes(rand.Intn(10)+1, rand) + } + return reflect.ValueOf(s) +} + +func TestRejectEmptySCTList(t *testing.T) { + // https://tools.ietf.org/html/rfc6962#section-3.3.1 specifies that + // empty SCT lists are invalid. + + var random [32]byte + sct := []byte{0x42, 0x42, 0x42, 0x42} + serverHello := serverHelloMsg{ + vers: VersionTLS12, + random: random[:], + scts: [][]byte{sct}, + } + serverHelloBytes := serverHello.marshal() + + var serverHelloCopy serverHelloMsg + if !serverHelloCopy.unmarshal(serverHelloBytes) { + t.Fatal("Failed to unmarshal initial message") + } + + // Change serverHelloBytes so that the SCT list is empty + i := bytes.Index(serverHelloBytes, sct) + if i < 0 { + t.Fatal("Cannot find SCT in ServerHello") + } + + var serverHelloEmptySCT []byte + serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[:i-6]...) + // Append the extension length and SCT list length for an empty list. + serverHelloEmptySCT = append(serverHelloEmptySCT, []byte{0, 2, 0, 0}...) + serverHelloEmptySCT = append(serverHelloEmptySCT, serverHelloBytes[i+4:]...) + + // Update the handshake message length. + serverHelloEmptySCT[1] = byte((len(serverHelloEmptySCT) - 4) >> 16) + serverHelloEmptySCT[2] = byte((len(serverHelloEmptySCT) - 4) >> 8) + serverHelloEmptySCT[3] = byte(len(serverHelloEmptySCT) - 4) + + // Update the extensions length + serverHelloEmptySCT[42] = byte((len(serverHelloEmptySCT) - 44) >> 8) + serverHelloEmptySCT[43] = byte((len(serverHelloEmptySCT) - 44)) + + if serverHelloCopy.unmarshal(serverHelloEmptySCT) { + t.Fatal("Unmarshaled ServerHello with empty SCT list") + } +} + +func TestRejectEmptySCT(t *testing.T) { + // Not only must the SCT list be non-empty, but the SCT elements must + // not be zero length. + + var random [32]byte + serverHello := serverHelloMsg{ + vers: VersionTLS12, + random: random[:], + scts: [][]byte{nil}, + } + serverHelloBytes := serverHello.marshal() + + var serverHelloCopy serverHelloMsg + if serverHelloCopy.unmarshal(serverHelloBytes) { + t.Fatal("Unmarshaled ServerHello with zero-length SCT") + } +} diff --git a/handshake_server.go b/handshake_server.go new file mode 100644 index 0000000..ae32848 --- /dev/null +++ b/handshake_server.go @@ -0,0 +1,838 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rsa" + "crypto/subtle" + "crypto/x509" + "encoding/asn1" + "errors" + "fmt" + "io" +) + +// serverHandshakeState contains details of a server handshake in progress. +// It's discarded once the handshake has completed. +type serverHandshakeState struct { + c *Conn + clientHello *clientHelloMsg + hello *serverHelloMsg + suite *cipherSuite + ellipticOk bool + ecdsaOk bool + rsaDecryptOk bool + rsaSignOk bool + sessionState *sessionState + finishedHash finishedHash + masterSecret []byte + certsFromClient [][]byte + cert *Certificate + cachedClientHelloInfo *ClientHelloInfo +} + +// serverHandshake performs a TLS handshake as a server. +// c.out.Mutex <= L; c.handshakeMutex <= L. +func (c *Conn) serverHandshake() error { + // If this is the first server handshake, we generate a random key to + // encrypt the tickets with. + c.config.serverInitOnce.Do(func() { c.config.serverInit(nil) }) + + hs := serverHandshakeState{ + c: c, + } + isResume, err := hs.readClientHello() + if err != nil { + return err + } + + // For an overview of TLS handshaking, see https://tools.ietf.org/html/rfc5246#section-7.3 + c.buffering = true + if isResume { + // The client has included a session ticket and so we do an abbreviated handshake. + if err := hs.doResumeHandshake(); err != nil { + return err + } + if err := hs.establishKeys(); err != nil { + return err + } + // ticketSupported is set in a resumption handshake if the + // ticket from the client was encrypted with an old session + // ticket key and thus a refreshed ticket should be sent. + if hs.hello.ticketSupported { + if err := hs.sendSessionTicket(); err != nil { + return err + } + } + if err := hs.sendFinished(c.serverFinished[:]); err != nil { + return err + } + if _, err := c.flush(); err != nil { + return err + } + c.clientFinishedIsFirst = false + if err := hs.readFinished(nil); err != nil { + return err + } + c.didResume = true + } else { + // The client didn't include a session ticket, or it wasn't + // valid so we do a full handshake. + if err := hs.doFullHandshake(); err != nil { + return err + } + if err := hs.establishKeys(); err != nil { + return err + } + if err := hs.readFinished(c.clientFinished[:]); err != nil { + return err + } + c.clientFinishedIsFirst = true + c.buffering = true + if err := hs.sendSessionTicket(); err != nil { + return err + } + if err := hs.sendFinished(nil); err != nil { + return err + } + if _, err := c.flush(); err != nil { + return err + } + } + c.handshakeComplete = true + + return nil +} + +// readClientHello reads a ClientHello message from the client and decides +// whether we will perform session resumption. +func (hs *serverHandshakeState) readClientHello() (isResume bool, err error) { + c := hs.c + + msg, err := c.readHandshake() + if err != nil { + return false, err + } + var ok bool + hs.clientHello, ok = msg.(*clientHelloMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return false, unexpectedMessageError(hs.clientHello, msg) + } + + if c.config.GetConfigForClient != nil { + if newConfig, err := c.config.GetConfigForClient(hs.clientHelloInfo()); err != nil { + c.sendAlert(alertInternalError) + return false, err + } else if newConfig != nil { + newConfig.serverInitOnce.Do(func() { newConfig.serverInit(c.config) }) + c.config = newConfig + } + } + + c.vers, ok = c.config.mutualVersion(hs.clientHello.vers) + if !ok { + c.sendAlert(alertProtocolVersion) + return false, fmt.Errorf("tls: client offered an unsupported, maximum protocol version of %x", hs.clientHello.vers) + } + c.haveVers = true + + hs.hello = new(serverHelloMsg) + + supportedCurve := false + preferredCurves := c.config.curvePreferences() +Curves: + for _, curve := range hs.clientHello.supportedCurves { + for _, supported := range preferredCurves { + if supported == curve { + supportedCurve = true + break Curves + } + } + } + + supportedPointFormat := false + for _, pointFormat := range hs.clientHello.supportedPoints { + if pointFormat == pointFormatUncompressed { + supportedPointFormat = true + break + } + } + hs.ellipticOk = supportedCurve && supportedPointFormat + + foundCompression := false + // We only support null compression, so check that the client offered it. + for _, compression := range hs.clientHello.compressionMethods { + if compression == compressionNone { + foundCompression = true + break + } + } + + if !foundCompression { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: client does not support uncompressed connections") + } + + hs.hello.vers = c.vers + hs.hello.random = make([]byte, 32) + _, err = io.ReadFull(c.config.rand(), hs.hello.random) + if err != nil { + c.sendAlert(alertInternalError) + return false, err + } + + if len(hs.clientHello.secureRenegotiation) != 0 { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: initial handshake had non-empty renegotiation extension") + } + + hs.hello.secureRenegotiationSupported = hs.clientHello.secureRenegotiationSupported + hs.hello.compressionMethod = compressionNone + if len(hs.clientHello.serverName) > 0 { + c.serverName = hs.clientHello.serverName + } + + if len(hs.clientHello.alpnProtocols) > 0 { + if selectedProto, fallback := mutualProtocol(hs.clientHello.alpnProtocols, c.config.NextProtos); !fallback { + hs.hello.alpnProtocol = selectedProto + c.clientProtocol = selectedProto + } + } else { + // Although sending an empty NPN extension is reasonable, Firefox has + // had a bug around this. Best to send nothing at all if + // c.config.NextProtos is empty. See + // https://golang.org/issue/5445. + if hs.clientHello.nextProtoNeg && len(c.config.NextProtos) > 0 { + hs.hello.nextProtoNeg = true + hs.hello.nextProtos = c.config.NextProtos + } + } + + hs.cert, err = c.config.getCertificate(hs.clientHelloInfo()) + if err != nil { + c.sendAlert(alertInternalError) + return false, err + } + if hs.clientHello.scts { + hs.hello.scts = hs.cert.SignedCertificateTimestamps + } + + if priv, ok := hs.cert.PrivateKey.(crypto.Signer); ok { + switch priv.Public().(type) { + case *ecdsa.PublicKey: + hs.ecdsaOk = true + case *rsa.PublicKey: + hs.rsaSignOk = true + default: + c.sendAlert(alertInternalError) + return false, fmt.Errorf("tls: unsupported signing key type (%T)", priv.Public()) + } + } + if priv, ok := hs.cert.PrivateKey.(crypto.Decrypter); ok { + switch priv.Public().(type) { + case *rsa.PublicKey: + hs.rsaDecryptOk = true + default: + c.sendAlert(alertInternalError) + return false, fmt.Errorf("tls: unsupported decryption key type (%T)", priv.Public()) + } + } + + if hs.checkForResumption() { + return true, nil + } + + var preferenceList, supportedList []uint16 + if c.config.PreferServerCipherSuites { + preferenceList = c.config.cipherSuites() + supportedList = hs.clientHello.cipherSuites + } else { + preferenceList = hs.clientHello.cipherSuites + supportedList = c.config.cipherSuites() + } + + for _, id := range preferenceList { + if hs.setCipherSuite(id, supportedList, c.vers) { + break + } + } + + if hs.suite == nil { + c.sendAlert(alertHandshakeFailure) + return false, errors.New("tls: no cipher suite supported by both client and server") + } + + // See https://tools.ietf.org/html/rfc7507. + for _, id := range hs.clientHello.cipherSuites { + if id == TLS_FALLBACK_SCSV { + // The client is doing a fallback connection. + if hs.clientHello.vers < c.config.maxVersion() { + c.sendAlert(alertInappropriateFallback) + return false, errors.New("tls: client using inappropriate protocol fallback") + } + break + } + } + + return false, nil +} + +// checkForResumption reports whether we should perform resumption on this connection. +func (hs *serverHandshakeState) checkForResumption() bool { + c := hs.c + + if c.config.SessionTicketsDisabled { + return false + } + + var ok bool + var sessionTicket = append([]uint8{}, hs.clientHello.sessionTicket...) + if hs.sessionState, ok = c.decryptTicket(sessionTicket); !ok { + return false + } + + // Never resume a session for a different TLS version. + if c.vers != hs.sessionState.vers { + return false + } + + cipherSuiteOk := false + // Check that the client is still offering the ciphersuite in the session. + for _, id := range hs.clientHello.cipherSuites { + if id == hs.sessionState.cipherSuite { + cipherSuiteOk = true + break + } + } + if !cipherSuiteOk { + return false + } + + // Check that we also support the ciphersuite from the session. + if !hs.setCipherSuite(hs.sessionState.cipherSuite, c.config.cipherSuites(), hs.sessionState.vers) { + return false + } + + sessionHasClientCerts := len(hs.sessionState.certificates) != 0 + needClientCerts := c.config.ClientAuth == RequireAnyClientCert || c.config.ClientAuth == RequireAndVerifyClientCert + if needClientCerts && !sessionHasClientCerts { + return false + } + if sessionHasClientCerts && c.config.ClientAuth == NoClientCert { + return false + } + + return true +} + +func (hs *serverHandshakeState) doResumeHandshake() error { + c := hs.c + + hs.hello.cipherSuite = hs.suite.id + // We echo the client's session ID in the ServerHello to let it know + // that we're doing a resumption. + hs.hello.sessionId = hs.clientHello.sessionId + hs.hello.ticketSupported = hs.sessionState.usedOldKey + hs.finishedHash = newFinishedHash(c.vers, hs.suite) + hs.finishedHash.discardHandshakeBuffer() + hs.finishedHash.Write(hs.clientHello.marshal()) + hs.finishedHash.Write(hs.hello.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } + + if len(hs.sessionState.certificates) > 0 { + if _, err := hs.processCertsFromClient(hs.sessionState.certificates); err != nil { + return err + } + } + + hs.masterSecret = hs.sessionState.masterSecret + + return nil +} + +func (hs *serverHandshakeState) doFullHandshake() error { + c := hs.c + + if hs.clientHello.ocspStapling && len(hs.cert.OCSPStaple) > 0 { + hs.hello.ocspStapling = true + } + + hs.hello.ticketSupported = hs.clientHello.ticketSupported && !c.config.SessionTicketsDisabled + hs.hello.cipherSuite = hs.suite.id + + hs.finishedHash = newFinishedHash(hs.c.vers, hs.suite) + if c.config.ClientAuth == NoClientCert { + // No need to keep a full record of the handshake if client + // certificates won't be used. + hs.finishedHash.discardHandshakeBuffer() + } + hs.finishedHash.Write(hs.clientHello.marshal()) + hs.finishedHash.Write(hs.hello.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, hs.hello.marshal()); err != nil { + return err + } + + certMsg := new(certificateMsg) + certMsg.certificates = hs.cert.Certificate + hs.finishedHash.Write(certMsg.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certMsg.marshal()); err != nil { + return err + } + + if hs.hello.ocspStapling { + certStatus := new(certificateStatusMsg) + certStatus.statusType = statusTypeOCSP + certStatus.response = hs.cert.OCSPStaple + hs.finishedHash.Write(certStatus.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certStatus.marshal()); err != nil { + return err + } + } + + keyAgreement := hs.suite.ka(c.vers) + skx, err := keyAgreement.generateServerKeyExchange(c.config, hs.cert, hs.clientHello, hs.hello) + if err != nil { + c.sendAlert(alertHandshakeFailure) + return err + } + if skx != nil { + hs.finishedHash.Write(skx.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, skx.marshal()); err != nil { + return err + } + } + + if c.config.ClientAuth >= RequestClientCert { + // Request a client certificate + certReq := new(certificateRequestMsg) + certReq.certificateTypes = []byte{ + byte(certTypeRSASign), + byte(certTypeECDSASign), + } + if c.vers >= VersionTLS12 { + certReq.hasSignatureAndHash = true + certReq.signatureAndHashes = supportedSignatureAlgorithms + } + + // An empty list of certificateAuthorities signals to + // the client that it may send any certificate in response + // to our request. When we know the CAs we trust, then + // we can send them down, so that the client can choose + // an appropriate certificate to give to us. + if c.config.ClientCAs != nil { + certReq.certificateAuthorities = c.config.ClientCAs.Subjects() + } + hs.finishedHash.Write(certReq.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, certReq.marshal()); err != nil { + return err + } + } + + helloDone := new(serverHelloDoneMsg) + hs.finishedHash.Write(helloDone.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, helloDone.marshal()); err != nil { + return err + } + + if _, err := c.flush(); err != nil { + return err + } + + var pub crypto.PublicKey // public key for client auth, if any + + msg, err := c.readHandshake() + if err != nil { + return err + } + + var ok bool + // If we requested a client certificate, then the client must send a + // certificate message, even if it's empty. + if c.config.ClientAuth >= RequestClientCert { + if certMsg, ok = msg.(*certificateMsg); !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certMsg, msg) + } + hs.finishedHash.Write(certMsg.marshal()) + + if len(certMsg.certificates) == 0 { + // The client didn't actually send a certificate + switch c.config.ClientAuth { + case RequireAnyClientCert, RequireAndVerifyClientCert: + c.sendAlert(alertBadCertificate) + return errors.New("tls: client didn't provide a certificate") + } + } + + pub, err = hs.processCertsFromClient(certMsg.certificates) + if err != nil { + return err + } + + msg, err = c.readHandshake() + if err != nil { + return err + } + } + + // Get client key exchange + ckx, ok := msg.(*clientKeyExchangeMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(ckx, msg) + } + hs.finishedHash.Write(ckx.marshal()) + + preMasterSecret, err := keyAgreement.processClientKeyExchange(c.config, hs.cert, ckx, c.vers) + if err != nil { + c.sendAlert(alertHandshakeFailure) + return err + } + hs.masterSecret = masterFromPreMasterSecret(c.vers, hs.suite, preMasterSecret, hs.clientHello.random, hs.hello.random) + if err := c.config.writeKeyLog(hs.clientHello.random, hs.masterSecret); err != nil { + c.sendAlert(alertInternalError) + return err + } + + // If we received a client cert in response to our certificate request message, + // the client will send us a certificateVerifyMsg immediately after the + // clientKeyExchangeMsg. This message is a digest of all preceding + // handshake-layer messages that is signed using the private key corresponding + // to the client's certificate. This allows us to verify that the client is in + // possession of the private key of the certificate. + if len(c.peerCertificates) > 0 { + msg, err = c.readHandshake() + if err != nil { + return err + } + certVerify, ok := msg.(*certificateVerifyMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(certVerify, msg) + } + + // Determine the signature type. + var signatureAndHash signatureAndHash + if certVerify.hasSignatureAndHash { + signatureAndHash = certVerify.signatureAndHash + if !isSupportedSignatureAndHash(signatureAndHash, supportedSignatureAlgorithms) { + return errors.New("tls: unsupported hash function for client certificate") + } + } else { + // Before TLS 1.2 the signature algorithm was implicit + // from the key type, and only one hash per signature + // algorithm was possible. Leave the hash as zero. + switch pub.(type) { + case *ecdsa.PublicKey: + signatureAndHash.signature = signatureECDSA + case *rsa.PublicKey: + signatureAndHash.signature = signatureRSA + } + } + + switch key := pub.(type) { + case *ecdsa.PublicKey: + if signatureAndHash.signature != signatureECDSA { + err = errors.New("tls: bad signature type for client's ECDSA certificate") + break + } + ecdsaSig := new(ecdsaSignature) + if _, err = asn1.Unmarshal(certVerify.signature, ecdsaSig); err != nil { + break + } + if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { + err = errors.New("tls: ECDSA signature contained zero or negative values") + break + } + var digest []byte + if digest, _, err = hs.finishedHash.hashForClientCertificate(signatureAndHash, hs.masterSecret); err != nil { + break + } + if !ecdsa.Verify(key, digest, ecdsaSig.R, ecdsaSig.S) { + err = errors.New("tls: ECDSA verification failure") + } + case *rsa.PublicKey: + if signatureAndHash.signature != signatureRSA { + err = errors.New("tls: bad signature type for client's RSA certificate") + break + } + var digest []byte + var hashFunc crypto.Hash + if digest, hashFunc, err = hs.finishedHash.hashForClientCertificate(signatureAndHash, hs.masterSecret); err != nil { + break + } + err = rsa.VerifyPKCS1v15(key, hashFunc, digest, certVerify.signature) + } + if err != nil { + c.sendAlert(alertBadCertificate) + return errors.New("tls: could not validate signature of connection nonces: " + err.Error()) + } + + hs.finishedHash.Write(certVerify.marshal()) + } + + hs.finishedHash.discardHandshakeBuffer() + + return nil +} + +func (hs *serverHandshakeState) establishKeys() error { + c := hs.c + + clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV := + keysFromMasterSecret(c.vers, hs.suite, hs.masterSecret, hs.clientHello.random, hs.hello.random, hs.suite.macLen, hs.suite.keyLen, hs.suite.ivLen) + + var clientCipher, serverCipher interface{} + var clientHash, serverHash macFunction + + if hs.suite.aead == nil { + clientCipher = hs.suite.cipher(clientKey, clientIV, true /* for reading */) + clientHash = hs.suite.mac(c.vers, clientMAC) + serverCipher = hs.suite.cipher(serverKey, serverIV, false /* not for reading */) + serverHash = hs.suite.mac(c.vers, serverMAC) + } else { + clientCipher = hs.suite.aead(clientKey, clientIV) + serverCipher = hs.suite.aead(serverKey, serverIV) + } + + c.in.prepareCipherSpec(c.vers, clientCipher, clientHash) + c.out.prepareCipherSpec(c.vers, serverCipher, serverHash) + + return nil +} + +func (hs *serverHandshakeState) readFinished(out []byte) error { + c := hs.c + + c.readRecord(recordTypeChangeCipherSpec) + if c.in.err != nil { + return c.in.err + } + + if hs.hello.nextProtoNeg { + msg, err := c.readHandshake() + if err != nil { + return err + } + nextProto, ok := msg.(*nextProtoMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(nextProto, msg) + } + hs.finishedHash.Write(nextProto.marshal()) + c.clientProtocol = nextProto.proto + } + + msg, err := c.readHandshake() + if err != nil { + return err + } + clientFinished, ok := msg.(*finishedMsg) + if !ok { + c.sendAlert(alertUnexpectedMessage) + return unexpectedMessageError(clientFinished, msg) + } + + verify := hs.finishedHash.clientSum(hs.masterSecret) + if len(verify) != len(clientFinished.verifyData) || + subtle.ConstantTimeCompare(verify, clientFinished.verifyData) != 1 { + c.sendAlert(alertHandshakeFailure) + return errors.New("tls: client's Finished message is incorrect") + } + + hs.finishedHash.Write(clientFinished.marshal()) + copy(out, verify) + return nil +} + +func (hs *serverHandshakeState) sendSessionTicket() error { + if !hs.hello.ticketSupported { + return nil + } + + c := hs.c + m := new(newSessionTicketMsg) + + var err error + state := sessionState{ + vers: c.vers, + cipherSuite: hs.suite.id, + masterSecret: hs.masterSecret, + certificates: hs.certsFromClient, + } + m.ticket, err = c.encryptTicket(&state) + if err != nil { + return err + } + + hs.finishedHash.Write(m.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, m.marshal()); err != nil { + return err + } + + return nil +} + +func (hs *serverHandshakeState) sendFinished(out []byte) error { + c := hs.c + + if _, err := c.writeRecord(recordTypeChangeCipherSpec, []byte{1}); err != nil { + return err + } + + finished := new(finishedMsg) + finished.verifyData = hs.finishedHash.serverSum(hs.masterSecret) + hs.finishedHash.Write(finished.marshal()) + if _, err := c.writeRecord(recordTypeHandshake, finished.marshal()); err != nil { + return err + } + + c.cipherSuite = hs.suite.id + copy(out, finished.verifyData) + + return nil +} + +// processCertsFromClient takes a chain of client certificates either from a +// Certificates message or from a sessionState and verifies them. It returns +// the public key of the leaf certificate. +func (hs *serverHandshakeState) processCertsFromClient(certificates [][]byte) (crypto.PublicKey, error) { + c := hs.c + + hs.certsFromClient = certificates + certs := make([]*x509.Certificate, len(certificates)) + var err error + for i, asn1Data := range certificates { + if certs[i], err = x509.ParseCertificate(asn1Data); err != nil { + c.sendAlert(alertBadCertificate) + return nil, errors.New("tls: failed to parse client certificate: " + err.Error()) + } + } + + if c.config.ClientAuth >= VerifyClientCertIfGiven && len(certs) > 0 { + opts := x509.VerifyOptions{ + Roots: c.config.ClientCAs, + CurrentTime: c.config.time(), + Intermediates: x509.NewCertPool(), + KeyUsages: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth}, + } + + for _, cert := range certs[1:] { + opts.Intermediates.AddCert(cert) + } + + chains, err := certs[0].Verify(opts) + if err != nil { + c.sendAlert(alertBadCertificate) + return nil, errors.New("tls: failed to verify client's certificate: " + err.Error()) + } + + c.verifiedChains = chains + } + + if c.config.VerifyPeerCertificate != nil { + if err := c.config.VerifyPeerCertificate(certificates, c.verifiedChains); err != nil { + c.sendAlert(alertBadCertificate) + return nil, err + } + } + + if len(certs) == 0 { + return nil, nil + } + + var pub crypto.PublicKey + switch key := certs[0].PublicKey.(type) { + case *ecdsa.PublicKey, *rsa.PublicKey: + pub = key + default: + c.sendAlert(alertUnsupportedCertificate) + return nil, fmt.Errorf("tls: client's certificate contains an unsupported public key of type %T", certs[0].PublicKey) + } + c.peerCertificates = certs + return pub, nil +} + +// setCipherSuite sets a cipherSuite with the given id as the serverHandshakeState +// suite if that cipher suite is acceptable to use. +// It returns a bool indicating if the suite was set. +func (hs *serverHandshakeState) setCipherSuite(id uint16, supportedCipherSuites []uint16, version uint16) bool { + for _, supported := range supportedCipherSuites { + if id == supported { + var candidate *cipherSuite + + for _, s := range cipherSuites { + if s.id == id { + candidate = s + break + } + } + if candidate == nil { + continue + } + // Don't select a ciphersuite which we can't + // support for this client. + if candidate.flags&suiteECDHE != 0 { + if !hs.ellipticOk { + continue + } + if candidate.flags&suiteECDSA != 0 { + if !hs.ecdsaOk { + continue + } + } else if !hs.rsaSignOk { + continue + } + } else if !hs.rsaDecryptOk { + continue + } + if version < VersionTLS12 && candidate.flags&suiteTLS12 != 0 { + continue + } + hs.suite = candidate + return true + } + } + return false +} + +// suppVersArray is the backing array of ClientHelloInfo.SupportedVersions +var suppVersArray = [...]uint16{VersionTLS12, VersionTLS11, VersionTLS10, VersionSSL30} + +func (hs *serverHandshakeState) clientHelloInfo() *ClientHelloInfo { + if hs.cachedClientHelloInfo != nil { + return hs.cachedClientHelloInfo + } + + var supportedVersions []uint16 + if hs.clientHello.vers > VersionTLS12 { + supportedVersions = suppVersArray[:] + } else if hs.clientHello.vers >= VersionSSL30 { + supportedVersions = suppVersArray[VersionTLS12-hs.clientHello.vers:] + } + + signatureSchemes := make([]SignatureScheme, 0, len(hs.clientHello.signatureAndHashes)) + for _, sah := range hs.clientHello.signatureAndHashes { + signatureSchemes = append(signatureSchemes, SignatureScheme(sah.hash)<<8+SignatureScheme(sah.signature)) + } + + hs.cachedClientHelloInfo = &ClientHelloInfo{ + CipherSuites: hs.clientHello.cipherSuites, + ServerName: hs.clientHello.serverName, + SupportedCurves: hs.clientHello.supportedCurves, + SupportedPoints: hs.clientHello.supportedPoints, + SignatureSchemes: signatureSchemes, + SupportedProtos: hs.clientHello.alpnProtocols, + SupportedVersions: supportedVersions, + Conn: hs.c.conn, + } + + return hs.cachedClientHelloInfo +} diff --git a/handshake_server_test.go b/handshake_server_test.go new file mode 100644 index 0000000..63845c1 --- /dev/null +++ b/handshake_server_test.go @@ -0,0 +1,1318 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/rsa" + "encoding/hex" + "encoding/pem" + "errors" + "fmt" + "io" + "math/big" + "net" + "os" + "os/exec" + "path/filepath" + "strings" + "testing" + "time" +) + +// zeroSource is an io.Reader that returns an unlimited number of zero bytes. +type zeroSource struct{} + +func (zeroSource) Read(b []byte) (n int, err error) { + for i := range b { + b[i] = 0 + } + + return len(b), nil +} + +var testConfig *Config + +func allCipherSuites() []uint16 { + ids := make([]uint16, len(cipherSuites)) + for i, suite := range cipherSuites { + ids[i] = suite.id + } + + return ids +} + +func init() { + testConfig = &Config{ + Time: func() time.Time { return time.Unix(0, 0) }, + Rand: zeroSource{}, + Certificates: make([]Certificate, 2), + InsecureSkipVerify: true, + MinVersion: VersionSSL30, + MaxVersion: VersionTLS12, + CipherSuites: allCipherSuites(), + } + testConfig.Certificates[0].Certificate = [][]byte{testRSACertificate} + testConfig.Certificates[0].PrivateKey = testRSAPrivateKey + testConfig.Certificates[1].Certificate = [][]byte{testSNICertificate} + testConfig.Certificates[1].PrivateKey = testRSAPrivateKey + testConfig.BuildNameToCertificate() +} + +func testClientHello(t *testing.T, serverConfig *Config, m handshakeMessage) { + testClientHelloFailure(t, serverConfig, m, "") +} + +func testClientHelloFailure(t *testing.T, serverConfig *Config, m handshakeMessage, expectedSubStr string) { + // Create in-memory network connection, + // send message to server. Should return + // expected error. + c, s := net.Pipe() + go func() { + cli := Client(c, testConfig) + if ch, ok := m.(*clientHelloMsg); ok { + cli.vers = ch.vers + } + cli.writeRecord(recordTypeHandshake, m.marshal()) + c.Close() + }() + hs := serverHandshakeState{ + c: Server(s, serverConfig), + } + _, err := hs.readClientHello() + s.Close() + if len(expectedSubStr) == 0 { + if err != nil && err != io.EOF { + t.Errorf("Got error: %s; expected to succeed", err) + } + } else if err == nil || !strings.Contains(err.Error(), expectedSubStr) { + t.Errorf("Got error: %s; expected to match substring '%s'", err, expectedSubStr) + } +} + +func TestSimpleError(t *testing.T) { + testClientHelloFailure(t, testConfig, &serverHelloDoneMsg{}, "unexpected handshake message") +} + +var badProtocolVersions = []uint16{0x0000, 0x0005, 0x0100, 0x0105, 0x0200, 0x0205} + +func TestRejectBadProtocolVersion(t *testing.T) { + for _, v := range badProtocolVersions { + testClientHelloFailure(t, testConfig, &clientHelloMsg{vers: v}, "unsupported, maximum protocol version") + } +} + +func TestNoSuiteOverlap(t *testing.T) { + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{0xff00}, + compressionMethods: []uint8{compressionNone}, + } + testClientHelloFailure(t, testConfig, clientHello, "no cipher suite supported by both client and server") +} + +func TestNoCompressionOverlap(t *testing.T) { + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{0xff}, + } + testClientHelloFailure(t, testConfig, clientHello, "client does not support uncompressed connections") +} + +func TestNoRC4ByDefault(t *testing.T) { + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + } + serverConfig := testConfig.Clone() + // Reset the enabled cipher suites to nil in order to test the + // defaults. + serverConfig.CipherSuites = nil + testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server") +} + +func TestRejectSNIWithTrailingDot(t *testing.T) { + testClientHelloFailure(t, testConfig, &clientHelloMsg{vers: VersionTLS12, serverName: "foo.com."}, "unexpected message") +} + +func TestDontSelectECDSAWithRSAKey(t *testing.T) { + // Test that, even when both sides support an ECDSA cipher suite, it + // won't be selected if the server's private key doesn't support it. + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA}, + compressionMethods: []uint8{compressionNone}, + supportedCurves: []CurveID{CurveP256}, + supportedPoints: []uint8{pointFormatUncompressed}, + } + serverConfig := testConfig.Clone() + serverConfig.CipherSuites = clientHello.cipherSuites + serverConfig.Certificates = make([]Certificate, 1) + serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} + serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey + serverConfig.BuildNameToCertificate() + // First test that it *does* work when the server's key is ECDSA. + testClientHello(t, serverConfig, clientHello) + + // Now test that switching to an RSA key causes the expected error (and + // not an internal error about a signing failure). + serverConfig.Certificates = testConfig.Certificates + testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server") +} + +func TestDontSelectRSAWithECDSAKey(t *testing.T) { + // Test that, even when both sides support an RSA cipher suite, it + // won't be selected if the server's private key doesn't support it. + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA}, + compressionMethods: []uint8{compressionNone}, + supportedCurves: []CurveID{CurveP256}, + supportedPoints: []uint8{pointFormatUncompressed}, + } + serverConfig := testConfig.Clone() + serverConfig.CipherSuites = clientHello.cipherSuites + // First test that it *does* work when the server's key is RSA. + testClientHello(t, serverConfig, clientHello) + + // Now test that switching to an ECDSA key causes the expected error + // (and not an internal error about a signing failure). + serverConfig.Certificates = make([]Certificate, 1) + serverConfig.Certificates[0].Certificate = [][]byte{testECDSACertificate} + serverConfig.Certificates[0].PrivateKey = testECDSAPrivateKey + serverConfig.BuildNameToCertificate() + testClientHelloFailure(t, serverConfig, clientHello, "no cipher suite supported by both client and server") +} + +func TestRenegotiationExtension(t *testing.T) { + clientHello := &clientHelloMsg{ + vers: VersionTLS12, + compressionMethods: []uint8{compressionNone}, + random: make([]byte, 32), + secureRenegotiationSupported: true, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + } + + var buf []byte + c, s := net.Pipe() + + go func() { + cli := Client(c, testConfig) + cli.vers = clientHello.vers + cli.writeRecord(recordTypeHandshake, clientHello.marshal()) + + buf = make([]byte, 1024) + n, err := c.Read(buf) + if err != nil { + t.Errorf("Server read returned error: %s", err) + return + } + buf = buf[:n] + c.Close() + }() + + Server(s, testConfig).Handshake() + + if len(buf) < 5+4 { + t.Fatalf("Server returned short message of length %d", len(buf)) + } + // buf contains a TLS record, with a 5 byte record header and a 4 byte + // handshake header. The length of the ServerHello is taken from the + // handshake header. + serverHelloLen := int(buf[6])<<16 | int(buf[7])<<8 | int(buf[8]) + + var serverHello serverHelloMsg + // unmarshal expects to be given the handshake header, but + // serverHelloLen doesn't include it. + if !serverHello.unmarshal(buf[5 : 9+serverHelloLen]) { + t.Fatalf("Failed to parse ServerHello") + } + + if !serverHello.secureRenegotiationSupported { + t.Errorf("Secure renegotiation extension was not echoed.") + } +} + +func TestTLS12OnlyCipherSuites(t *testing.T) { + // Test that a Server doesn't select a TLS 1.2-only cipher suite when + // the client negotiates TLS 1.1. + var zeros [32]byte + + clientHello := &clientHelloMsg{ + vers: VersionTLS11, + random: zeros[:], + cipherSuites: []uint16{ + // The Server, by default, will use the client's + // preference order. So the GCM cipher suite + // will be selected unless it's excluded because + // of the version in this ClientHello. + TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_RSA_WITH_RC4_128_SHA, + }, + compressionMethods: []uint8{compressionNone}, + supportedCurves: []CurveID{CurveP256, CurveP384, CurveP521}, + supportedPoints: []uint8{pointFormatUncompressed}, + } + + c, s := net.Pipe() + var reply interface{} + var clientErr error + go func() { + cli := Client(c, testConfig) + cli.vers = clientHello.vers + cli.writeRecord(recordTypeHandshake, clientHello.marshal()) + reply, clientErr = cli.readHandshake() + c.Close() + }() + config := testConfig.Clone() + config.CipherSuites = clientHello.cipherSuites + Server(s, config).Handshake() + s.Close() + if clientErr != nil { + t.Fatal(clientErr) + } + serverHello, ok := reply.(*serverHelloMsg) + if !ok { + t.Fatalf("didn't get ServerHello message in reply. Got %v\n", reply) + } + if s := serverHello.cipherSuite; s != TLS_RSA_WITH_RC4_128_SHA { + t.Fatalf("bad cipher suite from server: %x", s) + } +} + +func TestAlertForwarding(t *testing.T) { + c, s := net.Pipe() + go func() { + Client(c, testConfig).sendAlert(alertUnknownCA) + c.Close() + }() + + err := Server(s, testConfig).Handshake() + s.Close() + if e, ok := err.(*net.OpError); !ok || e.Err != error(alertUnknownCA) { + t.Errorf("Got error: %s; expected: %s", err, error(alertUnknownCA)) + } +} + +func TestClose(t *testing.T) { + c, s := net.Pipe() + go c.Close() + + err := Server(s, testConfig).Handshake() + s.Close() + if err != io.EOF { + t.Errorf("Got error: %s; expected: %s", err, io.EOF) + } +} + +func testHandshake(clientConfig, serverConfig *Config) (serverState, clientState ConnectionState, err error) { + c, s := net.Pipe() + done := make(chan bool) + go func() { + cli := Client(c, clientConfig) + cli.Handshake() + clientState = cli.ConnectionState() + c.Close() + done <- true + }() + server := Server(s, serverConfig) + err = server.Handshake() + if err == nil { + serverState = server.ConnectionState() + } + s.Close() + <-done + return +} + +func TestVersion(t *testing.T) { + serverConfig := &Config{ + Certificates: testConfig.Certificates, + MaxVersion: VersionTLS11, + } + clientConfig := &Config{ + InsecureSkipVerify: true, + } + state, _, err := testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if state.Version != VersionTLS11 { + t.Fatalf("Incorrect version %x, should be %x", state.Version, VersionTLS11) + } +} + +func TestCipherSuitePreference(t *testing.T) { + serverConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA}, + Certificates: testConfig.Certificates, + MaxVersion: VersionTLS11, + } + clientConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_RC4_128_SHA}, + InsecureSkipVerify: true, + } + state, _, err := testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if state.CipherSuite != TLS_RSA_WITH_AES_128_CBC_SHA { + // By default the server should use the client's preference. + t.Fatalf("Client's preference was not used, got %x", state.CipherSuite) + } + + serverConfig.PreferServerCipherSuites = true + state, _, err = testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if state.CipherSuite != TLS_RSA_WITH_RC4_128_SHA { + t.Fatalf("Server's preference was not used, got %x", state.CipherSuite) + } +} + +func TestSCTHandshake(t *testing.T) { + expected := [][]byte{[]byte("certificate"), []byte("transparency")} + serverConfig := &Config{ + Certificates: []Certificate{{ + Certificate: [][]byte{testRSACertificate}, + PrivateKey: testRSAPrivateKey, + SignedCertificateTimestamps: expected, + }}, + } + clientConfig := &Config{ + InsecureSkipVerify: true, + } + _, state, err := testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + actual := state.SignedCertificateTimestamps + if len(actual) != len(expected) { + t.Fatalf("got %d scts, want %d", len(actual), len(expected)) + } + for i, sct := range expected { + if !bytes.Equal(sct, actual[i]) { + t.Fatalf("SCT #%d was %x, but expected %x", i, actual[i], sct) + } + } +} + +func TestCrossVersionResume(t *testing.T) { + serverConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, + Certificates: testConfig.Certificates, + } + clientConfig := &Config{ + CipherSuites: []uint16{TLS_RSA_WITH_AES_128_CBC_SHA}, + InsecureSkipVerify: true, + ClientSessionCache: NewLRUClientSessionCache(1), + ServerName: "servername", + } + + // Establish a session at TLS 1.1. + clientConfig.MaxVersion = VersionTLS11 + _, _, err := testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + + // The client session cache now contains a TLS 1.1 session. + state, _, err := testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if !state.DidResume { + t.Fatalf("handshake did not resume at the same version") + } + + // Test that the server will decline to resume at a lower version. + clientConfig.MaxVersion = VersionTLS10 + state, _, err = testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if state.DidResume { + t.Fatalf("handshake resumed at a lower version") + } + + // The client session cache now contains a TLS 1.0 session. + state, _, err = testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if !state.DidResume { + t.Fatalf("handshake did not resume at the same version") + } + + // Test that the server will decline to resume at a higher version. + clientConfig.MaxVersion = VersionTLS11 + state, _, err = testHandshake(clientConfig, serverConfig) + if err != nil { + t.Fatalf("handshake failed: %s", err) + } + if state.DidResume { + t.Fatalf("handshake resumed at a higher version") + } +} + +// Note: see comment in handshake_test.go for details of how the reference +// tests work. + +// serverTest represents a test of the TLS server handshake against a reference +// implementation. +type serverTest struct { + // name is a freeform string identifying the test and the file in which + // the expected results will be stored. + name string + // command, if not empty, contains a series of arguments for the + // command to run for the reference server. + command []string + // expectedPeerCerts contains a list of PEM blocks of expected + // certificates from the client. + expectedPeerCerts []string + // config, if not nil, contains a custom Config to use for this test. + config *Config + // expectHandshakeErrorIncluding, when not empty, contains a string + // that must be a substring of the error resulting from the handshake. + expectHandshakeErrorIncluding string + // validate, if not nil, is a function that will be called with the + // ConnectionState of the resulting connection. It returns false if the + // ConnectionState is unacceptable. + validate func(ConnectionState) error +} + +var defaultClientCommand = []string{"openssl", "s_client", "-no_ticket"} + +// connFromCommand starts opens a listening socket and starts the reference +// client to connect to it. It returns a recordingConn that wraps the resulting +// connection. +func (test *serverTest) connFromCommand() (conn *recordingConn, child *exec.Cmd, err error) { + l, err := net.ListenTCP("tcp", &net.TCPAddr{ + IP: net.IPv4(127, 0, 0, 1), + Port: 0, + }) + if err != nil { + return nil, nil, err + } + defer l.Close() + + port := l.Addr().(*net.TCPAddr).Port + + var command []string + command = append(command, test.command...) + if len(command) == 0 { + command = defaultClientCommand + } + command = append(command, "-connect") + command = append(command, fmt.Sprintf("127.0.0.1:%d", port)) + cmd := exec.Command(command[0], command[1:]...) + cmd.Stdin = nil + var output bytes.Buffer + cmd.Stdout = &output + cmd.Stderr = &output + if err := cmd.Start(); err != nil { + return nil, nil, err + } + + connChan := make(chan interface{}) + go func() { + tcpConn, err := l.Accept() + if err != nil { + connChan <- err + } + connChan <- tcpConn + }() + + var tcpConn net.Conn + select { + case connOrError := <-connChan: + if err, ok := connOrError.(error); ok { + return nil, nil, err + } + tcpConn = connOrError.(net.Conn) + case <-time.After(2 * time.Second): + output.WriteTo(os.Stdout) + return nil, nil, errors.New("timed out waiting for connection from child process") + } + + record := &recordingConn{ + Conn: tcpConn, + } + + return record, cmd, nil +} + +func (test *serverTest) dataPath() string { + return filepath.Join("testdata", "Server-"+test.name) +} + +func (test *serverTest) loadData() (flows [][]byte, err error) { + in, err := os.Open(test.dataPath()) + if err != nil { + return nil, err + } + defer in.Close() + return parseTestData(in) +} + +func (test *serverTest) run(t *testing.T, write bool) { + checkOpenSSLVersion(t) + + var clientConn, serverConn net.Conn + var recordingConn *recordingConn + var childProcess *exec.Cmd + + if write { + var err error + recordingConn, childProcess, err = test.connFromCommand() + if err != nil { + t.Fatalf("Failed to start subcommand: %s", err) + } + serverConn = recordingConn + } else { + clientConn, serverConn = net.Pipe() + } + config := test.config + if config == nil { + config = testConfig + } + server := Server(serverConn, config) + connStateChan := make(chan ConnectionState, 1) + go func() { + _, err := server.Write([]byte("hello, world\n")) + if len(test.expectHandshakeErrorIncluding) > 0 { + if err == nil { + t.Errorf("Error expected, but no error returned") + } else if s := err.Error(); !strings.Contains(s, test.expectHandshakeErrorIncluding) { + t.Errorf("Error expected containing '%s' but got '%s'", test.expectHandshakeErrorIncluding, s) + } + } else { + if err != nil { + t.Logf("Error from Server.Write: '%s'", err) + } + } + server.Close() + serverConn.Close() + connStateChan <- server.ConnectionState() + }() + + if !write { + flows, err := test.loadData() + if err != nil { + t.Fatalf("%s: failed to load data from %s", test.name, test.dataPath()) + } + for i, b := range flows { + if i%2 == 0 { + clientConn.Write(b) + continue + } + bb := make([]byte, len(b)) + n, err := io.ReadFull(clientConn, bb) + if err != nil { + t.Fatalf("%s #%d: %s\nRead %d, wanted %d, got %x, wanted %x\n", test.name, i+1, err, n, len(bb), bb[:n], b) + } + if !bytes.Equal(b, bb) { + t.Fatalf("%s #%d: mismatch on read: got:%x want:%x", test.name, i+1, bb, b) + } + } + clientConn.Close() + } + + connState := <-connStateChan + peerCerts := connState.PeerCertificates + if len(peerCerts) == len(test.expectedPeerCerts) { + for i, peerCert := range peerCerts { + block, _ := pem.Decode([]byte(test.expectedPeerCerts[i])) + if !bytes.Equal(block.Bytes, peerCert.Raw) { + t.Fatalf("%s: mismatch on peer cert %d", test.name, i+1) + } + } + } else { + t.Fatalf("%s: mismatch on peer list length: %d (wanted) != %d (got)", test.name, len(test.expectedPeerCerts), len(peerCerts)) + } + + if test.validate != nil { + if err := test.validate(connState); err != nil { + t.Fatalf("validate callback returned error: %s", err) + } + } + + if write { + path := test.dataPath() + out, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0644) + if err != nil { + t.Fatalf("Failed to create output file: %s", err) + } + defer out.Close() + recordingConn.Close() + if len(recordingConn.flows) < 3 { + childProcess.Stdout.(*bytes.Buffer).WriteTo(os.Stdout) + if len(test.expectHandshakeErrorIncluding) == 0 { + t.Fatalf("Handshake failed") + } + } + recordingConn.WriteTo(out) + fmt.Printf("Wrote %s\n", path) + childProcess.Wait() + } +} + +func runServerTestForVersion(t *testing.T, template *serverTest, prefix, option string) { + setParallel(t) + test := *template + test.name = prefix + test.name + if len(test.command) == 0 { + test.command = defaultClientCommand + } + test.command = append([]string(nil), test.command...) + test.command = append(test.command, option) + test.run(t, *update) +} + +func runServerTestSSLv3(t *testing.T, template *serverTest) { + runServerTestForVersion(t, template, "SSLv3-", "-ssl3") +} + +func runServerTestTLS10(t *testing.T, template *serverTest) { + runServerTestForVersion(t, template, "TLSv10-", "-tls1") +} + +func runServerTestTLS11(t *testing.T, template *serverTest) { + runServerTestForVersion(t, template, "TLSv11-", "-tls1_1") +} + +func runServerTestTLS12(t *testing.T, template *serverTest) { + runServerTestForVersion(t, template, "TLSv12-", "-tls1_2") +} + +func TestHandshakeServerRSARC4(t *testing.T) { + test := &serverTest{ + name: "RSA-RC4", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "RC4-SHA"}, + } + runServerTestSSLv3(t, test) + runServerTestTLS10(t, test) + runServerTestTLS11(t, test) + runServerTestTLS12(t, test) +} + +func TestHandshakeServerRSA3DES(t *testing.T) { + test := &serverTest{ + name: "RSA-3DES", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "DES-CBC3-SHA"}, + } + runServerTestSSLv3(t, test) + runServerTestTLS10(t, test) + runServerTestTLS12(t, test) +} + +func TestHandshakeServerRSAAES(t *testing.T) { + test := &serverTest{ + name: "RSA-AES", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"}, + } + runServerTestSSLv3(t, test) + runServerTestTLS10(t, test) + runServerTestTLS12(t, test) +} + +func TestHandshakeServerAESGCM(t *testing.T) { + test := &serverTest{ + name: "RSA-AES-GCM", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"}, + } + runServerTestTLS12(t, test) +} + +func TestHandshakeServerAES256GCMSHA384(t *testing.T) { + test := &serverTest{ + name: "RSA-AES256-GCM-SHA384", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES256-GCM-SHA384"}, + } + runServerTestTLS12(t, test) +} + +func TestHandshakeServerECDHEECDSAAES(t *testing.T) { + config := testConfig.Clone() + config.Certificates = make([]Certificate, 1) + config.Certificates[0].Certificate = [][]byte{testECDSACertificate} + config.Certificates[0].PrivateKey = testECDSAPrivateKey + config.BuildNameToCertificate() + + test := &serverTest{ + name: "ECDHE-ECDSA-AES", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-ECDSA-AES256-SHA"}, + config: config, + } + runServerTestTLS10(t, test) + runServerTestTLS12(t, test) +} + +func TestHandshakeServerX25519(t *testing.T) { + config := testConfig.Clone() + config.CurvePreferences = []CurveID{X25519} + + test := &serverTest{ + name: "X25519-ECDHE-RSA-AES-GCM", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "ECDHE-RSA-AES128-GCM-SHA256"}, + config: config, + } + runServerTestTLS12(t, test) +} + +func TestHandshakeServerALPN(t *testing.T) { + config := testConfig.Clone() + config.NextProtos = []string{"proto1", "proto2"} + + test := &serverTest{ + name: "ALPN", + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -alpn flag. + command: []string{"openssl", "s_client", "-alpn", "proto2,proto1"}, + config: config, + validate: func(state ConnectionState) error { + // The server's preferences should override the client. + if state.NegotiatedProtocol != "proto1" { + return fmt.Errorf("Got protocol %q, wanted proto1", state.NegotiatedProtocol) + } + return nil + }, + } + runServerTestTLS12(t, test) +} + +func TestHandshakeServerALPNNoMatch(t *testing.T) { + config := testConfig.Clone() + config.NextProtos = []string{"proto3"} + + test := &serverTest{ + name: "ALPN-NoMatch", + // Note that this needs OpenSSL 1.0.2 because that is the first + // version that supports the -alpn flag. + command: []string{"openssl", "s_client", "-alpn", "proto2,proto1"}, + config: config, + validate: func(state ConnectionState) error { + // Rather than reject the connection, Go doesn't select + // a protocol when there is no overlap. + if state.NegotiatedProtocol != "" { + return fmt.Errorf("Got protocol %q, wanted ''", state.NegotiatedProtocol) + } + return nil + }, + } + runServerTestTLS12(t, test) +} + +// TestHandshakeServerSNI involves a client sending an SNI extension of +// "snitest.com", which happens to match the CN of testSNICertificate. The test +// verifies that the server correctly selects that certificate. +func TestHandshakeServerSNI(t *testing.T) { + test := &serverTest{ + name: "SNI", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, + } + runServerTestTLS12(t, test) +} + +// TestHandshakeServerSNICertForName is similar to TestHandshakeServerSNI, but +// tests the dynamic GetCertificate method +func TestHandshakeServerSNIGetCertificate(t *testing.T) { + config := testConfig.Clone() + + // Replace the NameToCertificate map with a GetCertificate function + nameToCert := config.NameToCertificate + config.NameToCertificate = nil + config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + cert, _ := nameToCert[clientHello.ServerName] + return cert, nil + } + test := &serverTest{ + name: "SNI-GetCertificate", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, + config: config, + } + runServerTestTLS12(t, test) +} + +// TestHandshakeServerSNICertForNameNotFound is similar to +// TestHandshakeServerSNICertForName, but tests to make sure that when the +// GetCertificate method doesn't return a cert, we fall back to what's in +// the NameToCertificate map. +func TestHandshakeServerSNIGetCertificateNotFound(t *testing.T) { + config := testConfig.Clone() + + config.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + return nil, nil + } + test := &serverTest{ + name: "SNI-GetCertificateNotFound", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-servername", "snitest.com"}, + config: config, + } + runServerTestTLS12(t, test) +} + +// TestHandshakeServerSNICertForNameError tests to make sure that errors in +// GetCertificate result in a tls alert. +func TestHandshakeServerSNIGetCertificateError(t *testing.T) { + const errMsg = "TestHandshakeServerSNIGetCertificateError error" + + serverConfig := testConfig.Clone() + serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + return nil, errors.New(errMsg) + } + + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + serverName: "test", + } + testClientHelloFailure(t, serverConfig, clientHello, errMsg) +} + +// TestHandshakeServerEmptyCertificates tests that GetCertificates is called in +// the case that Certificates is empty, even without SNI. +func TestHandshakeServerEmptyCertificates(t *testing.T) { + const errMsg = "TestHandshakeServerEmptyCertificates error" + + serverConfig := testConfig.Clone() + serverConfig.GetCertificate = func(clientHello *ClientHelloInfo) (*Certificate, error) { + return nil, errors.New(errMsg) + } + serverConfig.Certificates = nil + + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + } + testClientHelloFailure(t, serverConfig, clientHello, errMsg) + + // With an empty Certificates and a nil GetCertificate, the server + // should always return a “no certificates” error. + serverConfig.GetCertificate = nil + + clientHello = &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + } + testClientHelloFailure(t, serverConfig, clientHello, "no certificates") +} + +// TestCipherSuiteCertPreferance ensures that we select an RSA ciphersuite with +// an RSA certificate and an ECDSA ciphersuite with an ECDSA certificate. +func TestCipherSuiteCertPreferenceECDSA(t *testing.T) { + config := testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA} + config.PreferServerCipherSuites = true + + test := &serverTest{ + name: "CipherSuiteCertPreferenceRSA", + config: config, + } + runServerTestTLS12(t, test) + + config = testConfig.Clone() + config.CipherSuites = []uint16{TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA} + config.Certificates = []Certificate{ + { + Certificate: [][]byte{testECDSACertificate}, + PrivateKey: testECDSAPrivateKey, + }, + } + config.BuildNameToCertificate() + config.PreferServerCipherSuites = true + + test = &serverTest{ + name: "CipherSuiteCertPreferenceECDSA", + config: config, + } + runServerTestTLS12(t, test) +} + +func TestResumption(t *testing.T) { + sessionFilePath := tempFile("") + defer os.Remove(sessionFilePath) + + test := &serverTest{ + name: "IssueTicket", + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath}, + } + runServerTestTLS12(t, test) + + test = &serverTest{ + name: "Resume", + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath}, + } + runServerTestTLS12(t, test) +} + +func TestResumptionDisabled(t *testing.T) { + sessionFilePath := tempFile("") + defer os.Remove(sessionFilePath) + + config := testConfig.Clone() + + test := &serverTest{ + name: "IssueTicketPreDisable", + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_out", sessionFilePath}, + config: config, + } + runServerTestTLS12(t, test) + + config.SessionTicketsDisabled = true + + test = &serverTest{ + name: "ResumeDisabled", + command: []string{"openssl", "s_client", "-cipher", "AES128-SHA", "-sess_in", sessionFilePath}, + config: config, + } + runServerTestTLS12(t, test) + + // One needs to manually confirm that the handshake in the golden data + // file for ResumeDisabled does not include a resumption handshake. +} + +func TestFallbackSCSV(t *testing.T) { + serverConfig := Config{ + Certificates: testConfig.Certificates, + } + test := &serverTest{ + name: "FallbackSCSV", + config: &serverConfig, + // OpenSSL 1.0.1j is needed for the -fallback_scsv option. + command: []string{"openssl", "s_client", "-fallback_scsv"}, + expectHandshakeErrorIncluding: "inappropriate protocol fallback", + } + runServerTestTLS11(t, test) +} + +// clientCertificatePEM and clientKeyPEM were generated with generate_cert.go +// Thus, they have no ExtKeyUsage fields and trigger an error when verification +// is turned on. + +const clientCertificatePEM = ` +-----BEGIN CERTIFICATE----- +MIIB7zCCAVigAwIBAgIQXBnBiWWDVW/cC8m5k5/pvDANBgkqhkiG9w0BAQsFADAS +MRAwDgYDVQQKEwdBY21lIENvMB4XDTE2MDgxNzIxNTIzMVoXDTE3MDgxNzIxNTIz +MVowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC +gYEAum+qhr3Pv5/y71yUYHhv6BPy0ZZvzdkybiI3zkH5yl0prOEn2mGi7oHLEMff +NFiVhuk9GeZcJ3NgyI14AvQdpJgJoxlwaTwlYmYqqyIjxXuFOE8uCXMyp70+m63K +hAfmDzr/d8WdQYUAirab7rCkPy1MTOZCPrtRyN1IVPQMjkcCAwEAAaNGMEQwDgYD +VR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAwGA1UdEwEB/wQCMAAw +DwYDVR0RBAgwBocEfwAAATANBgkqhkiG9w0BAQsFAAOBgQBGq0Si+yhU+Fpn+GKU +8ZqyGJ7ysd4dfm92lam6512oFmyc9wnTN+RLKzZ8Aa1B0jLYw9KT+RBrjpW5LBeK +o0RIvFkTgxYEiKSBXCUNmAysEbEoVr4dzWFihAm/1oDGRY2CLLTYg5vbySK3KhIR +e/oCO8HJ/+rJnahJ05XX1Q7lNQ== +-----END CERTIFICATE-----` + +const clientKeyPEM = ` +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQC6b6qGvc+/n/LvXJRgeG/oE/LRlm/N2TJuIjfOQfnKXSms4Sfa +YaLugcsQx980WJWG6T0Z5lwnc2DIjXgC9B2kmAmjGXBpPCViZiqrIiPFe4U4Ty4J +czKnvT6brcqEB+YPOv93xZ1BhQCKtpvusKQ/LUxM5kI+u1HI3UhU9AyORwIDAQAB +AoGAEJZ03q4uuMb7b26WSQsOMeDsftdatT747LGgs3pNRkMJvTb/O7/qJjxoG+Mc +qeSj0TAZXp+PXXc3ikCECAc+R8rVMfWdmp903XgO/qYtmZGCorxAHEmR80SrfMXv +PJnznLQWc8U9nphQErR+tTESg7xWEzmFcPKwnZd1xg8ERYkCQQDTGtrFczlB2b/Z +9TjNMqUlMnTLIk/a/rPE2fLLmAYhK5sHnJdvDURaH2mF4nso0EGtENnTsh6LATnY +dkrxXGm9AkEA4hXHG2q3MnhgK1Z5hjv+Fnqd+8bcbII9WW4flFs15EKoMgS1w/PJ +zbsySaSy5IVS8XeShmT9+3lrleed4sy+UwJBAJOOAbxhfXP5r4+5R6ql66jES75w +jUCVJzJA5ORJrn8g64u2eGK28z/LFQbv9wXgCwfc72R468BdawFSLa/m2EECQGbZ +rWiFla26IVXV0xcD98VWJsTBZMlgPnSOqoMdM1kSEd4fUmlAYI/dFzV1XYSkOmVr +FhdZnklmpVDeu27P4c0CQQCuCOup0FlJSBpWY1TTfun/KMBkBatMz0VMA3d7FKIU +csPezl677Yjo8u1r/KzeI6zLg87Z8E6r6ZWNc9wBSZK6 +-----END RSA PRIVATE KEY-----` + +const clientECDSACertificatePEM = ` +-----BEGIN CERTIFICATE----- +MIIB/DCCAV4CCQCaMIRsJjXZFzAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQwHhcNMTIxMTE0MTMyNTUzWhcNMjIxMTEyMTMyNTUzWjBBMQswCQYDVQQG +EwJBVTEMMAoGA1UECBMDTlNXMRAwDgYDVQQHEwdQeXJtb250MRIwEAYDVQQDEwlK +b2VsIFNpbmcwgZswEAYHKoZIzj0CAQYFK4EEACMDgYYABACVjJF1FMBexFe01MNv +ja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd3kfDdq0Z9kUs +jLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx+U56jb0JuK7q +ixgnTy5w/hOWusPTQBbNZU6sER7m8TAJBgcqhkjOPQQBA4GMADCBiAJCAOAUxGBg +C3JosDJdYUoCdFzCgbkWqD8pyDbHgf9stlvZcPE4O1BIKJTLCRpS8V3ujfK58PDa +2RU6+b0DeoeiIzXsAkIBo9SKeDUcSpoj0gq+KxAxnZxfvuiRs9oa9V2jI/Umi0Vw +jWVim34BmT0Y9hCaOGGbLlfk+syxis7iI6CH8OFnUes= +-----END CERTIFICATE-----` + +const clientECDSAKeyPEM = ` +-----BEGIN EC PARAMETERS----- +BgUrgQQAIw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIBkJN9X4IqZIguiEVKMqeBUP5xtRsEv4HJEtOpOGLELwO53SD78Ew8 +k+wLWoqizS3NpQyMtrU8JFdWfj+C57UNkOugBwYFK4EEACOhgYkDgYYABACVjJF1 +FMBexFe01MNvja5oHt1vzobhfm6ySD6B5U7ixohLZNz1MLvT/2XMW/TdtWo+PtAd +3kfDdq0Z9kUsjLzYHQFMH3CQRnZIi4+DzEpcj0B22uCJ7B0rxE4wdihBsmKo+1vx ++U56jb0JuK7qixgnTy5w/hOWusPTQBbNZU6sER7m8Q== +-----END EC PRIVATE KEY-----` + +func TestClientAuth(t *testing.T) { + setParallel(t) + var certPath, keyPath, ecdsaCertPath, ecdsaKeyPath string + + if *update { + certPath = tempFile(clientCertificatePEM) + defer os.Remove(certPath) + keyPath = tempFile(clientKeyPEM) + defer os.Remove(keyPath) + ecdsaCertPath = tempFile(clientECDSACertificatePEM) + defer os.Remove(ecdsaCertPath) + ecdsaKeyPath = tempFile(clientECDSAKeyPEM) + defer os.Remove(ecdsaKeyPath) + } + + config := testConfig.Clone() + config.ClientAuth = RequestClientCert + + test := &serverTest{ + name: "ClientAuthRequestedNotGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA"}, + config: config, + } + runServerTestTLS12(t, test) + + test = &serverTest{ + name: "ClientAuthRequestedAndGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", certPath, "-key", keyPath}, + config: config, + expectedPeerCerts: []string{clientCertificatePEM}, + } + runServerTestTLS12(t, test) + + test = &serverTest{ + name: "ClientAuthRequestedAndECDSAGiven", + command: []string{"openssl", "s_client", "-no_ticket", "-cipher", "AES128-SHA", "-cert", ecdsaCertPath, "-key", ecdsaKeyPath}, + config: config, + expectedPeerCerts: []string{clientECDSACertificatePEM}, + } + runServerTestTLS12(t, test) +} + +func TestSNIGivenOnFailure(t *testing.T) { + const expectedServerName = "test.testing" + + clientHello := &clientHelloMsg{ + vers: VersionTLS10, + cipherSuites: []uint16{TLS_RSA_WITH_RC4_128_SHA}, + compressionMethods: []uint8{compressionNone}, + serverName: expectedServerName, + } + + serverConfig := testConfig.Clone() + // Erase the server's cipher suites to ensure the handshake fails. + serverConfig.CipherSuites = nil + + c, s := net.Pipe() + go func() { + cli := Client(c, testConfig) + cli.vers = clientHello.vers + cli.writeRecord(recordTypeHandshake, clientHello.marshal()) + c.Close() + }() + hs := serverHandshakeState{ + c: Server(s, serverConfig), + } + _, err := hs.readClientHello() + defer s.Close() + + if err == nil { + t.Error("No error reported from server") + } + + cs := hs.c.ConnectionState() + if cs.HandshakeComplete { + t.Error("Handshake registered as complete") + } + + if cs.ServerName != expectedServerName { + t.Errorf("Expected ServerName of %q, but got %q", expectedServerName, cs.ServerName) + } +} + +var getConfigForClientTests = []struct { + setup func(config *Config) + callback func(clientHello *ClientHelloInfo) (*Config, error) + errorSubstring string + verify func(config *Config) error +}{ + { + nil, + func(clientHello *ClientHelloInfo) (*Config, error) { + return nil, nil + }, + "", + nil, + }, + { + nil, + func(clientHello *ClientHelloInfo) (*Config, error) { + return nil, errors.New("should bubble up") + }, + "should bubble up", + nil, + }, + { + nil, + func(clientHello *ClientHelloInfo) (*Config, error) { + config := testConfig.Clone() + // Setting a maximum version of TLS 1.1 should cause + // the handshake to fail. + config.MaxVersion = VersionTLS11 + return config, nil + }, + "version 301 when expecting version 302", + nil, + }, + { + func(config *Config) { + for i := range config.SessionTicketKey { + config.SessionTicketKey[i] = byte(i) + } + config.sessionTicketKeys = nil + }, + func(clientHello *ClientHelloInfo) (*Config, error) { + config := testConfig.Clone() + for i := range config.SessionTicketKey { + config.SessionTicketKey[i] = 0 + } + config.sessionTicketKeys = nil + return config, nil + }, + "", + func(config *Config) error { + // The value of SessionTicketKey should have been + // duplicated into the per-connection Config. + for i := range config.SessionTicketKey { + if b := config.SessionTicketKey[i]; b != byte(i) { + return fmt.Errorf("SessionTicketKey was not duplicated from original Config: byte %d has value %d", i, b) + } + } + return nil + }, + }, + { + func(config *Config) { + var dummyKey [32]byte + for i := range dummyKey { + dummyKey[i] = byte(i) + } + + config.SetSessionTicketKeys([][32]byte{dummyKey}) + }, + func(clientHello *ClientHelloInfo) (*Config, error) { + config := testConfig.Clone() + config.sessionTicketKeys = nil + return config, nil + }, + "", + func(config *Config) error { + // The session ticket keys should have been duplicated + // into the per-connection Config. + if l := len(config.sessionTicketKeys); l != 1 { + return fmt.Errorf("got len(sessionTicketKeys) == %d, wanted 1", l) + } + return nil + }, + }, +} + +func TestGetConfigForClient(t *testing.T) { + serverConfig := testConfig.Clone() + clientConfig := testConfig.Clone() + clientConfig.MinVersion = VersionTLS12 + + for i, test := range getConfigForClientTests { + if test.setup != nil { + test.setup(serverConfig) + } + + var configReturned *Config + serverConfig.GetConfigForClient = func(clientHello *ClientHelloInfo) (*Config, error) { + config, err := test.callback(clientHello) + configReturned = config + return config, err + } + c, s := net.Pipe() + done := make(chan error) + + go func() { + defer s.Close() + done <- Server(s, serverConfig).Handshake() + }() + + clientErr := Client(c, clientConfig).Handshake() + c.Close() + + serverErr := <-done + + if len(test.errorSubstring) == 0 { + if serverErr != nil || clientErr != nil { + t.Errorf("test[%d]: expected no error but got serverErr: %q, clientErr: %q", i, serverErr, clientErr) + } + if test.verify != nil { + if err := test.verify(configReturned); err != nil { + t.Errorf("test[%d]: verify returned error: %v", i, err) + } + } + } else { + if serverErr == nil { + t.Errorf("test[%d]: expected error containing %q but got no error", i, test.errorSubstring) + } else if !strings.Contains(serverErr.Error(), test.errorSubstring) { + t.Errorf("test[%d]: expected error to contain %q but it was %q", i, test.errorSubstring, serverErr) + } + } + } +} + +func bigFromString(s string) *big.Int { + ret := new(big.Int) + ret.SetString(s, 10) + return ret +} + +func fromHex(s string) []byte { + b, _ := hex.DecodeString(s) + return b +} + +var testRSACertificate = fromHex("3082024b308201b4a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301a310b3009060355040a1302476f310b300906035504031302476f30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a38193308190300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b30190603551d1104123010820e6578616d706c652e676f6c616e67300d06092a864886f70d01010b0500038181009d30cc402b5b50a061cbbae55358e1ed8328a9581aa938a495a1ac315a1a84663d43d32dd90bf297dfd320643892243a00bccf9c7db74020015faad3166109a276fd13c3cce10c5ceeb18782f16c04ed73bbb343778d0c1cf10fa1d8408361c94c722b9daedb4606064df4c1b33ec0d1bd42d4dbfe3d1360845c21d33be9fae7") + +var testRSACertificateIssuer = fromHex("3082021930820182a003020102020900ca5e4e811a965964300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f7430819f300d06092a864886f70d010101050003818d0030818902818100d667b378bb22f34143b6cd2008236abefaf2852adf3ab05e01329e2c14834f5105df3f3073f99dab5442d45ee5f8f57b0111c8cb682fbb719a86944eebfffef3406206d898b8c1b1887797c9c5006547bb8f00e694b7a063f10839f269f2c34fff7a1f4b21fbcd6bfdfb13ac792d1d11f277b5c5b48600992203059f2a8f8cc50203010001a35d305b300e0603551d0f0101ff040403020204301d0603551d250416301406082b0601050507030106082b06010505070302300f0603551d130101ff040530030101ff30190603551d0e041204104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b050003818100c1154b4bab5266221f293766ae4138899bd4c5e36b13cee670ceeaa4cbdf4f6679017e2fe649765af545749fe4249418a56bd38a04b81e261f5ce86b8d5c65413156a50d12449554748c59a30c515bc36a59d38bddf51173e899820b282e40aa78c806526fd184fb6b4cf186ec728edffa585440d2b3225325f7ab580e87dd76") + +var testECDSACertificate = fromHex("3082020030820162020900b8bf2d47a0d2ebf4300906072a8648ce3d04013045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c7464301e170d3132313132323135303633325a170d3232313132303135303633325a3045310b3009060355040613024155311330110603550408130a536f6d652d53746174653121301f060355040a1318496e7465726e6574205769646769747320507479204c746430819b301006072a8648ce3d020106052b81040023038186000400c4a1edbe98f90b4873367ec316561122f23d53c33b4d213dcd6b75e6f6b0dc9adf26c1bcb287f072327cb3642f1c90bcea6823107efee325c0483a69e0286dd33700ef0462dd0da09c706283d881d36431aa9e9731bd96b068c09b23de76643f1a5c7fe9120e5858b65f70dd9bd8ead5d7f5d5ccb9b69f30665b669a20e227e5bffe3b300906072a8648ce3d040103818c0030818802420188a24febe245c5487d1bacf5ed989dae4770c05e1bb62fbdf1b64db76140d311a2ceee0b7e927eff769dc33b7ea53fcefa10e259ec472d7cacda4e970e15a06fd00242014dfcbe67139c2d050ebd3fa38c25c13313830d9406bbd4377af6ec7ac9862eddd711697f857c56defb31782be4c7780daecbbe9e4e3624317b6a0f399512078f2a") + +var testSNICertificate = fromHex("0441883421114c81480804c430820237308201a0a003020102020900e8f09d3fe25beaa6300d06092a864886f70d01010b0500301f310b3009060355040a1302476f3110300e06035504031307476f20526f6f74301e170d3136303130313030303030305a170d3235303130313030303030305a3023310b3009060355040a1302476f311430120603550403130b736e69746573742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100db467d932e12270648bc062821ab7ec4b6a25dfe1e5245887a3647a5080d92425bc281c0be97799840fb4f6d14fd2b138bc2a52e67d8d4099ed62238b74a0b74732bc234f1d193e596d9747bf3589f6c613cc0b041d4d92b2b2423775b1c3bbd755dce2054cfa163871d1e24c4f31d1a508baab61443ed97a77562f414c852d70203010001a3773075300e0603551d0f0101ff0404030205a0301d0603551d250416301406082b0601050507030106082b06010505070302300c0603551d130101ff0402300030190603551d0e041204109f91161f43433e49a6de6db680d79f60301b0603551d230414301280104813494d137e1631bba301d5acab6e7b300d06092a864886f70d01010b0500038181007beeecff0230dbb2e7a334af65430b7116e09f327c3bbf918107fc9c66cb497493207ae9b4dbb045cb63d605ec1b5dd485bb69124d68fa298dc776699b47632fd6d73cab57042acb26f083c4087459bc5a3bb3ca4d878d7fe31016b7bc9a627438666566e3389bfaeebe6becc9a0093ceed18d0f9ac79d56f3a73f18188988ed") + +var testRSAPrivateKey = &rsa.PrivateKey{ + PublicKey: rsa.PublicKey{ + N: bigFromString("153980389784927331788354528594524332344709972855165340650588877572729725338415474372475094155672066328274535240275856844648695200875763869073572078279316458648124537905600131008790701752441155668003033945258023841165089852359980273279085783159654751552359397986180318708491098942831252291841441726305535546071"), + E: 65537, + }, + D: bigFromString("7746362285745539358014631136245887418412633787074173796862711588221766398229333338511838891484974940633857861775630560092874987828057333663969469797013996401149696897591265769095952887917296740109742927689053276850469671231961384712725169432413343763989564437170644270643461665184965150423819594083121075825"), + Primes: []*big.Int{ + bigFromString("13299275414352936908236095374926261633419699590839189494995965049151460173257838079863316944311313904000258169883815802963543635820059341150014695560313417"), + bigFromString("11578103692682951732111718237224894755352163854919244905974423810539077224889290605729035287537520656160688625383765857517518932447378594964220731750802463"), + }, +} + +var testECDSAPrivateKey = &ecdsa.PrivateKey{ + PublicKey: ecdsa.PublicKey{ + Curve: elliptic.P521(), + X: bigFromString("2636411247892461147287360222306590634450676461695221912739908880441342231985950069527906976759812296359387337367668045707086543273113073382714101597903639351"), + Y: bigFromString("3204695818431246682253994090650952614555094516658732116404513121125038617915183037601737180082382202488628239201196033284060130040574800684774115478859677243"), + }, + D: bigFromString("5477294338614160138026852784385529180817726002953041720191098180813046231640184669647735805135001309477695746518160084669446643325196003346204701381388769751"), +} diff --git a/handshake_test.go b/handshake_test.go new file mode 100644 index 0000000..8e5410a --- /dev/null +++ b/handshake_test.go @@ -0,0 +1,226 @@ +// Copyright 2013 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bufio" + "encoding/hex" + "errors" + "flag" + "fmt" + "io" + "io/ioutil" + "net" + "os/exec" + "strconv" + "strings" + "sync" + "testing" +) + +// TLS reference tests run a connection against a reference implementation +// (OpenSSL) of TLS and record the bytes of the resulting connection. The Go +// code, during a test, is configured with deterministic randomness and so the +// reference test can be reproduced exactly in the future. +// +// In order to save everyone who wishes to run the tests from needing the +// reference implementation installed, the reference connections are saved in +// files in the testdata directory. Thus running the tests involves nothing +// external, but creating and updating them requires the reference +// implementation. +// +// Tests can be updated by running them with the -update flag. This will cause +// the test files. Generally one should combine the -update flag with -test.run +// to updated a specific test. Since the reference implementation will always +// generate fresh random numbers, large parts of the reference connection will +// always change. + +var ( + update = flag.Bool("update", false, "update golden files on disk") + + opensslVersionTestOnce sync.Once + opensslVersionTestErr error +) + +func checkOpenSSLVersion(t *testing.T) { + opensslVersionTestOnce.Do(testOpenSSLVersion) + if opensslVersionTestErr != nil { + t.Fatal(opensslVersionTestErr) + } +} + +func testOpenSSLVersion() { + // This test ensures that the version of OpenSSL looks reasonable + // before updating the test data. + + if !*update { + return + } + + openssl := exec.Command("openssl", "version") + output, err := openssl.CombinedOutput() + if err != nil { + opensslVersionTestErr = err + return + } + + version := string(output) + if strings.HasPrefix(version, "OpenSSL 1.1.0") { + return + } + + println("***********************************************") + println("") + println("You need to build OpenSSL 1.1.0 from source in order") + println("to update the test data.") + println("") + println("Configure it with:") + println("./Configure enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method -static linux-x86_64") + println("and then add the apps/ directory at the front of your PATH.") + println("***********************************************") + + opensslVersionTestErr = errors.New("version of OpenSSL does not appear to be suitable for updating test data") +} + +// recordingConn is a net.Conn that records the traffic that passes through it. +// WriteTo can be used to produce output that can be later be loaded with +// ParseTestData. +type recordingConn struct { + net.Conn + sync.Mutex + flows [][]byte + reading bool +} + +func (r *recordingConn) Read(b []byte) (n int, err error) { + if n, err = r.Conn.Read(b); n == 0 { + return + } + b = b[:n] + + r.Lock() + defer r.Unlock() + + if l := len(r.flows); l == 0 || !r.reading { + buf := make([]byte, len(b)) + copy(buf, b) + r.flows = append(r.flows, buf) + } else { + r.flows[l-1] = append(r.flows[l-1], b[:n]...) + } + r.reading = true + return +} + +func (r *recordingConn) Write(b []byte) (n int, err error) { + if n, err = r.Conn.Write(b); n == 0 { + return + } + b = b[:n] + + r.Lock() + defer r.Unlock() + + if l := len(r.flows); l == 0 || r.reading { + buf := make([]byte, len(b)) + copy(buf, b) + r.flows = append(r.flows, buf) + } else { + r.flows[l-1] = append(r.flows[l-1], b[:n]...) + } + r.reading = false + return +} + +// WriteTo writes Go source code to w that contains the recorded traffic. +func (r *recordingConn) WriteTo(w io.Writer) (int64, error) { + // TLS always starts with a client to server flow. + clientToServer := true + var written int64 + for i, flow := range r.flows { + source, dest := "client", "server" + if !clientToServer { + source, dest = dest, source + } + n, err := fmt.Fprintf(w, ">>> Flow %d (%s to %s)\n", i+1, source, dest) + written += int64(n) + if err != nil { + return written, err + } + dumper := hex.Dumper(w) + n, err = dumper.Write(flow) + written += int64(n) + if err != nil { + return written, err + } + err = dumper.Close() + if err != nil { + return written, err + } + clientToServer = !clientToServer + } + return written, nil +} + +func parseTestData(r io.Reader) (flows [][]byte, err error) { + var currentFlow []byte + + scanner := bufio.NewScanner(r) + for scanner.Scan() { + line := scanner.Text() + // If the line starts with ">>> " then it marks the beginning + // of a new flow. + if strings.HasPrefix(line, ">>> ") { + if len(currentFlow) > 0 || len(flows) > 0 { + flows = append(flows, currentFlow) + currentFlow = nil + } + continue + } + + // Otherwise the line is a line of hex dump that looks like: + // 00000170 fc f5 06 bf (...) |.....X{&?......!| + // (Some bytes have been omitted from the middle section.) + + if i := strings.IndexByte(line, ' '); i >= 0 { + line = line[i:] + } else { + return nil, errors.New("invalid test data") + } + + if i := strings.IndexByte(line, '|'); i >= 0 { + line = line[:i] + } else { + return nil, errors.New("invalid test data") + } + + hexBytes := strings.Fields(line) + for _, hexByte := range hexBytes { + val, err := strconv.ParseUint(hexByte, 16, 8) + if err != nil { + return nil, errors.New("invalid hex byte in test data: " + err.Error()) + } + currentFlow = append(currentFlow, byte(val)) + } + } + + if len(currentFlow) > 0 { + flows = append(flows, currentFlow) + } + + return flows, nil +} + +// tempFile creates a temp file containing contents and returns its path. +func tempFile(contents string) string { + file, err := ioutil.TempFile("", "go-tls-test") + if err != nil { + panic("failed to create temp file: " + err.Error()) + } + path := file.Name() + file.WriteString(contents) + file.Close() + return path +} diff --git a/key_agreement.go b/key_agreement.go new file mode 100644 index 0000000..1b27c04 --- /dev/null +++ b/key_agreement.go @@ -0,0 +1,473 @@ +// Copyright 2010 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "crypto" + "crypto/ecdsa" + "crypto/elliptic" + "crypto/md5" + "crypto/rsa" + "crypto/sha1" + "crypto/x509" + "encoding/asn1" + "errors" + "io" + "math/big" + + "golang_org/x/crypto/curve25519" +) + +var errClientKeyExchange = errors.New("tls: invalid ClientKeyExchange message") +var errServerKeyExchange = errors.New("tls: invalid ServerKeyExchange message") + +// rsaKeyAgreement implements the standard TLS key agreement where the client +// encrypts the pre-master secret to the server's public key. +type rsaKeyAgreement struct{} + +func (ka rsaKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { + return nil, nil +} + +func (ka rsaKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { + if len(ckx.ciphertext) < 2 { + return nil, errClientKeyExchange + } + + ciphertext := ckx.ciphertext + if version != VersionSSL30 { + ciphertextLen := int(ckx.ciphertext[0])<<8 | int(ckx.ciphertext[1]) + if ciphertextLen != len(ckx.ciphertext)-2 { + return nil, errClientKeyExchange + } + ciphertext = ckx.ciphertext[2:] + } + priv, ok := cert.PrivateKey.(crypto.Decrypter) + if !ok { + return nil, errors.New("tls: certificate private key does not implement crypto.Decrypter") + } + // Perform constant time RSA PKCS#1 v1.5 decryption + preMasterSecret, err := priv.Decrypt(config.rand(), ciphertext, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: 48}) + if err != nil { + return nil, err + } + // We don't check the version number in the premaster secret. For one, + // by checking it, we would leak information about the validity of the + // encrypted pre-master secret. Secondly, it provides only a small + // benefit against a downgrade attack and some implementations send the + // wrong version anyway. See the discussion at the end of section + // 7.4.7.1 of RFC 4346. + return preMasterSecret, nil +} + +func (ka rsaKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { + return errors.New("tls: unexpected ServerKeyExchange") +} + +func (ka rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { + preMasterSecret := make([]byte, 48) + preMasterSecret[0] = byte(clientHello.vers >> 8) + preMasterSecret[1] = byte(clientHello.vers) + _, err := io.ReadFull(config.rand(), preMasterSecret[2:]) + if err != nil { + return nil, nil, err + } + + encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret) + if err != nil { + return nil, nil, err + } + ckx := new(clientKeyExchangeMsg) + ckx.ciphertext = make([]byte, len(encrypted)+2) + ckx.ciphertext[0] = byte(len(encrypted) >> 8) + ckx.ciphertext[1] = byte(len(encrypted)) + copy(ckx.ciphertext[2:], encrypted) + return preMasterSecret, ckx, nil +} + +// sha1Hash calculates a SHA1 hash over the given byte slices. +func sha1Hash(slices [][]byte) []byte { + hsha1 := sha1.New() + for _, slice := range slices { + hsha1.Write(slice) + } + return hsha1.Sum(nil) +} + +// md5SHA1Hash implements TLS 1.0's hybrid hash function which consists of the +// concatenation of an MD5 and SHA1 hash. +func md5SHA1Hash(slices [][]byte) []byte { + md5sha1 := make([]byte, md5.Size+sha1.Size) + hmd5 := md5.New() + for _, slice := range slices { + hmd5.Write(slice) + } + copy(md5sha1, hmd5.Sum(nil)) + copy(md5sha1[md5.Size:], sha1Hash(slices)) + return md5sha1 +} + +// hashForServerKeyExchange hashes the given slices and returns their digest +// and the identifier of the hash function used. The sigAndHash argument is +// only used for >= TLS 1.2 and precisely identifies the hash function to use. +func hashForServerKeyExchange(sigAndHash signatureAndHash, version uint16, slices ...[]byte) ([]byte, crypto.Hash, error) { + if version >= VersionTLS12 { + if !isSupportedSignatureAndHash(sigAndHash, supportedSignatureAlgorithms) { + return nil, crypto.Hash(0), errors.New("tls: unsupported hash function used by peer") + } + hashFunc, err := lookupTLSHash(sigAndHash.hash) + if err != nil { + return nil, crypto.Hash(0), err + } + h := hashFunc.New() + for _, slice := range slices { + h.Write(slice) + } + digest := h.Sum(nil) + return digest, hashFunc, nil + } + if sigAndHash.signature == signatureECDSA { + return sha1Hash(slices), crypto.SHA1, nil + } + return md5SHA1Hash(slices), crypto.MD5SHA1, nil +} + +// pickTLS12HashForSignature returns a TLS 1.2 hash identifier for signing a +// ServerKeyExchange given the signature type being used and the client's +// advertised list of supported signature and hash combinations. +func pickTLS12HashForSignature(sigType uint8, clientList []signatureAndHash) (uint8, error) { + if len(clientList) == 0 { + // If the client didn't specify any signature_algorithms + // extension then we can assume that it supports SHA1. See + // http://tools.ietf.org/html/rfc5246#section-7.4.1.4.1 + return hashSHA1, nil + } + + for _, sigAndHash := range clientList { + if sigAndHash.signature != sigType { + continue + } + if isSupportedSignatureAndHash(sigAndHash, supportedSignatureAlgorithms) { + return sigAndHash.hash, nil + } + } + + return 0, errors.New("tls: client doesn't support any common hash functions") +} + +func curveForCurveID(id CurveID) (elliptic.Curve, bool) { + switch id { + case CurveP256: + return elliptic.P256(), true + case CurveP384: + return elliptic.P384(), true + case CurveP521: + return elliptic.P521(), true + default: + return nil, false + } + +} + +// ecdheRSAKeyAgreement implements a TLS key agreement where the server +// generates a ephemeral EC public/private key pair and signs it. The +// pre-master secret is then calculated using ECDH. The signature may +// either be ECDSA or RSA. +type ecdheKeyAgreement struct { + version uint16 + sigType uint8 + privateKey []byte + curveid CurveID + + // publicKey is used to store the peer's public value when X25519 is + // being used. + publicKey []byte + // x and y are used to store the peer's public value when one of the + // NIST curves is being used. + x, y *big.Int +} + +func (ka *ecdheKeyAgreement) generateServerKeyExchange(config *Config, cert *Certificate, clientHello *clientHelloMsg, hello *serverHelloMsg) (*serverKeyExchangeMsg, error) { + preferredCurves := config.curvePreferences() + +NextCandidate: + for _, candidate := range preferredCurves { + for _, c := range clientHello.supportedCurves { + if candidate == c { + ka.curveid = c + break NextCandidate + } + } + } + + if ka.curveid == 0 { + return nil, errors.New("tls: no supported elliptic curves offered") + } + + var ecdhePublic []byte + + if ka.curveid == X25519 { + var scalar, public [32]byte + if _, err := io.ReadFull(config.rand(), scalar[:]); err != nil { + return nil, err + } + + curve25519.ScalarBaseMult(&public, &scalar) + ka.privateKey = scalar[:] + ecdhePublic = public[:] + } else { + curve, ok := curveForCurveID(ka.curveid) + if !ok { + return nil, errors.New("tls: preferredCurves includes unsupported curve") + } + + var x, y *big.Int + var err error + ka.privateKey, x, y, err = elliptic.GenerateKey(curve, config.rand()) + if err != nil { + return nil, err + } + ecdhePublic = elliptic.Marshal(curve, x, y) + } + + // http://tools.ietf.org/html/rfc4492#section-5.4 + serverECDHParams := make([]byte, 1+2+1+len(ecdhePublic)) + serverECDHParams[0] = 3 // named curve + serverECDHParams[1] = byte(ka.curveid >> 8) + serverECDHParams[2] = byte(ka.curveid) + serverECDHParams[3] = byte(len(ecdhePublic)) + copy(serverECDHParams[4:], ecdhePublic) + + sigAndHash := signatureAndHash{signature: ka.sigType} + + if ka.version >= VersionTLS12 { + var err error + if sigAndHash.hash, err = pickTLS12HashForSignature(ka.sigType, clientHello.signatureAndHashes); err != nil { + return nil, err + } + } + + digest, hashFunc, err := hashForServerKeyExchange(sigAndHash, ka.version, clientHello.random, hello.random, serverECDHParams) + if err != nil { + return nil, err + } + + priv, ok := cert.PrivateKey.(crypto.Signer) + if !ok { + return nil, errors.New("tls: certificate private key does not implement crypto.Signer") + } + var sig []byte + switch ka.sigType { + case signatureECDSA: + _, ok := priv.Public().(*ecdsa.PublicKey) + if !ok { + return nil, errors.New("tls: ECDHE ECDSA requires an ECDSA server key") + } + case signatureRSA: + _, ok := priv.Public().(*rsa.PublicKey) + if !ok { + return nil, errors.New("tls: ECDHE RSA requires a RSA server key") + } + default: + return nil, errors.New("tls: unknown ECDHE signature algorithm") + } + sig, err = priv.Sign(config.rand(), digest, hashFunc) + if err != nil { + return nil, errors.New("tls: failed to sign ECDHE parameters: " + err.Error()) + } + + skx := new(serverKeyExchangeMsg) + sigAndHashLen := 0 + if ka.version >= VersionTLS12 { + sigAndHashLen = 2 + } + skx.key = make([]byte, len(serverECDHParams)+sigAndHashLen+2+len(sig)) + copy(skx.key, serverECDHParams) + k := skx.key[len(serverECDHParams):] + if ka.version >= VersionTLS12 { + k[0] = sigAndHash.hash + k[1] = sigAndHash.signature + k = k[2:] + } + k[0] = byte(len(sig) >> 8) + k[1] = byte(len(sig)) + copy(k[2:], sig) + + return skx, nil +} + +func (ka *ecdheKeyAgreement) processClientKeyExchange(config *Config, cert *Certificate, ckx *clientKeyExchangeMsg, version uint16) ([]byte, error) { + if len(ckx.ciphertext) == 0 || int(ckx.ciphertext[0]) != len(ckx.ciphertext)-1 { + return nil, errClientKeyExchange + } + + if ka.curveid == X25519 { + if len(ckx.ciphertext) != 1+32 { + return nil, errClientKeyExchange + } + + var theirPublic, sharedKey, scalar [32]byte + copy(theirPublic[:], ckx.ciphertext[1:]) + copy(scalar[:], ka.privateKey) + curve25519.ScalarMult(&sharedKey, &scalar, &theirPublic) + return sharedKey[:], nil + } + + curve, ok := curveForCurveID(ka.curveid) + if !ok { + panic("internal error") + } + x, y := elliptic.Unmarshal(curve, ckx.ciphertext[1:]) + if x == nil { + return nil, errClientKeyExchange + } + if !curve.IsOnCurve(x, y) { + return nil, errClientKeyExchange + } + x, _ = curve.ScalarMult(x, y, ka.privateKey) + preMasterSecret := make([]byte, (curve.Params().BitSize+7)>>3) + xBytes := x.Bytes() + copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) + + return preMasterSecret, nil +} + +func (ka *ecdheKeyAgreement) processServerKeyExchange(config *Config, clientHello *clientHelloMsg, serverHello *serverHelloMsg, cert *x509.Certificate, skx *serverKeyExchangeMsg) error { + if len(skx.key) < 4 { + return errServerKeyExchange + } + if skx.key[0] != 3 { // named curve + return errors.New("tls: server selected unsupported curve") + } + ka.curveid = CurveID(skx.key[1])<<8 | CurveID(skx.key[2]) + + publicLen := int(skx.key[3]) + if publicLen+4 > len(skx.key) { + return errServerKeyExchange + } + serverECDHParams := skx.key[:4+publicLen] + publicKey := serverECDHParams[4:] + + sig := skx.key[4+publicLen:] + if len(sig) < 2 { + return errServerKeyExchange + } + + if ka.curveid == X25519 { + if len(publicKey) != 32 { + return errors.New("tls: bad X25519 public value") + } + ka.publicKey = publicKey + } else { + curve, ok := curveForCurveID(ka.curveid) + if !ok { + return errors.New("tls: server selected unsupported curve") + } + + ka.x, ka.y = elliptic.Unmarshal(curve, publicKey) + if ka.x == nil { + return errServerKeyExchange + } + if !curve.IsOnCurve(ka.x, ka.y) { + return errServerKeyExchange + } + } + + sigAndHash := signatureAndHash{signature: ka.sigType} + if ka.version >= VersionTLS12 { + // handle SignatureAndHashAlgorithm + sigAndHash = signatureAndHash{hash: sig[0], signature: sig[1]} + if sigAndHash.signature != ka.sigType { + return errServerKeyExchange + } + sig = sig[2:] + if len(sig) < 2 { + return errServerKeyExchange + } + } + sigLen := int(sig[0])<<8 | int(sig[1]) + if sigLen+2 != len(sig) { + return errServerKeyExchange + } + sig = sig[2:] + + digest, hashFunc, err := hashForServerKeyExchange(sigAndHash, ka.version, clientHello.random, serverHello.random, serverECDHParams) + if err != nil { + return err + } + switch ka.sigType { + case signatureECDSA: + pubKey, ok := cert.PublicKey.(*ecdsa.PublicKey) + if !ok { + return errors.New("tls: ECDHE ECDSA requires a ECDSA server public key") + } + ecdsaSig := new(ecdsaSignature) + if _, err := asn1.Unmarshal(sig, ecdsaSig); err != nil { + return err + } + if ecdsaSig.R.Sign() <= 0 || ecdsaSig.S.Sign() <= 0 { + return errors.New("tls: ECDSA signature contained zero or negative values") + } + if !ecdsa.Verify(pubKey, digest, ecdsaSig.R, ecdsaSig.S) { + return errors.New("tls: ECDSA verification failure") + } + case signatureRSA: + pubKey, ok := cert.PublicKey.(*rsa.PublicKey) + if !ok { + return errors.New("tls: ECDHE RSA requires a RSA server public key") + } + if err := rsa.VerifyPKCS1v15(pubKey, hashFunc, digest, sig); err != nil { + return err + } + default: + return errors.New("tls: unknown ECDHE signature algorithm") + } + + return nil +} + +func (ka *ecdheKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) { + if ka.curveid == 0 { + return nil, nil, errors.New("tls: missing ServerKeyExchange message") + } + + var serialized, preMasterSecret []byte + + if ka.curveid == X25519 { + var ourPublic, theirPublic, sharedKey, scalar [32]byte + + if _, err := io.ReadFull(config.rand(), scalar[:]); err != nil { + return nil, nil, err + } + + copy(theirPublic[:], ka.publicKey) + curve25519.ScalarBaseMult(&ourPublic, &scalar) + curve25519.ScalarMult(&sharedKey, &scalar, &theirPublic) + serialized = ourPublic[:] + preMasterSecret = sharedKey[:] + } else { + curve, ok := curveForCurveID(ka.curveid) + if !ok { + panic("internal error") + } + priv, mx, my, err := elliptic.GenerateKey(curve, config.rand()) + if err != nil { + return nil, nil, err + } + x, _ := curve.ScalarMult(ka.x, ka.y, priv) + preMasterSecret = make([]byte, (curve.Params().BitSize+7)>>3) + xBytes := x.Bytes() + copy(preMasterSecret[len(preMasterSecret)-len(xBytes):], xBytes) + + serialized = elliptic.Marshal(curve, mx, my) + } + + ckx := new(clientKeyExchangeMsg) + ckx.ciphertext = make([]byte, 1+len(serialized)) + ckx.ciphertext[0] = byte(len(serialized)) + copy(ckx.ciphertext[1:], serialized) + + return preMasterSecret, ckx, nil +} diff --git a/prf.go b/prf.go new file mode 100644 index 0000000..5833fc1 --- /dev/null +++ b/prf.go @@ -0,0 +1,368 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "crypto" + "crypto/hmac" + "crypto/md5" + "crypto/sha1" + "crypto/sha256" + "crypto/sha512" + "errors" + "hash" +) + +// Split a premaster secret in two as specified in RFC 4346, section 5. +func splitPreMasterSecret(secret []byte) (s1, s2 []byte) { + s1 = secret[0 : (len(secret)+1)/2] + s2 = secret[len(secret)/2:] + return +} + +// pHash implements the P_hash function, as defined in RFC 4346, section 5. +func pHash(result, secret, seed []byte, hash func() hash.Hash) { + h := hmac.New(hash, secret) + h.Write(seed) + a := h.Sum(nil) + + j := 0 + for j < len(result) { + h.Reset() + h.Write(a) + h.Write(seed) + b := h.Sum(nil) + todo := len(b) + if j+todo > len(result) { + todo = len(result) - j + } + copy(result[j:j+todo], b) + j += todo + + h.Reset() + h.Write(a) + a = h.Sum(nil) + } +} + +// prf10 implements the TLS 1.0 pseudo-random function, as defined in RFC 2246, section 5. +func prf10(result, secret, label, seed []byte) { + hashSHA1 := sha1.New + hashMD5 := md5.New + + labelAndSeed := make([]byte, len(label)+len(seed)) + copy(labelAndSeed, label) + copy(labelAndSeed[len(label):], seed) + + s1, s2 := splitPreMasterSecret(secret) + pHash(result, s1, labelAndSeed, hashMD5) + result2 := make([]byte, len(result)) + pHash(result2, s2, labelAndSeed, hashSHA1) + + for i, b := range result2 { + result[i] ^= b + } +} + +// prf12 implements the TLS 1.2 pseudo-random function, as defined in RFC 5246, section 5. +func prf12(hashFunc func() hash.Hash) func(result, secret, label, seed []byte) { + return func(result, secret, label, seed []byte) { + labelAndSeed := make([]byte, len(label)+len(seed)) + copy(labelAndSeed, label) + copy(labelAndSeed[len(label):], seed) + + pHash(result, secret, labelAndSeed, hashFunc) + } +} + +// prf30 implements the SSL 3.0 pseudo-random function, as defined in +// www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt section 6. +func prf30(result, secret, label, seed []byte) { + hashSHA1 := sha1.New() + hashMD5 := md5.New() + + done := 0 + i := 0 + // RFC 5246 section 6.3 says that the largest PRF output needed is 128 + // bytes. Since no more ciphersuites will be added to SSLv3, this will + // remain true. Each iteration gives us 16 bytes so 10 iterations will + // be sufficient. + var b [11]byte + for done < len(result) { + for j := 0; j <= i; j++ { + b[j] = 'A' + byte(i) + } + + hashSHA1.Reset() + hashSHA1.Write(b[:i+1]) + hashSHA1.Write(secret) + hashSHA1.Write(seed) + digest := hashSHA1.Sum(nil) + + hashMD5.Reset() + hashMD5.Write(secret) + hashMD5.Write(digest) + + done += copy(result[done:], hashMD5.Sum(nil)) + i++ + } +} + +const ( + tlsRandomLength = 32 // Length of a random nonce in TLS 1.1. + masterSecretLength = 48 // Length of a master secret in TLS 1.1. + finishedVerifyLength = 12 // Length of verify_data in a Finished message. +) + +var masterSecretLabel = []byte("master secret") +var keyExpansionLabel = []byte("key expansion") +var clientFinishedLabel = []byte("client finished") +var serverFinishedLabel = []byte("server finished") + +func prfAndHashForVersion(version uint16, suite *cipherSuite) (func(result, secret, label, seed []byte), crypto.Hash) { + switch version { + case VersionSSL30: + return prf30, crypto.Hash(0) + case VersionTLS10, VersionTLS11: + return prf10, crypto.Hash(0) + case VersionTLS12: + if suite.flags&suiteSHA384 != 0 { + return prf12(sha512.New384), crypto.SHA384 + } + return prf12(sha256.New), crypto.SHA256 + default: + panic("unknown version") + } +} + +func prfForVersion(version uint16, suite *cipherSuite) func(result, secret, label, seed []byte) { + prf, _ := prfAndHashForVersion(version, suite) + return prf +} + +// masterFromPreMasterSecret generates the master secret from the pre-master +// secret. See http://tools.ietf.org/html/rfc5246#section-8.1 +func masterFromPreMasterSecret(version uint16, suite *cipherSuite, preMasterSecret, clientRandom, serverRandom []byte) []byte { + seed := make([]byte, 0, len(clientRandom)+len(serverRandom)) + seed = append(seed, clientRandom...) + seed = append(seed, serverRandom...) + + masterSecret := make([]byte, masterSecretLength) + prfForVersion(version, suite)(masterSecret, preMasterSecret, masterSecretLabel, seed) + return masterSecret +} + +// keysFromMasterSecret generates the connection keys from the master +// secret, given the lengths of the MAC key, cipher key and IV, as defined in +// RFC 2246, section 6.3. +func keysFromMasterSecret(version uint16, suite *cipherSuite, masterSecret, clientRandom, serverRandom []byte, macLen, keyLen, ivLen int) (clientMAC, serverMAC, clientKey, serverKey, clientIV, serverIV []byte) { + seed := make([]byte, 0, len(serverRandom)+len(clientRandom)) + seed = append(seed, serverRandom...) + seed = append(seed, clientRandom...) + + n := 2*macLen + 2*keyLen + 2*ivLen + keyMaterial := make([]byte, n) + prfForVersion(version, suite)(keyMaterial, masterSecret, keyExpansionLabel, seed) + clientMAC = keyMaterial[:macLen] + keyMaterial = keyMaterial[macLen:] + serverMAC = keyMaterial[:macLen] + keyMaterial = keyMaterial[macLen:] + clientKey = keyMaterial[:keyLen] + keyMaterial = keyMaterial[keyLen:] + serverKey = keyMaterial[:keyLen] + keyMaterial = keyMaterial[keyLen:] + clientIV = keyMaterial[:ivLen] + keyMaterial = keyMaterial[ivLen:] + serverIV = keyMaterial[:ivLen] + return +} + +// lookupTLSHash looks up the corresponding crypto.Hash for a given +// TLS hash identifier. +func lookupTLSHash(hash uint8) (crypto.Hash, error) { + switch hash { + case hashSHA1: + return crypto.SHA1, nil + case hashSHA256: + return crypto.SHA256, nil + case hashSHA384: + return crypto.SHA384, nil + default: + return 0, errors.New("tls: unsupported hash algorithm") + } +} + +func newFinishedHash(version uint16, cipherSuite *cipherSuite) finishedHash { + var buffer []byte + if version == VersionSSL30 || version >= VersionTLS12 { + buffer = []byte{} + } + + prf, hash := prfAndHashForVersion(version, cipherSuite) + if hash != 0 { + return finishedHash{hash.New(), hash.New(), nil, nil, buffer, version, prf} + } + + return finishedHash{sha1.New(), sha1.New(), md5.New(), md5.New(), buffer, version, prf} +} + +// A finishedHash calculates the hash of a set of handshake messages suitable +// for including in a Finished message. +type finishedHash struct { + client hash.Hash + server hash.Hash + + // Prior to TLS 1.2, an additional MD5 hash is required. + clientMD5 hash.Hash + serverMD5 hash.Hash + + // In TLS 1.2, a full buffer is sadly required. + buffer []byte + + version uint16 + prf func(result, secret, label, seed []byte) +} + +func (h *finishedHash) Write(msg []byte) (n int, err error) { + h.client.Write(msg) + h.server.Write(msg) + + if h.version < VersionTLS12 { + h.clientMD5.Write(msg) + h.serverMD5.Write(msg) + } + + if h.buffer != nil { + h.buffer = append(h.buffer, msg...) + } + + return len(msg), nil +} + +func (h finishedHash) Sum() []byte { + if h.version >= VersionTLS12 { + return h.client.Sum(nil) + } + + out := make([]byte, 0, md5.Size+sha1.Size) + out = h.clientMD5.Sum(out) + return h.client.Sum(out) +} + +// finishedSum30 calculates the contents of the verify_data member of a SSLv3 +// Finished message given the MD5 and SHA1 hashes of a set of handshake +// messages. +func finishedSum30(md5, sha1 hash.Hash, masterSecret []byte, magic []byte) []byte { + md5.Write(magic) + md5.Write(masterSecret) + md5.Write(ssl30Pad1[:]) + md5Digest := md5.Sum(nil) + + md5.Reset() + md5.Write(masterSecret) + md5.Write(ssl30Pad2[:]) + md5.Write(md5Digest) + md5Digest = md5.Sum(nil) + + sha1.Write(magic) + sha1.Write(masterSecret) + sha1.Write(ssl30Pad1[:40]) + sha1Digest := sha1.Sum(nil) + + sha1.Reset() + sha1.Write(masterSecret) + sha1.Write(ssl30Pad2[:40]) + sha1.Write(sha1Digest) + sha1Digest = sha1.Sum(nil) + + ret := make([]byte, len(md5Digest)+len(sha1Digest)) + copy(ret, md5Digest) + copy(ret[len(md5Digest):], sha1Digest) + return ret +} + +var ssl3ClientFinishedMagic = [4]byte{0x43, 0x4c, 0x4e, 0x54} +var ssl3ServerFinishedMagic = [4]byte{0x53, 0x52, 0x56, 0x52} + +// clientSum returns the contents of the verify_data member of a client's +// Finished message. +func (h finishedHash) clientSum(masterSecret []byte) []byte { + if h.version == VersionSSL30 { + return finishedSum30(h.clientMD5, h.client, masterSecret, ssl3ClientFinishedMagic[:]) + } + + out := make([]byte, finishedVerifyLength) + h.prf(out, masterSecret, clientFinishedLabel, h.Sum()) + return out +} + +// serverSum returns the contents of the verify_data member of a server's +// Finished message. +func (h finishedHash) serverSum(masterSecret []byte) []byte { + if h.version == VersionSSL30 { + return finishedSum30(h.serverMD5, h.server, masterSecret, ssl3ServerFinishedMagic[:]) + } + + out := make([]byte, finishedVerifyLength) + h.prf(out, masterSecret, serverFinishedLabel, h.Sum()) + return out +} + +// selectClientCertSignatureAlgorithm returns a signatureAndHash to sign a +// client's CertificateVerify with, or an error if none can be found. +func (h finishedHash) selectClientCertSignatureAlgorithm(serverList []signatureAndHash, sigType uint8) (signatureAndHash, error) { + if h.version < VersionTLS12 { + // Nothing to negotiate before TLS 1.2. + return signatureAndHash{signature: sigType}, nil + } + + for _, v := range serverList { + if v.signature == sigType && isSupportedSignatureAndHash(v, supportedSignatureAlgorithms) { + return v, nil + } + } + return signatureAndHash{}, errors.New("tls: no supported signature algorithm found for signing client certificate") +} + +// hashForClientCertificate returns a digest, hash function, and TLS 1.2 hash +// id suitable for signing by a TLS client certificate. +func (h finishedHash) hashForClientCertificate(signatureAndHash signatureAndHash, masterSecret []byte) ([]byte, crypto.Hash, error) { + if (h.version == VersionSSL30 || h.version >= VersionTLS12) && h.buffer == nil { + panic("a handshake hash for a client-certificate was requested after discarding the handshake buffer") + } + + if h.version == VersionSSL30 { + if signatureAndHash.signature != signatureRSA { + return nil, 0, errors.New("tls: unsupported signature type for client certificate") + } + + md5Hash := md5.New() + md5Hash.Write(h.buffer) + sha1Hash := sha1.New() + sha1Hash.Write(h.buffer) + return finishedSum30(md5Hash, sha1Hash, masterSecret, nil), crypto.MD5SHA1, nil + } + if h.version >= VersionTLS12 { + hashAlg, err := lookupTLSHash(signatureAndHash.hash) + if err != nil { + return nil, 0, err + } + hash := hashAlg.New() + hash.Write(h.buffer) + return hash.Sum(nil), hashAlg, nil + } + + if signatureAndHash.signature == signatureECDSA { + return h.server.Sum(nil), crypto.SHA1, nil + } + + return h.Sum(), crypto.MD5SHA1, nil +} + +// discardHandshakeBuffer is called when there is no more need to +// buffer the entirety of the handshake messages. +func (h *finishedHash) discardHandshakeBuffer() { + h.buffer = nil +} diff --git a/prf_test.go b/prf_test.go new file mode 100644 index 0000000..0a1b1bc --- /dev/null +++ b/prf_test.go @@ -0,0 +1,140 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "encoding/hex" + "testing" +) + +type testSplitPreMasterSecretTest struct { + in, out1, out2 string +} + +var testSplitPreMasterSecretTests = []testSplitPreMasterSecretTest{ + {"", "", ""}, + {"00", "00", "00"}, + {"0011", "00", "11"}, + {"001122", "0011", "1122"}, + {"00112233", "0011", "2233"}, +} + +func TestSplitPreMasterSecret(t *testing.T) { + for i, test := range testSplitPreMasterSecretTests { + in, _ := hex.DecodeString(test.in) + out1, out2 := splitPreMasterSecret(in) + s1 := hex.EncodeToString(out1) + s2 := hex.EncodeToString(out2) + if s1 != test.out1 || s2 != test.out2 { + t.Errorf("#%d: got: (%s, %s) want: (%s, %s)", i, s1, s2, test.out1, test.out2) + } + } +} + +type testKeysFromTest struct { + version uint16 + suite *cipherSuite + preMasterSecret string + clientRandom, serverRandom string + masterSecret string + clientMAC, serverMAC string + clientKey, serverKey string + macLen, keyLen int +} + +func TestKeysFromPreMasterSecret(t *testing.T) { + for i, test := range testKeysFromTests { + in, _ := hex.DecodeString(test.preMasterSecret) + clientRandom, _ := hex.DecodeString(test.clientRandom) + serverRandom, _ := hex.DecodeString(test.serverRandom) + + masterSecret := masterFromPreMasterSecret(test.version, test.suite, in, clientRandom, serverRandom) + if s := hex.EncodeToString(masterSecret); s != test.masterSecret { + t.Errorf("#%d: bad master secret %s, want %s", i, s, test.masterSecret) + continue + } + + clientMAC, serverMAC, clientKey, serverKey, _, _ := keysFromMasterSecret(test.version, test.suite, masterSecret, clientRandom, serverRandom, test.macLen, test.keyLen, 0) + clientMACString := hex.EncodeToString(clientMAC) + serverMACString := hex.EncodeToString(serverMAC) + clientKeyString := hex.EncodeToString(clientKey) + serverKeyString := hex.EncodeToString(serverKey) + if clientMACString != test.clientMAC || + serverMACString != test.serverMAC || + clientKeyString != test.clientKey || + serverKeyString != test.serverKey { + t.Errorf("#%d: got: (%s, %s, %s, %s) want: (%s, %s, %s, %s)", i, clientMACString, serverMACString, clientKeyString, serverKeyString, test.clientMAC, test.serverMAC, test.clientKey, test.serverKey) + } + } +} + +func cipherSuiteById(id uint16) *cipherSuite { + for _, cipherSuite := range cipherSuites { + if cipherSuite.id == id { + return cipherSuite + } + } + panic("ciphersuite not found") +} + +// These test vectors were generated from GnuTLS using `gnutls-cli --insecure -d 9 ` +var testKeysFromTests = []testKeysFromTest{ + { + VersionTLS10, + cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA), + "0302cac83ad4b1db3b9ab49ad05957de2a504a634a386fc600889321e1a971f57479466830ac3e6f468e87f5385fa0c5", + "4ae66303755184a3917fcb44880605fcc53baa01912b22ed94473fc69cebd558", + "4ae663020ec16e6bb5130be918cfcafd4d765979a3136a5d50c593446e4e44db", + "3d851bab6e5556e959a16bc36d66cfae32f672bfa9ecdef6096cbb1b23472df1da63dbbd9827606413221d149ed08ceb", + "805aaa19b3d2c0a0759a4b6c9959890e08480119", + "2d22f9fe519c075c16448305ceee209fc24ad109", + "d50b5771244f850cd8117a9ccafe2cf1", + "e076e33206b30507a85c32855acd0919", + 20, + 16, + }, + { + VersionTLS10, + cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA), + "03023f7527316bc12cbcd69e4b9e8275d62c028f27e65c745cfcddc7ce01bd3570a111378b63848127f1c36e5f9e4890", + "4ae66364b5ea56b20ce4e25555aed2d7e67f42788dd03f3fee4adae0459ab106", + "4ae66363ab815cbf6a248b87d6b556184e945e9b97fbdf247858b0bdafacfa1c", + "7d64be7c80c59b740200b4b9c26d0baaa1c5ae56705acbcf2307fe62beb4728c19392c83f20483801cce022c77645460", + "97742ed60a0554ca13f04f97ee193177b971e3b0", + "37068751700400e03a8477a5c7eec0813ab9e0dc", + "207cddbc600d2a200abac6502053ee5c", + "df3f94f6e1eacc753b815fe16055cd43", + 20, + 16, + }, + { + VersionTLS10, + cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA), + "832d515f1d61eebb2be56ba0ef79879efb9b527504abb386fb4310ed5d0e3b1f220d3bb6b455033a2773e6d8bdf951d278a187482b400d45deb88a5d5a6bb7d6a7a1decc04eb9ef0642876cd4a82d374d3b6ff35f0351dc5d411104de431375355addc39bfb1f6329fb163b0bc298d658338930d07d313cd980a7e3d9196cac1", + "4ae663b2ee389c0de147c509d8f18f5052afc4aaf9699efe8cb05ece883d3a5e", + "4ae664d503fd4cff50cfc1fb8fc606580f87b0fcdac9554ba0e01d785bdf278e", + "1aff2e7a2c4279d0126f57a65a77a8d9d0087cf2733366699bec27eb53d5740705a8574bb1acc2abbe90e44f0dd28d6c", + "3c7647c93c1379a31a609542aa44e7f117a70085", + "0d73102994be74a575a3ead8532590ca32a526d4", + "ac7581b0b6c10d85bbd905ffbf36c65e", + "ff07edde49682b45466bd2e39464b306", + 20, + 16, + }, + { + VersionSSL30, + cipherSuiteById(TLS_RSA_WITH_RC4_128_SHA), + "832d515f1d61eebb2be56ba0ef79879efb9b527504abb386fb4310ed5d0e3b1f220d3bb6b455033a2773e6d8bdf951d278a187482b400d45deb88a5d5a6bb7d6a7a1decc04eb9ef0642876cd4a82d374d3b6ff35f0351dc5d411104de431375355addc39bfb1f6329fb163b0bc298d658338930d07d313cd980a7e3d9196cac1", + "4ae663b2ee389c0de147c509d8f18f5052afc4aaf9699efe8cb05ece883d3a5e", + "4ae664d503fd4cff50cfc1fb8fc606580f87b0fcdac9554ba0e01d785bdf278e", + "a614863e56299dcffeea2938f22c2ba023768dbe4b3f6877bc9c346c6ae529b51d9cb87ff9695ea4d01f2205584405b2", + "2c450d5b6f6e2013ac6bea6a0b32200d4e1ffb94", + "7a7a7438769536f2fb1ae49a61f0703b79b2dc53", + "f8f6b26c10f12855c9aafb1e0e839ccf", + "2b9d4b4a60cb7f396780ebff50650419", + 20, + 16, + }, +} diff --git a/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA b/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA new file mode 100644 index 0000000..099cef4 --- /dev/null +++ b/testdata/Client-TLSv10-ClientCert-ECDSA-ECDSA @@ -0,0 +1,128 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 4f 5d 09 43 37 |....Y...U..O].C7| +00000010 70 c6 d9 8b 07 ca 1a f0 fb a7 05 51 53 67 7a 7e |p..........QSgz~| +00000020 c9 c6 68 10 10 2a 69 bd 47 db 8e 20 f2 13 5b 26 |..h..*i.G.. ..[&| +00000030 e6 8e 19 b0 bc b5 ee 1f ca 44 5d 32 11 37 b0 78 |.........D]2.7.x| +00000040 49 16 6e c2 44 86 52 3f 9f 05 15 aa c0 09 00 00 |I.n.D.R?........| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 56 b4 |*............ V.| +00000280 39 d4 8f 18 79 87 89 d0 04 ee 12 54 20 2b be c1 |9...y......T +..| +00000290 94 99 40 a2 73 df 1e 92 66 0b d1 f1 d6 38 00 8b |..@.s...f....8..| +000002a0 30 81 88 02 42 01 38 12 59 bd ea 44 59 f4 6f a9 |0...B.8.Y..DY.o.| +000002b0 8e 9e a0 85 b5 b3 55 3e 76 49 b7 75 98 6e 81 30 |......U>vI.u.n.0| +000002c0 c4 73 bd 54 78 39 f7 e2 22 49 4c 93 0d c1 26 89 |.s.Tx9.."IL...&.| +000002d0 08 b9 9c 8b 86 3e 81 2c a5 50 7c e9 88 ec c0 ad |.....>.,.P|.....| +000002e0 9e e0 40 ac 4e 0a fd 02 42 01 2e 0d 37 73 6a 0d |..@.N...B...7sj.| +000002f0 a4 60 08 a0 2b 32 0f 87 8d f8 9b c7 68 cf 50 79 |.`..+2......h.Py| +00000300 73 f7 cf 93 aa 75 57 20 58 3d 13 c0 f3 66 7d 59 |s....uW X=...f}Y| +00000310 15 73 d4 29 03 34 df 33 00 c0 b5 71 bc 2a 90 ef |.s.).4.3...q.*..| +00000320 3c 02 5e ea 9d 29 93 1c 18 db 04 16 03 01 00 0a |<.^..)..........| +00000330 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| +00000340 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 01 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| +00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| +00000020 d9 17 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 |..0...*.H.=..0E1| +00000030 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 |.0...U....AU1.0.| +00000040 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 |..U....Some-Stat| +00000050 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 |e1!0...U....Inte| +00000060 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 |rnet Widgits Pty| +00000070 20 4c 74 64 30 1e 17 0d 31 32 31 31 31 34 31 33 | Ltd0...12111413| +00000080 32 35 35 33 5a 17 0d 32 32 31 31 31 32 31 33 32 |2553Z..221112132| +00000090 35 35 33 5a 30 41 31 0b 30 09 06 03 55 04 06 13 |553Z0A1.0...U...| +000000a0 02 41 55 31 0c 30 0a 06 03 55 04 08 13 03 4e 53 |.AU1.0...U....NS| +000000b0 57 31 10 30 0e 06 03 55 04 07 13 07 50 79 72 6d |W1.0...U....Pyrm| +000000c0 6f 6e 74 31 12 30 10 06 03 55 04 03 13 09 4a 6f |ont1.0...U....Jo| +000000d0 65 6c 20 53 69 6e 67 30 81 9b 30 10 06 07 2a 86 |el Sing0..0...*.| +000000e0 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +000000f0 04 00 95 8c 91 75 14 c0 5e c4 57 b4 d4 c3 6f 8d |.....u..^.W...o.| +00000100 ae 68 1e dd 6f ce 86 e1 7e 6e b2 48 3e 81 e5 4e |.h..o...~n.H>..N| +00000110 e2 c6 88 4b 64 dc f5 30 bb d3 ff 65 cc 5b f4 dd |...Kd..0...e.[..| +00000120 b5 6a 3e 3e d0 1d de 47 c3 76 ad 19 f6 45 2c 8c |.j>>...G.v...E,.| +00000130 bc d8 1d 01 4c 1f 70 90 46 76 48 8b 8f 83 cc 4a |....L.p.FvH....J| +00000140 5c 8f 40 76 da e0 89 ec 1d 2b c4 4e 30 76 28 41 |\.@v.....+.N0v(A| +00000150 b2 62 a8 fb 5b f1 f9 4e 7a 8d bd 09 b8 ae ea 8b |.b..[..Nz.......| +00000160 18 27 4f 2e 70 fe 13 96 ba c3 d3 40 16 cd 65 4e |.'O.p......@..eN| +00000170 ac 11 1e e6 f1 30 09 06 07 2a 86 48 ce 3d 04 01 |.....0...*.H.=..| +00000180 03 81 8c 00 30 81 88 02 42 00 e0 14 c4 60 60 0b |....0...B....``.| +00000190 72 68 b0 32 5d 61 4a 02 74 5c c2 81 b9 16 a8 3f |rh.2]aJ.t\.....?| +000001a0 29 c8 36 c7 81 ff 6c b6 5b d9 70 f1 38 3b 50 48 |).6...l.[.p.8;PH| +000001b0 28 94 cb 09 1a 52 f1 5d ee 8d f2 b9 f0 f0 da d9 |(....R.]........| +000001c0 15 3a f9 bd 03 7a 87 a2 23 35 ec 02 42 01 a3 d4 |.:...z..#5..B...| +000001d0 8a 78 35 1c 4a 9a 23 d2 0a be 2b 10 31 9d 9c 5f |.x5.J.#...+.1.._| +000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| +000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| +00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| +00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......| +00000240 00 8d 00 8b 30 81 88 02 42 01 53 2c a8 59 57 d2 |....0...B.S,.YW.| +00000250 fc 0b 12 27 6f 9a f7 4e a0 dd 2c af 1b 4c 81 0b |...'o..N..,..L..| +00000260 97 79 7e 6f dd a1 cf cb e2 14 4d af 76 99 d8 06 |.y~o......M.v...| +00000270 4f 8d 4f 86 d3 25 04 ea 80 02 ae 25 10 9d 2d 59 |O.O..%.....%..-Y| +00000280 11 39 65 6b 83 d0 16 7d bf a8 a4 02 42 01 f2 16 |.9ek...}....B...| +00000290 6c f1 e6 3b b1 af fb 3f 99 f0 8a e3 c8 62 ba 71 |l..;...?.....b.q| +000002a0 12 a1 2c 1e 15 74 d5 98 b5 ae 9f 50 a2 15 9b 73 |..,..t.....P...s| +000002b0 9a 5f 2c 90 d4 9d 20 6f 35 b6 32 3e f4 b7 dd 50 |._,... o5.2>...P| +000002c0 64 42 e3 4e 51 f3 11 4b b4 9e a3 92 a2 10 59 14 |dB.NQ..K......Y.| +000002d0 03 01 00 01 01 16 03 01 00 30 78 8c 7c 31 ce 16 |.........0x.|1..| +000002e0 8f 1f 2a b9 ee cb 72 7f 1e 59 5b ad c2 58 32 77 |..*...r..Y[..X2w| +000002f0 fa 46 83 b9 67 0c 5f 41 25 6a 38 ec 20 d2 80 e6 |.F..g._A%j8. ...| +00000300 be 85 ce 94 b1 89 5f 8d 17 9b |......_...| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 95 d6 f2 a2 75 |..........0....u| +00000010 0e f8 c7 7c f9 1d 65 b4 82 08 c9 62 aa 93 24 8f |...|..e....b..$.| +00000020 4d 11 c7 b0 17 04 f1 0a 8b be 64 06 f9 07 20 0b |M.........d... .| +00000030 f0 3b 92 db 62 ba 63 91 a1 58 fe |.;..b.c..X.| +>>> Flow 5 (client to server) +00000000 17 03 01 00 20 3e a4 b5 b5 2f 4f c8 e0 08 cf 8a |.... >.../O.....| +00000010 9c f6 69 94 a9 91 0f 5d c5 06 ee 71 e2 42 11 b4 |..i....]...q.B..| +00000020 a8 17 54 19 3d 17 03 01 00 20 ce d2 8d 8a 78 e4 |..T.=.... ....x.| +00000030 15 a4 ab 83 0d 9c fa 47 1c 8f 2d 87 a8 55 65 9d |.......G..-..Ue.| +00000040 7f 03 75 11 62 83 0b 44 0b f1 15 03 01 00 20 eb |..u.b..D...... .| +00000050 1a 46 95 1e 1b 10 b7 25 a8 c4 5b db 8b 3c 61 c9 |.F.....%..[..>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 32 7c 5c ac bd |....Y...U..2|\..| +00000010 77 70 c2 f8 f0 20 37 e4 e8 45 db be 97 22 e4 f3 |wp... 7..E..."..| +00000020 24 1c c1 29 8f 02 e1 bc ba 4a 1e 20 81 6f b5 12 |$..).....J. .o..| +00000030 c0 9d 9e de 2f b6 04 b2 74 34 da 2b 04 55 2c 4f |..../...t4.+.U,O| +00000040 dd 01 8a 30 d9 67 45 9f f1 31 f1 78 c0 13 00 00 |...0.gE..1.x....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 2f f7 3b 44 1a 47 85 |........ /.;D.G.| +000002d0 d7 db 40 28 4e 6a f1 2f 1e b5 cc b0 58 0d 92 93 |..@(Nj./....X...| +000002e0 30 41 65 08 05 f7 51 23 57 00 80 87 0d c3 22 ff |0Ae...Q#W.....".| +000002f0 aa d1 3f 55 09 cf 98 dc 91 f8 d0 63 58 da dc 52 |..?U.......cX..R| +00000300 03 f0 06 a6 4e 7e 5b 96 a1 3b d7 8e 1e 68 50 ef |....N~[..;...hP.| +00000310 59 3f 78 06 eb 9a 33 c5 01 3c e0 fb c6 f1 b6 bc |Y?x...3..<......| +00000320 5a bc 95 e8 43 d9 ab 36 05 26 13 c5 a6 68 9b e2 |Z...C..6.&...h..| +00000330 b1 42 6e 89 60 5c b3 91 02 c5 8b ab 53 d1 d9 79 |.Bn.`\......S..y| +00000340 d0 37 b5 5e 2c 16 72 29 f8 9c d0 4a 46 87 46 f4 |.7.^,.r)...JF.F.| +00000350 01 2b e8 6a 4f 59 d1 2d 3d de 4b 3b 0e c7 cd 42 |.+.jOY.-=.K;...B| +00000360 ae d2 94 e9 a6 6b 65 ad 3f 77 57 16 03 01 00 0a |.....ke.?wW.....| +00000370 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| +00000380 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 01 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| +00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| +00000020 d9 17 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 |..0...*.H.=..0E1| +00000030 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 |.0...U....AU1.0.| +00000040 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 |..U....Some-Stat| +00000050 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 |e1!0...U....Inte| +00000060 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 |rnet Widgits Pty| +00000070 20 4c 74 64 30 1e 17 0d 31 32 31 31 31 34 31 33 | Ltd0...12111413| +00000080 32 35 35 33 5a 17 0d 32 32 31 31 31 32 31 33 32 |2553Z..221112132| +00000090 35 35 33 5a 30 41 31 0b 30 09 06 03 55 04 06 13 |553Z0A1.0...U...| +000000a0 02 41 55 31 0c 30 0a 06 03 55 04 08 13 03 4e 53 |.AU1.0...U....NS| +000000b0 57 31 10 30 0e 06 03 55 04 07 13 07 50 79 72 6d |W1.0...U....Pyrm| +000000c0 6f 6e 74 31 12 30 10 06 03 55 04 03 13 09 4a 6f |ont1.0...U....Jo| +000000d0 65 6c 20 53 69 6e 67 30 81 9b 30 10 06 07 2a 86 |el Sing0..0...*.| +000000e0 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +000000f0 04 00 95 8c 91 75 14 c0 5e c4 57 b4 d4 c3 6f 8d |.....u..^.W...o.| +00000100 ae 68 1e dd 6f ce 86 e1 7e 6e b2 48 3e 81 e5 4e |.h..o...~n.H>..N| +00000110 e2 c6 88 4b 64 dc f5 30 bb d3 ff 65 cc 5b f4 dd |...Kd..0...e.[..| +00000120 b5 6a 3e 3e d0 1d de 47 c3 76 ad 19 f6 45 2c 8c |.j>>...G.v...E,.| +00000130 bc d8 1d 01 4c 1f 70 90 46 76 48 8b 8f 83 cc 4a |....L.p.FvH....J| +00000140 5c 8f 40 76 da e0 89 ec 1d 2b c4 4e 30 76 28 41 |\.@v.....+.N0v(A| +00000150 b2 62 a8 fb 5b f1 f9 4e 7a 8d bd 09 b8 ae ea 8b |.b..[..Nz.......| +00000160 18 27 4f 2e 70 fe 13 96 ba c3 d3 40 16 cd 65 4e |.'O.p......@..eN| +00000170 ac 11 1e e6 f1 30 09 06 07 2a 86 48 ce 3d 04 01 |.....0...*.H.=..| +00000180 03 81 8c 00 30 81 88 02 42 00 e0 14 c4 60 60 0b |....0...B....``.| +00000190 72 68 b0 32 5d 61 4a 02 74 5c c2 81 b9 16 a8 3f |rh.2]aJ.t\.....?| +000001a0 29 c8 36 c7 81 ff 6c b6 5b d9 70 f1 38 3b 50 48 |).6...l.[.p.8;PH| +000001b0 28 94 cb 09 1a 52 f1 5d ee 8d f2 b9 f0 f0 da d9 |(....R.]........| +000001c0 15 3a f9 bd 03 7a 87 a2 23 35 ec 02 42 01 a3 d4 |.:...z..#5..B...| +000001d0 8a 78 35 1c 4a 9a 23 d2 0a be 2b 10 31 9d 9c 5f |.x5.J.#...+.1.._| +000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| +000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| +00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| +00000210 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 91 0f 00 |...._X.;t.......| +00000240 00 8d 00 8b 30 81 88 02 42 01 b3 df 59 06 71 e6 |....0...B...Y.q.| +00000250 74 c9 9d d5 2c b0 a7 f8 1e ac bc f3 5a e2 ed 0b |t...,.......Z...| +00000260 f2 e9 37 82 c6 fe 7c 23 b9 63 6e 88 1d 63 31 ad |..7...|#.cn..c1.| +00000270 d3 29 48 eb f3 5d 52 f5 76 ab fc 16 9e 09 4f 49 |.)H..]R.v.....OI| +00000280 cf b4 03 6a ed db e5 13 ea 67 74 02 42 01 8e 2f |...j.....gt.B../| +00000290 b8 12 38 c9 a6 8c 77 40 85 89 ef d8 ac 08 00 c0 |..8...w@........| +000002a0 ee 70 68 a6 88 1f d1 67 0d 1b 7b 1f be e0 a7 b9 |.ph....g..{.....| +000002b0 c3 7d ff 6a 39 3c b9 aa f6 78 ac 9a ca 67 55 0c |.}.j9<...x...gU.| +000002c0 38 23 cc ab 18 c0 b9 ea 9c 84 61 32 0a 0d f3 14 |8#........a2....| +000002d0 03 01 00 01 01 16 03 01 00 30 73 12 76 94 30 37 |.........0s.v.07| +000002e0 e5 e3 30 59 88 2f 5f e9 f2 7b 3d 02 88 65 09 14 |..0Y./_..{=..e..| +000002f0 68 23 02 d0 ae e5 7f 7f 8d 95 3b 1c 75 f5 1f 24 |h#........;.u..$| +00000300 43 60 29 bb 0e 69 88 36 a9 68 |C`)..i.6.h| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 a0 5f 7f 59 e0 |..........0._.Y.| +00000010 b1 7e ed ad de 6a 47 94 21 e5 1b 77 a7 d0 88 fd |.~...jG.!..w....| +00000020 9e 4e 48 87 1d cf 40 e4 b9 38 a3 2e e4 00 c3 94 |.NH...@..8......| +00000030 95 20 1c 97 d2 a9 3a 11 86 30 5f |. ....:..0_| +>>> Flow 5 (client to server) +00000000 17 03 01 00 20 ca 4c f5 cb 81 66 2f 97 e3 5d 8b |.... .L...f/..].| +00000010 dd 7d dd fa fe 8c 98 45 3f 3d 16 17 98 4d b5 15 |.}.....E?=...M..| +00000020 6c 91 8a 79 7a 17 03 01 00 20 96 ec 30 cb d3 78 |l..yz.... ..0..x| +00000030 b9 0a a1 ab fd 12 25 d5 82 7b 7a 3c 17 56 7b b7 |......%..{z<.V{.| +00000040 c4 6e ea a2 5b d7 6b b6 22 a9 15 03 01 00 20 ba |.n..[.k."..... .| +00000050 ff fe 2b 60 83 34 ad 45 75 15 d5 95 b3 27 92 46 |..+`.4.Eu....'.F| +00000060 47 ae f1 d4 a4 9d 63 ef db d9 b5 37 0f f1 74 |G.....c....7..t| diff --git a/testdata/Client-TLSv10-ClientCert-RSA-ECDSA b/testdata/Client-TLSv10-ClientCert-RSA-ECDSA new file mode 100644 index 0000000..67772e1 --- /dev/null +++ b/testdata/Client-TLSv10-ClientCert-RSA-ECDSA @@ -0,0 +1,127 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 ed 13 de 15 cc |....Y...U.......| +00000010 90 4f f3 72 5a d4 7a 01 26 fa 7a ae 38 92 a0 d6 |.O.rZ.z.&.z.8...| +00000020 70 4a 20 f6 7e 11 f7 ac e6 94 87 20 9f 37 0f 8f |pJ .~...... .7..| +00000030 55 a6 6a 97 b8 0f 56 aa 2d 69 c5 79 01 d5 c0 01 |U.j...V.-i.y....| +00000040 2c 2b 0e 16 d8 79 a3 f3 44 99 7c 01 c0 09 00 00 |,+...y..D.|.....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 01 00 b4 0c 00 00 b0 03 00 1d 20 ca e8 |*............ ..| +00000280 ef 79 56 cd aa eb 12 8f e1 89 d1 3c 63 1f c8 54 |.yV........>> Flow 3 (client to server) +00000000 16 03 01 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....| +00000230 86 0f 00 00 82 00 80 8f 6f 77 5d d5 99 28 0c 7a |........ow]..(.z| +00000240 36 f2 50 ec 9a e6 eb 88 ac 45 f7 9b 6f 98 84 ba |6.P......E..o...| +00000250 fb 3c b8 d6 54 61 b8 87 25 50 3c 31 5a d2 c1 54 |.<..Ta..%P<1Z..T| +00000260 e8 ed c3 93 cc 98 b1 c3 d4 84 11 d8 a0 c7 ae 67 |...............g| +00000270 67 35 6a 0f 93 18 bb 18 52 f8 25 88 1f d2 19 4d |g5j.....R.%....M| +00000280 3b 4c f2 0f f7 06 68 57 cf 45 20 e0 57 75 37 e9 |;L....hW.E .Wu7.| +00000290 cd 86 1f e5 d2 90 1e cf 3a 18 fd 45 bc a1 84 63 |........:..E...c| +000002a0 36 d8 ac 6b 09 41 da 0a 87 7f ab ce 8e 49 e6 c8 |6..k.A.......I..| +000002b0 bf fb 2c 3b 7b e9 ae 14 03 01 00 01 01 16 03 01 |..,;{...........| +000002c0 00 30 7d 65 9c c1 25 e4 85 d7 39 d4 67 cf eb f1 |.0}e..%...9.g...| +000002d0 b7 c2 4d e6 5d bd 13 74 55 22 f0 8a 7e a6 a2 eb |..M.]..tU"..~...| +000002e0 93 cc b7 fa 86 b1 b5 e0 a3 ef ee 56 f0 cd f7 a5 |...........V....| +000002f0 d8 9e |..| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 ff 13 14 c5 ad |..........0.....| +00000010 88 ec a1 cf cc 0d 3f 7b ec 50 4a 25 69 1f 18 dc |......?{.PJ%i...| +00000020 b1 99 1f 3b 78 60 e0 83 c0 cd 9a b3 0d 59 0b f8 |...;x`.......Y..| +00000030 8a b7 7c 2c b4 2c e4 d0 49 82 82 |..|,.,..I..| +>>> Flow 5 (client to server) +00000000 17 03 01 00 20 51 91 74 f6 31 07 15 6b 9e 0b 28 |.... Q.t.1..k..(| +00000010 02 b8 ec 9d c6 e3 15 24 d3 ea 4b 27 d0 fa 9f c2 |.......$..K'....| +00000020 c4 8d 37 b3 d9 17 03 01 00 20 7d 97 75 fe de 3f |..7...... }.u..?| +00000030 ae ab e6 a8 1d 76 1c 06 9c 02 61 cc f5 1d fe c8 |.....v....a.....| +00000040 a2 dc ae 97 7f 1c 05 19 e5 14 15 03 01 00 20 4a |.............. J| +00000050 bc 45 97 6b 09 8e 47 5f d5 a0 97 78 79 67 09 8d |.E.k..G_...xyg..| +00000060 d3 80 38 58 5c cc ae 8e d4 67 1d 93 2b 20 79 |..8X\....g..+ y| diff --git a/testdata/Client-TLSv10-ClientCert-RSA-RSA b/testdata/Client-TLSv10-ClientCert-RSA-RSA new file mode 100644 index 0000000..e585894 --- /dev/null +++ b/testdata/Client-TLSv10-ClientCert-RSA-RSA @@ -0,0 +1,131 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 61 6b 2e 41 7f |....Y...U..ak.A.| +00000010 af 26 6f a2 8b 63 ee e4 b1 76 19 3a 6d a3 c2 30 |.&o..c...v.:m..0| +00000020 37 e8 47 c2 90 10 7e e8 c5 b2 eb 20 00 1c 8f 70 |7.G...~.... ...p| +00000030 0d 15 4a c7 7d ab ca 79 a7 d8 c2 01 62 6e 6f aa |..J.}..y....bno.| +00000040 df a2 1c 8f 7c 27 d9 e6 fe e9 c8 ab c0 13 00 00 |....|'..........| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 29 0b ca 37 f3 a1 52 |........ )..7..R| +000002d0 49 1c 84 9a e4 74 6b 4b 2d 1f e6 e9 83 1d 5d 59 |I....tkK-.....]Y| +000002e0 5a 2f 09 9f bc a4 30 af 71 00 80 d9 bb 6d 09 a7 |Z/....0.q....m..| +000002f0 ab 47 6f e8 a6 1a da fb 66 7d a5 f0 c9 c3 24 4c |.Go.....f}....$L| +00000300 99 56 c6 29 71 27 08 0b c1 60 44 cc 6d 42 1b 5e |.V.)q'...`D.mB.^| +00000310 cd 9f 82 24 38 23 ec d9 fa 32 49 2f 16 5d d2 9d |...$8#...2I/.]..| +00000320 e9 13 4e 66 3d f8 bf 30 2e 8c eb 35 4c e8 81 86 |..Nf=..0...5L...| +00000330 c0 de c7 0d a9 60 7e 7c 4a c4 1d a0 89 70 de 82 |.....`~|J....p..| +00000340 1b 37 a0 ea 7f 20 a5 fe d4 20 1d 6f 1a 84 dd a4 |.7... ... .o....| +00000350 13 46 18 c6 31 14 81 4b a4 bb 43 5c c4 49 1c 5a |.F..1..K..C\.I.Z| +00000360 8d 12 57 e0 1d 9a b6 cd f1 39 ff 16 03 01 00 0a |..W......9......| +00000370 0d 00 00 06 03 01 02 40 00 00 16 03 01 00 04 0e |.......@........| +00000380 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 01 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 01 00 |......._X.;t....| +00000230 86 0f 00 00 82 00 80 12 76 af 25 e4 e7 ff d6 e4 |........v.%.....| +00000240 27 58 31 0f 6b 1e 84 13 2f d0 60 80 18 c3 f8 c1 |'X1.k.../.`.....| +00000250 f8 04 39 d4 07 05 d3 96 e2 b2 10 de 1f 68 88 67 |..9..........h.g| +00000260 1d dd 0a 11 52 9d 16 0e af 07 de cb f1 7c f4 b4 |....R........|..| +00000270 5d 0f 4f 43 5b 3c 25 07 32 13 f2 ab 9b 2d d0 a8 |].OC[<%.2....-..| +00000280 28 90 cb 04 48 c3 43 bd 2b b4 ef b9 7b cd bd d5 |(...H.C.+...{...| +00000290 bc d1 cc 00 17 46 fa 9b 1f 44 58 b7 6c de 1b 7a |.....F...DX.l..z| +000002a0 e0 d7 12 38 a3 09 f8 7a 9b 26 0b ee 37 bc 79 1b |...8...z.&..7.y.| +000002b0 51 9f 9a 1f f9 a9 51 14 03 01 00 01 01 16 03 01 |Q.....Q.........| +000002c0 00 30 97 df fb 79 78 a8 27 fd 2b 68 6b ec 4d 29 |.0...yx.'.+hk.M)| +000002d0 a1 02 59 ae 18 0b 46 62 af 61 53 2f 95 50 f2 ac |..Y...Fb.aS/.P..| +000002e0 c8 c3 5e 78 ca b0 e2 5d ff d7 1b 9b 00 30 f6 da |..^x...].....0..| +000002f0 d7 91 |..| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 f9 e9 d7 8c 4a |..........0....J| +00000010 6b f4 c9 88 d6 98 70 53 13 fc 51 9c 81 14 cf 71 |k.....pS..Q....q| +00000020 d9 30 7a d9 2c 34 96 00 a4 a0 2b 1e 7d ff d0 f2 |.0z.,4....+.}...| +00000030 b7 81 ed 86 c5 e1 09 16 82 47 20 |.........G | +>>> Flow 5 (client to server) +00000000 17 03 01 00 20 db b5 66 4e fb b1 47 8a 8e 6b a8 |.... ..fN..G..k.| +00000010 03 53 1a 51 22 8e 47 a3 3a 74 ed a4 6a aa 79 fd |.S.Q".G.:t..j.y.| +00000020 55 0f ac 35 a9 17 03 01 00 20 3e 0b 39 f5 5a 03 |U..5..... >.9.Z.| +00000030 43 d9 e2 7d 1c dc 3b 42 82 2a 2d d4 04 0a 76 97 |C..}..;B.*-...v.| +00000040 70 ed ee 99 58 15 40 c1 3a d5 15 03 01 00 20 bf |p...X.@.:..... .| +00000050 ea e8 93 67 a4 91 1a b5 f5 03 a5 94 50 95 41 16 |...g........P.A.| +00000060 b0 2a 74 d9 32 65 94 35 45 b9 0f 2e 80 87 fd |.*t.2e.5E......| diff --git a/testdata/Client-TLSv10-ECDHE-ECDSA-AES b/testdata/Client-TLSv10-ECDHE-ECDSA-AES new file mode 100644 index 0000000..529b7ce --- /dev/null +++ b/testdata/Client-TLSv10-ECDHE-ECDSA-AES @@ -0,0 +1,85 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 b0 ec 4b 2e 9e |....Y...U....K..| +00000010 19 7d 7b 7e 7c 52 8a d2 2e 8a 97 05 8a c6 ae aa |.}{~|R..........| +00000020 c5 62 bd 6f bd 7e fe 6b c6 9f d4 20 74 db 02 b1 |.b.o.~.k... t...| +00000030 65 88 41 bb 9a 55 22 f3 01 c4 5c ca 39 86 b1 77 |e.A..U"...\.9..w| +00000040 c4 b3 45 16 eb 55 d8 15 b8 4d ac 12 c0 09 00 00 |..E..U...M......| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 01 00 b5 0c 00 00 b1 03 00 1d 20 7d 74 |*............ }t| +00000280 bf aa a8 b6 c0 1f 78 0c 1a ee c5 b7 56 ff 5c aa |......x.....V.\.| +00000290 f4 e3 a5 0c f7 64 31 eb 85 8a c9 bd 05 1b 00 8b |.....d1.........| +000002a0 30 81 88 02 42 00 f8 5d e5 bf 2e 70 79 f4 36 90 |0...B..]...py.6.| +000002b0 fc 6e 9a cc f1 c4 01 50 8c b9 92 4e bd e0 82 2d |.n.....P...N...-| +000002c0 1b ab 30 71 d1 db 76 af 50 75 08 fb cb 50 5b 00 |..0q..v.Pu...P[.| +000002d0 49 72 f5 d7 d9 44 48 94 ac 1d 8d 2e 50 90 ad a3 |Ir...DH.....P...| +000002e0 42 2b 5f 57 48 5e 9e 02 42 00 bb 0b 9a d7 25 53 |B+_WH^..B.....%S| +000002f0 04 5c 58 01 07 8e 3d ee f5 4f 0b 80 bd 02 07 3e |.\X...=..O.....>| +00000300 ff b9 01 ac 7a 49 be 94 fa cf 58 5c 59 91 b5 5d |....zI....X\Y..]| +00000310 cc 61 b9 e3 2f 53 7d 3c 3f 41 c5 31 1a 90 fc fa |.a../S}>> Flow 3 (client to server) +00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......| +00000030 16 03 01 00 30 f5 d0 86 ef 96 7e b9 94 cc 19 62 |....0.....~....b| +00000040 cc 3a 14 f1 74 a2 0d c8 b9 4c 5d 8a c5 80 60 23 |.:..t....L]...`#| +00000050 d5 f5 04 06 16 e2 69 ca 4d 99 1b a0 b5 3b 7d 62 |......i.M....;}b| +00000060 51 62 ee d9 60 |Qb..`| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 4d f9 c2 63 4f |..........0M..cO| +00000010 98 1b 02 ce df ca d1 15 a2 4f 6f 4c 2c b8 1a 88 |.........OoL,...| +00000020 11 c9 b3 45 e6 1d cf e8 6b dd 8c 89 c6 1d 0b 66 |...E....k......f| +00000030 82 d5 1d c6 55 14 1c 56 59 3e 69 |....U..VY>i| +>>> Flow 5 (client to server) +00000000 17 03 01 00 20 12 be 42 b4 31 07 55 8e f9 a1 64 |.... ..B.1.U...d| +00000010 96 70 46 68 3e fd 4e 4f 9c af b3 11 de fc 80 f1 |.pFh>.NO........| +00000020 c8 11 84 ba ae 17 03 01 00 20 2f f9 ec dd 50 97 |......... /...P.| +00000030 1e a4 f1 66 fe 28 e3 c1 51 8d c0 f6 c3 d8 b3 ad |...f.(..Q.......| +00000040 7d dc a5 98 87 90 34 71 b4 73 15 03 01 00 20 d1 |}.....4q.s.... .| +00000050 6f 91 91 01 68 c4 11 6a e5 a2 ed 20 3f 3a 3d b7 |o...h..j... ?:=.| +00000060 d9 7f c3 b3 29 c3 df 3e 17 69 76 9f 04 f8 58 |....)..>.iv...X| diff --git a/testdata/Client-TLSv10-ECDHE-RSA-AES b/testdata/Client-TLSv10-ECDHE-RSA-AES new file mode 100644 index 0000000..78947ac --- /dev/null +++ b/testdata/Client-TLSv10-ECDHE-RSA-AES @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 01 00 59 02 00 00 55 03 01 45 04 14 a2 70 |....Y...U..E...p| +00000010 3e 1e d9 2c d4 bd f3 e8 9c f3 e0 08 d8 0f 7f 82 |>..,............| +00000020 2b 07 a0 bd 47 56 a0 e1 06 0d 36 20 fc 0f 5b 85 |+...GV....6 ..[.| +00000030 8e 17 20 f1 f6 1e 80 c3 79 1a e1 86 c3 ed e9 24 |.. .....y......$| +00000040 6d bb 24 3c 0c 8d 2c 79 f2 03 27 b0 c0 13 00 00 |m.$<..,y..'.....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 01 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 01 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 85 05 5f e3 a2 b2 12 |........ .._....| +000002d0 c8 82 53 2b c2 38 e1 a8 08 87 a7 d5 b3 98 6f 81 |..S+.8........o.| +000002e0 ce 81 6b 78 3e 3a b7 1d 71 00 80 43 81 fb 47 5e |..kx>:..q..C..G^| +000002f0 08 16 39 35 d3 c2 f3 ea bb 2c 7d bc 01 9b 35 5d |..95.....,}...5]| +00000300 63 7e c3 38 f3 04 96 eb d7 3f d1 df 71 97 ec 22 |c~.8.....?..q.."| +00000310 1b 4a 89 14 4d e5 44 08 87 52 69 ea 28 f8 6a ea |.J..M.D..Ri.(.j.| +00000320 3e ff 17 de 4d 20 95 e3 6e 3f af 05 20 9b a3 ac |>...M ..n?.. ...| +00000330 70 1b 1c bf f9 52 d6 11 6d d9 85 90 08 4d 64 1f |p....R..m....Md.| +00000340 c5 35 34 37 11 b8 44 a3 ef 93 a6 b6 87 58 0b c4 |.547..D......X..| +00000350 8e 94 d8 67 4d 09 7a 2a aa 95 db e6 af 29 21 a2 |...gM.z*.....)!.| +00000360 ee c3 90 ef c6 53 46 12 fb 87 06 16 03 01 00 04 |.....SF.........| +00000370 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 01 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 01 00 01 01 |....._X.;t......| +00000030 16 03 01 00 30 50 f5 a9 34 25 ed a2 fb c8 7f 35 |....0P..4%.....5| +00000040 08 57 59 da 54 c1 8d 92 ec 23 73 af f3 92 8d 19 |.WY.T....#s.....| +00000050 03 ce ab 5b eb dc 5b 81 3f 51 a1 20 31 3f 33 da |...[..[.?Q. 1?3.| +00000060 27 c5 c3 9c fd |'....| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 b1 61 9b 63 4e |..........0.a.cN| +00000010 43 96 80 49 ac 2d 93 7d b9 f2 bb 81 79 5e 94 bf |C..I.-.}....y^..| +00000020 06 d0 a6 14 46 91 cd 90 b0 8a 85 ee fe 41 a7 4d |....F........A.M| +00000030 97 d7 4d 40 5e f4 5b bd d3 0c db |..M@^.[....| +>>> Flow 5 (client to server) +00000000 17 03 01 00 20 49 21 bc a5 4c 96 41 3f 22 87 0a |.... I!..L.A?"..| +00000010 c0 4e 0e 54 cb c2 27 8a 4f b0 37 fb b4 1f c1 4e |.N.T..'.O.7....N| +00000020 77 e1 09 57 23 17 03 01 00 20 f0 f0 3b 78 a8 ae |w..W#.... ..;x..| +00000030 ef b1 e0 f4 29 0f 90 4a 0f e5 48 34 84 5e 4f d8 |....)..J..H4.^O.| +00000040 53 46 f8 29 64 2b 8e 87 79 0a 15 03 01 00 20 71 |SF.)d+..y..... q| +00000050 32 6c 08 2a f7 18 c8 d5 48 a8 c7 d1 68 7a 65 ec |2l.*....H...hze.| +00000060 3e fa 4b fe ff 76 1a 57 64 22 61 27 a0 5d b6 |>.K..v.Wd"a'.].| diff --git a/testdata/Client-TLSv10-RSA-RC4 b/testdata/Client-TLSv10-RSA-RC4 new file mode 100644 index 0000000..7ecfbde --- /dev/null +++ b/testdata/Client-TLSv10-RSA-RC4 @@ -0,0 +1,78 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 01 00 51 02 00 00 4d 03 01 4c 98 ce a5 80 |....Q...M..L....| +00000010 84 dc d3 70 de 75 bf 26 5c 15 8b b7 2c 78 30 a7 |...p.u.&\...,x0.| +00000020 65 1a 0c f7 1a e5 51 91 7c cb ca 20 83 2c 90 3b |e.....Q.|.. .,.;| +00000030 cf dd 4e 51 8b 27 98 95 aa d9 1d da 4d 3d e1 18 |..NQ.'......M=..| +00000040 f5 58 fd 85 c5 ed c9 5f 12 2f 4b b3 00 05 00 00 |.X....._./K.....| +00000050 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 01 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 01 00 01 |.Y(.....ia5.....| +00000090 01 16 03 01 00 24 0e 4d ff 2c 39 80 ba a5 96 18 |.....$.M.,9.....| +000000a0 56 15 94 9f e2 1e 7d 13 62 51 d5 e1 05 f8 d8 b3 |V.....}.bQ......| +000000b0 bd 77 58 38 95 b4 7d 37 66 8a |.wX8..}7f.| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 24 dc 6f da 57 0d |..........$.o.W.| +00000010 f8 b8 aa d5 e5 0a 2e 81 ed 2a b7 f8 0e 2a f1 05 |.........*...*..| +00000020 76 8d 4f b0 0e db 16 c5 d7 c8 5e f9 fb 9e e0 |v.O.......^....| +>>> Flow 5 (client to server) +00000000 17 03 01 00 1a 47 97 4d e6 59 d4 2f bb 60 56 69 |.....G.M.Y./.`Vi| +00000010 d8 bc 8d 91 44 7c cd 85 7e c5 18 5f 57 8e 08 15 |....D|..~.._W...| +00000020 03 01 00 16 f7 79 56 72 e6 77 8d af 94 55 d7 0e |.....yVr.w...U..| +00000030 96 c8 3b 35 52 ea f7 e7 b8 d6 |..;5R.....| diff --git a/testdata/Client-TLSv11-ECDHE-ECDSA-AES b/testdata/Client-TLSv11-ECDHE-ECDSA-AES new file mode 100644 index 0000000..5232ad5 --- /dev/null +++ b/testdata/Client-TLSv11-ECDHE-ECDSA-AES @@ -0,0 +1,87 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 02 00 59 02 00 00 55 03 02 30 f8 f6 b2 af |....Y...U..0....| +00000010 99 b0 e0 f6 9a eb 47 6f 2f ad 2f 45 18 56 b3 dd |......Go/./E.V..| +00000020 b6 b9 20 fb af 97 43 1f 0e 51 c0 20 fe 6c 12 64 |.. ...C..Q. .l.d| +00000030 8e cc a4 24 d6 e6 80 cf f2 9e 74 3f a7 1e 8b da |...$......t?....| +00000040 0e 3c 58 74 f4 8f be 1f 60 86 57 c6 c0 09 00 00 |.....P.&...64...| +000002a0 30 81 86 02 41 24 90 6f 3e 1a 2c a5 7f 08 dc b2 |0...A$.o>.,.....| +000002b0 d3 46 27 5e cb 1f 2a 6d 92 ba 1b fe e3 c5 64 79 |.F'^..*m......dy| +000002c0 31 50 8c 43 4b b1 ee 0d 6f 53 ad 6f e9 db 86 e7 |1P.CK...oS.o....| +000002d0 1f e3 77 f1 8d a8 ab 81 2a d6 fa e7 98 d5 bc 0d |..w.....*.......| +000002e0 ec af ea 84 c4 f8 02 41 6a d2 66 32 e1 d7 46 1a |.......Aj.f2..F.| +000002f0 95 5a 91 c3 76 82 20 c2 a3 a2 32 f5 fd eb a2 0e |.Z..v. ...2.....| +00000300 0f d8 a9 31 7a ef a8 05 6c 5d bf 27 d0 2d 94 ca |...1z...l].'.-..| +00000310 fb d6 62 7a 1c 6a 46 20 fe ed a6 60 a3 db b1 bd |..bz.jF ...`....| +00000320 11 82 05 c3 db 0c 4a 2d 6c 16 03 02 00 04 0e 00 |......J-l.......| +00000330 00 00 |..| +>>> Flow 3 (client to server) +00000000 16 03 02 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 02 00 01 01 |....._X.;t......| +00000030 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 22 71 28 3d 07 73 61 5e 84 72 36 |....."q(=.sa^.r6| +00000050 c0 87 37 4a 5b c2 d9 40 96 a2 01 20 b2 04 23 2f |..7J[..@... ..#/| +00000060 c1 6f 1e 7c a1 77 20 0f 87 46 98 a2 5c aa 35 37 |.o.|.w ..F..\.57| +00000070 37 87 5a 75 33 |7.Zu3| +>>> Flow 4 (server to client) +00000000 14 03 02 00 01 01 16 03 02 00 40 21 b5 1f 8d 4b |..........@!...K| +00000010 1c a7 28 4e 73 3e d7 c5 75 6e eb e4 b3 95 02 4e |..(Ns>..un.....N| +00000020 a3 47 03 44 97 69 c9 89 f5 ac e2 29 5e 22 e7 2c |.G.D.i.....)^".,| +00000030 a2 2d e3 ac 64 45 ae 9d 07 9e fe f8 c6 85 47 4d |.-..dE........GM| +00000040 59 be 72 8d e6 50 da c7 83 91 14 |Y.r..P.....| +>>> Flow 5 (client to server) +00000000 17 03 02 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000010 00 00 00 00 00 57 45 25 4c 1b 90 d3 28 e1 69 43 |.....WE%L...(.iC| +00000020 c5 28 d9 d5 15 35 cf 41 bb 38 f2 12 c6 18 a5 a2 |.(...5.A.8......| +00000030 f5 e4 64 1d 59 15 03 02 00 30 00 00 00 00 00 00 |..d.Y....0......| +00000040 00 00 00 00 00 00 00 00 00 00 35 06 5f e3 ff e7 |..........5._...| +00000050 f0 f1 0c d5 b1 59 42 80 19 8d 67 1b 18 18 5c 18 |.....YB...g...\.| +00000060 42 38 67 85 c3 ab e2 dc 60 d4 |B8g.....`.| diff --git a/testdata/Client-TLSv11-ECDHE-RSA-AES b/testdata/Client-TLSv11-ECDHE-RSA-AES new file mode 100644 index 0000000..48ff7bc --- /dev/null +++ b/testdata/Client-TLSv11-ECDHE-RSA-AES @@ -0,0 +1,91 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 02 00 59 02 00 00 55 03 02 10 ca d9 1b 83 |....Y...U.......| +00000010 59 c8 a5 a5 6a 89 65 6e 1c 0a 49 98 69 05 49 27 |Y...j.en..I.i.I'| +00000020 96 72 74 5f 6e 5b 66 26 3b fd f8 20 23 b5 d6 c5 |.rt_n[f&;.. #...| +00000030 09 f1 66 02 27 5c 5a 15 17 83 c5 11 a4 32 cf d8 |..f.'\Z......2..| +00000040 1e a0 e7 93 83 35 6e aa 61 ae 97 77 c0 13 00 00 |.....5n.a..w....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 02 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 02 00 |.=.`.\!.;.......| +000002c0 aa 0c 00 00 a6 03 00 1d 20 97 a4 91 6b cd ca 44 |........ ...k..D| +000002d0 7e ac fd a5 b1 c0 ce 88 07 f3 a2 d9 93 2b a8 d9 |~............+..| +000002e0 0b 65 0b 47 c0 2e 4f 3b 26 00 80 00 18 01 a1 29 |.e.G..O;&......)| +000002f0 0b 84 c9 09 5e 8c 58 5f 62 b6 22 8b 94 6e 72 26 |....^.X_b."..nr&| +00000300 44 27 32 b9 22 12 67 58 34 a1 ce 6f 87 19 a0 5c |D'2.".gX4..o...\| +00000310 5d 58 dc 91 fb c7 e6 31 33 76 6d 1f 8e 4f 46 55 |]X.....13vm..OFU| +00000320 f1 08 57 9b bb fe 8d c7 6c 0b cd 8b ad b7 51 28 |..W.....l.....Q(| +00000330 f8 5b 75 97 fe a0 d4 a1 2e 9a d3 d5 45 62 f8 19 |.[u.........Eb..| +00000340 f6 73 d0 f6 6d e8 43 49 a2 f5 71 66 c5 29 1a 99 |.s..m.CI..qf.)..| +00000350 e6 c0 cc f9 a5 cd a5 b7 58 08 4d cc 17 46 91 4c |........X.M..F.L| +00000360 29 99 b4 05 78 af e7 b0 d1 2d 38 16 03 02 00 04 |)...x....-8.....| +00000370 0e 00 00 00 |....| +>>> Flow 3 (client to server) +00000000 16 03 02 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 02 00 01 01 |....._X.;t......| +00000030 16 03 02 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 f2 fb 8f ab ae 46 f2 6a 18 1b 77 |..........F.j..w| +00000050 f3 ce 0c b6 83 9c d6 34 54 82 76 db 5c 79 5d cf |.......4T.v.\y].| +00000060 24 f3 26 6d 9d f0 af d3 fc e0 96 69 0a 04 f7 ba |$.&m.......i....| +00000070 78 54 af 37 a5 |xT.7.| +>>> Flow 4 (server to client) +00000000 14 03 02 00 01 01 16 03 02 00 40 e7 d9 0e af 0c |..........@.....| +00000010 06 55 85 ab b0 0a 5e d9 11 81 7a 53 c0 f6 3f 84 |.U....^...zS..?.| +00000020 06 7d 9c 20 05 e9 0d 1d df 9b 48 11 d9 df 0c e6 |.}. ......H.....| +00000030 6b c2 a8 8f f4 d9 e8 8e f6 1a 3e db 7c e5 97 ac |k.........>.|...| +00000040 5d 63 08 b2 3a 54 91 62 fc 2e a5 |]c..:T.b...| +>>> Flow 5 (client to server) +00000000 17 03 02 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000010 00 00 00 00 00 3f ef e9 bc 10 07 75 99 67 8f 99 |.....?.....u.g..| +00000020 bb c0 15 94 86 a2 80 cc 15 97 54 f8 4e 1a d1 9a |..........T.N...| +00000030 33 80 aa da ec 15 03 02 00 30 00 00 00 00 00 00 |3........0......| +00000040 00 00 00 00 00 00 00 00 00 00 6f 78 7b d2 80 62 |..........ox{..b| +00000050 5c cf 34 d6 5a 72 d8 63 95 24 c6 ff 69 d0 6d 90 |\.4.Zr.c.$..i.m.| +00000060 8d a2 9f 37 e8 7b b1 d4 68 04 |...7.{..h.| diff --git a/testdata/Client-TLSv11-RSA-RC4 b/testdata/Client-TLSv11-RSA-RC4 new file mode 100644 index 0000000..2e9c49e --- /dev/null +++ b/testdata/Client-TLSv11-RSA-RC4 @@ -0,0 +1,78 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 02 00 51 02 00 00 4d 03 02 36 8f 18 79 0f |....Q...M..6..y.| +00000010 99 6b 3d 1d f4 19 aa ff 79 7c 50 15 52 db 9d c5 |.k=.....y|P.R...| +00000020 62 40 2d 5b de 45 0c 66 b1 cb be 20 9e 00 c3 00 |b@-[.E.f... ....| +00000030 22 2f b5 c6 79 c1 f7 72 8f 4b 94 f4 ac fe a9 53 |"/..y..r.K.....S| +00000040 97 4e fb 00 df 34 b6 24 8f ff 89 db 00 05 00 00 |.N...4.$........| +00000050 05 ff 01 00 01 00 16 03 02 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 02 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 02 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 02 00 01 |.Y(.....ia5.....| +00000090 01 16 03 02 00 24 92 fa 9a bb 9b a3 39 3f 6b 0c |.....$......9?k.| +000000a0 70 b5 48 4a fc cf 79 86 c7 90 e8 db ca 6a ff 95 |p.HJ..y......j..| +000000b0 11 9b 65 b2 07 61 00 a8 dc 14 |..e..a....| +>>> Flow 4 (server to client) +00000000 14 03 02 00 01 01 16 03 02 00 24 47 d5 78 31 32 |..........$G.x12| +00000010 db db 2b f4 2f e6 a4 fa fa 04 31 ba c0 bc 86 38 |..+./.....1....8| +00000020 29 70 53 c6 8c 28 e5 75 90 ed 0f 4f 3e cb 06 |)pS..(.u...O>..| +>>> Flow 5 (client to server) +00000000 17 03 02 00 1a f3 e7 6c 01 c5 70 c6 69 dd 4f 40 |.......l..p.i.O@| +00000010 38 c1 b2 d2 28 69 2f 99 b1 bd 71 d0 c2 00 08 15 |8...(i/...q.....| +00000020 03 02 00 16 4c 44 14 02 8e 46 f8 84 40 f1 3d 6d |....LD...F..@.=m| +00000030 f2 01 f6 9d 7a 0b 18 ee 9d 41 |....z....A| diff --git a/testdata/Client-TLSv12-AES128-GCM-SHA256 b/testdata/Client-TLSv12-AES128-GCM-SHA256 new file mode 100644 index 0000000..c20dcc6 --- /dev/null +++ b/testdata/Client-TLSv12-AES128-GCM-SHA256 @@ -0,0 +1,80 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 65 9c b1 7a 5c |....Q...M..e..z\| +00000010 84 e5 a5 12 ba 54 1f 4c ec 95 0b 8f ea 5c cc 3b |.....T.L.....\.;| +00000020 de b8 18 23 8e c4 95 59 d7 7f 8f 20 36 fe ec 27 |...#...Y... 6..'| +00000030 10 85 43 fb 9c 68 3f 69 d0 08 a6 57 10 a6 29 a4 |..C..h?i...W..).| +00000040 f6 0c 2e 05 6e 0d e5 44 61 e1 2e 07 00 9c 00 00 |....n..Da.......| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 97 f1 |.....(..........| +000000a0 fe 34 f7 de 76 9b 56 27 e6 9f 36 48 30 a6 de 78 |.4..v.V'..6H0..x| +000000b0 10 6a ef bf 92 8a 6e 99 21 2f 1b 7b 48 80 |.j....n.!/.{H.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 23 9d a2 ae a1 |..........(#....| +00000010 7d dd 92 1f 42 18 68 f6 fb 31 56 7b e4 58 a4 e9 |}...B.h..1V{.X..| +00000020 c2 1c e7 67 1b 40 b1 b9 63 9d 05 fb c7 44 9e f6 |...g.@..c....D..| +00000030 7a 14 bb |z..| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 d7 31 70 |..............1p| +00000010 c8 11 3f bd 83 fc 6e f8 3b e0 ee 45 c5 1a c8 41 |..?...n.;..E...A| +00000020 80 22 d4 15 03 03 00 1a 00 00 00 00 00 00 00 02 |."..............| +00000030 7a fe 3a 11 7c c0 26 30 55 24 85 0b 43 cb 7c ac |z.:.|.&0U$..C.|.| +00000040 ef 2c |.,| diff --git a/testdata/Client-TLSv12-AES128-SHA256 b/testdata/Client-TLSv12-AES128-SHA256 new file mode 100644 index 0000000..774481e --- /dev/null +++ b/testdata/Client-TLSv12-AES128-SHA256 @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 26 31 ba 4a 56 |....Q...M..&1.JV| +00000010 16 83 15 47 b9 c4 7e 10 ca 92 31 4d 77 af cc cd |...G..~...1Mw...| +00000020 70 f4 cc 82 6e b9 ac 1b 0d 17 25 20 e9 08 ec 95 |p...n.....% ....| +00000030 ea 84 a4 bd 8f 9d 8e d3 58 a7 5e 72 42 e4 19 8f |........X.^rB...| +00000040 46 c3 d9 be 16 3c d4 53 5a 02 8f a1 00 3c 00 00 |F....<.SZ....<..| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 |.....P..........| +000000a0 00 00 00 00 00 00 46 91 40 e2 65 40 fe 42 c3 34 |......F.@.e@.B.4| +000000b0 98 65 89 d0 96 7e 7b 67 8e c4 d5 e6 37 f5 96 04 |.e...~{g....7...| +000000c0 b7 c8 63 83 76 5c ca 9d 89 18 d4 97 8b 3f f6 75 |..c.v\.......?.u| +000000d0 1d 51 0b b9 90 1c 85 8f 83 20 9e 9a 21 d9 db 14 |.Q....... ..!...| +000000e0 1e 02 d4 ab aa c4 |......| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 50 6d 34 72 de 79 |..........Pm4r.y| +00000010 ad 96 d0 92 5f d7 01 de 90 f4 5d 0f de 02 ae 19 |...._.....].....| +00000020 61 a3 ee 29 ab 18 f1 09 2e 5b bc e0 73 9a 68 19 |a..).....[..s.h.| +00000030 17 dd c8 d9 63 b4 28 c8 da 1a 81 40 ca d3 5a 99 |....c.(....@..Z.| +00000040 17 67 fe e9 dd 1a 52 c4 6e 70 0a 0e cf e8 c0 f8 |.g....R.np......| +00000050 6c 1f ee d2 70 97 dc ee b8 95 35 |l...p.....5| +>>> Flow 5 (client to server) +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 ee 03 cc 04 97 17 f0 04 85 02 b7 |................| +00000020 5c 24 ca 9f c2 25 e0 76 f4 72 e5 71 2b ac f4 a5 |\$...%.v.r.q+...| +00000030 c4 62 08 9a da b7 ab 30 2f 34 b0 70 20 a3 b9 b3 |.b.....0/4.p ...| +00000040 df 90 9b 01 0b 15 03 03 00 40 00 00 00 00 00 00 |.........@......| +00000050 00 00 00 00 00 00 00 00 00 00 3b ca fc 0e 08 f2 |..........;.....| +00000060 c8 b7 22 61 43 24 b3 54 1b ca 58 c6 bd 27 f3 3d |.."aC$.T..X..'.=| +00000070 ac a0 d8 fe 0e b5 15 7c 1f 98 32 f0 6b 28 bc 61 |.......|..2.k(.a| +00000080 6c c7 ba 66 54 19 92 a9 6f 43 |l..fT...oC| diff --git a/testdata/Client-TLSv12-AES256-GCM-SHA384 b/testdata/Client-TLSv12-AES256-GCM-SHA384 new file mode 100644 index 0000000..6d26746 --- /dev/null +++ b/testdata/Client-TLSv12-AES256-GCM-SHA384 @@ -0,0 +1,80 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 98 b0 4a 9a c8 |....Q...M....J..| +00000010 8f f9 1f f9 70 03 d9 1a ee 7c 29 30 6a 71 7c 6c |....p....|)0jq|l| +00000020 ea 2c de 84 f9 ee 4d 2c d7 58 12 20 a4 e2 1b f3 |.,....M,.X. ....| +00000030 42 b8 9a 0b 71 8c 27 57 61 98 c5 c5 1b 04 01 5b |B...q.'Wa......[| +00000040 a0 bc 88 64 d9 ce 5a a1 b2 7b 6c 4e 00 9d 00 00 |...d..Z..{lN....| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 28 00 00 00 00 00 00 00 00 57 97 |.....(........W.| +000000a0 64 ef 80 07 b0 31 02 c8 2a a2 b7 1f d6 a3 7c 7a |d....1..*.....|z| +000000b0 e9 c4 e1 55 9f 0a ef 0d 8f 0a 57 13 f5 a4 |...U......W...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 42 49 9c 67 4f |..........(BI.gO| +00000010 36 75 b8 34 0e ee 00 98 1a ba 52 d5 96 7b 91 d7 |6u.4......R..{..| +00000020 ba ec e4 5e 2e 42 e3 72 a0 ea 60 24 31 30 3d a2 |...^.B.r..`$10=.| +00000030 c5 6c 8f |.l.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 42 9f da |.............B..| +00000010 a1 e6 98 48 a8 6c 78 a0 f7 fd e7 0f bc df 97 ef |...H.lx.........| +00000020 b8 62 4c 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.bL.............| +00000030 99 ac 35 a4 d9 1f 58 26 51 c6 6a b9 1f 53 ec 19 |..5...X&Q.j..S..| +00000040 90 78 |.x| diff --git a/testdata/Client-TLSv12-ALPN b/testdata/Client-TLSv12-ALPN new file mode 100644 index 0000000..9f90ff2 --- /dev/null +++ b/testdata/Client-TLSv12-ALPN @@ -0,0 +1,86 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 a9 01 00 00 a5 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 50 33 74 |.............P3t| +00000060 00 00 00 05 00 05 01 00 00 00 00 00 0a 00 0a 00 |................| +00000070 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 00 00 |................| +00000080 0d 00 0e 00 0c 04 01 04 03 05 01 05 03 02 01 02 |................| +00000090 03 ff 01 00 01 00 00 10 00 10 00 0e 06 70 72 6f |.............pro| +000000a0 74 6f 32 06 70 72 6f 74 6f 31 00 12 00 00 |to2.proto1....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 66 02 00 00 62 03 03 8d 70 c6 03 ad |....f...b...p...| +00000010 2f 20 b3 c2 ab e0 fc 80 74 c4 23 9e 82 65 61 a1 |/ ......t.#..ea.| +00000020 26 97 14 a0 9b 9c d5 e0 92 43 ee 20 ec 84 cf 78 |&........C. ...x| +00000030 44 16 7d f3 ad 94 a9 f8 c3 e0 c6 e1 b6 c5 e3 3d |D.}............=| +00000040 77 ea 76 1d 58 cc 94 3a ad 1a 1a 6c cc a8 00 00 |w.v.X..:...l....| +00000050 1a ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 10 |................| +00000060 00 09 00 07 06 70 72 6f 74 6f 31 16 03 03 02 59 |.....proto1....Y| +00000070 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 |...U..R..O0..K0.| +00000080 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b |.............?.[| +00000090 ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 |..0...*.H.......| +000000a0 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |.0.1.0...U....Go| +000000b0 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f |1.0...U....Go Ro| +000000c0 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 |ot0...1601010000| +000000d0 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 |00Z..25010100000| +000000e0 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 |0Z0.1.0...U....G| +000000f0 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 |o1.0...U....Go0.| +00000100 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 |.0...*.H........| +00000110 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e |....0.......F}..| +00000120 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e |.'.H..(!.~...]..| +00000130 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be |RE.z6G....B[....| +00000140 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 |.y.@.Om..+.....g| +00000150 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 |....."8.J.ts+.4.| +00000160 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 |.....t{.X.la<..A| +00000170 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 |..++$#w[.;.u]. T| +00000180 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 |..c...$....P....| +00000190 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 |C...ub...R......| +000001a0 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff |...0..0...U.....| +000001b0 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 |......0...U.%..0| +000001c0 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 |...+.........+..| +000001d0 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 |.....0...U......| +000001e0 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 |.0.0...U........| +000001f0 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b |..CC>I..m....`0.| +00000200 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 |..U.#..0...H.IM.| +00000210 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 |~.1......n{0...U| +00000220 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e |....0...example.| +00000230 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d |golang0...*.H...| +00000240 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 |..........0.@+[P| +00000250 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 |.a...SX...(.X..8| +00000260 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 |....1Z..f=C.-...| +00000270 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 |... d8.$:....}.@| +00000280 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c | ._...a..v......| +00000290 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c |\.....l..s..Cw..| +000002a0 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 |.....@.a.Lr+...F| +000002b0 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 |..M...>...B...=.| +000002c0 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 |`.\!.;..........| +000002d0 00 a8 03 00 1d 20 84 de 31 92 b6 a5 d8 a4 88 a2 |..... ..1.......| +000002e0 54 67 e6 61 40 f2 5a 87 0f ce 15 b1 d6 af f3 5d |Tg.a@.Z........]| +000002f0 99 71 d6 04 f5 52 04 01 00 80 a8 1d 8b 8c e9 a3 |.q...R..........| +00000300 af 2d 31 e4 0f f0 26 74 c2 e5 1b ae ac 47 9c 6e |.-1...&t.....G.n| +00000310 6c 5f 45 7d b1 b3 2a af 36 68 42 13 95 0d 33 1c |l_E}..*.6hB...3.| +00000320 8d 6c 72 48 4a 94 f0 fb 82 20 cc 76 21 7f 62 e7 |.lrHJ.... .v!.b.| +00000330 23 a3 c8 4e 3a ce f1 5c c3 60 73 26 59 4c 94 f3 |#..N:..\.`s&YL..| +00000340 07 36 f6 a0 b3 60 03 d5 72 1e bf c8 d9 1d 61 01 |.6...`..r.....a.| +00000350 9a 18 57 a3 b4 de 36 1f e1 7d dc 69 c0 fb c0 71 |..W...6..}.i...q| +00000360 45 1f 73 0d 50 69 d3 18 97 23 60 1c 5a 9a 93 b4 |E.s.Pi...#`.Z...| +00000370 67 cc e5 80 3b 25 d0 6c 50 c8 16 03 03 00 04 0e |g...;%.lP.......| +00000380 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 5c c5 3e 7a 14 97 1b 55 88 25 08 |.... \.>z...U.%.| +00000040 ad 86 48 ac f0 43 8c 17 5b 58 93 6c 7a 95 69 a8 |..H..C..[X.lz.i.| +00000050 ad 0c b3 61 4d |...aM| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 dd 1b 80 da d9 |.......... .....| +00000010 73 da 7d 15 9b 92 82 01 a7 8f fe 4a 75 97 8f f4 |s.}........Ju...| +00000020 64 1b bf cf c3 40 78 f2 52 f5 7a |d....@x.R.z| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 4e fa 7c 37 80 48 19 a6 03 25 7c |.....N.|7.H...%|| +00000010 65 56 43 af 9a e8 e2 aa e5 79 98 15 03 03 00 12 |eVC......y......| +00000020 f9 b7 01 e8 2e 85 33 89 60 44 84 93 26 4c ec ac |......3.`D..&L..| +00000030 2e 6f |.o| diff --git a/testdata/Client-TLSv12-ALPN-NoMatch b/testdata/Client-TLSv12-ALPN-NoMatch new file mode 100644 index 0000000..62e7d11 --- /dev/null +++ b/testdata/Client-TLSv12-ALPN-NoMatch @@ -0,0 +1,91 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 9c 01 00 00 98 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 28 c0 2f |.............(./| +00000030 c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 c0 09 c0 14 |.+.0.,.'...#....| +00000040 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 c0 12 00 0a |.......<./.5....| +00000050 00 05 c0 11 c0 07 01 00 00 47 33 74 00 00 00 05 |.........G3t....| +00000060 00 05 01 00 00 00 00 00 0a 00 08 00 06 00 17 00 |................| +00000070 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 0c 04 |................| +00000080 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 01 00 |................| +00000090 00 10 00 09 00 07 06 70 72 6f 74 6f 33 00 12 00 |.......proto3...| +000000a0 00 |.| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 36 0e 9f 51 42 |....Y...U..6..QB| +00000010 82 65 fa b5 17 7a 86 d6 40 33 a9 67 d3 3d aa 2f |.e...z..@3.g.=./| +00000020 89 a0 39 82 af 16 30 8e 64 80 d4 20 23 a6 d0 12 |..9...0.d.. #...| +00000030 ff 8c fc b4 b5 47 ec 10 fe ba 73 fb 0f ab e8 1c |.....G....s.....| +00000040 15 c1 fb 11 c1 b2 e1 8a f7 5d 5b ad c0 2f 00 00 |.........][../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 cd 0c 00 00 c9 03 00 17 41 04 11 b4 a9 10 7e 5c |........A.....~\| +000002d0 41 5e 39 12 15 a3 ed 5b 3e 5d 68 c8 ad 48 39 ef |A^9....[>]h..H9.| +000002e0 09 8b b1 a7 bf db 5f 54 49 cd d5 de 4d b3 47 4c |......_TI...M.GL| +000002f0 18 02 84 7c ec 75 4e d0 3e 8a d1 6c 80 83 98 64 |...|.uN.>..l...d| +00000300 4a 81 bc 8f 84 c7 e5 b4 2d fa 04 01 00 80 72 ee |J.......-.....r.| +00000310 41 38 f2 b8 a1 56 81 d8 04 78 75 05 f4 78 5f f2 |A8...V...xu..x_.| +00000320 2b 5d a2 46 23 9d 48 c8 63 a9 1d de a8 78 6e 99 |+].F#.H.c....xn.| +00000330 cd 59 6b 19 20 f5 b1 11 e1 f8 1c 5b 40 c3 b8 cd |.Yk. ......[@...| +00000340 66 a3 98 37 c5 c2 5c b7 d6 cc 61 b4 5e 97 fa dd |f..7..\...a.^...| +00000350 b7 85 5d b6 34 8c 39 4a 60 5a 03 20 47 7f e3 65 |..].4.9J`Z. G..e| +00000360 01 18 00 2c c3 eb be d4 aa 58 57 a9 5e 69 fb 3c |...,.....XW.^i.<| +00000370 fa c6 28 1a 5c f7 00 d5 21 e5 c1 30 db 84 38 c3 |..(.\...!..0..8.| +00000380 08 aa 08 5f c9 fd a0 b7 8e d0 66 77 bf 13 16 03 |..._......fw....| +00000390 03 00 04 0e 00 00 00 |.......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 46 10 00 00 42 41 04 1e 18 37 ef 0d |....F...BA...7..| +00000010 19 51 88 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd |.Q.5uq..T[....g.| +00000020 a7 24 20 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e |.$ >.V...(^.+-O.| +00000030 f1 07 9f 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 |...lK[.V.2B.X..I| +00000040 a6 b5 68 1a 41 03 56 6b dc 5a 89 14 03 03 00 01 |..h.A.Vk.Z......| +00000050 01 16 03 03 00 28 00 00 00 00 00 00 00 00 4f 7e |.....(........O~| +00000060 9a 3a cc 74 a4 91 77 01 0b 0e 28 0a c5 bd 55 b7 |.:.t..w...(...U.| +00000070 9a 4c 40 4e e9 c9 46 d5 5f c5 e1 77 c3 f2 |.L@N..F._..w..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 62 4b 13 ef 22 |..........(bK.."| +00000010 f9 a8 8d ec 42 3a 36 80 5d a8 5b e9 60 d1 ba 65 |....B:6.].[.`..e| +00000020 2b d8 37 64 e5 12 b2 ef 84 75 87 0c 0f 3d 35 6e |+.7d.....u...=5n| +00000030 59 7c 51 |Y|Q| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 5f cd 4d |............._.M| +00000010 7b a7 c0 f9 6c 1f 80 93 cf 55 3b 12 c7 21 12 86 |{...l....U;..!..| +00000020 f6 b1 52 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..R.............| +00000030 fd 31 a4 4b d1 e9 f0 e0 18 b5 96 28 f7 b4 0c 29 |.1.K.......(...)| +00000040 8c 0c |..| diff --git a/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA b/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA new file mode 100644 index 0000000..336e10d --- /dev/null +++ b/testdata/Client-TLSv12-ClientCert-ECDSA-ECDSA @@ -0,0 +1,132 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 cf 28 2c 3e 4f |....Y...U...(,>O| +00000010 da 6b ae 24 74 a9 91 c3 c5 55 4b ab ec 07 f8 cd |.k.$t....UK.....| +00000020 65 f8 fe 08 f6 9a 23 da 99 6c 5d 20 af 4a 1e 32 |e.....#..l] .J.2| +00000030 7b bd 3c 0b b1 14 66 a3 b7 2f a4 2a c3 43 c4 e0 |{.<...f../.*.C..| +00000040 c2 ad 78 b1 28 ab 51 06 1b 87 d2 75 c0 09 00 00 |..x.(.Q....u....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 18 6f |*............ .o| +00000280 77 a5 2b 27 2c 52 fc 6c 8a 34 41 1c a8 c6 4f 90 |w.+',R.l.4A...O.| +00000290 a9 4b b7 e0 39 8b b1 f5 a6 15 4b 94 e8 2c 04 03 |.K..9.....K..,..| +000002a0 00 8b 30 81 88 02 42 00 dc 3a 14 a2 38 32 c1 40 |..0...B..:..82.@| +000002b0 98 83 17 94 e9 2a 0d 95 c3 59 d6 76 94 c2 3e a0 |.....*...Y.v..>.| +000002c0 f7 e0 5d 64 47 5a d1 d9 ed d2 1c 6b 13 3e e7 83 |..]dGZ.....k.>..| +000002d0 6e bb 53 33 03 7d 69 c6 8f 9d 98 d7 96 9c 73 e3 |n.S3.}i.......s.| +000002e0 12 bd 69 1f b1 d3 f4 25 d7 02 42 01 11 6d c8 53 |..i....%..B..m.S| +000002f0 9b bf f4 db ff 8a 00 82 93 f7 b5 bf c9 bb cd ec |................| +00000300 64 f8 d9 6d 36 0d f8 db ce 9d 65 a0 5e 5a e0 13 |d..m6.....e.^Z..| +00000310 ec 08 73 2c 3f 8c c6 5b 08 cc 0f 4a 7d 6b 5e 89 |..s,?..[...J}k^.| +00000320 bf 4a 4e db 51 5a 9f 51 3e 9d 9a c5 84 16 03 03 |.JN.QZ.Q>.......| +00000330 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......| +00000340 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000350 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................| +00000360 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| +00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| +00000020 d9 17 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 |..0...*.H.=..0E1| +00000030 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 |.0...U....AU1.0.| +00000040 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 |..U....Some-Stat| +00000050 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 |e1!0...U....Inte| +00000060 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 |rnet Widgits Pty| +00000070 20 4c 74 64 30 1e 17 0d 31 32 31 31 31 34 31 33 | Ltd0...12111413| +00000080 32 35 35 33 5a 17 0d 32 32 31 31 31 32 31 33 32 |2553Z..221112132| +00000090 35 35 33 5a 30 41 31 0b 30 09 06 03 55 04 06 13 |553Z0A1.0...U...| +000000a0 02 41 55 31 0c 30 0a 06 03 55 04 08 13 03 4e 53 |.AU1.0...U....NS| +000000b0 57 31 10 30 0e 06 03 55 04 07 13 07 50 79 72 6d |W1.0...U....Pyrm| +000000c0 6f 6e 74 31 12 30 10 06 03 55 04 03 13 09 4a 6f |ont1.0...U....Jo| +000000d0 65 6c 20 53 69 6e 67 30 81 9b 30 10 06 07 2a 86 |el Sing0..0...*.| +000000e0 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +000000f0 04 00 95 8c 91 75 14 c0 5e c4 57 b4 d4 c3 6f 8d |.....u..^.W...o.| +00000100 ae 68 1e dd 6f ce 86 e1 7e 6e b2 48 3e 81 e5 4e |.h..o...~n.H>..N| +00000110 e2 c6 88 4b 64 dc f5 30 bb d3 ff 65 cc 5b f4 dd |...Kd..0...e.[..| +00000120 b5 6a 3e 3e d0 1d de 47 c3 76 ad 19 f6 45 2c 8c |.j>>...G.v...E,.| +00000130 bc d8 1d 01 4c 1f 70 90 46 76 48 8b 8f 83 cc 4a |....L.p.FvH....J| +00000140 5c 8f 40 76 da e0 89 ec 1d 2b c4 4e 30 76 28 41 |\.@v.....+.N0v(A| +00000150 b2 62 a8 fb 5b f1 f9 4e 7a 8d bd 09 b8 ae ea 8b |.b..[..Nz.......| +00000160 18 27 4f 2e 70 fe 13 96 ba c3 d3 40 16 cd 65 4e |.'O.p......@..eN| +00000170 ac 11 1e e6 f1 30 09 06 07 2a 86 48 ce 3d 04 01 |.....0...*.H.=..| +00000180 03 81 8c 00 30 81 88 02 42 00 e0 14 c4 60 60 0b |....0...B....``.| +00000190 72 68 b0 32 5d 61 4a 02 74 5c c2 81 b9 16 a8 3f |rh.2]aJ.t\.....?| +000001a0 29 c8 36 c7 81 ff 6c b6 5b d9 70 f1 38 3b 50 48 |).6...l.[.p.8;PH| +000001b0 28 94 cb 09 1a 52 f1 5d ee 8d f2 b9 f0 f0 da d9 |(....R.]........| +000001c0 15 3a f9 bd 03 7a 87 a2 23 35 ec 02 42 01 a3 d4 |.:...z..#5..B...| +000001d0 8a 78 35 1c 4a 9a 23 d2 0a be 2b 10 31 9d 9c 5f |.x5.J.#...+.1.._| +000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| +000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| +00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| +00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 93 0f 00 |...._X.;t.......| +00000240 00 8f 05 03 00 8b 30 81 88 02 42 01 32 6d 32 38 |......0...B.2m28| +00000250 d6 bd 1b b6 c5 80 f2 ea 60 b8 bf 3f b6 76 68 1b |........`..?.vh.| +00000260 66 fb 5d 69 0b 25 09 7f 2d 73 ad 7e cd 98 cb b5 |f.]i.%..-s.~....| +00000270 93 4e 4f 1c 4e 3f a1 39 cf a0 70 a6 3d 29 36 27 |.NO.N?.9..p.=)6'| +00000280 51 e0 55 95 11 df 00 88 6c 38 d6 de 36 02 42 01 |Q.U.....l8..6.B.| +00000290 67 50 81 90 a7 ae b5 e2 34 75 81 41 c2 71 8d 0c |gP......4u.A.q..| +000002a0 9a 20 e7 33 af 0e 61 48 85 51 a1 f7 90 17 d1 ad |. .3..aH.Q......| +000002b0 b3 e1 cf 3e 12 fc ce 39 16 a8 78 3b 69 0d 79 76 |...>...9..x;i.yv| +000002c0 03 17 75 c2 a0 63 5e dc 0a a7 c9 aa 15 2a 83 65 |..u..c^......*.e| +000002d0 df 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 |...........@....| +000002e0 00 00 00 00 00 00 00 00 00 00 00 00 27 da 48 f6 |............'.H.| +000002f0 d3 00 98 b9 a6 b7 41 0b eb e6 d1 d7 82 9a 0c 59 |......A........Y| +00000300 8a 42 1c 99 59 af da a7 5b 88 ab b6 7d 01 bc 0f |.B..Y...[...}...| +00000310 45 08 c4 05 0d 2a 4a 83 bf eb b1 b6 |E....*J.....| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 73 7c e6 43 b9 |..........@s|.C.| +00000010 47 85 1c 50 f1 cb a1 29 79 02 dd 13 85 2a d9 a2 |G..P...)y....*..| +00000020 07 50 e4 80 c4 7e 66 ee f2 1a 21 1d cd e4 ff 4a |.P...~f...!....J| +00000030 a4 61 9d b4 a1 26 88 72 20 2b 06 77 c3 8b 3b 21 |.a...&.r +.w..;!| +00000040 53 33 02 3d a2 06 77 3b a5 a6 0b |S3.=..w;...| +>>> Flow 5 (client to server) +00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000010 00 00 00 00 00 1a 45 68 03 9b f0 42 e4 21 5e d8 |......Eh...B.!^.| +00000020 98 d6 46 67 2b 93 80 92 1f 91 60 a3 05 04 1c a0 |..Fg+.....`.....| +00000030 1b a9 ce 45 03 15 03 03 00 30 00 00 00 00 00 00 |...E.....0......| +00000040 00 00 00 00 00 00 00 00 00 00 6b 23 42 c8 5c 29 |..........k#B.\)| +00000050 f5 1f 7c d5 80 c4 9f 6f 12 77 95 71 8f 82 f9 63 |..|....o.w.q...c| +00000060 07 2c 6d ed 6d c6 4f 90 50 a3 |.,m.m.O.P.| diff --git a/testdata/Client-TLSv12-ClientCert-ECDSA-RSA b/testdata/Client-TLSv12-ClientCert-ECDSA-RSA new file mode 100644 index 0000000..fb6c940 --- /dev/null +++ b/testdata/Client-TLSv12-ClientCert-ECDSA-RSA @@ -0,0 +1,132 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 2e d2 1c 3f f8 |....Y...U.....?.| +00000010 3a dc be 78 0b fa 03 00 e0 9a b9 62 34 45 f8 34 |:..x.......b4E.4| +00000020 54 21 4c c0 76 a6 e1 5a a1 67 c2 20 1b 98 25 34 |T!L.v..Z.g. ..%4| +00000030 79 ac 59 b5 39 c8 93 10 a9 ea 9d 25 3d 2c d8 69 |y.Y.9......%=,.i| +00000040 da d8 33 75 ef 44 4c 76 92 2b 3b b4 c0 2f 00 00 |..3u.DLv.+;../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 06 be 1b 0b d8 95 59 |........ ......Y| +000002d0 b2 13 1c 4a 06 b8 36 3e 4f 98 3f 81 11 3e 7d 21 |...J..6>O.?..>}!| +000002e0 fa d9 f0 db 1b 41 4a d0 14 04 01 00 80 ca 57 f5 |.....AJ.......W.| +000002f0 e7 b6 72 7e 3f b0 67 f2 a2 d0 84 d5 7f 7d 83 ff |..r~?.g......}..| +00000300 92 73 4f 19 f7 94 b6 d7 95 f4 1b 56 2a fc fa 24 |.sO........V*..$| +00000310 3e fe 00 65 52 76 c8 30 8a bf ae fe b5 c9 f2 47 |>..eRv.0.......G| +00000320 0a 71 ad c1 6a 61 8c b5 ab 59 09 12 92 b2 b4 ad |.q..ja...Y......| +00000330 cb cc ac c4 30 e9 a4 8a 82 4e 2e d6 1d 16 46 dd |....0....N....F.| +00000340 60 37 50 b8 ae 83 c1 e6 1d ba 8c c7 18 f7 5e d7 |`7P...........^.| +00000350 23 e5 8a 14 ba e4 8e a1 77 8a b6 41 03 61 8a 25 |#.......w..A.a.%| +00000360 8a 27 f8 cb 2e 4a e0 07 aa bf 03 32 98 16 03 03 |.'...J.....2....| +00000370 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......| +00000380 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000390 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................| +000003a0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| +00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| +00000020 d9 17 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 |..0...*.H.=..0E1| +00000030 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 |.0...U....AU1.0.| +00000040 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 |..U....Some-Stat| +00000050 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 |e1!0...U....Inte| +00000060 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 |rnet Widgits Pty| +00000070 20 4c 74 64 30 1e 17 0d 31 32 31 31 31 34 31 33 | Ltd0...12111413| +00000080 32 35 35 33 5a 17 0d 32 32 31 31 31 32 31 33 32 |2553Z..221112132| +00000090 35 35 33 5a 30 41 31 0b 30 09 06 03 55 04 06 13 |553Z0A1.0...U...| +000000a0 02 41 55 31 0c 30 0a 06 03 55 04 08 13 03 4e 53 |.AU1.0...U....NS| +000000b0 57 31 10 30 0e 06 03 55 04 07 13 07 50 79 72 6d |W1.0...U....Pyrm| +000000c0 6f 6e 74 31 12 30 10 06 03 55 04 03 13 09 4a 6f |ont1.0...U....Jo| +000000d0 65 6c 20 53 69 6e 67 30 81 9b 30 10 06 07 2a 86 |el Sing0..0...*.| +000000e0 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +000000f0 04 00 95 8c 91 75 14 c0 5e c4 57 b4 d4 c3 6f 8d |.....u..^.W...o.| +00000100 ae 68 1e dd 6f ce 86 e1 7e 6e b2 48 3e 81 e5 4e |.h..o...~n.H>..N| +00000110 e2 c6 88 4b 64 dc f5 30 bb d3 ff 65 cc 5b f4 dd |...Kd..0...e.[..| +00000120 b5 6a 3e 3e d0 1d de 47 c3 76 ad 19 f6 45 2c 8c |.j>>...G.v...E,.| +00000130 bc d8 1d 01 4c 1f 70 90 46 76 48 8b 8f 83 cc 4a |....L.p.FvH....J| +00000140 5c 8f 40 76 da e0 89 ec 1d 2b c4 4e 30 76 28 41 |\.@v.....+.N0v(A| +00000150 b2 62 a8 fb 5b f1 f9 4e 7a 8d bd 09 b8 ae ea 8b |.b..[..Nz.......| +00000160 18 27 4f 2e 70 fe 13 96 ba c3 d3 40 16 cd 65 4e |.'O.p......@..eN| +00000170 ac 11 1e e6 f1 30 09 06 07 2a 86 48 ce 3d 04 01 |.....0...*.H.=..| +00000180 03 81 8c 00 30 81 88 02 42 00 e0 14 c4 60 60 0b |....0...B....``.| +00000190 72 68 b0 32 5d 61 4a 02 74 5c c2 81 b9 16 a8 3f |rh.2]aJ.t\.....?| +000001a0 29 c8 36 c7 81 ff 6c b6 5b d9 70 f1 38 3b 50 48 |).6...l.[.p.8;PH| +000001b0 28 94 cb 09 1a 52 f1 5d ee 8d f2 b9 f0 f0 da d9 |(....R.]........| +000001c0 15 3a f9 bd 03 7a 87 a2 23 35 ec 02 42 01 a3 d4 |.:...z..#5..B...| +000001d0 8a 78 35 1c 4a 9a 23 d2 0a be 2b 10 31 9d 9c 5f |.x5.J.#...+.1.._| +000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| +000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| +00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| +00000210 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd 62 |...%...! /.}.G.b| +00000220 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 cf |C.(.._.).0......| +00000230 c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 92 0f 00 |...._X.;t.......| +00000240 00 8e 05 03 00 8a 30 81 87 02 41 19 c6 1e f0 f4 |......0...A.....| +00000250 ca 79 d7 8c 36 0f 56 9a 9d 07 55 31 fe 63 f1 ec |.y..6.V...U1.c..| +00000260 20 80 6f 12 ed 7f bb c0 87 0a 0d 68 81 89 bd 8b | .o........h....| +00000270 19 04 5e c0 19 8a d2 0f 6d 71 83 59 ee a7 be be |..^.....mq.Y....| +00000280 1d bb 2f 12 53 9b ca 58 0e a6 8d ae 02 42 00 d0 |../.S..X.....B..| +00000290 4c 69 75 30 86 d1 da 73 1b 8e 3e e1 82 9b f3 58 |Liu0...s..>....X| +000002a0 8f 6d 0a 10 86 72 5f 90 17 d1 ac 34 8a b5 60 d0 |.m...r_....4..`.| +000002b0 b8 54 0f 05 7f cd 6a c0 62 b5 04 d9 3a 98 95 b6 |.T....j.b...:...| +000002c0 b3 00 1d 94 6e 79 35 57 d2 78 a4 7a 4a 45 89 d1 |....ny5W.x.zJE..| +000002d0 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +000002e0 00 00 00 cf b5 3c cf 0a b7 6b 51 cb fe 06 4c df |.....<...kQ...L.| +000002f0 2c 79 a6 5e a8 75 8b 4c 44 7b ae ff 64 d7 67 dc |,y.^.u.LD{..d.g.| +00000300 af ef 54 |..T| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 1c 12 5e 29 ba |..........(..^).| +00000010 34 b3 d8 ae f7 2a 83 0d 3e 21 ec 91 c9 fa 7f d1 |4....*..>!......| +00000020 42 7e 8d d9 e5 ed 4e f9 ae 95 66 27 85 cc 44 2d |B~....N...f'..D-| +00000030 cd a3 26 |..&| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 8b 4c 36 |..............L6| +00000010 6f b8 69 16 0a 40 67 05 5e a8 e6 48 cc ad 7b 29 |o.i..@g.^..H..{)| +00000020 95 3d 02 15 03 03 00 1a 00 00 00 00 00 00 00 02 |.=..............| +00000030 58 e3 b5 8e 30 e7 5d 02 cd e5 c0 11 95 3a ef a9 |X...0.]......:..| +00000040 d7 86 |..| diff --git a/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 b/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 new file mode 100644 index 0000000..17fc8f8 --- /dev/null +++ b/testdata/Client-TLSv12-ClientCert-RSA-AES256-GCM-SHA384 @@ -0,0 +1,130 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 31 df 35 e4 36 |....Y...U..1.5.6| +00000010 c5 f1 b4 9f e7 5d fa e1 e0 23 04 54 bd 2b fb ab |.....]...#.T.+..| +00000020 a2 37 8f 35 eb 79 47 e6 f8 2b cb 20 ba d8 db 26 |.7.5.yG..+. ...&| +00000030 ce 6b 4a e9 1e 0c 46 9f 4d 85 cb d7 b0 e2 3d 20 |.kJ...F.M.....= | +00000040 58 43 83 37 e1 53 ac 3b d9 b3 fd 0a c0 30 00 00 |XC.7.S.;.....0..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 9a 18 f9 2e 33 f7 bb |........ ....3..| +000002d0 ca 60 0b 51 ad 5c 01 e2 61 82 0b 3f 09 8f 78 9d |.`.Q.\..a..?..x.| +000002e0 3b 11 8b e0 4a 35 2e d5 54 04 01 00 80 90 94 0e |;...J5..T.......| +000002f0 bf 3a b7 95 d3 58 cc 65 c3 79 5e 1e bb d9 21 56 |.:...X.e.y^...!V| +00000300 06 93 6c 2b 6e 26 55 ee 26 c3 02 44 7e db 35 9b |..l+n&U.&..D~.5.| +00000310 d4 d4 1a a0 65 35 41 a4 6c ce de 1f 94 ff b4 1b |....e5A.l.......| +00000320 1e 9c 28 0b 4c 8d 55 d0 d8 be f1 df e0 d1 1a b5 |..(.L.U.........| +00000330 c8 be 2c 5a 2c c3 3f ea 4f e6 d5 b4 6b e1 ff eb |..,Z,.?.O...k...| +00000340 f3 f3 40 54 d5 62 1f a0 fc b2 34 66 ee c5 27 a6 |..@T.b....4f..'.| +00000350 2b 2a b9 5d 3f 36 28 eb 39 99 25 e5 04 d2 18 13 |+*.]?6(.9.%.....| +00000360 3c 23 93 d0 04 37 85 b0 4d 6e 9b 32 9a 16 03 03 |<#...7..Mn.2....| +00000370 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......| +00000380 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000390 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................| +000003a0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 05 01 00 80 ad f7 ff a0 cb d0 6e |...............n| +00000240 8f 19 0c 40 2a 1f bb dd 11 52 81 84 f1 7b 3f cf |...@*....R...{?.| +00000250 75 72 83 a4 4c 0a 9c 70 95 98 d5 51 a2 28 0c 8c |ur..L..p...Q.(..| +00000260 20 08 d7 2a a5 3e 0c cf 6c a2 1d 32 bd cc a1 b4 | ..*.>..l..2....| +00000270 61 e0 6d 9a 61 16 03 5c 7a b8 fa 15 ea cd e4 de |a.m.a..\z.......| +00000280 d6 16 93 b2 e0 d2 55 b9 03 e0 67 04 27 64 8c e2 |......U...g.'d..| +00000290 01 ee 8f f7 59 3e 12 16 51 f2 07 20 fe 03 e2 3e |....Y>..Q.. ...>| +000002a0 09 1f 96 24 c5 73 0e 69 ac 57 ff 43 2b 6a c6 20 |...$.s.i.W.C+j. | +000002b0 2f e4 ef 7e bc b3 38 57 06 14 03 03 00 01 01 16 |/..~..8W........| +000002c0 03 03 00 28 00 00 00 00 00 00 00 00 fd 71 f5 ca |...(.........q..| +000002d0 91 26 67 54 a5 e6 f3 06 c8 40 24 9d a9 bd b1 9a |.&gT.....@$.....| +000002e0 63 c4 c2 53 56 ba af c0 16 bc 06 5c |c..SV......\| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 92 8f bd c5 97 |..........(.....| +00000010 94 76 70 f4 0a f9 9a 79 69 31 27 0e c0 c5 0b 3c |.vp....yi1'....<| +00000020 9f 4f c2 2f cb 6c 56 62 80 3b e5 72 6a 05 9e 4b |.O./.lVb.;.rj..K| +00000030 34 b9 66 |4.f| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 43 fb 43 |.............C.C| +00000010 3d 96 63 dd 25 94 9d 7a fb 9e 15 6f 62 5e ed 34 |=.c.%..z...ob^.4| +00000020 19 89 b8 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................| +00000030 53 c2 2d 6c b7 91 6c 62 84 09 a2 1c 9b 3d 9e 89 |S.-l..lb.....=..| +00000040 6a 3d |j=| diff --git a/testdata/Client-TLSv12-ClientCert-RSA-ECDSA b/testdata/Client-TLSv12-ClientCert-RSA-ECDSA new file mode 100644 index 0000000..1ff9198 --- /dev/null +++ b/testdata/Client-TLSv12-ClientCert-RSA-ECDSA @@ -0,0 +1,131 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 84 4b ff a4 2a |....Y...U...K..*| +00000010 a4 76 c0 26 f6 05 72 94 01 15 44 f2 c6 7d b0 4b |.v.&..r...D..}.K| +00000020 1b fa da 51 54 45 78 66 e6 0a dd 20 17 df d2 0c |...QTExf... ....| +00000030 2f d6 55 b9 ae 82 ce 2f 2f 07 67 54 5e 02 bd 2f |/.U....//.gT^../| +00000040 48 f6 fb 3d 9c fa 4f a8 66 15 08 da c0 09 00 00 |H..=..O.f.......| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 5d 4e |*............ ]N| +00000280 0c 9e ad 7b f1 48 0c db 03 96 26 2e 16 87 2c e2 |...{.H....&...,.| +00000290 ce a2 47 5a 57 30 e8 e1 7e b2 53 5b c6 7b 04 03 |..GZW0..~.S[.{..| +000002a0 00 8b 30 81 88 02 42 00 e8 8e 68 a8 e3 b5 b4 fe |..0...B...h.....| +000002b0 b9 91 aa 4f 96 3d 97 8d b2 ef 23 a4 3d 16 db 2b |...O.=....#.=..+| +000002c0 50 6d 52 cd a5 e7 79 ae 65 10 d6 36 e0 ba c3 6b |PmR...y.e..6...k| +000002d0 53 61 14 bb 05 47 5a df 26 2f cb 3a 95 c6 6b dc |Sa...GZ.&/.:..k.| +000002e0 88 fd 2e 22 b5 ef ff 31 0e 02 42 01 be ce 6e 53 |..."...1..B...nS| +000002f0 42 43 1c 1c d8 83 7f 45 c4 16 ee d2 7b 66 a0 f4 |BC.....E....{f..| +00000300 f3 14 da 5c 14 e8 fc bc 86 7d 18 43 b9 7b 90 8c |...\.....}.C.{..| +00000310 af f1 05 95 c6 53 0b 0b 0d 10 a1 e9 bb 89 35 c2 |.....S........5.| +00000320 b2 e1 d7 dd 99 7c bf 85 19 3c 4e 8e 8f 16 03 03 |.....|...>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 05 01 00 80 98 58 a8 77 3d db 0b |..........X.w=..| +00000240 04 36 78 51 8b 23 48 fc 70 2b c9 94 1f ee 32 ae |.6xQ.#H.p+....2.| +00000250 41 c0 42 20 19 51 67 e7 fa c0 fd 15 a1 5f 55 4f |A.B .Qg......_UO| +00000260 aa be 29 77 f5 47 71 b9 6c 51 89 18 df 25 98 fd |..)w.Gq.lQ...%..| +00000270 c8 6e ae e3 fd 99 63 ca 2c d2 fb ca bc 57 b7 7f |.n....c.,....W..| +00000280 a2 90 a6 6f b7 2e b7 2a 52 29 e6 75 57 86 cc b1 |...o...*R).uW...| +00000290 d8 6c f3 4e 49 ab 4b 66 0a 72 aa ec c2 f7 6e 57 |.l.NI.Kf.r....nW| +000002a0 15 26 79 1a a4 24 c2 ba 76 9e dd b9 f9 d4 da 1b |.&y..$..v.......| +000002b0 c9 29 66 eb 64 1b 68 66 66 14 03 03 00 01 01 16 |.)f.d.hff.......| +000002c0 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 00 |...@............| +000002d0 00 00 00 00 70 2b 69 27 05 9a 96 e6 e8 52 ea 0f |....p+i'.....R..| +000002e0 3a d6 40 b5 e2 89 5b bf aa 95 6c c1 7d 53 09 89 |:.@...[...l.}S..| +000002f0 23 38 6b 83 85 84 fa f4 2e fb cd b3 57 4e 79 8a |#8k.........WNy.| +00000300 92 74 03 22 |.t."| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 8f 91 f1 f5 6b |..........@....k| +00000010 cc 52 9d db 35 1f db b4 64 fe 33 a5 83 08 24 2f |.R..5...d.3...$/| +00000020 57 18 0e 60 4e 18 54 bb 80 31 37 fe 26 14 b8 c8 |W..`N.T..17.&...| +00000030 dd c4 8c 07 42 0b 80 0b 41 82 40 f6 9b b8 60 4f |....B...A.@...`O| +00000040 cb 7b 43 ea 1a 6e 31 8d 9f 82 f7 |.{C..n1....| +>>> Flow 5 (client to server) +00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000010 00 00 00 00 00 70 e7 c8 03 9c e2 58 73 68 ab 9b |.....p.....Xsh..| +00000020 5c bf 32 57 f8 f1 13 97 02 59 de 99 d3 3e 16 3d |\.2W.....Y...>.=| +00000030 87 11 d4 b4 63 15 03 03 00 30 00 00 00 00 00 00 |....c....0......| +00000040 00 00 00 00 00 00 00 00 00 00 9b 99 45 f3 0d f1 |............E...| +00000050 c5 36 07 8c 81 94 b7 0a dc 7c ee 0c 22 1b 36 fd |.6.......|..".6.| +00000060 d4 fc 7d f1 98 8b 87 be 5f c6 |..}....._.| diff --git a/testdata/Client-TLSv12-ClientCert-RSA-RSA b/testdata/Client-TLSv12-ClientCert-RSA-RSA new file mode 100644 index 0000000..76f0c25 --- /dev/null +++ b/testdata/Client-TLSv12-ClientCert-RSA-RSA @@ -0,0 +1,130 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 92 93 45 4c f9 |....Y...U....EL.| +00000010 93 bf ee 78 58 e0 42 b6 df 32 c2 63 6d ec 89 66 |...xX.B..2.cm..f| +00000020 5a 11 7c 0d 31 2f b5 90 22 ab 3d 20 65 f3 40 c4 |Z.|.1/..".= e.@.| +00000030 f8 31 fa 80 f3 fb a7 f6 9e dc 0c 94 67 48 d9 2b |.1..........gH.+| +00000040 cb 94 82 5f 4e 8b 41 5e c6 63 27 da c0 2f 00 00 |..._N.A^.c'../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 66 49 44 2b 04 fe f5 |........ fID+...| +000002d0 41 68 60 09 81 0e 24 c4 46 68 33 87 41 dd 48 69 |Ah`...$.Fh3.A.Hi| +000002e0 4c be c8 22 2d 4e ff 80 20 04 01 00 80 30 85 40 |L.."-N.. ....0.@| +000002f0 30 56 d5 1d 41 14 9d e8 27 39 a2 18 d5 eb 92 27 |0V..A...'9.....'| +00000300 63 4b 05 85 1a 9e 5f 60 2c 80 a3 20 9f 9c 57 29 |cK...._`,.. ..W)| +00000310 ba 5f ac 0a aa 89 98 fc ca 8e 37 6b 44 bc 0f 33 |._........7kD..3| +00000320 5d 47 91 46 55 d4 f9 4f 76 73 51 c4 f6 a9 90 e4 |]G.FU..OvsQ.....| +00000330 95 10 92 94 f1 33 11 3d 83 0a eb 5d ff e6 9d 9c |.....3.=...]....| +00000340 19 ec e1 65 11 ad d7 7b 6a a4 f9 d8 b6 0c 53 8a |...e...{j.....S.| +00000350 16 d5 1f a7 0b 80 6f c5 d8 6a 57 11 2f b1 84 65 |......o..jW./..e| +00000360 24 8a 02 de aa 10 40 bd 9b 68 a2 b7 b6 16 03 03 |$.....@..h......| +00000370 00 2a 0d 00 00 26 03 01 02 40 00 1e 06 01 06 02 |.*...&...@......| +00000380 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000390 03 02 03 03 02 01 02 02 02 03 00 00 16 03 03 00 |................| +000003a0 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 |.5....%...! /.}.| +00000210 47 cd 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 |G.bC.(.._.).0...| +00000220 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 16 03 03 00 |......._X.;t....| +00000230 88 0f 00 00 84 05 01 00 80 05 9b 97 90 30 0b 21 |.............0.!| +00000240 ed 52 16 19 e0 54 7d 59 42 17 94 81 9b 2c b6 5b |.R...T}YB....,.[| +00000250 7f 7c 8e a5 bf 27 a9 25 14 74 f0 37 fa 6e 2b 84 |.|...'.%.t.7.n+.| +00000260 80 a4 cd ae a6 8a 1b 62 2d 5e 03 ff 70 55 d7 99 |.......b-^..pU..| +00000270 68 3c b3 0e 03 41 ae af c6 3e 09 d4 16 8e 06 71 |h<...A...>.....q| +00000280 14 f8 90 97 cd f6 eb 7d 90 3c d1 f3 95 db 35 3c |.......}.<....5<| +00000290 c9 7d dc 30 55 e1 a0 66 8e 26 20 4f 43 89 08 6f |.}.0U..f.& OC..o| +000002a0 95 58 42 ae e8 6c b6 77 45 c6 8c c7 ad e5 ed ff |.XB..l.wE.......| +000002b0 09 6f 2e 7e b0 e4 5c f2 db 14 03 03 00 01 01 16 |.o.~..\.........| +000002c0 03 03 00 28 00 00 00 00 00 00 00 00 c0 2c cc 32 |...(.........,.2| +000002d0 78 5e 6c 3e e9 a3 83 65 b4 bb 4e 79 b2 04 08 30 |x^l>...e..Ny...0| +000002e0 09 e9 04 99 70 48 44 95 26 b0 37 c9 |....pHD.&.7.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 5f 80 e2 f1 78 |..........(_...x| +00000010 0f cb 58 5c 3c 50 4c 1e 33 8a 1f b7 89 92 37 11 |..X\>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 75 dc 54 |.............u.T| +00000010 d9 c5 b1 c2 c9 64 9a ea 20 e5 76 61 6c 05 af 33 |.....d.. .val..3| +00000020 6b bc d7 15 03 03 00 1a 00 00 00 00 00 00 00 02 |k...............| +00000030 24 6b 03 76 d3 da d0 ee a6 32 c3 58 a1 5e a5 21 |$k.v.....2.X.^.!| +00000040 b8 3a |.:| diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES b/testdata/Client-TLSv12-ECDHE-ECDSA-AES new file mode 100644 index 0000000..5d795e7 --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES @@ -0,0 +1,87 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 c3 2f 08 30 ba |....Y...U.../.0.| +00000010 5d 9e 55 ef 23 f9 8a 0d 2f b4 25 02 5f c0 d2 c2 |].U.#.../.%._...| +00000020 50 7c da db a4 ee 7c 18 df af aa 20 f3 a5 02 de |P|....|.... ....| +00000030 54 9f ce b9 6d 69 66 5d 57 76 ff 18 91 d3 93 ab |T...mif]Wv......| +00000040 39 13 29 4c b9 a7 3c db 7f 4d 97 fc c0 09 00 00 |9.)L..<..M......| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 46 07 |*............ F.| +00000280 78 fd 3b 0c e0 2c 96 f8 44 b9 e9 06 e9 66 17 35 |x.;..,..D....f.5| +00000290 c0 92 87 51 f6 e3 d7 f5 09 50 56 c6 e9 3b 04 03 |...Q.....PV..;..| +000002a0 00 8a 30 81 87 02 41 5d 88 4b fe eb 45 ee 5e 9f |..0...A].K..E.^.| +000002b0 ec 20 90 1f 41 aa 47 87 f7 ae 46 71 dc 55 8b 2c |. ..A.G...Fq.U.,| +000002c0 ce 70 5f ad 3e fa 3c c3 cb 77 d2 69 67 25 27 08 |.p_.>.<..w.ig%'.| +000002d0 23 de 52 3c 0e 6c ca 8f 86 8f 61 cd 5b cf d8 42 |#.R<.l....a.[..B| +000002e0 aa 5a 95 aa 4b d4 d9 f3 02 42 01 81 78 53 9c bd |.Z..K....B..xS..| +000002f0 af 7e d9 be 26 07 24 11 ca 4b 1d dd 2b 49 ec 35 |.~..&.$..K..+I.5| +00000300 25 8d 58 87 ad 80 4f 90 c7 f8 a4 b9 c2 75 b5 12 |%.X...O......u..| +00000310 a7 2c 49 82 76 e8 ce c4 a7 23 68 75 fc 88 82 13 |.,I.v....#hu....| +00000320 27 55 a7 50 3c d6 d0 ae e3 88 94 b4 16 03 03 00 |'U.P<...........| +00000330 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 04 f4 cc a8 9f 48 44 ca 19 e6 4c |..........HD...L| +00000050 3d 51 f2 29 40 0b 70 06 09 f0 69 5c 51 78 51 1e |=Q.)@.p...i\QxQ.| +00000060 2b d1 47 22 8d d6 fb f5 41 bd e4 fd 3d f4 1b 48 |+.G"....A...=..H| +00000070 44 96 2d 97 b9 |D.-..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 f1 a2 70 ba 50 |..........@..p.P| +00000010 9d 7a 9f 8f c6 fb 7e 83 75 bd 94 cf e6 c1 4a f0 |.z....~.u.....J.| +00000020 e6 54 e9 2c 30 23 a2 5c c2 09 32 d4 06 f7 54 e7 |.T.,0#.\..2...T.| +00000030 ab 27 a6 66 ab 86 e6 2c 20 12 cf 61 4d ef 12 20 |.'.f..., ..aM.. | +00000040 ba b6 42 39 b7 76 b9 1b fc f4 44 |..B9.v....D| +>>> Flow 5 (client to server) +00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000010 00 00 00 00 00 0b 5b d0 ab 14 3f ae 1f 4b 12 25 |......[...?..K.%| +00000020 05 2a 67 11 0c 17 42 1b b6 d2 af 16 40 26 fd 7b |.*g...B.....@&.{| +00000030 d7 57 10 2a f8 15 03 03 00 30 00 00 00 00 00 00 |.W.*.....0......| +00000040 00 00 00 00 00 00 00 00 00 00 83 54 64 d6 31 32 |...........Td.12| +00000050 55 62 32 49 b9 54 7b e3 34 02 1c 75 e3 1b 5a 41 |Ub2I.T{.4..u..ZA| +00000060 a2 cd 47 26 f0 ed c2 d5 41 34 |..G&....A4| diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM b/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM new file mode 100644 index 0000000..28a9ef7 --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES-GCM @@ -0,0 +1,82 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 72 81 c3 91 37 |....Y...U..r...7| +00000010 54 37 fb 0f 2b 16 3b 7b bc a6 d9 2e e2 83 23 83 |T7..+.;{......#.| +00000020 b3 67 cf 36 dc 65 8d a6 3d cb 72 20 ac b9 b9 48 |.g.6.e..=.r ...H| +00000030 30 9d fe 67 09 39 f5 47 d2 9a c8 3e 22 02 50 5e |0..g.9.G...>".P^| +00000040 fd 02 c9 ff c1 84 2e 2e ab 78 ef c6 c0 2b 00 00 |.........x...+..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b6 0c 00 00 b2 03 00 1d 20 b7 1c |*............ ..| +00000280 2f 05 5e c8 ae 68 6b 54 c5 88 19 cf 7c 04 b2 ed |/.^..hkT....|...| +00000290 8d 5a e9 7e 6b 50 8a ee 12 66 2d 6f e4 7a 04 03 |.Z.~kP...f-o.z..| +000002a0 00 8a 30 81 87 02 42 01 8d 7e 23 bc d7 a7 ad 73 |..0...B..~#....s| +000002b0 5f 45 9e 04 da 6e c0 34 a8 09 59 e3 bc ab 80 e1 |_E...n.4..Y.....| +000002c0 d4 84 79 7d de 90 c1 f2 ea 95 ed fc 7e d3 f0 31 |..y}........~..1| +000002d0 4c 9b da 82 a0 97 ed e6 c9 f2 b9 2a 0a 1e 0a 2c |L..........*...,| +000002e0 7f 1d 62 ea 11 a9 77 5e 2f 02 41 09 88 2b eb 84 |..b...w^/.A..+..| +000002f0 4f 62 9a c9 8a 0b a2 c6 88 0e 3e d9 29 f0 2b ba |Ob........>.).+.| +00000300 08 40 b0 9c 17 70 d9 84 1e d3 39 ad 70 fc df 63 |.@...p....9.p..c| +00000310 a0 f6 69 3c 19 ce 0b a5 95 d2 6a b1 46 b1 e5 ba |..i<......j.F...| +00000320 fd d2 67 4b 76 e3 eb b9 21 d0 7c 85 16 03 03 00 |..gKv...!.|.....| +00000330 04 0e 00 00 00 |.....| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 32 49 7e |....(........2I~| +00000040 8f d6 2e 81 d7 03 a6 61 a3 04 98 81 95 84 58 d1 |.......a......X.| +00000050 a2 33 fe 4a 5d cd 96 76 64 1e 1a 62 03 |.3.J]..vd..b.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 28 14 2d ae 7c |..........((.-.|| +00000010 b8 7d dc 27 b2 18 39 57 c8 be 5c 3d a3 ab fa 5a |.}.'..9W..\=...Z| +00000020 3d 55 1b 3d 31 77 95 af 42 86 af 2b e7 5a 98 40 |=U.=1w..B..+.Z.@| +00000030 18 77 d1 |.w.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 30 50 2f |.............0P/| +00000010 36 4a 7c ee e6 f0 b9 b8 bf 4d e3 63 4d 5e 58 08 |6J|......M.cM^X.| +00000020 ac ac 82 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................| +00000030 80 e2 42 ca 91 65 04 4e ca a8 6f 81 7c 30 c0 1f |..B..e.N..o.|0..| +00000040 aa 7b |.{| diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 b/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 new file mode 100644 index 0000000..831fa21 --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES128-SHA256 @@ -0,0 +1,91 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 be c0 b6 d7 fe |....Y...U.......| +00000010 43 9d 21 1f 89 27 bd db 0a 9a 5a 44 dd 79 d1 f2 |C.!..'....ZD.y..| +00000020 18 9a 2a 04 8c eb e6 a9 93 ef ee 20 35 48 44 08 |..*........ 5HD.| +00000030 8c 7a 3e f6 0f d7 5f 33 54 60 0b c9 65 4e 17 8d |.z>..._3T`..eN..| +00000040 d2 69 b7 20 0b c5 ba 9a d4 b7 40 39 c0 23 00 00 |.i. ......@9.#..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 0e 53 |*............ .S| +00000280 82 54 1a ba f8 a4 52 1d 6d b8 70 18 41 e8 67 f9 |.T....R.m.p.A.g.| +00000290 38 1e fb fa b8 89 2d d6 4d 1b ae 67 fe 75 04 03 |8.....-.M..g.u..| +000002a0 00 8b 30 81 88 02 42 01 68 0e d4 92 a6 1a d9 66 |..0...B.h......f| +000002b0 ff 0e ca 4c 32 b8 78 d3 52 d1 ad a2 32 83 f0 3c |...L2.x.R...2..<| +000002c0 43 e0 7e 92 94 e9 c6 99 00 d9 f7 06 c0 2c 72 c0 |C.~..........,r.| +000002d0 9b f7 c0 ec 1f 23 8f b5 e5 74 9d ff 89 17 12 b4 |.....#...t......| +000002e0 f1 f5 25 f7 2e 0d 78 f6 1c 02 42 01 fc da dd c8 |..%...x...B.....| +000002f0 65 30 67 a3 ff 42 e3 37 19 ba 7c 04 6b a1 b3 97 |e0g..B.7..|.k...| +00000300 b0 ca 8c 2d fc b0 40 1c a1 d8 c9 64 fe df 48 3b |...-..@....d..H;| +00000310 07 57 1f 81 a2 3e a4 84 96 00 fb 55 29 1c 94 9d |.W...>.....U)...| +00000320 f9 0d a4 71 4f 5f fd c3 22 e2 88 07 21 16 03 03 |...qO_.."...!...| +00000330 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 00 |....P...........| +00000040 00 00 00 00 00 7c e9 97 4b 98 8a 4c 59 95 3e 31 |.....|..K..LY.>1| +00000050 c4 b6 e2 79 10 de bc 8e aa 1e 52 07 b2 e1 52 bc |...y......R...R.| +00000060 3b da 8d 5f 12 6a 18 d1 0a 5d 93 1c ad bb f9 b7 |;.._.j...]......| +00000070 6b 58 49 39 ea 3a 9e 20 47 69 43 b4 b4 d8 16 d0 |kXI9.:. GiC.....| +00000080 f0 9d 36 74 04 |..6t.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 50 60 d5 ac 39 b6 |..........P`..9.| +00000010 58 50 03 90 9f c9 78 f1 45 43 b1 34 bd c8 29 65 |XP....x.EC.4..)e| +00000020 54 38 7a 88 46 15 e8 a4 fb 9d 80 4e d6 45 e1 8d |T8z.F......N.E..| +00000030 27 d6 09 66 1d ee 46 6d dd 8e 89 34 0f 4a fb fd |'..f..Fm...4.J..| +00000040 bc 85 08 07 f0 5b 1c 24 e2 11 1b e2 a4 94 f5 80 |.....[.$........| +00000050 fa 47 f4 62 0e b9 1c 31 cb 7b bf |.G.b...1.{.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 37 b7 23 a2 06 97 f3 60 9a f0 7e |.....7.#....`..~| +00000020 b7 11 6d 0d 66 0e db 38 1a eb cd 72 80 c8 54 ef |..m.f..8...r..T.| +00000030 cf 90 6d 22 68 41 63 03 46 b9 28 4f 2f d6 fe fa |..m"hAc.F.(O/...| +00000040 b2 91 07 36 71 15 03 03 00 40 00 00 00 00 00 00 |...6q....@......| +00000050 00 00 00 00 00 00 00 00 00 00 ca 17 d9 fd 1a 0e |................| +00000060 21 db a4 92 dc 92 e8 89 9d 14 6b 8a d3 ee a7 95 |!.........k.....| +00000070 c0 91 8d 3c af 5a 48 d5 c6 2f 66 b8 b8 d4 ce f9 |...<.ZH../f.....| +00000080 59 e5 e0 e2 df e5 7e ea 94 03 |Y.....~...| diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 b/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 new file mode 100644 index 0000000..c22edd0 --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-ECDSA-AES256-GCM-SHA384 @@ -0,0 +1,82 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 e6 0e 27 a7 58 |....Y...U....'.X| +00000010 1d a3 1d 1d 21 64 31 f6 1e bc 28 b4 46 7e 26 be |....!d1...(.F~&.| +00000020 de 0a 65 eb f0 18 dc 7f 3e 1b 55 20 fe 66 50 20 |..e.....>.U .fP | +00000030 f0 f0 48 a8 db 0a ff ee 60 ea 3d 7f 07 5e b9 65 |..H.....`.=..^.e| +00000040 c3 e4 2a 19 9c bd 57 36 ca e3 a7 2d c0 2c 00 00 |..*...W6...-.,..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 17 21 |*............ .!| +00000280 a9 b8 65 8b aa 41 d2 d1 45 45 e5 ce 39 60 54 b6 |..e..A..EE..9`T.| +00000290 43 9f c4 19 a4 aa ec 71 08 b0 d1 22 f7 46 04 03 |C......q...".F..| +000002a0 00 8b 30 81 88 02 42 00 8b a5 d9 d3 8f a1 72 48 |..0...B.......rH| +000002b0 06 42 25 c3 f6 c8 46 8d 88 30 36 7d d8 18 a9 cc |.B%...F..06}....| +000002c0 de e4 c8 3f e9 d2 f0 88 18 cc c6 fb 14 e0 05 b1 |...?............| +000002d0 ec 50 3d 57 b4 e9 83 57 55 4b 0d 2c 89 69 ff b1 |.P=W...WUK.,.i..| +000002e0 58 0b 01 89 48 97 ee 88 7e 02 42 01 e1 6f 9c 36 |X...H...~.B..o.6| +000002f0 6a 6c 86 24 d6 b3 45 f1 6c 03 d8 fd da d8 cc 52 |jl.$..E.l......R| +00000300 04 41 7a c5 f9 b5 91 a5 6c d8 5a 03 ad de e3 da |.Az.....l.Z.....| +00000310 de f8 db b0 bc 75 38 03 ab 84 ac 3f b2 c2 7e 6d |.....u8....?..~m| +00000320 a7 2e c0 d9 bd 85 e2 7b 36 11 2b 12 14 16 03 03 |.......{6.+.....| +00000330 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 4b a3 cc |....(........K..| +00000040 a1 5b 04 d4 1e 6c 2c 26 56 23 62 50 bc d6 90 0b |.[...l,&V#bP....| +00000050 67 41 d9 7c 79 a5 53 54 73 0a 93 e2 73 |gA.|y.STs...s| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 e3 19 7b 8c 8a |..........(..{..| +00000010 52 35 82 cc 70 50 83 22 88 8b 0a 54 bc eb ff 57 |R5..pP."...T...W| +00000020 2c df 0d 50 d6 21 2f d2 d9 e8 15 27 b9 d7 01 a3 |,..P.!/....'....| +00000030 f2 62 0b |.b.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 cc cf 92 |................| +00000010 4d 25 58 96 1d dc df fb d9 1f a5 49 87 45 dd 73 |M%X........I.E.s| +00000020 1a 17 ae 15 03 03 00 1a 00 00 00 00 00 00 00 02 |................| +00000030 fb b5 c5 e4 aa ea e7 7e ff dd f7 11 63 c0 e4 a3 |.......~....c...| +00000040 86 fc |..| diff --git a/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 b/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 new file mode 100644 index 0000000..61e6657 --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-ECDSA-CHACHA20-POLY1305 @@ -0,0 +1,77 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 67 01 00 00 63 03 03 00 00 00 00 00 |....g...c.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 cc a9 |................| +00000030 01 00 00 38 00 05 00 05 01 00 00 00 00 00 0a 00 |...8............| +00000040 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +00000050 00 00 0d 00 0e 00 0c 04 01 04 03 05 01 05 03 02 |................| +00000060 01 02 03 ff 01 00 01 00 00 12 00 00 |............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 d6 47 27 38 fc |....Y...U...G'8.| +00000010 16 92 2c 1f a6 53 a9 31 85 65 a7 83 0a 8f cb 4d |..,..S.1.e.....M| +00000020 7d 5b df c1 2e b9 b1 08 e3 b9 96 20 16 0c e5 07 |}[......... ....| +00000030 27 cc 4f 7d 11 ef 1a 14 c6 42 bf e9 c1 b7 a5 89 |'.O}.....B......| +00000040 ca 2b 4c 30 4f c7 c8 10 13 b0 b1 6b cc a9 00 00 |.+L0O......k....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 0e 0b 00 02 0a 00 02 07 00 02 04 30 82 02 |.............0..| +00000070 00 30 82 01 62 02 09 00 b8 bf 2d 47 a0 d2 eb f4 |.0..b.....-G....| +00000080 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 0b 30 |0...*.H.=..0E1.0| +00000090 09 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 |...U....AU1.0...| +000000a0 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 |U....Some-State1| +000000b0 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e |!0...U....Intern| +000000c0 65 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c |et Widgits Pty L| +000000d0 74 64 30 1e 17 0d 31 32 31 31 32 32 31 35 30 36 |td0...1211221506| +000000e0 33 32 5a 17 0d 32 32 31 31 32 30 31 35 30 36 33 |32Z..22112015063| +000000f0 32 5a 30 45 31 0b 30 09 06 03 55 04 06 13 02 41 |2Z0E1.0...U....A| +00000100 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d 65 |U1.0...U....Some| +00000110 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a 13 |-State1!0...U...| +00000120 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 74 |.Internet Widgit| +00000130 73 20 50 74 79 20 4c 74 64 30 81 9b 30 10 06 07 |s Pty Ltd0..0...| +00000140 2a 86 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 |*.H.=....+...#..| +00000150 86 00 04 00 c4 a1 ed be 98 f9 0b 48 73 36 7e c3 |...........Hs6~.| +00000160 16 56 11 22 f2 3d 53 c3 3b 4d 21 3d cd 6b 75 e6 |.V.".=S.;M!=.ku.| +00000170 f6 b0 dc 9a df 26 c1 bc b2 87 f0 72 32 7c b3 64 |.....&.....r2|.d| +00000180 2f 1c 90 bc ea 68 23 10 7e fe e3 25 c0 48 3a 69 |/....h#.~..%.H:i| +00000190 e0 28 6d d3 37 00 ef 04 62 dd 0d a0 9c 70 62 83 |.(m.7...b....pb.| +000001a0 d8 81 d3 64 31 aa 9e 97 31 bd 96 b0 68 c0 9b 23 |...d1...1...h..#| +000001b0 de 76 64 3f 1a 5c 7f e9 12 0e 58 58 b6 5f 70 dd |.vd?.\....XX._p.| +000001c0 9b d8 ea d5 d7 f5 d5 cc b9 b6 9f 30 66 5b 66 9a |...........0f[f.| +000001d0 20 e2 27 e5 bf fe 3b 30 09 06 07 2a 86 48 ce 3d | .'...;0...*.H.=| +000001e0 04 01 03 81 8c 00 30 81 88 02 42 01 88 a2 4f eb |......0...B...O.| +000001f0 e2 45 c5 48 7d 1b ac f5 ed 98 9d ae 47 70 c0 5e |.E.H}.......Gp.^| +00000200 1b b6 2f bd f1 b6 4d b7 61 40 d3 11 a2 ce ee 0b |../...M.a@......| +00000210 7e 92 7e ff 76 9d c3 3b 7e a5 3f ce fa 10 e2 59 |~.~.v..;~.?....Y| +00000220 ec 47 2d 7c ac da 4e 97 0e 15 a0 6f d0 02 42 01 |.G-|..N....o..B.| +00000230 4d fc be 67 13 9c 2d 05 0e bd 3f a3 8c 25 c1 33 |M..g..-...?..%.3| +00000240 13 83 0d 94 06 bb d4 37 7a f6 ec 7a c9 86 2e dd |.......7z..z....| +00000250 d7 11 69 7f 85 7c 56 de fb 31 78 2b e4 c7 78 0d |..i..|V..1x+..x.| +00000260 ae cb be 9e 4e 36 24 31 7b 6a 0f 39 95 12 07 8f |....N6$1{j.9....| +00000270 2a 16 03 03 00 b7 0c 00 00 b3 03 00 1d 20 69 78 |*............ ix| +00000280 7b e5 14 95 c8 d1 3c 7e c2 d7 38 33 c3 9f 8f dc |{.....<~..83....| +00000290 25 8d 89 8a 99 a4 e4 8b 40 17 fc 80 43 67 04 03 |%.......@...Cg..| +000002a0 00 8b 30 81 88 02 42 01 32 a8 dd d9 ec 11 d2 f2 |..0...B.2.......| +000002b0 6d 86 da 31 00 8c bf ed 81 1d 8c c8 23 87 98 f7 |m..1........#...| +000002c0 25 0c 1b 3d 9f 07 80 11 bc 07 b1 15 5f 3a 81 0e |%..=........_:..| +000002d0 59 04 e8 09 be ea 21 97 34 a9 8a 2f ef 3a 47 ad |Y.....!.4../.:G.| +000002e0 3b f9 9d f3 b8 b8 9a 93 03 02 42 01 bc 88 6b 99 |;.........B...k.| +000002f0 d7 7a df de 5a 75 53 b0 3c 4c 1d 8b 15 c5 a7 9d |.z..ZuS.KjA..=}?Y....| +00000320 f7 c7 7f 63 49 2f e4 4e d9 8f 2d e5 98 16 03 03 |...cI/.N..-.....| +00000330 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 7c 89 36 36 77 8c 09 31 e4 48 01 |.... |.66w..1.H.| +00000040 6f 08 27 a8 bb 1b 1c a6 0c 09 ec 0b f6 a3 be bd |o.'.............| +00000050 76 70 fb f8 e5 |vp...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 a0 db 6c df b1 |.......... ..l..| +00000010 87 77 78 ad 22 b2 98 77 e8 57 aa 13 a8 98 35 63 |.wx."..w.W....5c| +00000020 00 c5 13 b9 88 5d ca bf bc c5 c3 |.....].....| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 16 00 c8 c6 25 ae 11 9d a5 10 75 |.........%.....u| +00000010 e4 4c e3 69 12 2b d9 9e 8e 40 88 15 03 03 00 12 |.L.i.+...@......| +00000020 cf ab ac d4 c4 8e 9c 92 c4 2f 1f c6 96 0b 36 c9 |........./....6.| +00000030 f5 22 |."| diff --git a/testdata/Client-TLSv12-ECDHE-RSA-AES b/testdata/Client-TLSv12-ECDHE-RSA-AES new file mode 100644 index 0000000..45728cf --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-RSA-AES @@ -0,0 +1,91 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 2f 51 e0 81 eb |....Y...U../Q...| +00000010 d2 db 4f 22 fa 11 d2 56 f3 06 d6 a0 97 d2 f3 74 |..O"...V.......t| +00000020 fc a9 a7 73 ba a8 ee f2 05 89 15 20 0f 96 70 60 |...s....... ..p`| +00000030 6f 78 aa 56 fa 92 5e e3 bc e7 f0 40 00 48 8b 84 |ox.V..^....@.H..| +00000040 57 b8 49 e9 f9 00 99 ff 73 29 f6 e7 c0 13 00 00 |W.I.....s)......| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 48 77 87 3e 04 c9 14 |........ Hw.>...| +000002d0 56 9d 1b 41 4b d0 eb 65 8d 56 56 97 fd 73 97 cd |V..AK..e.VV..s..| +000002e0 c6 88 8f 8e 79 99 09 65 53 04 01 00 80 98 c2 ff |....y..eS.......| +000002f0 49 aa 41 ce 0e 7b 03 99 39 c0 b5 ac 72 16 1c 5e |I.A..{..9...r..^| +00000300 a0 92 f1 07 0c 93 dc f6 25 2b 5c be e3 65 41 a9 |........%+\..eA.| +00000310 1e 57 6d 9f 28 50 ca 87 2f c7 b0 15 2e 15 d2 cc |.Wm.(P../.......| +00000320 4d 0e 42 4c 0a 01 4d 1b 9c d1 17 e7 22 9a 6a a9 |M.BL..M.....".j.| +00000330 27 0b 7a a7 32 e3 c7 5a d1 7f f2 1c 45 61 91 a8 |'.z.2..Z....Ea..| +00000340 e0 e0 49 de b7 2f a6 89 63 94 ed 0e 63 15 6b 4f |..I../..c...c.kO| +00000350 fb 62 c4 35 cb 98 89 c2 d1 bc f6 e2 2d 8f 9f 72 |.b.5........-..r| +00000360 56 79 50 5f cd 73 00 f1 65 bf a4 3f 87 16 03 03 |VyP_.s..e..?....| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000040 00 00 00 00 00 93 4b 37 8d 57 43 52 77 56 d2 af |......K7.WCRwV..| +00000050 7c 56 d0 bf 1e 7b 29 55 3e b7 d0 1c 02 2e 0d de ||V...{)U>.......| +00000060 09 66 f2 98 21 57 ab d2 d2 4a 73 c1 c5 fe f1 b8 |.f..!W...Js.....| +00000070 95 d3 fc 70 ce |...p.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 b3 e1 81 3e 0a |..........@...>.| +00000010 f8 f3 c6 05 c1 09 f5 73 01 eb 18 1a 05 fa 2f 9b |.......s....../.| +00000020 b2 bc c7 44 23 38 ed b9 99 a0 56 7d 8b e4 a5 4b |...D#8....V}...K| +00000030 f1 89 45 bc 95 ea 06 a8 48 de 07 bf d5 cb 53 bc |..E.....H.....S.| +00000040 50 fa 25 fb d5 79 17 ec 4d be 3d |P.%..y..M.=| +>>> Flow 5 (client to server) +00000000 17 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +00000010 00 00 00 00 00 3e 90 61 a4 f1 53 ac 7b b2 9f 4e |.....>.a..S.{..N| +00000020 2c 16 5a 77 8b da 5d 68 5c 8b a8 6d 44 52 f3 ad |,.Zw..]h\..mDR..| +00000030 8e ba c8 89 2f 15 03 03 00 30 00 00 00 00 00 00 |..../....0......| +00000040 00 00 00 00 00 00 00 00 00 00 e5 01 5d ef 4c 0c |............].L.| +00000050 07 8f 21 99 60 83 ee 36 13 8e 25 15 32 85 a5 96 |..!.`..6..%.2...| +00000060 36 90 60 49 4f c7 54 99 dd 76 |6.`IO.T..v| diff --git a/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 b/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 new file mode 100644 index 0000000..6b02249 --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-RSA-AES128-SHA256 @@ -0,0 +1,95 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 ab d3 05 5e d0 |....Y...U.....^.| +00000010 80 0b 87 e9 43 26 e2 c9 28 04 3f eb 68 05 54 3d |....C&..(.?.h.T=| +00000020 9b 28 d0 4e d4 d9 25 e5 b0 27 2b 20 89 27 da d5 |.(.N..%..'+ .'..| +00000030 3d 19 38 63 01 34 f6 43 1b a9 f7 09 12 7d 27 e1 |=.8c.4.C.....}'.| +00000040 f6 23 b8 39 24 8b 1e c7 a3 2f 07 16 c0 27 00 00 |.#.9$..../...'..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 ec 71 cc fb 07 bd 0f |........ .q.....| +000002d0 6b e0 e1 27 7f 62 59 06 09 3c 09 bc b1 c9 09 93 |k..'.bY..<......| +000002e0 e9 b0 a4 5b f3 be 14 d1 3c 04 01 00 80 a9 c7 98 |...[....<.......| +000002f0 ea ac 6a 9b 49 7c 72 45 4d 5c c8 4c d6 56 64 1b |..j.I|rEM\.L.Vd.| +00000300 44 7f 13 4f 2a ed e9 6b c7 c0 a2 25 3b 7a 99 f4 |D..O*..k...%;z..| +00000310 93 84 35 78 72 21 ca f6 29 1b 60 d7 f6 bd 31 5b |..5xr!..).`...1[| +00000320 7a fb 57 20 30 cc e6 90 07 b2 0e 08 82 86 56 a7 |z.W 0.........V.| +00000330 55 00 fd f4 ce f4 b1 74 27 e9 0a 28 1c bc 56 47 |U......t'..(..VG| +00000340 f7 18 3e 9e 9c 45 2d 1d 82 a8 66 51 27 25 be ec |..>..E-...fQ'%..| +00000350 cd 9e 83 89 7e e0 e3 0f 3b 7b 32 f2 26 7b 30 c8 |....~...;{2.&{0.| +00000360 c1 e3 7b 4c f4 14 d5 51 ea b7 45 7a 59 16 03 03 |..{L...Q..EzY...| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 50 00 00 00 00 00 00 00 00 00 00 00 |....P...........| +00000040 00 00 00 00 00 76 d8 c4 58 a1 94 11 ab 19 4c 7b |.....v..X.....L{| +00000050 7c 34 d1 b6 8b 7f a2 96 41 e6 e9 98 d8 55 62 2b ||4......A....Ub+| +00000060 56 54 2a 65 25 f0 fa 15 ac cb b7 cc 3b 59 8b 99 |VT*e%.......;Y..| +00000070 e9 be 9e fe 56 97 07 ae 39 38 a7 f4 f0 d0 e9 f5 |....V...98......| +00000080 33 de 20 a6 04 |3. ..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 50 8c 0f 2a be cd |..........P..*..| +00000010 30 f7 46 cf 58 5b 38 88 86 5e d1 33 b1 61 d6 95 |0.F.X[8..^.3.a..| +00000020 13 c7 e7 f2 fb bc 37 e5 a3 db ac a7 74 49 00 89 |......7.....tI..| +00000030 db 94 25 aa 00 b6 b2 34 0a dd 97 bf fa cf 33 6e |..%....4......3n| +00000040 6e f7 ab bf 70 a6 85 91 9b 4f f2 86 15 83 60 0d |n...p....O....`.| +00000050 79 9e 11 51 17 a6 6f 06 2f 98 bc |y..Q..o./..| +>>> Flow 5 (client to server) +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 c3 c9 23 7b bd 57 1a 29 5f ac f6 |.......#{.W.)_..| +00000020 8d bb 90 bb 48 8a 9a 75 65 3b 5b 52 c0 ee 0e 24 |....H..ue;[R...$| +00000030 43 f6 62 1f 1e 51 36 4e 3e a3 e4 96 d8 2b d8 a7 |C.b..Q6N>....+..| +00000040 d0 18 97 d7 1e 15 03 03 00 40 00 00 00 00 00 00 |.........@......| +00000050 00 00 00 00 00 00 00 00 00 00 c0 c8 9f 7d df b1 |.............}..| +00000060 78 72 b5 3d 0d 3e d9 88 38 c2 42 eb 2b 4d e0 b3 |xr.=.>..8.B.+M..| +00000070 d7 69 19 31 57 16 7c 0a bb 24 5b 9c 9b c2 4b b9 |.i.1W.|..$[...K.| +00000080 55 ef ad 2c c1 eb 9b 59 06 5a |U..,...Y.Z| diff --git a/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 b/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 new file mode 100644 index 0000000..64f999a --- /dev/null +++ b/testdata/Client-TLSv12-ECDHE-RSA-CHACHA20-POLY1305 @@ -0,0 +1,81 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 67 01 00 00 63 03 03 00 00 00 00 00 |....g...c.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 02 cc a8 |................| +00000030 01 00 00 38 00 05 00 05 01 00 00 00 00 00 0a 00 |...8............| +00000040 0a 00 08 00 1d 00 17 00 18 00 19 00 0b 00 02 01 |................| +00000050 00 00 0d 00 0e 00 0c 04 01 04 03 05 01 05 03 02 |................| +00000060 01 02 03 ff 01 00 01 00 00 12 00 00 |............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 45 f5 61 06 a8 |....Y...U..E.a..| +00000010 4e ce c0 32 d6 af fb 12 5e c8 6c 06 ac c9 d7 e4 |N..2....^.l.....| +00000020 02 49 09 b9 42 ee ae fa e4 52 18 20 12 3a 53 7d |.I..B....R. .:S}| +00000030 11 cf 13 13 a3 f8 42 c3 98 bb bc a6 10 3e f4 13 |......B......>..| +00000040 a5 a2 fd ef aa b3 01 3c cb 8a 3a 2c cc a8 00 00 |.......<..:,....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 57 53 06 53 e5 14 06 |........ WS.S...| +000002d0 df 26 9d 3a 06 dc a9 d5 49 d3 3f 5f 7b c2 ab 77 |.&.:....I.?_{..w| +000002e0 fd a1 fe 28 dc 54 36 06 22 04 01 00 80 da 23 f5 |...(.T6.".....#.| +000002f0 19 de e8 d2 a9 79 b8 37 3d c0 8c ae f6 7c d5 d9 |.....y.7=....|..| +00000300 87 ab 6b 3f 76 7c 5f 94 be 11 55 a3 78 66 1e e3 |..k?v|_...U.xf..| +00000310 f3 11 3d 1a f7 02 26 a4 a6 cd 7c fe 87 0d 68 a1 |..=...&...|...h.| +00000320 50 e8 7e 94 41 bd 5b 74 d0 6d 3b 6c ef ee 88 2d |P.~.A.[t.m;l...-| +00000330 60 0a a9 53 cf 1f f4 03 a3 54 e5 91 36 50 62 54 |`..S.....T..6PbT| +00000340 5f e6 e5 36 63 58 ba 7b bb 3a 79 59 58 08 a8 f2 |_..6cX.{.:yYX...| +00000350 f5 1e 35 f8 f5 0f 7f 19 e7 7f 5f 56 e2 50 6d 8c |..5......._V.Pm.| +00000360 da 45 70 60 0d 58 32 94 e7 a0 f7 da 93 16 03 03 |.Ep`.X2.........| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 9d 2f a6 b7 21 56 ad 38 a8 31 20 |.... ./..!V.8.1 | +00000040 0b 2e dc 3f 8a 34 64 de 81 0e d3 a5 b1 c1 fc 05 |...?.4d.........| +00000050 18 d9 3e 77 35 |..>w5| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 a8 82 60 8a ef |.......... ..`..| +00000010 31 55 42 e9 1d 33 0e d8 a9 b1 43 85 1c 04 7b 20 |1UB..3....C...{ | +00000020 81 df 03 e9 fd c0 f7 32 b9 b3 31 |.......2..1| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 ef 72 f7 1b 26 1a 47 99 f9 4c e7 |......r..&.G..L.| +00000010 be 8e ab c5 8e ea 8c c6 60 6c 10 15 03 03 00 12 |........`l......| +00000020 2c f4 39 e3 3a 74 a4 3c 72 63 77 e8 82 cf a9 e2 |,.9.:t.>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 ac bf 85 b8 5f |....Q...M......_| +00000010 56 44 a0 c5 3b 20 77 71 af de 34 bc 79 a0 a4 a7 |VD..; wq..4.y...| +00000020 fa 2e cf b5 ee c5 a7 a2 5e 11 48 20 05 89 5e a6 |........^.H ..^.| +00000030 cd ad 91 e4 be c3 c3 6c 6a 0e 1d ab 27 03 5e 0f |.......lj...'.^.| +00000040 05 9d ef b0 63 8d 2d b6 29 08 66 e3 00 05 00 00 |....c.-.).f.....| +00000050 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000060 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000070 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000080 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000090 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +000000a0 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +000000b0 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000c0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000d0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000e0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000f0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +00000100 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +00000110 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000120 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000130 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000140 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000150 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000160 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000170 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000180 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000190 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +000001a0 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +000001b0 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001c0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001d0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001e0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001f0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +00000200 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +00000210 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000220 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000230 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000240 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000250 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000260 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000270 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000280 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000290 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +000002a0 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +000002b0 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 b9 65 8d bf a7 |............e...| +00000010 c8 4b 79 ce 6f cb 8b 13 1c ac b9 7d 66 5e e9 ba |.Ky.o......}f^..| +00000020 1d 71 4e a9 e9 34 ae f6 64 65 90 3b d8 16 52 a2 |.qN..4..de.;..R.| +00000030 6f f4 cb 8a 13 74 a2 ee b7 27 69 b4 41 c0 90 68 |o....t...'i.A..h| +00000040 bc 02 69 e1 c6 48 4f 39 36 30 25 ca 4c 17 ce 83 |..i..HO960%.L...| +00000050 9e 08 56 e3 05 49 93 9e 2e c4 fb e6 c8 01 f1 0f |..V..I..........| +00000060 c5 70 0f 08 83 48 e9 48 ef 6e 50 8b 05 7e e5 84 |.p...H.H.nP..~..| +00000070 25 fa 55 c7 ae 31 02 27 00 ef 3f 98 86 20 12 89 |%.U..1.'..?.. ..| +00000080 91 59 28 b4 f7 d7 af d2 69 61 35 14 03 03 00 01 |.Y(.....ia5.....| +00000090 01 16 03 03 00 24 e1 ef 77 60 cf 7a 44 79 74 59 |.....$..w`.zDytY| +000000a0 ff 81 72 b9 b5 f5 97 af 60 59 78 f5 01 49 2d bb |..r.....`Yx..I-.| +000000b0 4a ec 98 1f f5 31 f4 00 a2 f3 |J....1....| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 24 52 fd a3 51 aa |..........$R..Q.| +00000010 ee 9d 4d be 8c 08 32 f6 f7 4a a5 26 26 6c b2 5a |..M...2..J.&&l.Z| +00000020 49 7f 31 7d 44 b1 83 67 19 4a e3 07 7d 59 34 |I.1}D..g.J..}Y4| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1a 61 73 4d 86 b2 a1 36 b2 3e b0 1d |.....asM...6.>..| +00000010 6a b9 8a 8b 00 e0 3a d9 7e 23 c7 83 72 97 28 15 |j.....:.~#..r.(.| +00000020 03 03 00 16 4a 8a 04 00 0a b2 75 80 20 ad 76 2a |....J.....u. .v*| +00000030 88 16 56 e6 4a a5 c0 ea c7 0c |..V.J.....| diff --git a/testdata/Client-TLSv12-RenegotiateOnce b/testdata/Client-TLSv12-RenegotiateOnce new file mode 100644 index 0000000..8a9ac36 --- /dev/null +++ b/testdata/Client-TLSv12-RenegotiateOnce @@ -0,0 +1,231 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 16 d2 11 2e d6 |....Y...U.......| +00000010 62 0c 5e 5c 9b 1f d2 31 87 b3 43 3e cd 47 4f f1 |b.^\...1..C>.GO.| +00000020 0b a9 d1 4f f1 2a 42 5d 35 e0 ce 20 f2 f3 45 4b |...O.*B]5.. ..EK| +00000030 98 2f 80 06 49 9a c3 4f 3f 70 0d e5 9a 2a 2e ff |./..I..O?p...*..| +00000040 34 1b 0e 30 2c 85 52 e1 84 8c 3c dc cc a8 00 00 |4..0,.R...<.....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 63 85 d4 43 2a d6 9f |........ c..C*..| +000002d0 2f 1f 0c 73 fe dc 96 1e 51 50 a5 0d 5e fd b0 5b |/..s....QP..^..[| +000002e0 a5 88 2a cd 1e bf c1 ec 4d 04 01 00 80 90 fc 48 |..*.....M......H| +000002f0 53 eb 1b bc ec 39 be ae 60 4d c9 d1 49 eb 97 cf |S....9..`M..I...| +00000300 94 53 75 30 84 35 ff 0c f6 ad 9f 24 98 70 2b d3 |.Su0.5.....$.p+.| +00000310 45 0a 7f 25 ca a3 eb 37 5a a5 97 f1 78 8b b6 02 |E..%...7Z...x...| +00000320 92 f9 12 9e 90 52 36 0e 40 15 76 de 37 02 c5 22 |.....R6.@.v.7.."| +00000330 44 8f a4 fc f9 ac 88 88 ad 0c 9b f6 0e d6 9f f3 |D...............| +00000340 68 cb f1 41 dd 2d c2 71 b6 43 36 12 d2 35 1c 9a |h..A.-.q.C6..5..| +00000350 a9 72 ea af a9 9e 77 19 16 86 be 3e ec 5f 5a 53 |.r....w....>._ZS| +00000360 f8 38 27 7f 08 2a ae 68 e0 17 31 df 9b 16 03 03 |.8'..*.h..1.....| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 b1 f2 9a ca 02 d3 ac 26 f5 32 03 |.... .......&.2.| +00000040 4c b6 de cb f2 a3 11 19 eb c3 e0 e9 3b 8e 99 7d |L...........;..}| +00000050 c2 f3 d0 6d 4d |...mM| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 c5 d4 b1 e2 0f |.......... .....| +00000010 37 ad d5 c1 1a 6c 7f da 5f 25 e3 bd 20 1d 6e 58 |7....l.._%.. .nX| +00000020 27 7a 07 55 76 11 76 72 1b 28 9e |'z.Uv.vr.(.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 3d 89 e4 a6 38 75 31 c2 08 3d 86 |.....=...8u1..=.| +00000010 45 ed 8d c4 49 c4 da 54 3b 8f e3 |E...I..T;..| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 aa 85 e4 64 46 2f 8e dc 89 3e ef |........dF/...>.| +00000010 6d 9e 1a af 53 3b a0 81 c2 |m...S;...| +>>> Flow 7 (client to server) +00000000 16 03 03 00 ad c3 12 d1 1a b2 88 da c1 0b 5a 32 |..............Z2| +00000010 cf 05 35 53 ce 5d d8 42 cd 99 7e e7 9f 62 b8 35 |..5S.].B..~..b.5| +00000020 9e f5 b5 a6 15 fd 82 26 9b 6a fe 3b 8e c0 43 27 |.......&.j.;..C'| +00000030 1c 56 37 d1 6f d9 2c a6 a8 e8 b4 50 64 80 ae 5c |.V7.o.,....Pd..\| +00000040 ed eb a6 58 58 52 cf 32 de 1d be 80 69 63 38 a6 |...XXR.2....ic8.| +00000050 12 4e 11 9b 50 aa 4b 10 f7 ad 6f 5b 08 c6 cc bd |.N..P.K...o[....| +00000060 94 42 64 90 c7 33 58 65 18 c5 a7 66 ce dd 83 8b |.Bd..3Xe...f....| +00000070 b0 15 8a 61 26 c7 eb 15 4b 6c 0b 15 45 33 2a 01 |...a&...Kl..E3*.| +00000080 ea 13 5a 20 52 16 15 a0 70 8f 86 dc 28 50 bb e4 |..Z R...p...(P..| +00000090 9d 01 f4 c9 7f 27 5a 54 3f 42 34 c9 5c 04 3f a3 |.....'ZT?B4.\.?.| +000000a0 6a 5c a1 3f 03 7c fc 57 94 9b 3e 76 65 bf 78 40 |j\.?.|.W..>ve.x@| +000000b0 b1 4f |.O| +>>> Flow 8 (server to client) +00000000 16 03 03 00 81 33 ef 78 c8 2d 94 4b e3 b8 ea eb |.....3.x.-.K....| +00000010 67 1e 6c 10 98 25 5f df ce 46 4c 13 77 ec d1 b1 |g.l..%_..FL.w...| +00000020 e9 e2 c9 b0 de 9c ce 40 d0 d9 6f a5 fb a6 69 1f |.......@..o...i.| +00000030 9f 53 68 6c ab f8 f0 10 4a c9 43 f0 ad 61 59 01 |.Shl....J.C..aY.| +00000040 b2 90 97 9e cf 62 64 a5 46 b2 27 2f 1e b8 33 24 |.....bd.F.'/..3$| +00000050 ed 7e 6b 5a dd 45 4d 00 61 a3 7e 22 5e bc 02 af |.~kZ.EM.a.~"^...| +00000060 5a a0 73 fb c5 1c 0f 11 f6 70 5f cc 9e 1c fa 3c |Z.s......p_....<| +00000070 13 0d 8b 03 4c 3b d5 5a 02 7b 95 64 ae cb 2f 50 |....L;.Z.{.d../P| +00000080 e7 e1 32 13 72 96 16 03 03 02 69 f0 60 6a b8 fb |..2.r.....i.`j..| +00000090 50 6e f9 f2 65 d0 73 90 f7 55 0d bc 3a 66 72 32 |Pn..e.s..U..:fr2| +000000a0 b7 32 ad 1d de 18 04 90 55 70 2d b8 c9 3f 4b 2f |.2......Up-..?K/| +000000b0 37 98 1c 4e c1 78 c1 ed 1f e2 bf 50 78 40 04 10 |7..N.x.....Px@..| +000000c0 b8 55 48 29 26 b0 a4 4d ea aa 45 65 b4 21 93 ed |.UH)&..M..Ee.!..| +000000d0 49 4c 1d d9 77 33 38 2e 14 92 b4 e3 06 ce fe 51 |IL..w38........Q| +000000e0 6a 19 1c aa e9 a6 7d fa 45 86 66 1a 6e bb 01 01 |j.....}.E.f.n...| +000000f0 82 86 89 86 81 ce 0a 93 1a b2 f1 90 71 7a 43 fa |............qzC.| +00000100 b1 03 24 75 a1 48 f8 ee a0 b4 c0 18 ff 81 95 2a |..$u.H.........*| +00000110 aa 74 87 39 da 23 ba ab 33 6b 63 ee df 2b f1 d1 |.t.9.#..3kc..+..| +00000120 1a 9a 4a 0d ef de 68 13 28 81 49 d5 c6 08 57 a9 |..J...h.(.I...W.| +00000130 d7 5e 56 a4 ec 81 42 de 28 39 51 7d 3a 66 cf a7 |.^V...B.(9Q}:f..| +00000140 f7 81 7a b2 a7 09 b3 24 a6 b0 a5 cc 96 24 30 b2 |..z....$.....$0.| +00000150 5b 94 1b ef 70 dd 7f bc 63 2f 7b bc 80 70 9e 9f |[...p...c/{..p..| +00000160 01 c9 20 ab 35 53 7c 3b d6 70 d9 1d 9a f6 e8 76 |.. .5S|;.p.....v| +00000170 f5 46 f8 b1 10 46 a9 eb da 7b 80 cc 74 18 f9 30 |.F...F...{..t..0| +00000180 56 1a cb 4e 60 2a b3 9f 35 fe a9 b8 b8 76 02 a7 |V..N`*..5....v..| +00000190 4e f9 43 c9 52 70 6a fd 9c 3e dd c4 3f 28 08 19 |N.C.Rpj..>..?(..| +000001a0 28 ed f9 44 e3 d1 b9 53 7e b7 cd 1b e9 11 c8 9f |(..D...S~.......| +000001b0 35 ed ab e3 5e 26 e8 49 7a 13 5c 20 9a b7 a0 95 |5...^&.Iz.\ ....| +000001c0 60 0f 54 68 5c a8 c9 1d 37 0b 9f f6 61 3b fe 4c |`.Th\...7...a;.L| +000001d0 dc 4f 11 98 0c 7a b7 32 0b 50 e2 cd a7 59 bf 05 |.O...z.2.P...Y..| +000001e0 a2 8a 51 33 23 ab 99 49 23 97 42 3b 0f 1c 39 b1 |..Q3#..I#.B;..9.| +000001f0 43 c4 01 aa f9 f8 54 d7 2c b4 ef 33 f3 05 13 d0 |C.....T.,..3....| +00000200 8d 81 06 23 d3 38 cb 3a 6b 37 f0 4d 1f be ed 0c |...#.8.:k7.M....| +00000210 b7 58 00 3a bd 74 02 a4 f4 b4 fc fd b8 fa 89 15 |.X.:.t..........| +00000220 01 46 49 52 47 f1 4c 94 ee de 00 a1 25 aa b4 9b |.FIRG.L.....%...| +00000230 f6 b4 23 a1 0d fd 00 5a de 45 38 ee 69 17 6f c3 |..#....Z.E8.i.o.| +00000240 0b ed c5 3b b1 7d b1 2c a4 8f ed 30 44 9a 0b 51 |...;.}.,...0D..Q| +00000250 34 12 cc 6a 09 e4 74 ec 11 94 4b ba ce 72 93 64 |4..j..t...K..r.d| +00000260 07 c8 ff 78 6e 1a bd 5e 26 15 a7 e8 72 90 71 a9 |...xn..^&...r.q.| +00000270 0a bb cf 25 40 1d 20 a7 d7 b3 46 4b 53 6c c2 50 |...%@. ...FKSl.P| +00000280 c7 7b 58 e1 3c df 6d db 28 71 15 f9 84 b7 ad b0 |.{X.<.m.(q......| +00000290 9f e9 7a 08 5d 85 7a dd bc c0 62 2e 6a d0 63 6a |..z.].z...b.j.cj| +000002a0 e2 46 6b 80 68 cf e5 a7 9e 60 42 8a 17 54 9c ec |.Fk.h....`B..T..| +000002b0 80 9b 81 80 7e 6f 33 8c d1 be 95 30 f2 a9 19 f8 |....~o3....0....| +000002c0 36 2c 8e 89 c2 5a b4 04 2e 12 05 21 3b 4f 42 26 |6,...Z.....!;OB&| +000002d0 d1 98 11 f4 17 c2 a3 06 54 37 31 8e ca 9b 07 62 |........T71....b| +000002e0 79 95 b8 fd 49 aa 60 5b 03 7d 60 50 b6 2f 3b 0a |y...I.`[.}`P./;.| +000002f0 5d c2 9f 92 16 03 03 00 bc ba f6 73 85 34 20 c4 |]..........s.4 .| +00000300 b3 a4 15 01 fe 37 b3 b4 57 a5 b5 26 0c 64 2b 3e |.....7..W..&.d+>| +00000310 07 d3 e4 59 a8 64 3f fd 15 24 24 70 61 77 9b 96 |...Y.d?..$$paw..| +00000320 c6 4b 79 2e a8 a7 c4 ac 5e cd 6e 8f 30 e5 3f f8 |.Ky.....^.n.0.?.| +00000330 08 22 cb de 5f 8c b8 dc 07 4b 79 ec 41 41 20 20 |.".._....Ky.AA | +00000340 02 f6 4e 98 a3 5e 38 e2 5a d9 4a 2d 2e 3b 29 13 |..N..^8.Z.J-.;).| +00000350 26 dc 4e eb a5 5e a3 b6 6f 16 75 b3 9e 63 4e 8e |&.N..^..o.u..cN.| +00000360 00 c1 46 30 fc 25 f9 05 86 ed 00 87 f2 6b 5c 18 |..F0.%.......k\.| +00000370 69 e5 5c 32 9e 15 d2 47 9e 0e d8 c1 7a 9d 45 7a |i.\2...G....z.Ez| +00000380 76 4a ef 8d b5 60 7d 4d fa 99 8f c5 58 18 ad a2 |vJ...`}M....X...| +00000390 93 c1 36 85 39 73 e1 7b 46 be 69 de 88 fa 68 8e |..6.9s.{F.i...h.| +000003a0 be d1 48 bc 7b 29 2a 21 ba 60 60 58 51 c2 03 66 |..H.{)*!.``XQ..f| +000003b0 51 9a 4e 70 06 16 03 03 00 3a c5 ed 8d 5d b9 c0 |Q.Np.....:...]..| +000003c0 a2 07 15 c3 ef 76 ff fb ca f6 b6 4b ab a5 7a 80 |.....v.....K..z.| +000003d0 a9 2e 43 d0 d2 f1 d9 96 61 ff 43 59 3d d1 82 57 |..C.....a.CY=..W| +000003e0 68 d7 c8 3a 5f 86 4a 2e 00 8f 3d 0e 73 49 c6 4a |h..:_.J...=.sI.J| +000003f0 81 4e ec e2 16 03 03 00 14 d5 5f c3 d2 9c 13 36 |.N........_....6| +00000400 cb 22 23 3d e4 03 5b b9 26 66 cf 79 7c |."#=..[.&f.y|| +>>> Flow 9 (client to server) +00000000 16 03 03 02 69 15 0b 29 0e 27 a9 4b 52 4d 0a 77 |....i..).'.KRM.w| +00000010 b8 3a 40 95 84 a7 7a 8d b1 6b 90 61 94 3a e4 06 |.:@...z..k.a.:..| +00000020 20 6f 88 40 8a 8c c2 4e dc 3a 01 39 c2 11 5a 9b | o.@...N.:.9..Z.| +00000030 28 92 bc 72 04 a3 60 c3 42 c0 b8 dd f3 41 40 be |(..r..`.B....A@.| +00000040 6d 51 5b b8 db 75 63 3d 4f 2a cf f5 04 3d 53 be |mQ[..uc=O*...=S.| +00000050 47 f1 ae be 0a 97 5d 2c df 55 5d dd 9a f6 0e 40 |G.....],.U]....@| +00000060 59 02 91 d8 55 c9 3b e6 84 9c 8d 40 af 29 77 59 |Y...U.;....@.)wY| +00000070 15 0c 83 dd ec c7 e2 16 85 d8 6e e7 4e c5 a5 b1 |..........n.N...| +00000080 8b 4b 46 3e 62 7c ff 27 1b 37 b7 5c 05 32 30 fb |.KF>b|.'.7.\.20.| +00000090 c1 cc 1d 13 1f 09 db 57 6a 70 2b 9f a7 25 9b 75 |.......Wjp+..%.u| +000000a0 d3 62 20 45 d1 2f 28 c0 d7 84 d6 2e b3 6d 4a c3 |.b E./(......mJ.| +000000b0 46 0d 92 32 87 65 dd b8 98 68 1a 52 0a df be b3 |F..2.e...h.R....| +000000c0 09 bc 63 bb a3 da f7 52 5a 81 53 9a e0 ff bb 06 |..c....RZ.S.....| +000000d0 7f 81 f8 ea 02 bb 3b 96 7b 0f 84 a5 4d 17 3a 2a |......;.{...M.:*| +000000e0 20 e9 21 70 b2 ab 8a 55 31 4b 1b 60 52 7f a8 39 | .!p...U1K.`R..9| +000000f0 5a 0f 0b 00 4e eb 01 0c a6 d8 f0 30 2b a3 6f 7b |Z...N......0+.o{| +00000100 99 82 90 9e 4c c8 03 1c 0e 85 55 bc 2d 42 28 66 |....L.....U.-B(f| +00000110 35 c3 1e 08 70 d0 45 05 5b 2e 00 fc 9a f1 44 0e |5...p.E.[.....D.| +00000120 cb 91 ce b8 0f 2a 9f 5a 18 a8 ca 38 ff 2a ab 11 |.....*.Z...8.*..| +00000130 57 a5 03 2f 3e 92 21 77 df dc 85 e7 fd d4 7e d0 |W../>.!w......~.| +00000140 d9 6e ef 99 66 5d a8 f5 9a d3 c3 0f 0c 98 cd fe |.n..f]..........| +00000150 5a 46 79 77 c9 28 fb 5e 3e c0 d5 b3 db 98 79 9d |ZFyw.(.^>.....y.| +00000160 d4 20 a5 ad 25 d8 3b 39 35 60 fd 21 e0 eb 86 be |. ..%.;95`.!....| +00000170 8f 65 72 a2 d3 91 4c 25 70 31 b1 02 29 17 da e0 |.er...L%p1..)...| +00000180 9f 7d 4e 5f 1a 7b 93 09 4c 84 5b 40 f8 3c 98 36 |.}N_.{..L.[@.<.6| +00000190 9b 14 43 db 43 11 0a e2 9a 8b 73 96 a3 7b 4d 67 |..C.C.....s..{Mg| +000001a0 d7 35 a6 85 40 6d 45 0e 9d 47 43 96 b8 64 d4 d7 |.5..@mE..GC..d..| +000001b0 d1 28 c8 32 7e ab d5 11 ad b4 a7 9c c9 ab c5 96 |.(.2~...........| +000001c0 72 69 1a db 42 06 8e 03 d0 70 f9 7a 75 56 53 49 |ri..B....p.zuVSI| +000001d0 29 e1 60 16 86 99 da 9e d6 c3 95 94 e3 e4 6c 9c |).`...........l.| +000001e0 4f d0 5d e7 a6 23 e1 49 a5 b8 3d 41 a4 e0 8c a2 |O.]..#.I..=A....| +000001f0 f8 35 40 4d 12 f1 0b 70 06 f5 b5 29 f8 5d 74 73 |.5@M...p...).]ts| +00000200 32 35 11 7f 50 a3 22 5b d6 db a5 a8 9f ca db 47 |25..P."[.......G| +00000210 b9 a8 c7 fc 16 40 ae 94 6e 6c 40 30 7a d6 9c 89 |.....@..nl@0z...| +00000220 d7 e9 1b 6b 26 72 1f d7 c9 bc ce 6f 84 03 3d 65 |...k&r.....o..=e| +00000230 34 f9 7b 32 54 e4 b4 72 8c e1 31 9e e5 13 50 2f |4.{2T..r..1...P/| +00000240 ea 16 27 15 cb ec 0f 1b 21 aa dd cb 25 74 b9 4d |..'.....!...%t.M| +00000250 36 c0 0d fe a4 99 2f 86 50 52 d0 83 e2 3f fa e7 |6...../.PR...?..| +00000260 2d 24 b6 7a ca 7f 69 3e 7d 0b 61 df 29 3b 16 03 |-$.z..i>}.a.);..| +00000270 03 00 35 8e 89 3d 7b 39 aa d2 21 01 6a 3d fe 4f |..5..={9..!.j=.O| +00000280 e2 d9 e6 6d 5d 1e d3 a5 1d 3f f8 8e fb 97 3d 06 |...m]....?....=.| +00000290 9b 68 67 45 15 3b a1 e8 e8 39 77 1a 41 77 2b c5 |.hgE.;...9w.Aw+.| +000002a0 8c fe bd 28 7a 85 eb 7a 16 03 03 00 98 f0 ed 3c |...(z..z.......<| +000002b0 37 3f 34 3b 35 e4 15 a8 f3 b4 b6 76 49 65 e8 26 |7?4;5......vIe.&| +000002c0 93 4b cc b1 31 7a 4c e7 7d 80 63 60 65 9a ff 11 |.K..1zL.}.c`e...| +000002d0 a8 c5 c4 4e c2 7a ca 95 cb 08 21 77 42 ce 70 1e |...N.z....!wB.p.| +000002e0 bf d9 b5 6d de dc 03 67 2e 11 b5 47 c1 c0 74 6b |...m...g...G..tk| +000002f0 b4 9d c4 de 8c d4 80 e4 99 92 31 68 09 85 00 34 |..........1h...4| +00000300 43 cc 06 09 bc a8 6e 83 a0 fa df 6e a0 04 e9 37 |C.....n....n...7| +00000310 b3 05 69 b9 f1 85 7f 48 27 73 d0 64 2c 33 48 1f |..i....H's.d,3H.| +00000320 f9 7c 0a 21 1f cb 0f 4c c2 28 b0 3b 8c 9b 23 21 |.|.!...L.(.;..#!| +00000330 f4 8c 69 b2 1d 55 35 20 b9 92 09 36 01 aa e1 e3 |..i..U5 ...6....| +00000340 ee b7 3d 83 7b 14 03 03 00 11 40 bb bb 2e 3d 48 |..=.{.....@...=H| +00000350 9f fa c6 0c d8 4f 45 cb 11 b3 a5 16 03 03 00 20 |.....OE........ | +00000360 39 b7 46 30 00 68 12 c5 f5 d7 a0 85 7f ce 49 70 |9.F0.h........Ip| +00000370 05 83 64 26 7a 0c 43 fb a9 4d bb 61 3a c3 8a 91 |..d&z.C..M.a:...| +>>> Flow 10 (server to client) +00000000 14 03 03 00 11 d1 d7 7e 3c 5f 01 cb f8 eb af d5 |.......~<_......| +00000010 ba 09 32 68 4b cf 16 03 03 00 20 02 f1 23 45 32 |..2hK..... ..#E2| +00000020 60 9b 49 db 2f 3a cb 5c e4 f3 64 b1 cb ca 09 b0 |`.I./:.\..d.....| +00000030 b3 34 a3 75 7d a5 a0 80 44 fd b7 17 03 03 00 19 |.4.u}...D.......| +00000040 d7 c3 c4 33 e6 f2 73 d2 2c 0b 7e 0e 40 d3 8b f6 |...3..s.,.~.@...| +00000050 47 57 13 88 be 4b 12 43 57 |GW...K.CW| +>>> Flow 11 (client to server) +00000000 15 03 03 00 12 3a 90 85 e8 ce 53 d1 2a 3b d6 9a |.....:....S.*;..| +00000010 f3 61 c1 72 81 c0 03 |.a.r...| diff --git a/testdata/Client-TLSv12-RenegotiateTwice b/testdata/Client-TLSv12-RenegotiateTwice new file mode 100644 index 0000000..c2f4e4a --- /dev/null +++ b/testdata/Client-TLSv12-RenegotiateTwice @@ -0,0 +1,376 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 30 5b 03 80 cf |....Y...U..0[...| +00000010 ad 5e 69 9b da 4a de 2f 07 f3 6c 42 d7 50 99 10 |.^i..J./..lB.P..| +00000020 80 15 dc dd d2 ef 3d 20 b9 eb bd 20 51 63 fd 9d |......= ... Qc..| +00000030 3d b7 3e ea 4e 18 45 90 40 50 f2 f3 2b b8 00 42 |=.>.N.E.@P..+..B| +00000040 bf 77 ae d1 ff 29 2d ca d8 c2 4e c7 cc a8 00 00 |.w...)-...N.....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 6b cd 37 6d a7 76 7a |........ k.7m.vz| +000002d0 04 0e 8c 93 db b0 62 67 14 65 26 5e 91 b3 8d 66 |......bg.e&^...f| +000002e0 20 40 31 c1 84 3c ef d8 67 04 01 00 80 ce 3a f2 | @1..<..g.....:.| +000002f0 16 01 b2 8a cd d6 1c b3 c4 46 a5 e8 1f 17 85 d9 |.........F......| +00000300 5b 97 fb dd 43 65 52 82 e3 49 99 e8 49 d9 09 13 |[...CeR..I..I...| +00000310 05 73 19 d0 d9 66 54 03 de 4b fa 43 2d f1 f8 98 |.s...fT..K.C-...| +00000320 79 21 3b fa a9 ea 29 78 fa 87 59 8e 9b 2f f2 99 |y!;...)x..Y../..| +00000330 14 85 21 9c 7e 59 5b 4b 2f e3 33 c4 7c 2c ac 35 |..!.~Y[K/.3.|,.5| +00000340 4f 68 c8 a3 0b f5 43 7e 72 9a e6 4f 9c 10 4d 4a |Oh....C~r..O..MJ| +00000350 d4 b5 84 62 61 4e f4 0f 3f a5 b5 23 89 d9 33 e2 |...baN..?..#..3.| +00000360 06 22 02 c5 fe db 27 fb 40 87 8c e7 6e 16 03 03 |."....'.@...n...| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 5a b9 f7 81 81 7f 65 84 c9 87 40 |.... Z.....e...@| +00000040 a4 66 07 85 38 3b 85 8d ff c4 7e b7 f6 16 1d c1 |.f..8;....~.....| +00000050 36 4f 53 1a bb |6OS..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 ff b2 f4 3b af |.......... ...;.| +00000010 ba 44 66 0b f9 31 09 18 df 9d d0 04 82 38 11 dd |.Df..1.......8..| +00000020 a7 ee 83 ef 03 51 21 08 f9 c4 8a |.....Q!....| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 b6 45 4e 35 df 21 f4 c7 24 ba e6 |......EN5.!..$..| +00000010 18 65 1c 75 ba 72 5d 5b 4a fd 78 |.e.u.r][J.x| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 1a ec 37 ab 36 23 80 76 1c 0b d0 |.......7.6#.v...| +00000010 54 9a 8f 7e 7a c0 bd 09 9a |T..~z....| +>>> Flow 7 (client to server) +00000000 16 03 03 00 ad 7a d4 bf 4d bf 48 0a 0f 2c d1 38 |.....z..M.H..,.8| +00000010 9f 20 f7 c7 36 27 82 d9 5e f4 21 44 0e 75 46 ca |. ..6'..^.!D.uF.| +00000020 67 f8 87 6c 4f 1e c7 1e 5f 8d f2 88 58 1b 92 12 |g..lO..._...X...| +00000030 e0 f6 d5 5c d7 4b 21 b9 8c 93 a8 bc a4 e6 e5 cb |...\.K!.........| +00000040 d0 33 eb d5 10 ad 53 50 58 e0 94 f0 b8 52 20 8c |.3....SPX....R .| +00000050 c2 69 7a c3 43 73 3f 2e 4a 42 2c c1 8d c1 ff 1e |.iz.Cs?.JB,.....| +00000060 57 ba 7d 99 9c a2 10 99 19 d6 72 38 96 ba 2b ff |W.}.......r8..+.| +00000070 7b a8 42 c0 c0 c4 d4 50 20 39 39 b8 18 23 a1 d3 |{.B....P 99..#..| +00000080 38 d3 9d 41 81 c2 4b ba 4c 28 c0 14 22 71 df d9 |8..A..K.L(.."q..| +00000090 e1 57 fc 9c 4f 0e 28 9a 13 c6 a1 e2 de f0 81 3b |.W..O.(........;| +000000a0 5f c1 7b 61 f5 fc 74 93 f1 06 7d 9b 67 56 45 a4 |_.{a..t...}.gVE.| +000000b0 f8 83 |..| +>>> Flow 8 (server to client) +00000000 16 03 03 00 81 ec 0e 7c 60 5b ed 0f 29 e6 cd 3a |.......|`[..)..:| +00000010 ca ff f7 68 3e 22 30 cf 43 b2 29 71 ca 3a 06 db |...h>"0.C.)q.:..| +00000020 e0 df bc 87 51 62 df 37 37 7a 9d b4 2d 35 ab bb |....Qb.77z..-5..| +00000030 d2 ed d1 50 e7 61 a4 27 18 43 23 74 4b 1d 14 46 |...P.a.'.C#tK..F| +00000040 80 5c 10 99 10 47 b2 51 92 11 1f aa f1 5a c3 cf |.\...G.Q.....Z..| +00000050 f5 30 69 96 26 f6 0e 7c e9 e1 7c 4b d5 2f 46 1c |.0i.&..|..|K./F.| +00000060 7d 18 a5 20 f1 ff 40 9e c7 d5 d4 54 33 c4 99 9c |}.. ..@....T3...| +00000070 26 95 d9 ca 82 fc e7 27 37 fc 33 9f f8 c7 cb 0a |&......'7.3.....| +00000080 9d 4e bc 66 ca fc 16 03 03 02 69 ab be 55 39 99 |.N.f......i..U9.| +00000090 ac 66 a6 86 03 51 70 d8 fa 7d e7 89 09 fc eb b5 |.f...Qp..}......| +000000a0 25 f6 95 0c 40 3d b8 ea b6 78 41 db a4 f3 92 83 |%...@=...xA.....| +000000b0 00 c8 8d 1f 19 0c ec ec e5 60 07 d9 31 2d 3b 91 |.........`..1-;.| +000000c0 ba ad b3 c1 fb b5 57 52 73 37 43 89 22 e0 45 7c |......WRs7C.".E|| +000000d0 b0 da 1f 69 76 d3 af fc ba f0 98 ec d2 7f be f0 |...iv...........| +000000e0 a4 76 f0 d9 30 1b 78 22 bb 43 fd 45 64 07 e4 64 |.v..0.x".C.Ed..d| +000000f0 c5 74 2f ed ba 23 8d 3a 5a ff 7f 35 de 25 53 0d |.t/..#.:Z..5.%S.| +00000100 ac ae 5b da b1 7d 86 fe da c8 9e 79 58 6c 4c 9c |..[..}.....yXlL.| +00000110 6d f9 e9 1d 31 ff aa fb 8e 2e 98 f4 3a 67 33 9b |m...1.......:g3.| +00000120 a3 63 5e fc 74 f5 c5 28 76 30 e6 22 8a 85 79 56 |.c^.t..(v0."..yV| +00000130 4e cf 94 38 92 61 09 22 00 95 d4 16 b4 e0 80 05 |N..8.a."........| +00000140 28 35 30 6f 56 7d f8 b9 ed 49 72 b0 9f 47 9f 07 |(50oV}...Ir..G..| +00000150 7f 1d b9 3b 6d ce c9 09 72 2f 65 b0 88 b4 ec 24 |...;m...r/e....$| +00000160 29 8d 57 93 a7 51 85 32 26 4c 31 21 24 b1 ab 97 |).W..Q.2&L1!$...| +00000170 c6 3c 38 44 d4 8f d0 3b ea 62 39 48 90 ca c4 5c |.<8D...;.b9H...\| +00000180 9c 72 08 a4 3f d0 1e 3e 9f 23 02 0e 94 b4 14 cc |.r..?..>.#......| +00000190 96 bc 23 22 2f af c5 ed 81 da 49 ca 26 f4 55 6a |..#"/.....I.&.Uj| +000001a0 b3 24 3f 13 a5 f7 d6 82 70 04 37 63 dc 92 63 0f |.$?.....p.7c..c.| +000001b0 3d f7 4e 42 7c 5a 42 df 53 17 48 25 cb da 31 e1 |=.NB|ZB.S.H%..1.| +000001c0 67 a7 22 8c ca db 2d 33 49 86 62 b5 ba 38 53 4c |g."...-3I.b..8SL| +000001d0 12 f3 c3 f6 b6 01 53 b1 11 43 e1 e8 ba 3f 68 7a |......S..C...?hz| +000001e0 9c 10 09 82 d1 90 cd 9e 52 2e 29 15 0b 13 c3 e3 |........R.).....| +000001f0 34 ef 76 8a 0d f9 f6 17 76 57 c2 55 cb 7d 45 e0 |4.v.....vW.U.}E.| +00000200 d5 e6 53 93 75 57 c2 ab 26 5a 13 02 05 7a 60 2b |..S.uW..&Z...z`+| +00000210 b6 92 1a 88 0c 34 59 81 40 42 70 d5 4e 7b d3 14 |.....4Y.@Bp.N{..| +00000220 3c e6 70 81 90 ff 53 79 c5 f3 7c d9 02 6f 35 6b |<.p...Sy..|..o5k| +00000230 d4 81 ff 32 a2 71 28 a0 4b 22 75 9f 3b 50 c8 03 |...2.q(.K"u.;P..| +00000240 22 e7 4f 1f c5 c5 99 67 f3 2c 97 5e 43 89 84 39 |".O....g.,.^C..9| +00000250 04 c9 4c 1e e0 da 39 8f 78 8f 95 3a 64 74 d3 63 |..L...9.x..:dt.c| +00000260 13 d4 14 9d 98 6c bb 27 81 1e 12 88 8c d4 11 1c |.....l.'........| +00000270 4a 71 2f 10 dc 5b 9a 8e 70 e6 bf 0b a2 50 4c d1 |Jq/..[..p....PL.| +00000280 c4 29 b7 85 9e 0f 86 33 7c 38 e4 ae d4 53 5e 81 |.).....3|8...S^.| +00000290 95 cf 6c 1a 15 7d af 20 53 21 f4 84 5c 46 5f 10 |..l..}. S!..\F_.| +000002a0 1f 68 7d 9a 20 0d a8 1f 90 2f ae b8 c0 57 e0 4b |.h}. ..../...W.K| +000002b0 ad ec 9d ae 51 52 78 5d 3f bb de 54 54 d4 18 ff |....QRx]?..TT...| +000002c0 e6 b4 c9 52 f8 66 63 e3 bf 7a f3 5e c6 3f d9 27 |...R.fc..z.^.?.'| +000002d0 71 07 e7 69 6d cb 60 24 55 4e f9 34 e7 5f a3 37 |q..im.`$UN.4._.7| +000002e0 76 90 ec b5 eb ff 49 38 15 71 23 fd 77 30 80 c8 |v.....I8.q#.w0..| +000002f0 ca 0e 38 3c 16 03 03 00 bc 89 27 c8 13 dd 05 8b |..8<......'.....| +00000300 46 97 5f 19 76 db 29 8d b1 24 52 fe 7a 2e 2c 4d |F._.v.)..$R.z.,M| +00000310 e2 f9 59 89 48 82 f5 d7 87 af 99 4b 98 c5 7c 1d |..Y.H......K..|.| +00000320 1a e1 4d fd 0c 37 d0 d3 d8 e2 f8 0f 04 d5 15 21 |..M..7.........!| +00000330 60 09 47 0c d6 bf 09 bf 55 c1 ae 33 11 35 94 29 |`.G.....U..3.5.)| +00000340 80 96 3a 53 ae a8 29 c4 84 37 e2 80 f9 da 79 18 |..:S..)..7....y.| +00000350 77 50 26 32 bf f6 b2 6d 3a 73 25 e7 cd 34 6d ea |wP&2...m:s%..4m.| +00000360 a0 92 40 7e f8 eb d0 82 06 b3 a1 f5 1c 8e b2 ef |..@~............| +00000370 b2 4f 0c bb 04 1b c7 cf bc dd 42 19 00 3e 45 93 |.O........B..>E.| +00000380 e6 72 57 ed eb d9 1d b3 71 b7 fe 84 03 57 e4 9c |.rW.....q....W..| +00000390 71 78 35 39 63 b1 cf 36 b9 5a d6 95 13 ee 4d 2f |qx59c..6.Z....M/| +000003a0 22 ef ed 2e fc 69 7c 12 c2 0e 32 ed 05 17 42 5c |"....i|...2...B\| +000003b0 a7 62 ab 6b 46 16 03 03 00 3a b9 af 3d 25 e4 6a |.b.kF....:..=%.j| +000003c0 a9 b5 b4 00 79 21 aa 3c f3 56 50 bd 32 a4 a8 ab |....y!.<.VP.2...| +000003d0 8a 60 77 5d b7 3e 89 d3 60 a2 b8 5c a8 99 27 bb |.`w].>..`..\..'.| +000003e0 0e dd 93 af 3e 2b 66 8e 56 19 03 29 44 6a 63 a1 |....>+f.V..)Djc.| +000003f0 c7 17 f3 1e 16 03 03 00 14 1c bd e4 7b c3 88 d9 |............{...| +00000400 be ba c3 c3 fb b7 07 9d f1 58 3e b0 61 |.........X>.a| +>>> Flow 9 (client to server) +00000000 16 03 03 02 69 d3 b2 83 ca 08 61 36 6f fa 66 de |....i.....a6o.f.| +00000010 5c 42 5f 35 17 f4 4c b3 5e 17 94 07 c5 2a 89 90 |\B_5..L.^....*..| +00000020 b8 31 50 af 55 91 b1 28 bc 00 00 da 57 85 cc d5 |.1P.U..(....W...| +00000030 a5 a7 ec ba 52 d5 1f ab b5 4f a3 53 9c af 59 20 |....R....O.S..Y | +00000040 be 13 f6 c5 70 b0 cc f7 59 69 d1 db 80 7f 60 29 |....p...Yi....`)| +00000050 e1 e8 7a 1e 97 a6 e1 a2 11 70 4f b4 7b 53 7c 9a |..z......pO.{S|.| +00000060 dd fa 58 5d 12 a4 fb 3e 46 dd d3 4d ac e3 b6 73 |..X]...>F..M...s| +00000070 05 42 03 f3 37 79 a0 10 34 ef 01 6f c6 27 52 4b |.B..7y..4..o.'RK| +00000080 75 4c b2 86 1b d6 ca 13 b4 31 41 db 93 2f a3 35 |uL.......1A../.5| +00000090 e1 e9 bc 65 85 c8 1a e2 7b 6e 36 49 e8 ed 04 a9 |...e....{n6I....| +000000a0 cb a9 70 32 c0 4d e5 f5 94 d8 af 7d 41 b6 dc e5 |..p2.M.....}A...| +000000b0 fc ff db 9f 91 50 df c6 b2 4a 0c bb 86 4e 50 a5 |.....P...J...NP.| +000000c0 2a 3b 69 e2 3d fa 10 eb cc 48 21 9d 98 78 02 0b |*;i.=....H!..x..| +000000d0 e7 4d 83 63 9e e5 ad 2c 7b 46 d1 09 28 35 07 6c |.M.c...,{F..(5.l| +000000e0 12 c9 ae f0 4c 7c 00 aa 54 ba 7b e8 42 be e0 18 |....L|..T.{.B...| +000000f0 f4 df a0 9d eb 8f a2 3a d0 00 b6 e0 eb 90 65 38 |.......:......e8| +00000100 b2 cc 21 87 57 b7 50 07 41 e2 5a 9b c8 2b ae 64 |..!.W.P.A.Z..+.d| +00000110 55 6a d7 b5 0d 5d f0 ac da 0b f0 80 75 8d 6a 0a |Uj...]......u.j.| +00000120 5b c5 2a 20 f2 ab 75 76 a3 33 f1 43 24 06 45 75 |[.* ..uv.3.C$.Eu| +00000130 63 58 60 57 ca 7f d2 8f e8 a5 b8 e3 72 37 39 bd |cX`W........r79.| +00000140 9c dd 10 b0 f8 b5 e8 46 4a 39 ac 94 69 08 51 29 |.......FJ9..i.Q)| +00000150 27 2d 28 0f 15 8a 91 00 3b cc 99 77 ea 82 0d e1 |'-(.....;..w....| +00000160 66 ed 34 da 6e 88 47 e5 f4 1b 28 28 cd 38 9f e5 |f.4.n.G...((.8..| +00000170 1c 26 67 3d 83 d0 b1 88 a3 08 9c 2e 08 a5 b7 af |.&g=............| +00000180 15 28 d5 1e aa c9 58 17 48 85 f7 13 17 6f 55 c3 |.(....X.H....oU.| +00000190 dc 9d 2e 7e 67 45 7a cb 80 a7 e5 77 86 96 36 4d |...~gEz....w..6M| +000001a0 f7 df 27 7d f4 5d 53 9b be e6 b2 b9 44 b9 86 e9 |..'}.]S.....D...| +000001b0 8f 33 26 4e 20 97 e4 34 66 58 6d d5 28 be e8 84 |.3&N ..4fXm.(...| +000001c0 de 2f 19 f2 46 52 80 84 e9 ef 0e 6c 55 5c 43 8c |./..FR.....lU\C.| +000001d0 51 19 8b 22 30 b7 b3 eb 9f ed 35 a1 fe 09 aa 6a |Q.."0.....5....j| +000001e0 f8 b6 37 7e 20 4c e5 76 ae 10 4c dd 67 7c 07 e2 |..7~ L.v..L.g|..| +000001f0 0c dc 78 77 a1 8e c1 d1 aa fa d3 36 8b 9c 74 ed |..xw.......6..t.| +00000200 e2 fe 84 98 40 95 f2 1a a6 fd 77 cf 47 d3 c3 d6 |....@.....w.G...| +00000210 bc 38 45 a9 94 63 13 52 2d 7b 3f 3d 06 1e 0a 31 |.8E..c.R-{?=...1| +00000220 cb 98 1d 18 fa a7 86 21 65 c7 58 dd 78 13 2d 4d |.......!e.X.x.-M| +00000230 76 57 9d 65 15 a3 2d be 7f c9 58 78 b7 89 3c d6 |vW.e..-...Xx..<.| +00000240 dc 7e 5b c5 1b 93 78 04 7b ca ef 61 77 6c 27 6b |.~[...x.{..awl'k| +00000250 a5 30 67 43 64 a7 30 f0 dd 5c 63 92 76 9a e3 a2 |.0gCd.0..\c.v...| +00000260 31 12 49 8e c4 7e 80 ce 1e ce 94 66 2f 6f 16 03 |1.I..~.....f/o..| +00000270 03 00 35 39 86 a0 5a 88 07 66 5f 43 59 ed fb b5 |..59..Z..f_CY...| +00000280 0c 0b ee ff 76 62 28 ea 62 7e 53 72 3d d9 26 9f |....vb(.b~Sr=.&.| +00000290 06 64 99 83 a5 3c 59 45 84 4d 79 86 1d b4 21 14 |.d...2Cd...R..V..| +000002e0 4e d2 1a b8 f6 ae 64 d2 c0 05 9b 18 84 71 a7 ad |N.....d......q..| +000002f0 ea 49 f6 b5 ae 91 ad 66 6f cb fa 56 de 1e 40 22 |.I.....fo..V..@"| +00000300 7f d3 44 c4 a7 bf b1 7b 61 e3 09 1f fe 3b 4b 7b |..D....{a....;K{| +00000310 5a 3f ae 4e c4 5c a8 ac a4 c2 fc 0e 1f 12 4f 9b |Z?.N.\........O.| +00000320 f9 e0 a2 89 ab a0 bb e8 f9 97 5a 7c 8d e8 58 87 |..........Z|..X.| +00000330 3f 4c 1c f3 ff 6e b9 a0 e6 f7 e4 c2 43 cc af 9e |?L...n......C...| +00000340 06 3a 1c ee ef 14 03 03 00 11 8b 6d c3 12 83 c4 |.:.........m....| +00000350 2f e7 67 81 db 18 9a 33 e6 fa 82 16 03 03 00 20 |/.g....3....... | +00000360 ef c9 6f 3f b7 9d 9d 2d a0 05 b6 fd 74 8e ff de |..o?...-....t...| +00000370 cc 4b ca 4c 5b 4d 61 30 76 b5 f3 7a d1 46 d6 6a |.K.L[Ma0v..z.F.j| +>>> Flow 10 (server to client) +00000000 14 03 03 00 11 2e d9 0e 1b 6b 4b 9a 60 96 e9 38 |.........kK.`..8| +00000010 35 a3 72 3d c4 5b 16 03 03 00 20 62 1f 2b 02 e8 |5.r=.[.... b.+..| +00000020 22 0a 89 a2 f6 60 8a da f2 09 52 5a 92 12 a8 f6 |"....`....RZ....| +00000030 c3 ee 25 17 6b 91 25 3e 2b 75 ba 17 03 03 00 19 |..%.k.%>+u......| +00000040 b9 4e 6b c3 74 30 39 f9 3f a2 aa af 80 49 6b 8a |.Nk.t09.?....Ik.| +00000050 f2 a1 9b f5 c7 34 f7 1b 2f 16 03 03 00 14 2d 25 |.....4../.....-%| +00000060 74 c2 c7 80 a8 5f 65 ff 65 b0 c2 50 c8 bc fe 8c |t...._e.e..P....| +00000070 d4 9e |..| +>>> Flow 11 (client to server) +00000000 16 03 03 00 ad d0 25 9a 38 60 d3 94 8e b8 23 45 |......%.8`....#E| +00000010 44 67 95 20 79 1a 27 5f cf bb dc 72 8c 95 2a 02 |Dg. y.'_...r..*.| +00000020 1d d9 80 c6 61 12 c2 5c ae d5 62 a9 aa b0 4a d0 |....a..\..b...J.| +00000030 13 ad 6d ae df c9 63 e2 6b 27 bb ca 88 c3 dc 8b |..m...c.k'......| +00000040 e9 bc 0b fb 32 d6 0f 99 b6 d1 03 7e c9 8d 72 ee |....2......~..r.| +00000050 09 7b 82 f1 79 11 a7 23 43 8b 77 b8 a9 bd 9e 67 |.{..y..#C.w....g| +00000060 43 03 79 88 34 ab c2 6b d1 2a cf c7 c9 b6 14 ee |C.y.4..k.*......| +00000070 ee 32 01 10 fb 85 dc 5a 04 cf 9a ea 8d 8c fc f8 |.2.....Z........| +00000080 b3 b2 49 c0 93 37 93 09 24 1c 26 97 43 5f dd 09 |..I..7..$.&.C_..| +00000090 7a 0d c0 6c bd 17 df 78 37 3d 23 6b 9d 27 d2 f7 |z..l...x7=#k.'..| +000000a0 1c 2e 82 5c ba 95 1c 0f b3 40 af 9f 2f 5e 42 40 |...\.....@../^B@| +000000b0 cc b9 |..| +>>> Flow 12 (server to client) +00000000 16 03 03 00 81 39 20 22 4a e1 4e 21 2e 78 35 50 |.....9 "J.N!.x5P| +00000010 8a d4 c4 c6 a9 20 74 8e 10 4b fd 31 4c ba c4 7f |..... t..K.1L...| +00000020 14 91 ab 4b 7a b2 7a 86 56 cc 61 ed 12 63 4a d5 |...Kz.z.V.a..cJ.| +00000030 b5 c9 48 6e ae 10 71 fc 30 f5 e5 36 8b e2 7d 9d |..Hn..q.0..6..}.| +00000040 93 e2 34 cd 8e a0 72 c4 19 9b 62 eb 9b c4 5e c3 |..4...r...b...^.| +00000050 df 22 d4 16 4d 88 b1 d5 e5 74 ac 9d 38 40 7d 1f |."..M....t..8@}.| +00000060 40 bd 86 e5 fc 19 88 bb 67 cf 3f 22 0f 39 1f 8f |@.......g.?".9..| +00000070 40 5c ee 29 48 00 c1 bf 6a f1 85 51 03 c0 e8 7a |@\.)H...j..Q...z| +00000080 2e f4 2a f9 b6 fb 16 03 03 02 69 59 b1 5a b9 98 |..*.......iY.Z..| +00000090 86 77 af 76 a7 4c 69 0d 83 79 3c 9a b9 3c dd 49 |.w.v.Li..y<..<.I| +000000a0 f2 0f ef d2 38 ac 31 b0 9b 5d 57 ed a7 ca f9 79 |....8.1..]W....y| +000000b0 7c ef 58 f7 ca 7e 0c 60 1c 53 09 c5 06 dd b8 31 ||.X..~.`.S.....1| +000000c0 09 88 af 50 9f c2 2a 2c 24 89 9e 57 ae c8 e6 49 |...P..*,$..W...I| +000000d0 f4 6f 46 e9 dd 38 f1 52 e9 06 50 38 69 b3 e1 69 |.oF..8.R..P8i..i| +000000e0 f5 33 28 54 39 43 05 b9 04 04 c2 d9 3d 34 da 48 |.3(T9C......=4.H| +000000f0 99 7e 8a b2 59 d1 d3 20 da 34 c8 ab 91 f7 66 69 |.~..Y.. .4....fi| +00000100 3a 4f fc 6d ee e6 ef f5 c0 b0 08 bf 59 c0 f8 e5 |:O.m........Y...| +00000110 dc c6 dc c6 49 a7 d5 3c 22 0f e3 9f 39 0b 2a 09 |....I..<"...9.*.| +00000120 7a 56 f8 90 33 05 06 09 21 6f 6a 53 0d 89 63 2a |zV..3...!ojS..c*| +00000130 76 28 19 33 73 e5 a0 2a fa d2 82 bf 4c 43 84 f9 |v(.3s..*....LC..| +00000140 e1 bb 7f 31 62 04 c5 26 ed 16 40 f5 6a 04 e0 c5 |...1b..&..@.j...| +00000150 4e fe bd e3 4c 57 e2 61 41 2f 9a 95 7f 8a e1 34 |N...LW.aA/.....4| +00000160 64 f4 fc ce 13 e5 0c 68 c1 e5 29 df e7 b1 56 0b |d......h..)...V.| +00000170 42 6b fc d6 5d 63 0b 3c 0c ca ce 38 11 50 f2 64 |Bk..]c.<...8.P.d| +00000180 1a 6e 16 da 3e 69 cf 82 ba a0 03 0f 9d 72 ed 10 |.n..>i.......r..| +00000190 78 b2 54 c0 be 9c 16 fa 15 4b 88 db dd 85 dd 08 |x.T......K......| +000001a0 bd f4 50 a0 50 01 77 7a cf 20 c1 3e 50 55 5f bd |..P.P.wz. .>PU_.| +000001b0 4a ba b4 d5 6d 51 38 b2 6d 4f fc b5 af b9 92 ff |J...mQ8.mO......| +000001c0 c4 44 f1 0e db 4d 71 09 15 b3 c3 37 47 57 03 35 |.D...Mq....7GW.5| +000001d0 95 de da 33 31 8c 60 bc 8a 97 2d f8 27 9b 4e dc |...31.`...-.'.N.| +000001e0 2a 6d aa 3e 4d eb 8f 97 b8 fa d4 ef f6 27 d9 da |*m.>M........'..| +000001f0 a6 fe 38 91 4b 96 ff 75 4b 71 52 9f 37 e4 d9 85 |..8.K..uKqR.7...| +00000200 a8 d8 ac 21 e9 b2 c0 4f c0 c0 e3 3a 9f ab e0 93 |...!...O...:....| +00000210 dc 03 18 30 92 55 33 67 58 f3 47 f3 0a 95 bc 33 |...0.U3gX.G....3| +00000220 70 73 e1 5b 9d 63 cf f7 c7 9b da 9e 5d 2e 7a 66 |ps.[.c......].zf| +00000230 03 b1 b8 5c fa b9 f4 fb 4e 0b 38 9a 97 f0 c9 e5 |...\....N.8.....| +00000240 ce 18 33 ea 66 1c 59 cd 41 3e af 71 7c bf 00 a0 |..3.f.Y.A>.q|...| +00000250 d9 ee 20 d7 80 a9 5d 55 b8 f8 92 7b 7e 4f bc 66 |.. ...]U...{~O.f| +00000260 92 98 6a c6 15 5b e3 1d 59 14 d9 d0 5a 30 c0 4d |..j..[..Y...Z0.M| +00000270 37 f5 d9 40 a4 f9 f4 ad b6 cf 55 98 03 1e e7 13 |7..@......U.....| +00000280 5a 23 49 69 36 fa ae 9d c2 cb 90 16 cc 36 f4 41 |Z#Ii6........6.A| +00000290 3a c7 56 9f 05 23 be 1d 3f 8f 90 41 09 6b 88 9a |:.V..#..?..A.k..| +000002a0 70 91 76 e1 6d f0 5c 86 de 77 a4 83 c7 d5 3c c4 |p.v.m.\..w....<.| +000002b0 67 ff b1 a2 e2 f5 61 4f 3b 4d 38 5d c9 c2 8c 97 |g.....aO;M8]....| +000002c0 e2 a7 c0 72 3b 5e 4c d9 0f 18 a8 b9 77 8d 31 8f |...r;^L.....w.1.| +000002d0 d9 73 ac 33 a6 7a b5 bd 5e 58 b4 51 22 be d8 d4 |.s.3.z..^X.Q"...| +000002e0 f5 e1 bc 37 80 d3 cf 3b 58 be 3e ce 33 83 1c 46 |...7...;X.>.3..F| +000002f0 8b f3 f3 56 16 03 03 00 bc 30 f0 e1 0b eb 80 fe |...V.....0......| +00000300 5f fb 94 c9 5a 04 08 82 0f 0b b5 9b f7 f6 f6 d3 |_...Z...........| +00000310 7e 68 e7 e5 2e cf a0 56 e6 b7 70 0a 63 5e 53 42 |~h.....V..p.c^SB| +00000320 7f 27 ec 82 a0 5d e3 e8 77 27 40 3c 6d 47 ce dd |.'...]..w'@.3..Y..V| +000003a0 95 3a 8b dc 1f 24 6c 08 07 c0 f1 20 6d 96 43 71 |.:...$l.... m.Cq| +000003b0 bf c6 92 81 e3 16 03 03 00 3a 91 c1 13 a0 26 c9 |.........:....&.| +000003c0 12 6a 09 23 5b 8b e8 da 10 cc 4d 00 ed 9e a6 09 |.j.#[.....M.....| +000003d0 d8 d4 c0 b7 f0 cd 5f 7a 6e 4d 31 21 f6 6a 22 e7 |......_znM1!.j".| +000003e0 6e 25 11 94 4a f2 b1 f1 b2 c9 30 4b e4 cd f3 f5 |n%..J.....0K....| +000003f0 ce 86 e7 5d 16 03 03 00 14 20 c5 91 f0 6e 21 b8 |...]..... ...n!.| +00000400 e8 a1 bb cf 62 ed 4b 5a fa 19 40 ea 54 |....b.KZ..@.T| +>>> Flow 13 (client to server) +00000000 16 03 03 02 69 1a b5 80 9c c6 42 be a6 d9 d1 c8 |....i.....B.....| +00000010 0b 2c f7 f8 2a 1a 02 f6 db 48 8b 5c 45 fc 28 41 |.,..*....H.\E.(A| +00000020 a4 db 35 fb a7 a9 72 07 19 86 9e e9 dc 53 48 fb |..5...r......SH.| +00000030 97 94 f3 a0 0d 8d 46 69 cf eb d9 ea de 21 a3 f4 |......Fi.....!..| +00000040 b9 94 4f 8f 09 c3 de 66 fa 20 83 34 fc 50 ae c6 |..O....f. .4.P..| +00000050 13 f6 7c c5 80 45 17 51 af a9 da bd 24 dd f6 15 |..|..E.Q....$...| +00000060 8e c4 b4 e6 10 54 85 23 9d fe 72 b1 4c 2f ab ec |.....T.#..r.L/..| +00000070 78 9a 06 60 03 96 f7 d0 af dd 94 26 c9 67 1d e5 |x..`.......&.g..| +00000080 9f 87 22 c4 11 82 f1 4c f5 68 a7 fd d8 f3 dc ac |.."....L.h......| +00000090 35 90 6b c2 97 1c 78 54 d9 b2 3c d8 9d 13 66 42 |5.k...xT..<...fB| +000000a0 6e 3b 1b 8f 32 4e 8f b5 a0 60 6e e4 35 fd d5 b4 |n;..2N...`n.5...| +000000b0 f8 fb a6 a9 c7 b7 31 39 8e 90 0c 42 bc 1a 4f 67 |......19...B..Og| +000000c0 fa b3 10 a8 45 01 88 8a dd 41 43 c6 6c 41 9d 28 |....E....AC.lA.(| +000000d0 bd 4c 43 85 4c 3b 7c 03 c4 55 70 f1 49 a0 d6 52 |.LC.L;|..Up.I..R| +000000e0 5c 49 3e 2b d7 e8 a9 75 5e 92 bf f3 4c 1c c3 7e |\I>+...u^...L..~| +000000f0 69 ca 52 25 07 bb 54 e0 58 2d 28 ba 50 30 81 e8 |i.R%..T.X-(.P0..| +00000100 93 0d 9d 78 3d c0 f1 c3 34 72 29 f1 da 60 de 84 |...x=...4r)..`..| +00000110 aa fc d3 0f 2b 1e 1a 9c 7c af 6f 6a 4c cc 88 36 |....+...|.ojL..6| +00000120 03 03 34 79 f9 89 6d 41 bb 19 61 6a 60 75 d7 0f |..4y..mA..aj`u..| +00000130 dc 22 7a e4 36 91 32 2b 99 24 36 19 4b 4c c4 ae |."z.6.2+.$6.KL..| +00000140 4f 98 6d f0 97 ce bc b4 ee 97 30 97 0b 54 8c 14 |O.m.......0..T..| +00000150 8f d5 9d 44 ae 0a a6 07 9f 39 f6 66 80 cb fa 27 |...D.....9.f...'| +00000160 bb 2f 26 bb c3 1a a4 9b a0 d3 e8 75 13 49 da 0a |./&........u.I..| +00000170 8f cc e8 15 77 f8 05 c2 17 a0 ff e7 2a 59 bc c8 |....w.......*Y..| +00000180 67 b5 7e b8 78 1e 32 81 22 3e 57 28 ee 51 96 b7 |g.~.x.2.">W(.Q..| +00000190 0e dc 3f d1 00 16 a5 eb 01 cb c3 e3 5b 01 ad a9 |..?.........[...| +000001a0 d5 1b ac 9b e2 0d 9a 6f 7a 2f f1 7d 05 57 6d 2d |.......oz/.}.Wm-| +000001b0 9d 35 68 88 e7 c5 e0 fb 9d 87 a7 ef 71 d8 47 b8 |.5h.........q.G.| +000001c0 19 8e 87 d8 b1 36 0f 52 ab 98 8b 97 43 53 86 be |.....6.R....CS..| +000001d0 9d 86 2a cd 7c b0 46 c4 48 89 5b 6c 1e 93 9e a2 |..*.|.F.H.[l....| +000001e0 15 af 60 8f 84 75 99 97 53 11 23 f9 0d ba 78 12 |..`..u..S.#...x.| +000001f0 9b a9 04 91 d0 3a b3 4d 7b 67 a0 fa 78 5c 19 d6 |.....:.M{g..x\..| +00000200 88 d2 21 f6 8d e4 91 d1 76 95 67 9d 4e 3b a1 d2 |..!.....v.g.N;..| +00000210 61 c3 d2 a6 53 fd 82 93 20 7e f6 07 a0 49 3a ea |a...S... ~...I:.| +00000220 bc 73 03 0b f2 df 51 ac 35 d8 e4 35 9d 13 56 b5 |.s....Q.5..5..V.| +00000230 be fc 7c 36 8b 37 a0 71 57 62 bd 89 38 18 90 1e |..|6.7.qWb..8...| +00000240 7a 1f b3 8f 73 55 32 94 5a 3a 31 91 b3 95 bd 61 |z...sU2.Z:1....a| +00000250 ea 93 9d f0 38 33 fb 5b 28 3d a7 29 a4 91 de 85 |....83.[(=.)....| +00000260 9c 16 63 10 81 c6 e0 11 92 3d 53 db 69 95 16 03 |..c......=S.i...| +00000270 03 00 35 f7 3a b7 d1 20 aa f7 ed b1 c7 46 52 cb |..5.:.. .....FR.| +00000280 6e dd e2 f4 ae 83 20 cd 6c 59 b5 26 f9 81 7e 6c |n..... .lY.&..~l| +00000290 ed e9 0b 2a f1 3a dc f8 d6 ed e5 6d 89 14 3d 79 |...*.:.....m..=y| +000002a0 e7 c8 af 89 30 eb 98 3d 16 03 03 00 98 a0 59 2f |....0..=......Y/| +000002b0 cd d9 f6 63 e3 53 47 77 e5 c4 fc 2e 12 d7 24 8a |...c.SGw......$.| +000002c0 4c c7 d8 c9 77 4f bc 3c af 93 6f 57 3d 6f 5d 1c |L...wO.<..oW=o].| +000002d0 6a 5a 2c 42 1c e0 92 d5 5e 34 c8 a5 9e 11 21 16 |jZ,B....^4....!.| +000002e0 01 1a 08 af 4e f6 a1 e3 19 a6 81 41 3d 7a f3 d1 |....N......A=z..| +000002f0 e0 9e 55 90 42 4b d9 5c 46 b7 eb c8 fb 83 1c 97 |..U.BK.\F.......| +00000300 9e d9 74 bb 7f 2f 4d 61 89 46 db 32 da 1a 76 95 |..t../Ma.F.2..v.| +00000310 88 f8 ca 62 14 88 dc 97 b8 58 82 74 16 78 be c5 |...b.....X.t.x..| +00000320 f9 78 a4 88 c1 d4 6b 36 6e 54 60 a5 21 30 47 07 |.x....k6nT`.!0G.| +00000330 e8 2d 22 ce a5 17 fb 43 10 9d 74 c9 64 a3 db ac |.-"....C..t.d...| +00000340 d9 24 7a a7 5d 14 03 03 00 11 68 20 87 e9 9b 91 |.$z.].....h ....| +00000350 81 67 2b 31 c4 47 e8 9b 2e 7c c4 16 03 03 00 20 |.g+1.G...|..... | +00000360 ef 6f 3d 0f 23 fa 77 8c a9 46 d9 0d b0 d9 f8 16 |.o=.#.w..F......| +00000370 62 e2 07 21 ec b6 a7 78 ce a6 ea b3 68 c1 c7 af |b..!...x....h...| +>>> Flow 14 (server to client) +00000000 14 03 03 00 11 bb 45 96 9e 08 cb e4 24 c2 e3 71 |......E.....$..q| +00000010 40 d1 ef a1 5e 2f 16 03 03 00 20 1b 3f 69 fb ae |@...^/.... .?i..| +00000020 cd 98 15 59 16 14 cf a5 16 af 36 6d 6d 3a 49 06 |...Y......6mm:I.| +00000030 a6 f9 cf 53 ea 9a b7 3b 48 d2 e3 17 03 03 00 19 |...S...;H.......| +00000040 72 2c 82 a0 8c 6c 8b c3 78 e4 41 1b ff ba 92 6d |r,...l..x.A....m| +00000050 3c 4d 9c c3 95 e3 27 b9 82 |>> Flow 15 (client to server) +00000000 15 03 03 00 12 3d f9 72 53 84 b5 a4 ec 27 39 cc |.....=.rS....'9.| +00000010 72 29 c0 e6 37 7b 0f |r)..7{.| diff --git a/testdata/Client-TLSv12-RenegotiateTwiceRejected b/testdata/Client-TLSv12-RenegotiateTwiceRejected new file mode 100644 index 0000000..737ccc6 --- /dev/null +++ b/testdata/Client-TLSv12-RenegotiateTwiceRejected @@ -0,0 +1,234 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 75 f6 1b 17 2f |....Y...U..u.../| +00000010 e0 d4 19 06 0d 93 90 51 46 d9 c3 a0 cd 45 6c 85 |.......QF....El.| +00000020 94 87 01 21 3e 92 62 1d e7 d1 39 20 07 26 a1 5b |...!>.b...9 .&.[| +00000030 d2 4a 61 40 ba 58 c0 23 0c 3f c3 08 5d 28 04 94 |.Ja@.X.#.?..](..| +00000040 a9 34 37 28 64 75 6f 9c ae fa 1f 24 cc a8 00 00 |.47(duo....$....| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 84 74 e5 bc 24 39 39 |........ .t..$99| +000002d0 e0 6e 35 fb 34 87 76 0d 78 89 35 5c 85 e7 92 da |.n5.4.v.x.5\....| +000002e0 e1 39 f4 b2 e7 ec d5 cd 58 04 01 00 80 cf 3a 57 |.9......X.....:W| +000002f0 6a 8b b7 72 d8 a2 6b 47 87 77 8b 7a bf 63 6c e8 |j..r..kG.w.z.cl.| +00000300 d4 20 6a 6a 9c 62 b6 ef 4b 9f a7 89 8c a6 fd 02 |. jj.b..K.......| +00000310 92 2f 8d 07 44 09 f6 d9 03 99 39 49 1d 8d 1b 7f |./..D.....9I....| +00000320 eb eb 4b a6 fb 9f 83 3b 3d d3 61 3e e4 d3 22 24 |..K....;=.a>.."$| +00000330 c1 44 76 e8 75 c7 aa 31 96 e3 50 bb 76 3e 87 02 |.Dv.u..1..P.v>..| +00000340 b9 1d 82 dd 55 ee 05 b9 b5 1e 65 90 2c 50 c9 87 |....U.....e.,P..| +00000350 49 dd 35 c8 84 67 6e 52 3a 3b ec 3c 63 f4 0f 95 |I.5..gnR:;.>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 3e a2 12 3b a4 83 4a c2 0e 93 d5 |.... >..;..J....| +00000040 98 d5 2e 11 9e 60 60 23 78 5a 63 49 f1 7a ee c4 |.....``#xZcI.z..| +00000050 47 00 6c 4e fb |G.lN.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 6d 78 5b 5f 1b |.......... mx[_.| +00000010 2c 05 ba 92 46 e2 f0 04 48 fa a1 da be 93 ed fd |,...F...H.......| +00000020 f5 f8 b8 dd 00 60 09 a6 36 3c c4 |.....`..6<.| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 a4 db 13 bc c1 6e 06 9e 6d 1a c9 |..........n..m..| +00000010 85 a7 e9 28 b8 27 74 19 8f 1a bc |...(.'t....| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 fa a3 77 3c 76 11 5d be 12 4f 6a |.......w>> Flow 7 (client to server) +00000000 16 03 03 00 ad 59 80 a4 91 95 56 2a 01 ee 04 84 |.....Y....V*....| +00000010 f9 d2 dd a5 2c a6 46 a8 69 a3 c7 47 7e eb 54 da |....,.F.i..G~.T.| +00000020 ec cc 9d aa e1 0a b1 7c e9 cf 9f c9 c8 12 62 35 |.......|......b5| +00000030 d2 4a eb 28 0d 9b aa a4 d5 79 66 f7 72 4c 26 10 |.J.(.....yf.rL&.| +00000040 b6 71 db 4a 68 8b 47 f9 47 e3 6d a6 4e 99 d5 0b |.q.Jh.G.G.m.N...| +00000050 27 b2 2c 23 9b 58 60 8a 37 a1 8e 26 09 26 2a 46 |'.,#.X`.7..&.&*F| +00000060 e6 24 7f 9b cb 6b d1 9d b1 c0 48 c9 50 8b ab 06 |.$...k....H.P...| +00000070 05 57 ef 1a e0 bd ce db ca 3d e1 59 df 24 4c 02 |.W.......=.Y.$L.| +00000080 bf 1b 9e 48 52 42 6c dd 8f fa 82 68 56 52 a6 be |...HRBl....hVR..| +00000090 d0 93 cb 43 74 e1 2f 86 cc e1 4c fa ba fc 1d f0 |...Ct./...L.....| +000000a0 d5 20 3a 79 b3 b8 b7 24 b5 cf 4c dd a5 d0 4d 18 |. :y...$..L...M.| +000000b0 15 55 |.U| +>>> Flow 8 (server to client) +00000000 16 03 03 00 81 10 b8 d9 9a 82 21 14 86 6d ef e4 |..........!..m..| +00000010 b6 bc 10 84 80 a6 72 7b dc 24 ba e1 e5 d2 bb d2 |......r{.$......| +00000020 9f 09 d3 d7 37 20 ec 7d bd 13 e0 bd 40 44 8a 6e |....7 .}....@D.n| +00000030 7f f6 d5 42 03 4b 00 b5 87 99 ac 6d 11 03 38 46 |...B.K.....m..8F| +00000040 33 71 c4 10 ce da 36 d6 c1 41 9f 96 8e eb 4b 99 |3q....6..A....K.| +00000050 24 07 8c 6b 88 2c f1 dd 31 35 ba 43 0f 60 bf b0 |$..k.,..15.C.`..| +00000060 74 77 a9 d4 a7 65 f6 68 e2 70 4a 7e fe db ab 13 |tw...e.h.pJ~....| +00000070 7f 51 c3 0f b4 93 42 12 d6 29 5d 44 5c df 17 6e |.Q....B..)]D\..n| +00000080 73 1d b8 95 fc 8b 16 03 03 02 69 64 5d 4f b4 3a |s.........id]O.:| +00000090 23 98 07 51 63 18 09 07 9a 8c dd 8e 51 a8 ca 23 |#..Qc.......Q..#| +000000a0 37 21 f4 d5 e0 8f 03 1c 6f 6d c4 60 dd 99 8f 4b |7!......om.`...K| +000000b0 4c 11 f7 78 f8 aa f6 29 87 cf 4d ba 89 87 2a c9 |L..x...)..M...*.| +000000c0 48 66 48 d3 a6 19 8a 84 f6 db 17 b4 59 5b e4 8e |HfH.........Y[..| +000000d0 8e ef fc 32 10 aa 0d 57 47 68 82 07 72 95 03 f6 |...2...WGh..r...| +000000e0 e5 c1 c3 01 00 f9 85 4f 0f 85 37 73 f7 c5 af a2 |.......O..7s....| +000000f0 37 96 ba 06 49 6a 2d a2 23 39 2e 9b f1 fc 01 de |7...Ij-.#9......| +00000100 53 75 ee 34 ae 27 ea 49 6a d8 d0 cd 9b e8 60 b7 |Su.4.'.Ij.....`.| +00000110 f6 b1 8e 26 ec 6c 36 87 d6 70 49 07 e0 96 2a bd |...&.l6..pI...*.| +00000120 45 a3 b1 f5 dc b0 a3 4f dc d8 c3 fd 4f fb 98 13 |E......O....O...| +00000130 67 55 99 39 b5 16 19 72 9d f1 5a cf 6e 53 d9 03 |gU.9...r..Z.nS..| +00000140 05 f5 81 07 a1 38 a1 e5 4c 76 51 1a ae f6 4b f6 |.....8..LvQ...K.| +00000150 b2 a7 84 1e 2a 31 b0 b8 9f 41 e8 e5 32 18 44 4c |....*1...A..2.DL| +00000160 0b fb e3 d9 4c dd 45 c5 c4 c4 57 bf f7 5a dc f6 |....L.E...W..Z..| +00000170 73 98 d4 ea 2f c0 cb 35 97 c1 45 94 37 87 d3 8c |s.../..5..E.7...| +00000180 65 3f ee a8 67 a6 00 80 92 02 76 e8 0a 04 ce 7a |e?..g.....v....z| +00000190 79 4f cd 70 1a 31 5a 03 83 01 de 1f 4a 46 39 4e |yO.p.1Z.....JF9N| +000001a0 d0 80 6e 67 d7 e6 fc ba 74 4b 57 d2 3c 19 7b 03 |..ng....tKW.<.{.| +000001b0 ab 9a e2 f7 db 58 c2 b7 58 96 55 88 e6 e2 e2 f8 |.....X..X.U.....| +000001c0 ab e9 b0 12 ef ff e6 53 7b 4e 01 2f 65 0d 05 f0 |.......S{N./e...| +000001d0 95 9f 46 d2 ae e7 33 5c 37 56 ab 67 95 87 81 59 |..F...3\7V.g...Y| +000001e0 f2 35 76 78 ed 13 63 a3 58 52 af 46 e6 aa c3 99 |.5vx..c.XR.F....| +000001f0 37 9d 10 25 cc 7f 7e 63 e1 96 6d 7a 8e ac 9e 00 |7..%..~c..mz....| +00000200 d1 0e 7a 48 b6 82 77 6a a0 17 d1 77 70 f8 40 4a |..zH..wj...wp.@J| +00000210 c4 90 da b0 3f 25 68 f5 9f dd 5e ec 95 02 19 53 |....?%h...^....S| +00000220 08 6a 13 11 88 9e 2b 25 b8 28 cd 58 36 d7 d3 95 |.j....+%.(.X6...| +00000230 f5 91 63 92 ff 3b d2 4f 75 ae 47 6c 64 8a a4 76 |..c..;.Ou.Gld..v| +00000240 48 96 a7 35 d6 35 22 96 4d 4f ee 45 fb 88 52 68 |H..5.5".MO.E..Rh| +00000250 4e 38 93 e8 08 6a e6 f3 00 a7 f7 b0 0b 68 41 ab |N8...j.......hA.| +00000260 9b 3a 92 2b fd b2 71 14 77 91 48 e7 70 62 b5 b0 |.:.+..q.w.H.pb..| +00000270 45 90 35 d2 b3 22 f5 70 6c 62 7f 55 6b 56 42 f8 |E.5..".plb.UkVB.| +00000280 6c 87 a7 60 45 37 f0 41 41 ec 73 f5 f1 d9 d2 84 |l..`E7.AA.s.....| +00000290 bd 88 bc 9b 43 ec 8b b3 c4 3a 59 2c 30 61 30 98 |....C....:Y,0a0.| +000002a0 78 d3 e7 85 dd 7e 80 b8 fb b3 bf 7e 11 79 e8 20 |x....~.....~.y. | +000002b0 aa b8 81 94 10 5c f8 ba 70 4c 1e 7c 35 8f 48 30 |.....\..pL.|5.H0| +000002c0 17 38 d6 1c 91 ed 00 2c f7 af 29 d3 cb 9b ab 6b |.8.....,..)....k| +000002d0 b3 fa 6e 1a 9b a8 cf 08 8e 03 a5 f7 76 17 74 3a |..n.........v.t:| +000002e0 9e 36 ae 19 fd 2c 44 14 f3 2b 1d 01 db e1 96 22 |.6...,D..+....."| +000002f0 25 14 5b d8 16 03 03 00 bc bb 8c bb cf f9 d7 76 |%.[............v| +00000300 7a a7 d6 e0 29 cb 45 21 8d 57 0b 81 0c e0 96 05 |z...).E!.W......| +00000310 c7 96 67 43 0f 41 11 e9 c2 07 2d 62 17 b4 64 01 |..gC.A....-b..d.| +00000320 c5 75 79 dc 9c 36 3f ea 42 ea 09 a7 bc 0f 6b b1 |.uy..6?.B.....k.| +00000330 b4 4d ae 38 0a ca 51 d0 97 46 b6 55 12 7c 24 28 |.M.8..Q..F.U.|$(| +00000340 77 16 64 42 53 70 c4 52 ed e5 aa 20 3a 00 7e d0 |w.dBSp.R... :.~.| +00000350 9e 99 e4 56 5f ef 30 56 00 8b e7 31 6d 66 6d dc |...V_.0V...1mfm.| +00000360 58 8a b0 60 6f 16 a7 b0 14 a5 9d 3d 38 94 6e 16 |X..`o......=8.n.| +00000370 a3 22 76 e9 59 d8 90 cd 32 83 bb 8c c5 23 cb c2 |."v.Y...2....#..| +00000380 c5 03 02 de 13 97 ac 4e 99 9f 4d 6d aa ed 72 b7 |.......N..Mm..r.| +00000390 76 db 8b c9 31 17 b9 1c 4a fa 87 2c 6b dc 07 82 |v...1...J..,k...| +000003a0 a2 39 e0 09 32 a2 8e 1c 6e 68 e1 14 ba ab 3a d4 |.9..2...nh....:.| +000003b0 1e 4f f4 39 c7 16 03 03 00 3a cf b2 61 5f 7e ef |.O.9.....:..a_~.| +000003c0 04 51 64 f6 3d b3 54 44 bd 8a d0 87 48 64 76 a6 |.Qd.=.TD....Hdv.| +000003d0 0d bc 7f b7 99 d4 67 8b cd e3 c4 5d df c5 c8 fc |......g....]....| +000003e0 be d1 c4 03 6d 61 2d 10 58 b1 7a 7c 9e 1c 6b 16 |....ma-.X.z|..k.| +000003f0 ff 31 a8 87 16 03 03 00 14 85 99 57 4b a1 19 33 |.1.........WK..3| +00000400 bd 9a 86 ed be 5d 24 f0 02 9d ca 1e 26 |.....]$.....&| +>>> Flow 9 (client to server) +00000000 16 03 03 02 69 8c c7 01 da 38 a5 36 3d 2c 21 1c |....i....8.6=,!.| +00000010 64 1b b8 e7 c2 cd 17 06 b6 51 0e e6 d9 d9 18 c5 |d........Q......| +00000020 a9 c9 ac 5d 2d 23 f8 15 92 b2 e1 62 6e d7 8d 58 |...]-#.....bn..X| +00000030 5b d9 b8 26 e5 ec 0f 61 15 3e 12 70 89 0d 3f 4e |[..&...a.>.p..?N| +00000040 e3 2e 18 42 7c c7 59 7b e1 48 d9 a8 cf b1 cd 38 |...B|.Y{.H.....8| +00000050 17 90 97 89 2e 4f 4b df 58 b0 9f 4e 95 d2 e9 70 |.....OK.X..N...p| +00000060 6d 0b 82 af b7 05 be 11 26 d8 f9 89 e6 d6 44 f5 |m.......&.....D.| +00000070 db 7c 8c 91 61 78 dc 68 98 9b 10 17 5b 85 42 93 |.|..ax.h....[.B.| +00000080 31 a2 16 97 72 c5 f2 d0 81 76 a6 9b b7 9c 14 ab |1...r....v......| +00000090 a7 bf 19 f7 34 e3 8f 3f a5 aa 23 c8 49 07 1b 6f |....4..?..#.I..o| +000000a0 e5 5d 65 66 a1 dc d2 e7 bb c2 4b 9e a7 9a dc d6 |.]ef......K.....| +000000b0 72 42 d3 71 d3 51 a4 3a 82 f7 cd 2a 15 34 da 6d |rB.q.Q.:...*.4.m| +000000c0 44 3a a9 7d 6e 4c ce a5 ba 6b 5b 3b 88 8c e1 29 |D:.}nL...k[;...)| +000000d0 ee a8 17 1b 02 36 8f 68 c9 9e e6 f1 bf e3 e3 e0 |.....6.h........| +000000e0 cd 6d 7f ff c2 4d 3f 88 c7 9b 75 20 e5 cd fa fa |.m...M?...u ....| +000000f0 a0 d7 10 6a c1 00 73 f9 df bd 22 60 8c 82 71 e6 |...j..s..."`..q.| +00000100 56 aa 90 bf c7 a8 82 51 e7 23 42 ec 99 f5 b9 aa |V......Q.#B.....| +00000110 3c cc c6 32 11 29 1f a6 ae 89 03 04 e8 de 9f f4 |<..2.)..........| +00000120 bd 87 ae af 91 ee a2 f3 e2 6d 7b 87 ad 67 16 2d |.........m{..g.-| +00000130 ad 92 34 38 52 ed 7c 38 92 45 16 26 9f 65 d2 67 |..48R.|8.E.&.e.g| +00000140 3e 33 a1 bd b2 f6 d3 c8 76 96 52 11 0d 8d ac a6 |>3......v.R.....| +00000150 27 10 6a 43 63 5f 82 41 e7 fe 91 24 68 70 bd 2c |'.jCc_.A...$hp.,| +00000160 35 fd 0e 49 ec 3a dd f3 c0 af 5c f4 61 9a 2a 00 |5..I.:....\.a.*.| +00000170 59 b5 28 24 f0 cf d3 25 bc 77 65 74 04 ee 4b 5e |Y.($...%.wet..K^| +00000180 2b 9f 1d 27 e2 dd 1a ed ab e5 ff d6 1a 55 d7 4d |+..'.........U.M| +00000190 5c da 14 96 21 43 f6 c3 2d 78 e5 75 60 69 26 ce |\...!C..-x.u`i&.| +000001a0 7a 66 5e 42 91 0e ef 41 c2 c4 e6 15 8a 9a 17 a1 |zf^B...A........| +000001b0 d9 23 2c cc c7 81 00 71 b0 52 ec 4e ea eb f9 75 |.#,....q.R.N...u| +000001c0 2e 87 16 b4 ba 25 8c 09 f1 23 f9 ee ea db 0e b5 |.....%...#......| +000001d0 d0 dd 47 9b b6 06 a3 f3 5e 0d 34 5a ba 76 cd 0a |..G.....^.4Z.v..| +000001e0 b1 9f 8a 99 aa d3 02 2e b6 04 7b c5 d3 2f dc d7 |..........{../..| +000001f0 68 af 6b 88 90 0a 94 a4 29 65 0b ba b3 da f2 cd |h.k.....)e......| +00000200 51 93 4f ea b4 f8 54 c7 28 e3 2d 63 d0 62 54 d9 |Q.O...T.(.-c.bT.| +00000210 27 a0 85 57 7b a2 f2 f5 a5 25 83 1b e2 36 15 06 |'..W{....%...6..| +00000220 41 ae e1 f9 ca a5 c6 59 2d da 4a ed 10 7b 80 01 |A......Y-.J..{..| +00000230 06 39 f2 a8 4b 22 37 4d aa 84 79 85 71 29 1b 4e |.9..K"7M..y.q).N| +00000240 c3 79 af 13 f5 4e 3c 6d fa 8c d7 55 13 2b 48 3d |.y...N..0....| +000002f0 96 89 a7 0f 7c fb 96 18 84 86 e7 bd e2 35 31 0c |....|........51.| +00000300 7a 51 d7 94 6b 61 62 7a 6a d8 56 62 e6 cf bf 60 |zQ..kabzj.Vb...`| +00000310 df 7a c5 ce d3 87 ea 2f 5a ad 90 d4 39 f7 47 8e |.z...../Z...9.G.| +00000320 8b d3 6b 8e e0 3f 2f 59 71 e4 e6 bf 3f 4a 29 a8 |..k..?/Yq...?J).| +00000330 60 df 1b 5c 2d 21 ab 0a a5 9f 5a a2 a3 d6 08 3c |`..\-!....Z....<| +00000340 4a 4b f9 d6 a0 14 03 03 00 11 44 a4 62 7e c1 4a |JK........D.b~.J| +00000350 4e 56 dd 08 65 b2 ab 12 cd fa 8d 16 03 03 00 20 |NV..e.......... | +00000360 b4 52 5a e8 33 b6 23 b1 b4 e6 59 da b0 84 52 94 |.RZ.3.#...Y...R.| +00000370 70 de dc 02 f6 41 e3 27 7c 27 56 6a 7c 92 e3 48 |p....A.'|'Vj|..H| +>>> Flow 10 (server to client) +00000000 14 03 03 00 11 c7 92 b3 aa a0 91 21 4f 42 96 0c |...........!OB..| +00000010 3a 92 c3 53 55 d1 16 03 03 00 20 4b da e5 1c 08 |:..SU..... K....| +00000020 ce a7 33 f1 a6 c7 47 52 19 68 b4 f5 1d 66 a7 38 |..3...GR.h...f.8| +00000030 97 45 43 9f ca b5 db 2c 14 fc f4 17 03 03 00 19 |.EC....,........| +00000040 28 f4 bb bf c1 5a 2d 1e b8 fc c7 fc 55 16 e9 cc |(....Z-.....U...| +00000050 43 a3 63 58 7e 2c 60 77 23 16 03 03 00 14 2c e6 |C.cX~,`w#.....,.| +00000060 25 0a b7 26 7b 13 55 62 f1 fe 6e fe 0e 57 53 57 |%..&{.Ub..n..WSW| +00000070 19 1b |..| +>>> Flow 11 (client to server) +00000000 15 03 03 00 12 dd 2b 00 09 fd 8c 7d 21 3d 7c 06 |......+....}!=|.| +00000010 93 ca c9 21 b2 3e 20 15 03 03 00 12 90 32 4b 3b |...!.> ......2K;| +00000020 33 4d fd 69 55 81 aa 42 16 ae 47 b9 4c 06 |3M.iU..B..G.L.| diff --git a/testdata/Client-TLSv12-RenegotiationRejected b/testdata/Client-TLSv12-RenegotiationRejected new file mode 100644 index 0000000..cb96432 --- /dev/null +++ b/testdata/Client-TLSv12-RenegotiationRejected @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 91 a6 bc 02 ab |....Y...U.......| +00000010 19 62 2c de 45 57 ba 71 c0 b0 4d 78 5e f4 c2 b9 |.b,.EW.q..Mx^...| +00000020 81 ba 8b d6 b1 9b c8 fb 0c 7c 40 20 dc 66 80 5b |.........|@ .f.[| +00000030 20 3c 60 65 7f 9e 0c 67 a8 f3 22 c9 c5 48 80 fa | <`e...g.."..H..| +00000040 02 a1 1a 48 6d 1c 46 07 db 6c 8e 85 cc a8 00 00 |...Hm.F..l......| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 f5 fd 54 ea 3e bb 70 |........ ..T.>.p| +000002d0 fb 8e fb e4 8a 25 1f 9d 3d 9a fb fb 9d ff d1 52 |.....%..=......R| +000002e0 81 9d b0 ea a1 e6 b0 87 2f 04 01 00 80 77 54 16 |......../....wT.| +000002f0 98 5d 22 c4 7f 9b 2a 44 dd e4 0d 78 c2 60 6a ad |.]"...*D...x.`j.| +00000300 91 9d d9 ed 93 0b 4e b4 c6 26 f1 94 6d e0 cc f4 |......N..&..m...| +00000310 8d fa 9c ec 70 f5 5b ac 80 d7 5e 4f 49 04 bc 24 |....p.[...^OI..$| +00000320 8e 0a 7d 44 e1 7e 47 1e a8 68 d1 fe 6f 41 0d 4a |..}D.~G..h..oA.J| +00000330 e5 5b f6 f6 a3 af 76 21 56 1a 25 d2 03 3c f4 dd |.[....v!V.%..<..| +00000340 0c 13 ce 56 8a 61 6f 5b 8c a1 04 43 82 87 64 20 |...V.ao[...C..d | +00000350 4a 3b ec 90 d7 59 aa ca 08 3a 39 57 f1 56 57 6a |J;...Y...:9W.VWj| +00000360 18 c9 14 7f e3 8d 83 0f e2 0b 4d 24 01 16 03 03 |..........M$....| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 6b ce 5c 2f df 85 e7 5e fa 51 48 |.... k.\/...^.QH| +00000040 f9 31 a5 02 64 c7 1e b1 2e f2 6b 86 30 43 23 91 |.1..d.....k.0C#.| +00000050 76 6b 40 74 2b |vk@t+| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 e7 1e 88 10 2d |.......... ....-| +00000010 dc 35 6d 2b 4a 91 39 5d 5c 46 ed 2e 45 6f 41 38 |.5m+J.9]\F..EoA8| +00000020 66 0f 15 58 f8 af d8 a6 6c 99 61 |f..X....l.a| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 ab 2a df 2f 3c 07 6a 24 98 55 0b |......*./<.j$.U.| +00000010 67 20 2d 92 cd 9a 44 74 da fd 6a |g -...Dt..j| +>>> Flow 6 (server to client) +00000000 16 03 03 00 14 d6 fb e7 9a 76 2a 6f e1 e9 33 1a |.........v*o..3.| +00000010 77 07 fd 7f 98 af 1e 04 43 |w.......C| +>>> Flow 7 (client to server) +00000000 15 03 03 00 12 7e e3 20 96 03 31 8c 6a 31 f8 62 |.....~. ..1.j1.b| +00000010 02 a7 a4 ce 77 83 c1 15 03 03 00 12 b9 91 75 45 |....w.........uE| +00000020 a5 4a f9 c6 6d b2 5c c3 0a 1a 26 63 00 04 |.J..m.\...&c..| diff --git a/testdata/Client-TLSv12-SCT b/testdata/Client-TLSv12-SCT new file mode 100644 index 0000000..a0f6a09 --- /dev/null +++ b/testdata/Client-TLSv12-SCT @@ -0,0 +1,107 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 91 01 00 00 8d 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 38 00 05 |.............8..| +00000060 00 05 01 00 00 00 00 00 0a 00 0a 00 08 00 1d 00 |................| +00000070 17 00 18 00 19 00 0b 00 02 01 00 00 0d 00 0e 00 |................| +00000080 0c 04 01 04 03 05 01 05 03 02 01 02 03 ff 01 00 |................| +00000090 01 00 00 12 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 01 c6 02 00 01 c2 03 03 08 db 5c c4 da |.............\..| +00000010 fe 2c a2 21 0d c4 9e c4 14 b9 e3 15 d7 c5 2c 84 |.,.!..........,.| +00000020 f2 b8 0e 32 67 9e 72 08 9c 17 6b 20 86 09 60 52 |...2g.r...k ..`R| +00000030 9d 53 ba c8 8a c3 1a 11 c0 e5 c6 a0 59 49 ed cb |.S..........YI..| +00000040 e0 6f 0a 56 e9 4f bf 02 2f 23 10 b8 cc a8 00 01 |.o.V.O../#......| +00000050 7a ff 01 00 01 00 00 0b 00 04 03 00 01 02 00 12 |z...............| +00000060 01 69 01 67 00 75 00 a4 b9 09 90 b4 18 58 14 87 |.i.g.u.......X..| +00000070 bb 13 a2 cc 67 70 0a 3c 35 98 04 f9 1b df b8 e3 |....gp.<5.......| +00000080 77 cd 0e c8 0d dc 10 00 00 01 47 97 99 ee 16 00 |w.........G.....| +00000090 00 04 03 00 46 30 44 02 20 1c 4b 82 5d 95 6e 67 |....F0D. .K.].ng| +000000a0 5b db 04 95 4b f6 ce f4 32 3e 86 7a 7a 32 ab 18 |[...K...2>.zz2..| +000000b0 60 74 de 08 da 05 91 4c 2f 02 20 73 54 1b 6e 7f |`t.....L/. sT.n.| +000000c0 a1 b0 7d 11 bc e6 f3 85 2f 97 66 1a f7 8a e4 10 |..}...../.f.....| +000000d0 25 8f 12 f4 6f 39 0f d2 9e 18 f0 00 76 00 68 f6 |%...o9......v.h.| +000000e0 98 f8 1f 64 82 be 3a 8c ee b9 28 1d 4c fc 71 51 |...d..:...(.L.qQ| +000000f0 5d 67 93 d4 44 d1 0a 67 ac bb 4f 4f fb c4 00 00 |]g..D..g..OO....| +00000100 01 47 97 e1 b5 70 00 00 04 03 00 47 30 45 02 20 |.G...p.....G0E. | +00000110 32 21 14 38 06 d8 72 2e 00 30 64 1a e2 e8 6d 4e |2!.8..r..0d...mN| +00000120 5a e1 d9 42 1e 82 4b 96 25 89 d5 26 13 d3 9c fa |Z..B..K.%..&....| +00000130 02 21 00 8f 12 28 64 51 4f 44 d5 8c 18 62 23 b2 |.!...(dQOD...b#.| +00000140 43 93 33 05 f3 43 55 a1 d9 ee cd c5 71 35 91 dd |C.3..CU.....q5..| +00000150 49 d1 0b 00 76 00 ee 4b bd b7 75 ce 60 ba e1 42 |I...v..K..u.`..B| +00000160 69 1f ab e1 9e 66 a3 0f 7e 5f b0 72 d8 83 00 c4 |i....f..~_.r....| +00000170 7b 89 7a a8 fd cb 00 00 01 48 5c 64 8a 87 00 00 |{.z......H\d....| +00000180 04 03 00 47 30 45 02 20 29 89 d6 b0 53 d3 d2 e9 |...G0E. )...S...| +00000190 91 bc f1 b5 40 be 1e 2e e7 5c b4 74 27 ed 8f 9b |....@....\.t'...| +000001a0 02 e9 fa c2 4c ba a2 be 02 21 00 af 43 64 52 71 |....L....!..CdRq| +000001b0 15 29 58 40 91 c7 08 16 96 03 a8 73 a5 65 a0 6c |.)X@.......s.e.l| +000001c0 b8 48 56 5a b6 29 83 64 6d 2a 9d 16 03 03 02 59 |.HVZ.).dm*.....Y| +000001d0 0b 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 |...U..R..O0..K0.| +000001e0 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b |.............?.[| +000001f0 ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 |..0...*.H.......| +00000200 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |.0.1.0...U....Go| +00000210 31 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f |1.0...U....Go Ro| +00000220 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 |ot0...1601010000| +00000230 30 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 |00Z..25010100000| +00000240 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 |0Z0.1.0...U....G| +00000250 6f 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 |o1.0...U....Go0.| +00000260 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 |.0...*.H........| +00000270 03 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e |....0.......F}..| +00000280 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e |.'.H..(!.~...]..| +00000290 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be |RE.z6G....B[....| +000002a0 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 |.y.@.Om..+.....g| +000002b0 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 |....."8.J.ts+.4.| +000002c0 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 |.....t{.X.la<..A| +000002d0 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 |..++$#w[.;.u]. T| +000002e0 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 |..c...$....P....| +000002f0 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 |C...ub...R......| +00000300 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff |...0..0...U.....| +00000310 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 |......0...U.%..0| +00000320 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 |...+.........+..| +00000330 05 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 |.....0...U......| +00000340 02 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 |.0.0...U........| +00000350 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b |..CC>I..m....`0.| +00000360 06 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 |..U.#..0...H.IM.| +00000370 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 |~.1......n{0...U| +00000380 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e |....0...example.| +00000390 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d |golang0...*.H...| +000003a0 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 |..........0.@+[P| +000003b0 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 |.a...SX...(.X..8| +000003c0 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 |....1Z..f=C.-...| +000003d0 97 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 |... d8.$:....}.@| +000003e0 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c | ._...a..v......| +000003f0 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c |\.....l..s..Cw..| +00000400 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 |.....@.a.Lr+...F| +00000410 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 |..M...>...B...=.| +00000420 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 |`.\!.;..........| +00000430 00 a8 03 00 1d 20 27 94 d8 62 00 f3 3f 21 e6 e1 |..... '..b..?!..| +00000440 0f 1f 2d 9b 37 4d cf 72 34 48 72 2e 85 46 dd b6 |..-.7M.r4Hr..F..| +00000450 32 23 64 b3 4b 63 04 01 00 80 82 34 e5 7f 70 51 |2#d.Kc.....4..pQ| +00000460 42 3b ab 51 61 73 1f 2c 64 04 1d 66 96 ff f9 95 |B;.Qas.,d..f....| +00000470 86 09 a8 75 11 16 34 05 17 fb 96 9c fb 78 40 4c |...u..4......x@L| +00000480 10 5b ee 0d 31 a0 77 32 a8 0f 19 ef a4 30 cd 08 |.[..1.w2.....0..| +00000490 cb f5 ec 36 fa 24 0a ca 0b d8 16 02 d1 34 86 a7 |...6.$.......4..| +000004a0 f8 e3 cb e6 62 1c cd 40 d6 4f 0c 2f 5b 66 12 6f |....b..@.O./[f.o| +000004b0 8a 2f c4 ef ac 46 86 44 90 e0 65 38 94 4d 5e df |./...F.D..e8.M^.| +000004c0 51 a3 40 6e 64 b6 00 6b 88 97 7b 43 78 d9 df 70 |Q.@nd..k..{Cx..p| +000004d0 fe 66 66 56 82 14 ed ab 08 cd 16 03 03 00 04 0e |.ffV............| +000004e0 00 00 00 |...| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 20 7a 58 e1 33 d4 ce ca 57 ef ea b9 |.... zX.3...W...| +00000040 9d f2 4d ec ce 86 4b e9 c2 b5 64 dd 0f 32 f0 66 |..M...K...d..2.f| +00000050 65 42 74 d8 59 |eBt.Y| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 20 27 df 9b 14 a1 |.......... '....| +00000010 cd a5 83 5b 6b 30 60 a3 ae 8d 64 56 fe 8e 87 a2 |...[k0`...dV....| +00000020 ff 1b 54 72 c8 7c b2 85 9d 8a de |..Tr.|.....| +>>> Flow 5 (client to server) +00000000 17 03 03 00 16 c7 bf a9 7a 72 07 27 88 9a ec 1b |........zr.'....| +00000010 d3 44 f2 20 88 e4 c2 8b 61 86 5c 15 03 03 00 12 |.D. ....a.\.....| +00000020 35 ab f5 f6 92 f9 db 23 bf f1 8e e8 65 62 cf 48 |5......#....eb.H| +00000030 91 9d |..| diff --git a/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM b/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM new file mode 100644 index 0000000..90541fd --- /dev/null +++ b/testdata/Client-TLSv12-X25519-ECDHE-RSA-AES-GCM @@ -0,0 +1,85 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 8b 01 00 00 87 03 03 00 00 00 00 00 |................| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2c cc a8 |.............,..| +00000030 cc a9 c0 2f c0 2b c0 30 c0 2c c0 27 c0 13 c0 23 |.../.+.0.,.'...#| +00000040 c0 09 c0 14 c0 0a 00 9c 00 9d 00 3c 00 2f 00 35 |...........<./.5| +00000050 c0 12 00 0a 00 05 c0 11 c0 07 01 00 00 32 00 05 |.............2..| +00000060 00 05 01 00 00 00 00 00 0a 00 04 00 02 00 1d 00 |................| +00000070 0b 00 02 01 00 00 0d 00 0e 00 0c 04 01 04 03 05 |................| +00000080 01 05 03 02 01 02 03 ff 01 00 01 00 00 12 00 00 |................| +>>> Flow 2 (server to client) +00000000 16 03 03 00 59 02 00 00 55 03 03 07 42 b0 44 05 |....Y...U...B.D.| +00000010 b1 6d 3c f0 60 fe 6a f2 1f 8f 1d 88 de 4b 6a 1b |.m<.`.j......Kj.| +00000020 4f 72 60 4d 42 a5 f7 77 eb 86 c2 20 99 35 47 07 |Or`MB..w... .5G.| +00000030 64 60 32 52 2e 1d 54 d5 b7 e2 26 85 72 c1 ec 8d |d`2R..T...&.r...| +00000040 fb 59 86 91 46 7d ad 16 bd b7 38 94 c0 2f 00 00 |.Y..F}....8../..| +00000050 0d ff 01 00 01 00 00 0b 00 04 03 00 01 02 16 03 |................| +00000060 03 02 59 0b 00 02 55 00 02 52 00 02 4f 30 82 02 |..Y...U..R..O0..| +00000070 4b 30 82 01 b4 a0 03 02 01 02 02 09 00 e8 f0 9d |K0..............| +00000080 3f e2 5b ea a6 30 0d 06 09 2a 86 48 86 f7 0d 01 |?.[..0...*.H....| +00000090 01 0b 05 00 30 1f 31 0b 30 09 06 03 55 04 0a 13 |....0.1.0...U...| +000000a0 02 47 6f 31 10 30 0e 06 03 55 04 03 13 07 47 6f |.Go1.0...U....Go| +000000b0 20 52 6f 6f 74 30 1e 17 0d 31 36 30 31 30 31 30 | Root0...1601010| +000000c0 30 30 30 30 30 5a 17 0d 32 35 30 31 30 31 30 30 |00000Z..25010100| +000000d0 30 30 30 30 5a 30 1a 31 0b 30 09 06 03 55 04 0a |0000Z0.1.0...U..| +000000e0 13 02 47 6f 31 0b 30 09 06 03 55 04 03 13 02 47 |..Go1.0...U....G| +000000f0 6f 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 |o0..0...*.H.....| +00000100 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 db 46 |.......0.......F| +00000110 7d 93 2e 12 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 |}...'.H..(!.~...| +00000120 5d fe 1e 52 45 88 7a 36 47 a5 08 0d 92 42 5b c2 |]..RE.z6G....B[.| +00000130 81 c0 be 97 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 |....y.@.Om..+...| +00000140 a5 2e 67 d8 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b |..g....."8.J.ts+| +00000150 c2 34 f1 d1 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c |.4......t{.X.la<| +00000160 c0 b0 41 d4 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d |..A..++$#w[.;.u]| +00000170 ce 20 54 cf a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b |. T..c...$....P.| +00000180 aa b6 14 43 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 |...C...ub...R...| +00000190 01 00 01 a3 81 93 30 81 90 30 0e 06 03 55 1d 0f |......0..0...U..| +000001a0 01 01 ff 04 04 03 02 05 a0 30 1d 06 03 55 1d 25 |.........0...U.%| +000001b0 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 |..0...+.........| +000001c0 2b 06 01 05 05 07 03 02 30 0c 06 03 55 1d 13 01 |+.......0...U...| +000001d0 01 ff 04 02 30 00 30 19 06 03 55 1d 0e 04 12 04 |....0.0...U.....| +000001e0 10 9f 91 16 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f |.....CC>I..m....| +000001f0 60 30 1b 06 03 55 1d 23 04 14 30 12 80 10 48 13 |`0...U.#..0...H.| +00000200 49 4d 13 7e 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 |IM.~.1......n{0.| +00000210 06 03 55 1d 11 04 12 30 10 82 0e 65 78 61 6d 70 |..U....0...examp| +00000220 6c 65 2e 67 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 |le.golang0...*.H| +00000230 86 f7 0d 01 01 0b 05 00 03 81 81 00 9d 30 cc 40 |.............0.@| +00000240 2b 5b 50 a0 61 cb ba e5 53 58 e1 ed 83 28 a9 58 |+[P.a...SX...(.X| +00000250 1a a9 38 a4 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d |..8....1Z..f=C.-| +00000260 d9 0b f2 97 df d3 20 64 38 92 24 3a 00 bc cf 9c |...... d8.$:....| +00000270 7d b7 40 20 01 5f aa d3 16 61 09 a2 76 fd 13 c3 |}.@ ._...a..v...| +00000280 cc e1 0c 5c ee b1 87 82 f1 6c 04 ed 73 bb b3 43 |...\.....l..s..C| +00000290 77 8d 0c 1c f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d |w.......@.a.Lr+.| +000002a0 ae db 46 06 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db |..F..M...>...B..| +000002b0 fe 3d 13 60 84 5c 21 d3 3b e9 fa e7 16 03 03 00 |.=.`.\!.;.......| +000002c0 ac 0c 00 00 a8 03 00 1d 20 cc f6 2e 98 6c e0 8b |........ ....l..| +000002d0 15 17 63 6f 97 5e 37 6a a7 3c 4b f2 d4 91 e0 87 |..co.^7j.$| +00000340 04 f0 b9 ab 81 b8 4e 39 88 8f b7 46 2c 60 b8 5c |......N9...F,`.\| +00000350 6f 4d d4 5d 7a 04 f7 1d 82 98 a2 b1 f9 7e f0 1f |oM.]z........~..| +00000360 cf a5 e5 28 25 d4 3d b0 32 ea eb 21 c6 16 03 03 |...(%.=.2..!....| +00000370 00 04 0e 00 00 00 |......| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 2f e5 7d a3 47 cd |....%...! /.}.G.| +00000010 62 43 15 28 da ac 5f bb 29 07 30 ff f6 84 af c4 |bC.(.._.).0.....| +00000020 cf c2 ed 90 99 5f 58 cb 3b 74 14 03 03 00 01 01 |....._X.;t......| +00000030 16 03 03 00 28 00 00 00 00 00 00 00 00 75 70 c8 |....(........up.| +00000040 c5 ef ae 60 b5 8d ba 98 1a 7d 8d c3 e4 32 fc 33 |...`.....}...2.3| +00000050 5e 15 cc e2 d7 5d d5 76 52 1a fe ac 1e |^....].vR....| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 7f 2b fe 0d 9f |..........(.+...| +00000010 93 07 fd ee 48 76 09 fb 8d 4c dd 7b b5 b5 26 36 |....Hv...L.{..&6| +00000020 3e 05 e1 1b a7 dc 0b 4a c0 69 a8 22 33 0b 17 fc |>......J.i."3...| +00000030 6f ab b8 |o..| +>>> Flow 5 (client to server) +00000000 17 03 03 00 1e 00 00 00 00 00 00 00 01 49 61 5c |.............Ia\| +00000010 db f2 e5 63 23 3a f1 dd 12 3e 61 ed d9 4b 5f b5 |...c#:...>a..K_.| +00000020 d3 f7 38 15 03 03 00 1a 00 00 00 00 00 00 00 02 |..8.............| +00000030 af 09 a7 f1 e1 d9 1f 54 d1 35 19 16 b7 23 ce 4e |.......T.5...#.N| +00000040 3a b1 |:.| diff --git a/testdata/Server-SSLv3-RSA-3DES b/testdata/Server-SSLv3-RSA-3DES new file mode 100644 index 0000000..11a8a1c --- /dev/null +++ b/testdata/Server-SSLv3-RSA-3DES @@ -0,0 +1,76 @@ +>>> Flow 1 (client to server) +00000000 16 03 00 00 2f 01 00 00 2b 03 00 47 b4 bd 36 64 |..../...+..G..6d| +00000010 0a 7d 37 1d 99 ac fd 1c 7a 3f d5 0f 9d 90 e3 59 |.}7.....z?.....Y| +00000020 64 e4 fb 59 3a 4a 5f 53 d2 af 88 00 00 04 00 0a |d..Y:J_S........| +00000030 00 ff 01 00 |....| +>>> Flow 2 (server to client) +00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 00 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 00 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 00 00 84 10 00 00 80 43 4d 76 6b 7f b3 e6 |.........CMvk...| +00000010 82 18 f9 8a a5 cd 45 ab 8f 1a 1d d4 9a 0a 1d 50 |......E........P| +00000020 96 f2 08 14 a7 6b e3 ef d1 31 6b 18 d2 f5 ee e3 |.....k...1k.....| +00000030 cd df 67 23 3d ec 70 09 07 df 32 c2 cd 60 6c 2b |..g#=.p...2..`l+| +00000040 7f 04 cd b3 77 87 78 e5 90 60 41 0c fc 22 1a 3a |....w.x..`A..".:| +00000050 82 29 28 92 9c f8 33 3a 72 ee 08 58 55 d5 ea 9c |.)(...3:r..XU...| +00000060 37 96 a4 92 75 e0 29 8a 18 ad 5a c1 1f 4c aa c7 |7...u.)...Z..L..| +00000070 49 89 6e ff 29 32 a3 c8 51 e8 50 3f 41 10 36 27 |I.n.)2..Q.P?A.6'| +00000080 0b 60 a2 96 4b 82 a9 c6 52 14 03 00 00 01 01 16 |.`..K...R.......| +00000090 03 00 00 40 b3 59 d0 de d1 47 8e 9e 1a 27 16 41 |...@.Y...G...'.A| +000000a0 f7 38 4e 91 12 a0 71 89 1c 68 29 dc 60 7e 2c 39 |.8N...q..h).`~,9| +000000b0 45 cb e6 98 8d 43 5e 76 34 ca 5b 86 24 9d 77 0a |E....C^v4.[.$.w.| +000000c0 90 60 19 75 67 74 3d 95 1d e7 82 ee a8 9f 3a 60 |.`.ugt=.......:`| +000000d0 8e ac 28 74 |..(t| +>>> Flow 4 (server to client) +00000000 14 03 00 00 01 01 16 03 00 00 40 e8 3e 89 b5 10 |..........@.>...| +00000010 e4 c9 eb f7 3f 83 e5 6a 7c 04 fd e6 96 69 25 fb |....?..j|....i%.| +00000020 0b 0b 0e f7 13 4e 99 45 d2 0e 13 22 6b d1 0e 32 |.....N.E..."k..2| +00000030 30 b5 c4 a2 03 cf 22 59 68 5c cc 63 96 f5 01 f3 |0....."Yh\.c....| +00000040 2c b3 b5 13 e1 9d 19 45 c0 4f 28 17 03 00 00 18 |,......E.O(.....| +00000050 2e cb 8c b3 d4 d5 c2 18 fd 6e dc 72 7b b3 4b b8 |.........n.r{.K.| +00000060 10 56 0a 01 af 55 e8 5a 17 03 00 00 28 3f df 74 |.V...U.Z....(?.t| +00000070 2f b9 5b a4 43 ec 24 68 ad ff 6c 52 b5 6a 91 0c |/.[.C.$h..lR.j..| +00000080 be 3b 25 c9 e4 40 59 66 17 cb f0 e7 6b 6e cd 43 |.;%..@Yf....kn.C| +00000090 ac be b7 62 d0 15 03 00 00 18 43 4d 3c fd 83 6e |...b......CM<..n| +000000a0 e0 3f ae 40 0c 8a a1 08 d2 74 e2 60 7b d0 97 d5 |.?.@.....t.`{...| +000000b0 e8 a5 |..| diff --git a/testdata/Server-SSLv3-RSA-AES b/testdata/Server-SSLv3-RSA-AES new file mode 100644 index 0000000..771373c --- /dev/null +++ b/testdata/Server-SSLv3-RSA-AES @@ -0,0 +1,77 @@ +>>> Flow 1 (client to server) +00000000 16 03 00 00 2f 01 00 00 2b 03 00 26 1e 06 cd 27 |..../...+..&...'| +00000010 f5 2a b4 8d 00 07 47 16 02 23 aa 5e 92 02 95 4a |.*....G..#.^...J| +00000020 1a 0b a8 51 8a 6f 4a 31 3c e9 a2 00 00 04 00 2f |...Q.oJ1<....../| +00000030 00 ff 01 00 |....| +>>> Flow 2 (server to client) +00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 00 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 00 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 00 00 84 10 00 00 80 66 67 59 2f 21 b9 e3 |.........fgY/!..| +00000010 0d a9 78 0c 6b fc dc 6f 69 4e f9 00 8b 40 a2 0f |..x.k..oiN...@..| +00000020 5a d8 8c d2 59 ab 33 78 f6 42 2f fa cf d6 48 7a |Z...Y.3x.B/...Hz| +00000030 59 30 94 1c 10 49 30 69 4a 6c a2 e5 ce 59 6d e3 |Y0...I0iJl...Ym.| +00000040 49 0c a7 0a ab 17 8b c6 48 82 71 44 d5 7d 80 e5 |I.......H.qD.}..| +00000050 6d 45 6c 10 12 01 85 71 ee dc c5 e3 19 41 ed 22 |mEl....q.....A."| +00000060 11 5c c4 25 c6 90 ad c8 4c 48 45 8d ad 6c f4 ef |.\.%....LHE..l..| +00000070 fb b4 2b 53 90 cc 78 b0 9e 22 e7 2c 1a 64 0e 8b |..+S..x..".,.d..| +00000080 d8 57 54 74 c5 33 20 3f 42 14 03 00 00 01 01 16 |.WTt.3 ?B.......| +00000090 03 00 00 40 18 b6 0a d4 9e 4d fa 8a 67 ce 8e d5 |...@.....M..g...| +000000a0 51 31 75 65 f1 ff 54 a2 1b 80 c5 c3 a0 fc d2 78 |Q1ue..T........x| +000000b0 0b 99 3b 65 6c 1d 52 6d a9 9f 64 13 97 d5 2e b1 |..;el.Rm..d.....| +000000c0 76 0b a0 fb f6 16 f7 72 28 a5 8a 11 a7 46 d5 59 |v......r(....F.Y| +000000d0 e1 f4 f3 6f |...o| +>>> Flow 4 (server to client) +00000000 14 03 00 00 01 01 16 03 00 00 40 6c 5b 64 b5 f9 |..........@l[d..| +00000010 76 cc 7e 51 72 46 ab 21 17 b3 fb 2b 48 c5 5a 9f |v.~QrF.!...+H.Z.| +00000020 e6 35 14 ff df c7 a7 4b 5e 5a 9b 82 57 b5 bf 4d |.5.....K^Z..W..M| +00000030 5f 7c a5 be 67 96 71 3a 63 ad 76 86 66 06 e9 a2 |_|..g.q:c.v.f...| +00000040 35 39 6f 79 13 21 4b 19 c1 83 0e 17 03 00 00 20 |59oy.!K........ | +00000050 1a 80 c5 d1 8b 33 79 89 39 fc 11 44 80 33 1a f7 |.....3y.9..D.3..| +00000060 9f 63 96 5d c9 1a d4 56 2a ee 68 24 68 83 5d ca |.c.]...V*.h$h.].| +00000070 17 03 00 00 30 7c d4 88 17 d0 10 66 6a b3 61 ed |....0|.....fj.a.| +00000080 0a b5 72 55 ca fb c4 ec e2 f2 e2 bf 67 dd 3d c9 |..rU........g.=.| +00000090 01 3b 50 5c 35 ce 28 2d e6 9c 1f 5c 70 14 46 2a |.;P\5.(-...\p.F*| +000000a0 d8 9e ef 6a 66 15 03 00 00 20 c7 af e1 86 10 30 |...jf.... .....0| +000000b0 41 73 88 b2 86 02 a8 60 38 61 92 32 11 22 2d 47 |As.....`8a.2."-G| +000000c0 76 fe 22 9c 76 c2 00 ee e9 03 |v.".v.....| diff --git a/testdata/Server-SSLv3-RSA-RC4 b/testdata/Server-SSLv3-RSA-RC4 new file mode 100644 index 0000000..f5674cc --- /dev/null +++ b/testdata/Server-SSLv3-RSA-RC4 @@ -0,0 +1,72 @@ +>>> Flow 1 (client to server) +00000000 16 03 00 00 2f 01 00 00 2b 03 00 3f cc 8d 3f f0 |..../...+..?..?.| +00000010 c9 36 6f 43 43 c1 46 45 cd bf e5 ba 02 e6 55 2c |.6oCC.FE......U,| +00000020 3a 24 4a db cb a8 f2 1d 26 3e ef 00 00 04 00 05 |:$J.....&>......| +00000030 00 ff 01 00 |....| +>>> Flow 2 (server to client) +00000000 16 03 00 00 31 02 00 00 2d 03 00 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 00 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 00 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 00 00 84 10 00 00 80 13 5d 75 f0 6d 24 54 |..........]u.m$T| +00000010 f5 a1 f0 13 86 61 ce ea 66 86 06 eb c8 27 78 9f |.....a..f....'x.| +00000020 10 0d ef 94 3f 1b fb 8c 11 14 67 2a 0e 2a 1b cf |....?.....g*.*..| +00000030 ae 5a cb ac b8 b2 ea a8 70 85 ee fd 88 a9 61 a4 |.Z......p.....a.| +00000040 75 66 86 a5 88 96 a0 0d 6f 77 fe 63 5e 88 60 4d |uf......ow.c^.`M| +00000050 f6 b7 93 28 99 72 e8 60 ed 64 9a 3f e6 12 ea ee |...(.r.`.d.?....| +00000060 83 58 d4 0c 19 e0 2b ce b0 b4 fa 73 9f 78 d9 09 |.X....+....s.x..| +00000070 8c 17 b8 f5 04 e1 de c4 fe a9 1a aa ba 0d be f3 |................| +00000080 c8 e1 e4 e8 cc 39 4c f0 b9 14 03 00 00 01 01 16 |.....9L.........| +00000090 03 00 00 3c 1b 70 07 7f ad 8f a7 78 fd e8 eb b2 |...<.p.....x....| +000000a0 9a 54 86 a2 dd bc fa b6 0a 52 48 24 79 6a 04 f6 |.T.......RH$yj..| +000000b0 28 80 1f b7 b1 c6 4e 07 a3 52 60 5a 5a 81 14 11 |(.....N..R`ZZ...| +000000c0 d2 ee 33 71 e7 d3 ba 3e 4b 31 81 f2 f0 49 ee e4 |..3q...>K1...I..| +>>> Flow 4 (server to client) +00000000 14 03 00 00 01 01 16 03 00 00 3c 47 20 7c b9 0d |............Ht...........| +00000070 00 16 67 0d 6d 69 53 87 92 23 21 51 72 f6 31 73 |..g.miS..#!Qr.1s| +00000080 db bd 3c e6 f4 12 4c 69 |..<...Li| diff --git a/testdata/Server-TLSv10-ECDHE-ECDSA-AES b/testdata/Server-TLSv10-ECDHE-ECDSA-AES new file mode 100644 index 0000000..3e17081 --- /dev/null +++ b/testdata/Server-TLSv10-ECDHE-ECDSA-AES @@ -0,0 +1,78 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 4f 01 00 00 4b 03 01 f1 86 d0 c8 69 |....O...K......i| +00000010 46 0b 0b 89 08 c0 82 c0 f7 f1 9a b6 d2 2b e1 46 |F............+.F| +00000020 e6 e1 44 65 de 39 0a 68 a8 d5 1c 00 00 04 c0 0a |..De.9.h........| +00000030 00 ff 01 00 00 1e 00 0b 00 04 03 00 01 02 00 0a |................| +00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 16 00 00 |................| +00000050 00 17 00 00 |....| +>>> Flow 2 (server to client) +00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 01 02 0e 0b 00 02 0a 00 |................| +00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...| +00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.| +00000060 3d 04 01 30 45 31 0b 30 09 06 03 55 04 06 13 02 |=..0E1.0...U....| +00000070 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| +00000080 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| +00000090 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| +000000a0 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 32 |ts Pty Ltd0...12| +000000b0 31 31 32 32 31 35 30 36 33 32 5a 17 0d 32 32 31 |1122150632Z..221| +000000c0 31 32 30 31 35 30 36 33 32 5a 30 45 31 0b 30 09 |120150632Z0E1.0.| +000000d0 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 |..U....AU1.0...U| +000000e0 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 |....Some-State1!| +000000f0 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 |0...U....Interne| +00000100 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 |t Widgits Pty Lt| +00000110 64 30 81 9b 30 10 06 07 2a 86 48 ce 3d 02 01 06 |d0..0...*.H.=...| +00000120 05 2b 81 04 00 23 03 81 86 00 04 00 c4 a1 ed be |.+...#..........| +00000130 98 f9 0b 48 73 36 7e c3 16 56 11 22 f2 3d 53 c3 |...Hs6~..V.".=S.| +00000140 3b 4d 21 3d cd 6b 75 e6 f6 b0 dc 9a df 26 c1 bc |;M!=.ku......&..| +00000150 b2 87 f0 72 32 7c b3 64 2f 1c 90 bc ea 68 23 10 |...r2|.d/....h#.| +00000160 7e fe e3 25 c0 48 3a 69 e0 28 6d d3 37 00 ef 04 |~..%.H:i.(m.7...| +00000170 62 dd 0d a0 9c 70 62 83 d8 81 d3 64 31 aa 9e 97 |b....pb....d1...| +00000180 31 bd 96 b0 68 c0 9b 23 de 76 64 3f 1a 5c 7f e9 |1...h..#.vd?.\..| +00000190 12 0e 58 58 b6 5f 70 dd 9b d8 ea d5 d7 f5 d5 cc |..XX._p.........| +000001a0 b9 b6 9f 30 66 5b 66 9a 20 e2 27 e5 bf fe 3b 30 |...0f[f. .'...;0| +000001b0 09 06 07 2a 86 48 ce 3d 04 01 03 81 8c 00 30 81 |...*.H.=......0.| +000001c0 88 02 42 01 88 a2 4f eb e2 45 c5 48 7d 1b ac f5 |..B...O..E.H}...| +000001d0 ed 98 9d ae 47 70 c0 5e 1b b6 2f bd f1 b6 4d b7 |....Gp.^../...M.| +000001e0 61 40 d3 11 a2 ce ee 0b 7e 92 7e ff 76 9d c3 3b |a@......~.~.v..;| +000001f0 7e a5 3f ce fa 10 e2 59 ec 47 2d 7c ac da 4e 97 |~.?....Y.G-|..N.| +00000200 0e 15 a0 6f d0 02 42 01 4d fc be 67 13 9c 2d 05 |...o..B.M..g..-.| +00000210 0e bd 3f a3 8c 25 c1 33 13 83 0d 94 06 bb d4 37 |..?..%.3.......7| +00000220 7a f6 ec 7a c9 86 2e dd d7 11 69 7f 85 7c 56 de |z..z......i..|V.| +00000230 fb 31 78 2b e4 c7 78 0d ae cb be 9e 4e 36 24 31 |.1x+..x.....N6$1| +00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 01 00 b5 0c 00 |{j.9....*.......| +00000250 00 b1 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(| +00000260 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........| +00000270 99 5f 58 cb 3b 74 00 8b 30 81 88 02 42 00 ad 93 |._X.;t..0...B...| +00000280 e2 c2 3d 7e 95 63 17 5d 45 cf cd 27 af d2 db b3 |..=~.c.]E..'....| +00000290 d0 bc 13 1e 6f 0a 61 3a fb 3c b3 03 61 2c 36 ae |....o.a:.<..a,6.| +000002a0 4f be 27 e9 43 3c cf 57 9b 82 5e 7d 54 36 ed 7e |O.'.C<.W..^}T6.~| +000002b0 0b 34 68 26 90 00 20 02 0f c1 18 bc 79 1b 90 02 |.4h&.. .....y...| +000002c0 42 01 6b 66 9d 56 48 8e 5e 38 93 48 03 6b b9 d7 |B.kf.VH.^8.H.k..| +000002d0 bd 14 a0 3e 8a 27 81 7f fe 4d e5 8a 12 4d 95 16 |...>.'...M...M..| +000002e0 ef c7 8d 60 07 1d 22 f8 5d 72 0d cc be c3 51 69 |...`..".]r....Qi| +000002f0 7a 04 e3 84 e5 ba dd 04 1d d4 4c 6f 9f 6b 12 e0 |z.........Lo.k..| +00000300 2f 83 3c 16 03 01 00 04 0e 00 00 00 |/.<.........| +>>> Flow 3 (client to server) +00000000 16 03 01 00 25 10 00 00 21 20 18 40 ea d1 e1 17 |....%...! .@....| +00000010 b6 a2 a5 db 20 13 70 81 90 fc ac e8 96 7c b1 e1 |.... .p......|..| +00000020 ff 6f 57 1f c1 64 72 94 f7 05 14 03 01 00 01 01 |.oW..dr.........| +00000030 16 03 01 00 30 05 33 48 f0 2a 3a df df 1d c4 3d |....0.3H.*:....=| +00000040 87 ea 9d 04 04 eb 84 bf a0 ed bc 56 2f ab 36 52 |...........V/.6R| +00000050 d5 b2 2c 6f 8c 58 49 51 33 d5 fc df 5d 09 df e9 |..,o.XIQ3...]...| +00000060 be 20 30 9a 37 |. 0.7| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 8c b6 5b 83 03 |..........0..[..| +00000010 c0 d8 83 f7 1d 24 2e ec 39 68 00 91 73 d2 5a 15 |.....$..9h..s.Z.| +00000020 3f 83 aa e3 6d fd cc 31 58 90 e9 a9 e3 e4 78 5d |?...m..1X.....x]| +00000030 ce 8e b3 ba cd 71 aa a2 fd f4 7c 17 03 01 00 20 |.....q....|.... | +00000040 62 98 34 9d 01 13 13 2d 1b 27 3a 4f 10 28 48 d6 |b.4....-.':O.(H.| +00000050 32 8c 99 2a c8 64 14 6e dc f5 7c 6d 16 59 45 8e |2..*.d.n..|m.YE.| +00000060 17 03 01 00 30 1e ed f9 40 ad 5c 5d f6 94 c9 fd |....0...@.\]....| +00000070 a1 ac fc 00 7b 48 9a 59 6d f5 b7 06 a4 66 25 04 |....{H.Ym....f%.| +00000080 61 33 08 f3 66 86 21 00 fb f3 03 78 83 4c b6 c8 |a3..f.!....x.L..| +00000090 9d 5e ea f5 7e 15 03 01 00 20 98 d8 f6 2a 79 60 |.^..~.... ...*y`| +000000a0 8d fb c9 45 2f 27 59 17 a9 79 eb e7 b9 46 f1 57 |...E/'Y..y...F.W| +000000b0 a6 fa ea e1 d0 23 8c 03 4f 72 |.....#..Or| diff --git a/testdata/Server-TLSv10-RSA-3DES b/testdata/Server-TLSv10-RSA-3DES new file mode 100644 index 0000000..9590b0d --- /dev/null +++ b/testdata/Server-TLSv10-RSA-3DES @@ -0,0 +1,72 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 39 01 00 00 35 03 01 58 71 a3 0c c4 |....9...5..Xq...| +00000010 b6 b0 33 0a 66 3c eb c6 f4 d9 0e 99 75 d4 9e b6 |..3.f<......u...| +00000020 03 b4 ae ae ad bc a8 ab 64 a0 27 00 00 04 00 0a |........d.'.....| +00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............| +>>> Flow 2 (server to client) +00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 01 00 86 10 00 00 82 00 80 ab 50 cd 04 9e |............P...| +00000010 db 19 e4 18 26 ff 59 41 20 02 a5 a2 20 a3 1c 44 |....&.YA ... ..D| +00000020 02 bc 9a 1c d9 d7 5d 5b 55 fc 2a 4d 2b 03 22 b1 |......][U.*M+.".| +00000030 de 96 10 84 6f e3 f2 22 2d 6f cb 29 07 43 a6 6e |....o.."-o.).C.n| +00000040 ce 23 64 f7 72 2b dc 9b c0 6f 7f bd 8e cf e2 7f |.#d.r+...o......| +00000050 75 12 24 72 23 6b 26 08 69 76 17 c0 21 91 c0 7d |u.$r#k&.iv..!..}| +00000060 8c 8f 20 83 08 02 0d 73 27 23 91 35 5f 3f e6 56 |.. ....s'#.5_?.V| +00000070 1d 69 d3 1d 3b 0e fa 60 86 8b 40 ad c0 48 59 60 |.i..;..`..@..HY`| +00000080 45 eb b0 77 2c 91 94 75 fd 6a d3 14 03 01 00 01 |E..w,..u.j......| +00000090 01 16 03 01 00 28 8b 25 c1 8f 25 32 b5 cb 74 6d |.....(.%..%2..tm| +000000a0 08 67 59 a3 ae ae 16 f9 fa 03 f6 54 42 f4 56 3f |.gY........TB.V?| +000000b0 c4 12 66 f3 1a b0 48 95 24 79 fe 41 a5 d1 |..f...H.$y.A..| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 28 ff 69 ed 0f 20 |..........(.i.. | +00000010 ff e1 42 78 b9 bc a8 61 48 82 08 a0 01 a5 98 91 |..Bx...aH.......| +00000020 3e 39 d4 6d 17 38 a2 04 18 ed 90 3c f0 cf 6a 9a |>9.m.8.....<..j.| +00000030 ea c5 45 17 03 01 00 18 b5 76 2c 0e f1 34 51 e5 |..E......v,..4Q.| +00000040 f5 38 d3 9f c9 c5 d5 19 35 c3 2e ec 18 df 8e c8 |.8......5.......| +00000050 17 03 01 00 28 47 6f e9 c0 fa b3 21 ec 6c 16 e7 |....(Go....!.l..| +00000060 71 a8 09 15 17 86 68 1c cf fa ea 37 68 d3 33 ef |q.....h....7h.3.| +00000070 4a b1 95 46 5b 16 d7 95 f8 13 65 2f 93 15 03 01 |J..F[.....e/....| +00000080 00 18 1b 0c 09 81 ff fc 6d 82 84 ab 83 98 fc 72 |........m......r| +00000090 f5 4a a0 eb 08 96 79 01 76 26 |.J....y.v&| diff --git a/testdata/Server-TLSv10-RSA-AES b/testdata/Server-TLSv10-RSA-AES new file mode 100644 index 0000000..c175029 --- /dev/null +++ b/testdata/Server-TLSv10-RSA-AES @@ -0,0 +1,75 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 39 01 00 00 35 03 01 82 f3 04 d5 71 |....9...5......q| +00000010 d8 65 69 36 46 cb 45 77 b2 ef 00 75 98 e4 16 d2 |.ei6F.Ew...u....| +00000020 70 f7 3c 97 84 49 ef da 5d cd 64 00 00 04 00 2f |p.<..I..].d..../| +00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............| +>>> Flow 2 (server to client) +00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 01 00 86 10 00 00 82 00 80 9c a1 18 77 22 |..............w"| +00000010 f5 a1 cf 4d cc df 27 7c c5 7e 98 24 24 be 2f b2 |...M..'|.~.$$./.| +00000020 1d d7 b8 2f fe 90 73 d0 fc f6 88 3c 91 a4 bc dc |.../..s....<....| +00000030 b9 0b 48 0d 55 e5 9f c1 8a 6c 1c 7d 4d a9 12 d5 |..H.U....l.}M...| +00000040 87 4b 9a 77 74 3d 33 8c c7 17 fb 32 09 df 86 f1 |.K.wt=3....2....| +00000050 93 cc 17 f9 08 bd bc 0e 38 df 9d 82 ad cc 70 0c |........8.....p.| +00000060 f5 8b 8d 99 e8 5f 3e e5 a6 c7 c2 6a 67 02 90 82 |....._>....jg...| +00000070 28 9a 72 e1 3e 77 51 10 84 29 21 09 56 36 f2 6a |(.r.>wQ..)!.V6.j| +00000080 1d 15 08 7b 44 41 43 59 55 8d 52 14 03 01 00 01 |...{DACYU.R.....| +00000090 01 16 03 01 00 30 06 5b 20 42 7e 7b 1f 4b 7c 36 |.....0.[ B~{.K|6| +000000a0 99 bb c6 b4 ea a1 19 3e 02 0c 3b 3a 38 be 80 11 |.......>..;:8...| +000000b0 29 72 a8 12 92 ad 24 9d bf 01 3e ef 9a f1 db 33 |)r....$...>....3| +000000c0 3e c1 dc d2 51 b1 |>...Q.| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 30 2e d5 04 91 6d |..........0....m| +00000010 32 12 8b 41 4a 46 2c f3 7f d4 16 0a 21 c2 ac 88 |2..AJF,.....!...| +00000020 09 a0 b5 0d 65 4e 44 e1 92 5a ae b8 3f 61 1f 35 |....eND..Z..?a.5| +00000030 ab 3a fe bd f8 3c 2c 42 dd 68 0f 17 03 01 00 20 |.:...<,B.h..... | +00000040 6e d4 08 98 bf b7 18 84 ee 68 f8 17 88 c5 13 7a |n........h.....z| +00000050 73 e0 c6 ca 0d 21 4d 6b 44 dc 94 36 6c e4 a0 2f |s....!MkD..6l../| +00000060 17 03 01 00 30 a0 45 d0 88 5d 96 48 26 46 37 33 |....0.E..].H&F73| +00000070 f6 48 f3 38 2e 38 d7 b6 ef d5 25 bf f3 1b b6 78 |.H.8.8....%....x| +00000080 32 a7 9c fe be 55 35 f2 07 5b b7 14 87 89 80 f2 |2....U5..[......| +00000090 cc d5 cb c8 57 15 03 01 00 20 80 2a 8e 6c b8 5a |....W.... .*.l.Z| +000000a0 41 b4 ae 56 ca 3f 8b a2 e1 ea a0 55 64 b5 60 44 |A..V.?.....Ud.`D| +000000b0 8f de 33 c6 37 f7 df b5 d9 c3 |..3.7.....| diff --git a/testdata/Server-TLSv10-RSA-RC4 b/testdata/Server-TLSv10-RSA-RC4 new file mode 100644 index 0000000..3d788c3 --- /dev/null +++ b/testdata/Server-TLSv10-RSA-RC4 @@ -0,0 +1,69 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 39 01 00 00 35 03 01 71 34 00 f7 c4 |....9...5..q4...| +00000010 e6 94 b4 ca f2 af d5 0a 82 ce d4 f6 b7 4a a7 d1 |.............J..| +00000020 1a 88 65 b2 3c b2 6c ec f7 eb 4a 00 00 04 00 05 |..e.<.l...J.....| +00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............| +>>> Flow 2 (server to client) +00000000 16 03 01 00 31 02 00 00 2d 03 01 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 01 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 01 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 01 00 86 10 00 00 82 00 80 a5 75 5a 20 2c |............uZ ,| +00000010 31 f7 61 dc 73 c7 f6 4c 06 d2 b9 c0 e8 5f cc 0c |1.a.s..L....._..| +00000020 51 70 0a 30 b2 8a bb 3b 4c 37 f6 d3 38 da 13 48 |Qp.0...;L7..8..H| +00000030 90 4f fe 41 ec 53 3c fb 07 26 77 68 07 a0 fb 71 |.O.A.S<..&wh...q| +00000040 b6 cc 3c cd b4 64 03 08 3a 76 97 6e 6c f1 b4 a9 |..<..d..:v.nl...| +00000050 af f4 e0 ce bf 36 b9 8e 37 12 de 5b ac 24 06 63 |.....6..7..[.$.c| +00000060 e2 fb 13 33 be 3b 8d 93 e3 10 95 29 21 b2 22 77 |...3.;.....)!."w| +00000070 cb 95 b2 13 b3 76 47 98 13 1b a8 cc 50 47 ed 50 |.....vG.....PG.P| +00000080 f0 cc ca 5a c6 a0 1e c9 9c 97 58 14 03 01 00 01 |...Z......X.....| +00000090 01 16 03 01 00 24 e7 fd a2 7e fd 6f 53 da 29 68 |.....$...~.oS.)h| +000000a0 c3 49 2e e9 69 a1 94 b9 e4 a0 cb a2 94 14 a6 42 |.I..i..........B| +000000b0 df 75 1e da 95 e5 60 e3 35 f1 |.u....`.5.| +>>> Flow 4 (server to client) +00000000 14 03 01 00 01 01 16 03 01 00 24 44 a6 c8 7b 5f |..........$D..{_| +00000010 b9 4e c2 62 2d e0 c3 9f 76 0f b3 e5 f5 07 b7 c0 |.N.b-...v.......| +00000020 93 cd 1f 32 3c 0a 7a 83 57 4a 24 59 ac 95 f9 17 |...2<.z.WJ$Y....| +00000030 03 01 00 21 6f 02 76 2e 70 82 a0 6c 11 ce 3c b8 |...!o.v.p..l..<.| +00000040 dd d3 9e 2a ee ce d7 7f 63 1a 5b 35 d0 46 68 7d |...*....c.[5.Fh}| +00000050 21 6e 5b 64 fc 15 03 01 00 16 81 56 32 7d 51 e4 |!n[d.......V2}Q.| +00000060 08 53 85 45 65 c3 87 ac b0 58 70 4f 6f f7 64 4e |.S.Ee....XpOo.dN| diff --git a/testdata/Server-TLSv11-FallbackSCSV b/testdata/Server-TLSv11-FallbackSCSV new file mode 100644 index 0000000..209e621 --- /dev/null +++ b/testdata/Server-TLSv11-FallbackSCSV @@ -0,0 +1,10 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 63 01 00 00 5f 03 02 6e 78 cc 6a ea |....c..._..nx.j.| +00000010 13 aa a8 20 76 7d 32 ca c7 3f be 88 36 ae fb c3 |... v}2..?..6...| +00000020 ca 95 35 70 54 20 3b 18 3b ba 82 00 00 14 c0 0a |..5pT ;.;.......| +00000030 c0 14 00 39 c0 09 c0 13 00 33 00 35 00 2f 00 ff |...9.....3.5./..| +00000040 56 00 01 00 00 22 00 0b 00 04 03 00 01 02 00 0a |V...."..........| +00000050 00 0a 00 08 00 1d 00 17 00 19 00 18 00 23 00 00 |.............#..| +00000060 00 16 00 00 00 17 00 00 |........| +>>> Flow 2 (server to client) +00000000 15 03 02 00 02 02 56 |......V| diff --git a/testdata/Server-TLSv11-RSA-RC4 b/testdata/Server-TLSv11-RSA-RC4 new file mode 100644 index 0000000..18debc4 --- /dev/null +++ b/testdata/Server-TLSv11-RSA-RC4 @@ -0,0 +1,69 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 39 01 00 00 35 03 02 15 67 73 bf 3f |....9...5...gs.?| +00000010 6f 15 30 c2 34 2e c6 1b 23 3a 42 45 4d d9 87 a2 |o.0.4...#:BEM...| +00000020 e7 b8 de 1c b8 2b cc 21 7a 0b a1 00 00 04 00 05 |.....+.!z.......| +00000030 00 ff 01 00 00 08 00 16 00 00 00 17 00 00 |..............| +>>> Flow 2 (server to client) +00000000 16 03 02 00 31 02 00 00 2d 03 02 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 02 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 02 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 02 00 86 10 00 00 82 00 80 75 8e 85 93 be |...........u....| +00000010 53 df e0 4f 65 92 ed 3d 58 34 f8 06 fd 36 e4 5a |S..Oe..=X4...6.Z| +00000020 f7 7a 59 88 f6 ac bd de 21 ed c4 04 0d 35 19 cd |.zY.....!....5..| +00000030 ff 3b 9f c4 bc 93 4f 21 2a 36 a3 99 a4 6f eb 1e |.;....O!*6...o..| +00000040 7b b4 a8 a7 6d 69 a5 93 b6 e3 d2 2d be 7a c8 f3 |{...mi.....-.z..| +00000050 9f 25 9e f9 51 75 d9 4f 05 41 0e 17 56 31 4e 3f |.%..Qu.O.A..V1N?| +00000060 c0 15 d8 c4 29 4d e5 92 f9 ed 50 b6 88 f1 41 ea |....)M....P...A.| +00000070 cb 5a 8c 50 12 78 16 e7 21 b6 11 ca 2c 49 cf b6 |.Z.P.x..!...,I..| +00000080 d2 1a 16 28 f7 08 b5 c9 61 e0 18 14 03 02 00 01 |...(....a.......| +00000090 01 16 03 02 00 24 a1 cf 1b 5d dc 4c 9c 2c d7 39 |.....$...].L.,.9| +000000a0 af 13 e9 04 48 c0 2a aa 6f 3a 9c fb 9e 0a 25 55 |....H.*.o:....%U| +000000b0 7e 82 3d 1b 78 d1 e3 e0 f5 30 |~.=.x....0| +>>> Flow 4 (server to client) +00000000 14 03 02 00 01 01 16 03 02 00 24 7b 68 71 56 0f |..........${hqV.| +00000010 a5 46 1c 13 34 81 b5 b6 ba 29 fb 41 46 dc fe 78 |.F..4....).AF..x| +00000020 cc 0b 2d 75 bd fe c1 55 45 b1 fc 04 28 5e b1 17 |..-u...UE...(^..| +00000030 03 02 00 21 0b fa a9 2f 9e 82 5b 77 30 c2 27 88 |...!.../..[w0.'.| +00000040 f5 f3 50 47 7b 62 4c 7a d4 07 71 74 46 da 24 de |..PG{bLz..qtF.$.| +00000050 bf 3f 56 a7 9b 15 03 02 00 16 85 26 8a 89 33 21 |.?V........&..3!| +00000060 36 ce 69 83 84 50 fc 8f 99 b3 43 ad 6b 14 1e b2 |6.i..P....C.k...| diff --git a/testdata/Server-TLSv12-ALPN b/testdata/Server-TLSv12-ALPN new file mode 100644 index 0000000..3e90ebd --- /dev/null +++ b/testdata/Server-TLSv12-ALPN @@ -0,0 +1,94 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 bf 01 00 00 bb 03 03 18 c9 32 10 f3 |.............2..| +00000010 be ff a8 60 c5 2a 03 cb 25 8a b3 54 8d 70 27 90 |...`.*..%..T.p'.| +00000020 74 1e 15 3e 61 48 9b be f0 77 1f 00 00 38 c0 2c |t..>aH...w...8.,| +00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| +00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| +00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| +00000060 00 35 00 2f 00 ff 01 00 00 5a 00 0b 00 04 03 00 |.5./.....Z......| +00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................| +00000080 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 |.#..... ........| +00000090 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 |................| +000000a0 03 03 02 01 02 02 02 03 00 10 00 10 00 0e 06 70 |...............p| +000000b0 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....| +000000c0 00 17 00 00 |....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 42 02 00 00 3e 03 03 00 00 00 00 00 |....B...>.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..| +00000030 16 00 23 00 00 ff 01 00 01 00 00 10 00 09 00 07 |..#.............| +00000040 06 70 72 6f 74 6f 31 16 03 03 02 59 0b 00 02 55 |.proto1....Y...U| +00000050 00 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 |..R..O0..K0.....| +00000060 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d |.........?.[..0.| +00000070 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 |..*.H........0.1| +00000080 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e |.0...U....Go1.0.| +00000090 06 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e |..U....Go Root0.| +000000a0 17 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 |..160101000000Z.| +000000b0 0d 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a |.250101000000Z0.| +000000c0 31 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 |1.0...U....Go1.0| +000000d0 09 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 |...U....Go0..0..| +000000e0 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 |.*.H............| +000000f0 30 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 |0.......F}...'.H| +00000100 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a |..(!.~...]..RE.z| +00000110 36 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 |6G....B[.....y.@| +00000120 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e |.Om..+.....g....| +00000130 d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 |."8.J.ts+.4.....| +00000140 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b |.t{.X.la<..A..++| +00000150 24 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 |$#w[.;.u]. T..c.| +00000160 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 |..$....P....C...| +00000170 75 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 |ub...R.........0| +00000180 81 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 |..0...U.........| +00000190 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b |..0...U.%..0...+| +000001a0 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 |.........+......| +000001b0 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 |.0...U.......0.0| +000001c0 19 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 |...U..........CC| +000001d0 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d |>I..m....`0...U.| +000001e0 23 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb |#..0...H.IM.~.1.| +000001f0 a3 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 |.....n{0...U....| +00000200 30 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 |0...example.gola| +00000210 6e 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 |ng0...*.H.......| +00000220 00 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba |......0.@+[P.a..| +00000230 e5 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac |.SX...(.X..8....| +00000240 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 |1Z..f=C.-...... | +00000250 64 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa |d8.$:....}.@ ._.| +00000260 d3 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 |..a..v......\...| +00000270 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 |..l..s..Cw......| +00000280 d8 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 |.@.a.Lr+...F..M.| +00000290 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 |..>...B...=.`.\!| +000002a0 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 |.;..............| +000002b0 1d 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb |. /.}.G.bC.(.._.| +000002c0 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb |).0.........._X.| +000002d0 3b 74 05 01 00 80 2e c1 51 a1 e8 92 a6 bb ad 1e |;t......Q.......| +000002e0 4d f1 22 c5 e7 10 e6 31 1d 78 61 8a 22 a3 93 84 |M."....1.xa."...| +000002f0 58 d6 5a c6 94 d0 da 6c 6a 35 d1 31 ea 1b 7e 55 |X.Z....lj5.1..~U| +00000300 d6 35 a3 b7 42 e4 04 f8 31 15 15 88 5f 91 a8 7e |.5..B...1..._..~| +00000310 3e 73 52 8f 32 50 2e ad 95 44 83 b6 88 d6 18 99 |>sR.2P...D......| +00000320 cf 86 57 97 c0 b2 a0 91 ee a7 ac f8 38 4b 1c 8e |..W.........8K..| +00000330 a4 58 59 4a f6 fc 88 a4 02 ed c8 04 1a 8b 7b 9e |.XYJ..........{.| +00000340 83 91 72 ca 1e 1c e0 76 58 73 89 3a 7d 12 c5 ef |..r....vXs.:}...| +00000350 f8 f7 45 dc ca c4 16 03 03 00 04 0e 00 00 00 |..E............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 be 4e 0d d5 31 aa |....%...! .N..1.| +00000010 27 13 df 73 d3 8d 17 8c b3 5f 44 61 7b 01 b6 99 |'..s....._Da{...| +00000020 7b ba b3 5d bf d4 be 3c 87 26 14 03 03 00 01 01 |{..]...<.&......| +00000030 16 03 03 00 28 9c 86 e0 30 d4 a5 ec 0c 9e a6 08 |....(...0.......| +00000040 ce 8a 7a ff ef be 52 0c 56 86 62 de 49 09 a1 18 |..z...R.V.b.I...| +00000050 aa 62 e5 e3 d3 2e 4a 24 c9 ef 44 c9 67 |.b....J$..D.g| +>>> Flow 4 (server to client) +00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f ec 80 83 61 da 3d a1 df 0d 11 25 4b 66 55 09 |o...a.=....%KfU.| +00000040 af 7a c1 82 b9 ea 2f 9f 5c f4 0a 62 15 62 c2 32 |.z..../.\..b.b.2| +00000050 c6 37 51 5b bb 19 14 f8 73 f8 fb 82 00 ef 19 21 |.7Q[....s......!| +00000060 e2 52 7d ab 0a 33 94 df 78 54 ba 6c 5e 94 eb 16 |.R}..3..xT.l^...| +00000070 ad 85 01 ca d5 98 8f 8e b7 04 7e 9a 3c 35 c0 e5 |..........~.<5..| +00000080 8f cf 27 6d b4 12 c2 14 03 03 00 01 01 16 03 03 |..'m............| +00000090 00 28 00 00 00 00 00 00 00 00 75 da b5 10 2e 7c |.(........u....|| +000000a0 39 ec 3d 98 12 fb 5d 15 81 79 f3 c7 b1 e4 e0 54 |9.=...]..y.....T| +000000b0 ed 27 6e bc c3 81 a0 74 7e 38 17 03 03 00 25 00 |.'n....t~8....%.| +000000c0 00 00 00 00 00 00 01 bf 81 cc 93 49 4f b2 59 8b |...........IO.Y.| +000000d0 53 4a 61 96 04 00 4b ac 34 d5 bd 5a 94 44 18 5b |SJa...K.4..Z.D.[| +000000e0 7d 81 dc 05 15 03 03 00 1a 00 00 00 00 00 00 00 |}...............| +000000f0 02 bd 32 d5 cf 4d 13 61 6a 77 8b 3e 51 b3 13 84 |..2..M.ajw.>Q...| +00000100 e6 1a 23 |..#| diff --git a/testdata/Server-TLSv12-ALPN-NoMatch b/testdata/Server-TLSv12-ALPN-NoMatch new file mode 100644 index 0000000..d40300e --- /dev/null +++ b/testdata/Server-TLSv12-ALPN-NoMatch @@ -0,0 +1,94 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 bf 01 00 00 bb 03 03 82 57 14 fc ab |............W...| +00000010 56 21 ff 72 39 72 3f fe f1 9b 0f 22 00 ff ef 44 |V!.r9r?...."...D| +00000020 da db e0 83 d2 c0 a7 1c fb f0 6c 00 00 38 c0 2c |..........l..8.,| +00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| +00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| +00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| +00000060 00 35 00 2f 00 ff 01 00 00 5a 00 0b 00 04 03 00 |.5./.....Z......| +00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................| +00000080 00 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 |.#..... ........| +00000090 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 |................| +000000a0 03 03 02 01 02 02 02 03 00 10 00 10 00 0e 06 70 |...............p| +000000b0 72 6f 74 6f 32 06 70 72 6f 74 6f 31 00 16 00 00 |roto2.proto1....| +000000c0 00 17 00 00 |....| +>>> Flow 2 (server to client) +00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..| +00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.| +00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..| +00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.| +00000060 a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |.0...*.H........| +00000070 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 |0.1.0...U....Go1| +00000080 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f 6f |.0...U....Go Roo| +00000090 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 30 |t0...16010100000| +000000a0 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 30 |0Z..250101000000| +000000b0 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |Z0.1.0...U....Go| +000000c0 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 9f |1.0...U....Go0..| +000000d0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 |0...*.H.........| +000000e0 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e 12 |...0.......F}...| +000000f0 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 |'.H..(!.~...]..R| +00000100 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be 97 |E.z6G....B[.....| +00000110 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 |y.@.Om..+.....g.| +00000120 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 |...."8.J.ts+.4..| +00000130 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 |....t{.X.la<..A.| +00000140 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 cf |.++$#w[.;.u]. T.| +00000150 a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 |.c...$....P....C| +00000160 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 a3 |...ub...R.......| +00000170 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff 04 |..0..0...U......| +00000180 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 |.....0...U.%..0.| +00000190 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 |..+.........+...| +000001a0 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 |....0...U.......| +000001b0 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 16 |0.0...U.........| +000001c0 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 |.CC>I..m....`0..| +000001d0 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 7e |.U.#..0...H.IM.~| +000001e0 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 1d |.1......n{0...U.| +000001f0 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e 67 |...0...example.g| +00000200 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d 01 |olang0...*.H....| +00000210 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 |.........0.@+[P.| +00000220 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 |a...SX...(.X..8.| +00000230 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 |...1Z..f=C.-....| +00000240 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 20 |.. d8.$:....}.@ | +00000250 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c |._...a..v......\| +00000260 ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c |.....l..s..Cw...| +00000270 f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 06 |....@.a.Lr+...F.| +00000280 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 |.M...>...B...=.`| +00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 ac 0c 00 00 |.\!.;...........| +000002a0 a8 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 da |.... /.}.G.bC.(.| +000002b0 ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 99 |._.).0..........| +000002c0 5f 58 cb 3b 74 05 01 00 80 bf 6d 57 f5 0c 78 c4 |_X.;t.....mW..x.| +000002d0 77 48 0e 60 67 7a 3a 1b 3e 9e d2 88 a4 89 07 ef |wH.`gz:.>.......| +000002e0 d1 45 1a 66 7e 8c ec cb da 71 ea ec ba ed 81 9e |.E.f~....q......| +000002f0 21 4d 2e ba d4 8f c2 0a 67 ea 3a a1 d1 67 09 66 |!M......g.:..g.f| +00000300 dc a8 ad 16 a2 23 2a db 4f 31 65 b1 54 13 73 d1 |.....#*.O1e.T.s.| +00000310 f6 7b 75 d9 f1 07 19 b8 67 21 87 d2 3b cf a5 6c |.{u.....g!..;..l| +00000320 61 8e af ed 60 7f f2 56 9f 0d 0f 19 88 98 30 3a |a...`..V......0:| +00000330 61 8c 21 e7 8b 5d ab 6f cf 93 73 33 63 cd 50 bb |a.!..].o..s3c.P.| +00000340 dd 0e ab 4f 6a fb a3 f9 68 16 03 03 00 04 0e 00 |...Oj...h.......| +00000350 00 00 |..| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 05 0c 3b 8b 22 36 |....%...! ..;."6| +00000010 61 79 58 28 b0 82 65 44 39 67 93 c5 2c 3b d1 40 |ayX(..eD9g..,;.@| +00000020 88 af 9f 38 c1 fa e0 81 a0 19 14 03 03 00 01 01 |...8............| +00000030 16 03 03 00 28 87 2e d2 c2 ce 65 6d e8 d9 da a0 |....(.....em....| +00000040 9d dc f5 51 b0 84 88 8d c6 a3 0a 5d 08 10 ca c6 |...Q.......]....| +00000050 e3 83 0c 0a cb 6d ec 09 b8 9f a5 45 99 |.....m.....E.| +>>> Flow 4 (server to client) +00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f ec 80 83 61 34 53 e2 a4 e2 ff 73 4f 1b 15 8f |o...a4S....sO...| +00000040 3b 43 47 ac 20 c6 2d 5e 52 7a 61 6f af 40 c3 5a |;CG. .-^Rzao.@.Z| +00000050 cb 3f 7d 10 a9 90 ca cf 8d c4 c4 d4 a3 b8 1d 62 |.?}............b| +00000060 7d a9 68 32 01 33 94 65 8b 67 73 aa 51 d4 08 1d |}.h2.3.e.gs.Q...| +00000070 ce 76 6b ef 3d e6 ce d3 42 fe 24 cf f3 82 5b 17 |.vk.=...B.$...[.| +00000080 5c 03 e9 50 94 8e 8b 14 03 03 00 01 01 16 03 03 |\..P............| +00000090 00 28 00 00 00 00 00 00 00 00 c2 7c e6 69 c9 ec |.(.........|.i..| +000000a0 b5 55 57 34 8e 86 38 e6 28 85 b0 c8 2e c8 0f a6 |.UW4..8.(.......| +000000b0 a9 07 f4 91 47 46 dd fe c8 57 17 03 03 00 25 00 |....GF...W....%.| +000000c0 00 00 00 00 00 00 01 39 9a a2 da d8 3d 7f 25 0e |.......9....=.%.| +000000d0 83 a8 cd 57 d8 a4 7e 9f e1 e2 fe 3f 5a ed b9 99 |...W..~....?Z...| +000000e0 b6 4d 97 3a 15 03 03 00 1a 00 00 00 00 00 00 00 |.M.:............| +000000f0 02 d5 2a aa 1e 7a 60 b8 79 56 c6 56 75 11 b7 4c |..*..z`.yV.Vu..L| +00000100 83 19 9c |...| diff --git a/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA b/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA new file mode 100644 index 0000000..e286407 --- /dev/null +++ b/testdata/Server-TLSv12-CipherSuiteCertPreferenceECDSA @@ -0,0 +1,85 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 a7 01 00 00 a3 03 03 27 01 f3 21 98 |...........'..!.| +00000010 ff 55 7f 78 32 44 b7 9d 88 6b 82 43 26 52 00 74 |.U.x2D...k.C&R.t| +00000020 fb 05 ca be 23 1f d0 18 1f 74 c2 00 00 38 c0 2c |....#....t...8.,| +00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| +00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| +00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| +00000060 00 35 00 2f 00 ff 01 00 00 42 00 0b 00 04 03 00 |.5./.....B......| +00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................| +00000080 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 |... ............| +00000090 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 |................| +000000a0 02 02 02 03 00 16 00 00 00 17 00 00 |............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 03 02 0e 0b 00 02 0a 00 |................| +00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...| +00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.| +00000060 3d 04 01 30 45 31 0b 30 09 06 03 55 04 06 13 02 |=..0E1.0...U....| +00000070 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| +00000080 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| +00000090 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| +000000a0 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 32 |ts Pty Ltd0...12| +000000b0 31 31 32 32 31 35 30 36 33 32 5a 17 0d 32 32 31 |1122150632Z..221| +000000c0 31 32 30 31 35 30 36 33 32 5a 30 45 31 0b 30 09 |120150632Z0E1.0.| +000000d0 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 |..U....AU1.0...U| +000000e0 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 |....Some-State1!| +000000f0 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 |0...U....Interne| +00000100 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 |t Widgits Pty Lt| +00000110 64 30 81 9b 30 10 06 07 2a 86 48 ce 3d 02 01 06 |d0..0...*.H.=...| +00000120 05 2b 81 04 00 23 03 81 86 00 04 00 c4 a1 ed be |.+...#..........| +00000130 98 f9 0b 48 73 36 7e c3 16 56 11 22 f2 3d 53 c3 |...Hs6~..V.".=S.| +00000140 3b 4d 21 3d cd 6b 75 e6 f6 b0 dc 9a df 26 c1 bc |;M!=.ku......&..| +00000150 b2 87 f0 72 32 7c b3 64 2f 1c 90 bc ea 68 23 10 |...r2|.d/....h#.| +00000160 7e fe e3 25 c0 48 3a 69 e0 28 6d d3 37 00 ef 04 |~..%.H:i.(m.7...| +00000170 62 dd 0d a0 9c 70 62 83 d8 81 d3 64 31 aa 9e 97 |b....pb....d1...| +00000180 31 bd 96 b0 68 c0 9b 23 de 76 64 3f 1a 5c 7f e9 |1...h..#.vd?.\..| +00000190 12 0e 58 58 b6 5f 70 dd 9b d8 ea d5 d7 f5 d5 cc |..XX._p.........| +000001a0 b9 b6 9f 30 66 5b 66 9a 20 e2 27 e5 bf fe 3b 30 |...0f[f. .'...;0| +000001b0 09 06 07 2a 86 48 ce 3d 04 01 03 81 8c 00 30 81 |...*.H.=......0.| +000001c0 88 02 42 01 88 a2 4f eb e2 45 c5 48 7d 1b ac f5 |..B...O..E.H}...| +000001d0 ed 98 9d ae 47 70 c0 5e 1b b6 2f bd f1 b6 4d b7 |....Gp.^../...M.| +000001e0 61 40 d3 11 a2 ce ee 0b 7e 92 7e ff 76 9d c3 3b |a@......~.~.v..;| +000001f0 7e a5 3f ce fa 10 e2 59 ec 47 2d 7c ac da 4e 97 |~.?....Y.G-|..N.| +00000200 0e 15 a0 6f d0 02 42 01 4d fc be 67 13 9c 2d 05 |...o..B.M..g..-.| +00000210 0e bd 3f a3 8c 25 c1 33 13 83 0d 94 06 bb d4 37 |..?..%.3.......7| +00000220 7a f6 ec 7a c9 86 2e dd d7 11 69 7f 85 7c 56 de |z..z......i..|V.| +00000230 fb 31 78 2b e4 c7 78 0d ae cb be 9e 4e 36 24 31 |.1x+..x.....N6$1| +00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 03 00 b7 0c 00 |{j.9....*.......| +00000250 00 b3 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(| +00000260 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........| +00000270 99 5f 58 cb 3b 74 05 03 00 8b 30 81 88 02 42 01 |._X.;t....0...B.| +00000280 4f 30 aa d0 4d e5 61 db ba fc 95 15 52 ef 2a 41 |O0..M.a.....R.*A| +00000290 b4 d6 59 ac 39 61 b6 38 08 1e 87 b3 ca 9b 49 d3 |..Y.9a.8......I.| +000002a0 95 5a c5 29 84 cd 10 73 4a cc 09 df 1a b0 54 6d |.Z.)...sJ.....Tm| +000002b0 b8 61 28 80 2e ec cf 95 9d 6f c3 d9 ed 80 53 63 |.a(......o....Sc| +000002c0 d9 02 42 00 af 71 2f 91 80 ff a1 79 82 c7 d9 79 |..B..q/....y...y| +000002d0 fa 12 a9 88 7b 93 47 be 6a dc 80 42 17 9d 85 7a |....{.G.j..B...z| +000002e0 b8 1b fe 85 7f 5c 10 9c 9e 0e e1 71 a7 b0 12 02 |.....\.....q....| +000002f0 e2 a4 79 c4 8d d8 02 09 01 9c 6f 7a 27 7c 1f f4 |..y.......oz'|..| +00000300 38 46 59 46 94 16 03 03 00 04 0e 00 00 00 |8FYF..........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 8c 80 e4 c7 bd d7 |....%...! ......| +00000010 ea ea 42 f7 53 24 50 28 6a e9 f3 ff 4f 4a 28 22 |..B.S$P(j...OJ("| +00000020 a2 95 09 fc f0 d9 3e fc cc 6e 14 03 03 00 01 01 |......>..n......| +00000030 16 03 03 00 40 79 56 60 f5 45 e7 48 9e 97 1d 49 |....@yV`.E.H...I| +00000040 de 59 dd b0 f0 0a d2 cc 10 f0 98 3c c2 d5 67 d6 |.Y.........<..g.| +00000050 2c 18 2b 21 ae a3 2f ea 2d 0b ff fd e6 c2 73 25 |,.+!../.-.....s%| +00000060 1c 01 3e 94 3a cc 1d 58 6b fb 7f 85 e4 50 ec 10 |..>.:..Xk....P..| +00000070 b9 d7 71 cb be |..q..| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 83 5c 5c e3 c0 |............\\..| +00000020 20 56 8c 92 4b 75 f0 30 bd 67 74 52 f1 af 9c 14 | V..Ku.0.gtR....| +00000030 29 1e e4 b2 5b c0 2c e6 48 6f 94 42 7b 21 92 96 |)...[.,.Ho.B{!..| +00000040 0a 83 ce 1c 91 36 95 8c 14 38 57 17 03 03 00 40 |.....6...8W....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 73 a4 40 cf ad 86 cc 05 9e 47 5f 83 50 ae 68 d5 |s.@......G_.P.h.| +00000070 d1 6a a9 8c ba 74 fe c0 cc 4a 1a e3 b0 14 0d 31 |.j...t...J.....1| +00000080 9f 06 54 e3 95 3a 89 6d 34 54 0c e4 b4 34 38 21 |..T..:.m4T...48!| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 e6 dd b2 11 ab a7 34 61 00 d4 09 |...........4a...| +000000b0 bc ea c1 5f c4 e2 52 60 63 96 f0 fd 44 4e f9 0e |..._..R`c...DN..| +000000c0 af 32 99 e4 12 |.2...| diff --git a/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA b/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA new file mode 100644 index 0000000..1f9fbc1 --- /dev/null +++ b/testdata/Server-TLSv12-CipherSuiteCertPreferenceRSA @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 a7 01 00 00 a3 03 03 1d 39 c9 33 73 |............9.3s| +00000010 c2 b9 71 d8 66 23 63 a7 5c 9e 50 b6 3e a5 f9 bb |..q.f#c.\.P.>...| +00000020 34 1b 71 e1 09 4f ae d5 53 8a e8 00 00 38 c0 2c |4.q..O..S....8.,| +00000030 c0 30 00 9f cc a9 cc a8 cc aa c0 2b c0 2f 00 9e |.0.........+./..| +00000040 c0 24 c0 28 00 6b c0 23 c0 27 00 67 c0 0a c0 14 |.$.(.k.#.'.g....| +00000050 00 39 c0 09 c0 13 00 33 00 9d 00 9c 00 3d 00 3c |.9.....3.....=.<| +00000060 00 35 00 2f 00 ff 01 00 00 42 00 0b 00 04 03 00 |.5./.....B......| +00000070 01 02 00 0a 00 0a 00 08 00 1d 00 17 00 19 00 18 |................| +00000080 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 |... ............| +00000090 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 |................| +000000a0 02 02 02 03 00 16 00 00 00 17 00 00 |............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 14 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............| +000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)| +000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;| +000002c0 74 05 01 00 80 06 d4 bd e4 7b 10 77 89 d7 d4 d6 |t........{.w....| +000002d0 4e f6 3e 46 49 db ee 5c 4e bc ee fe cb 8b a6 9b |N.>FI..\N.......| +000002e0 5c f6 99 fb 31 96 60 a8 23 09 f6 31 65 53 f0 6e |\...1.`.#..1eS.n| +000002f0 07 5c 32 f9 59 5d 8b c0 b4 74 c8 01 85 8a b7 19 |.\2.Y]...t......| +00000300 ab 19 08 68 6a e8 2f 81 bd 04 9b 38 ab d9 27 66 |...hj./....8..'f| +00000310 d7 a5 3f 75 9c 4f 81 5b 9e 69 10 20 2b f2 1d a2 |..?u.O.[.i. +...| +00000320 8f fc 7f ba ee 5b 76 8b 19 3f 46 60 01 25 99 72 |.....[v..?F`.%.r| +00000330 78 24 02 8e 28 d5 24 f1 2e 6b 70 53 75 ec e2 8d |x$..(.$..kpSu...| +00000340 76 ab e0 8e e8 16 03 03 00 04 0e 00 00 00 |v.............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 21 75 22 84 bc b7 |....%...! !u"...| +00000010 82 b3 03 d2 42 ff b6 ce 76 26 88 bf 8f 72 fc dd |....B...v&...r..| +00000020 63 9b f1 4c 22 6d 12 cc d3 57 14 03 03 00 01 01 |c..L"m...W......| +00000030 16 03 03 00 40 20 2b 26 bd 60 1b 27 a1 32 cb ab |....@ +&.`.'.2..| +00000040 30 83 9c 47 59 7d f5 bb d9 45 8a d9 3e 29 86 4d |0..GY}...E..>).M| +00000050 54 86 48 38 25 d9 b9 af 36 7c 7a f0 ae f6 b6 4e |T.H8%...6|z....N| +00000060 a1 76 93 91 26 f3 c9 49 b5 6d 49 cf 22 97 bf c7 |.v..&..I.mI."...| +00000070 db 44 c8 7a e3 |.D.z.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 43 7c 61 f2 30 |...........C|a.0| +00000020 c6 4a c2 76 da 7d 84 c6 ed 5d ee 2e 9c 33 e4 3b |.J.v.}...]...3.;| +00000030 e3 a1 ea ee 44 02 4b f7 90 f6 0c 8b 45 d7 26 2e |....D.K.....E.&.| +00000040 4a 37 43 1d 93 44 79 e6 5d c5 8c 17 03 03 00 40 |J7C..Dy.]......@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 b2 e4 62 17 e2 d4 d8 73 2b ea 77 39 78 51 1a 86 |..b....s+.w9xQ..| +00000070 64 54 1f 36 9a cc a1 c0 d2 6d df b7 8a 2e 68 b0 |dT.6.....m....h.| +00000080 79 9a 9f a1 15 b1 78 fa db 2e 5a 43 0d fe 45 71 |y.....x...ZC..Eq| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 04 8c d0 bf 15 9f b4 55 22 b8 8e |............U"..| +000000b0 a5 a7 df ed bd b2 ab 88 71 38 bd b2 5d b4 5e 8e |........q8..].^.| +000000c0 54 fc e4 63 5a |T..cZ| diff --git a/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven b/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven new file mode 100644 index 0000000..7a950db --- /dev/null +++ b/testdata/Server-TLSv12-ClientAuthRequestedAndECDSAGiven @@ -0,0 +1,124 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 5d 01 00 00 59 03 03 8e 50 ff 02 c4 |....]...Y...P...| +00000010 3b 5e dd ee 59 d1 3a e1 db f1 30 f4 bb a7 8a 8c |;^..Y.:...0.....| +00000020 b2 d2 1a fd f8 a4 c9 e4 5f 41 e1 00 00 04 00 2f |........_A...../| +00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......| +00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................| +00000060 00 00 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 17 0d 00 00 13 02 01 40 |;..............@| +000002a0 00 0c 04 01 04 03 05 01 05 03 02 01 02 03 00 00 |................| +000002b0 16 03 03 00 04 0e 00 00 00 |.........| +>>> Flow 3 (client to server) +00000000 16 03 03 02 0a 0b 00 02 06 00 02 03 00 02 00 30 |...............0| +00000010 82 01 fc 30 82 01 5e 02 09 00 9a 30 84 6c 26 35 |...0..^....0.l&5| +00000020 d9 17 30 09 06 07 2a 86 48 ce 3d 04 01 30 45 31 |..0...*.H.=..0E1| +00000030 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 |.0...U....AU1.0.| +00000040 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 |..U....Some-Stat| +00000050 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 |e1!0...U....Inte| +00000060 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 |rnet Widgits Pty| +00000070 20 4c 74 64 30 1e 17 0d 31 32 31 31 31 34 31 33 | Ltd0...12111413| +00000080 32 35 35 33 5a 17 0d 32 32 31 31 31 32 31 33 32 |2553Z..221112132| +00000090 35 35 33 5a 30 41 31 0b 30 09 06 03 55 04 06 13 |553Z0A1.0...U...| +000000a0 02 41 55 31 0c 30 0a 06 03 55 04 08 13 03 4e 53 |.AU1.0...U....NS| +000000b0 57 31 10 30 0e 06 03 55 04 07 13 07 50 79 72 6d |W1.0...U....Pyrm| +000000c0 6f 6e 74 31 12 30 10 06 03 55 04 03 13 09 4a 6f |ont1.0...U....Jo| +000000d0 65 6c 20 53 69 6e 67 30 81 9b 30 10 06 07 2a 86 |el Sing0..0...*.| +000000e0 48 ce 3d 02 01 06 05 2b 81 04 00 23 03 81 86 00 |H.=....+...#....| +000000f0 04 00 95 8c 91 75 14 c0 5e c4 57 b4 d4 c3 6f 8d |.....u..^.W...o.| +00000100 ae 68 1e dd 6f ce 86 e1 7e 6e b2 48 3e 81 e5 4e |.h..o...~n.H>..N| +00000110 e2 c6 88 4b 64 dc f5 30 bb d3 ff 65 cc 5b f4 dd |...Kd..0...e.[..| +00000120 b5 6a 3e 3e d0 1d de 47 c3 76 ad 19 f6 45 2c 8c |.j>>...G.v...E,.| +00000130 bc d8 1d 01 4c 1f 70 90 46 76 48 8b 8f 83 cc 4a |....L.p.FvH....J| +00000140 5c 8f 40 76 da e0 89 ec 1d 2b c4 4e 30 76 28 41 |\.@v.....+.N0v(A| +00000150 b2 62 a8 fb 5b f1 f9 4e 7a 8d bd 09 b8 ae ea 8b |.b..[..Nz.......| +00000160 18 27 4f 2e 70 fe 13 96 ba c3 d3 40 16 cd 65 4e |.'O.p......@..eN| +00000170 ac 11 1e e6 f1 30 09 06 07 2a 86 48 ce 3d 04 01 |.....0...*.H.=..| +00000180 03 81 8c 00 30 81 88 02 42 00 e0 14 c4 60 60 0b |....0...B....``.| +00000190 72 68 b0 32 5d 61 4a 02 74 5c c2 81 b9 16 a8 3f |rh.2]aJ.t\.....?| +000001a0 29 c8 36 c7 81 ff 6c b6 5b d9 70 f1 38 3b 50 48 |).6...l.[.p.8;PH| +000001b0 28 94 cb 09 1a 52 f1 5d ee 8d f2 b9 f0 f0 da d9 |(....R.]........| +000001c0 15 3a f9 bd 03 7a 87 a2 23 35 ec 02 42 01 a3 d4 |.:...z..#5..B...| +000001d0 8a 78 35 1c 4a 9a 23 d2 0a be 2b 10 31 9d 9c 5f |.x5.J.#...+.1.._| +000001e0 be e8 91 b3 da 1a f5 5d a3 23 f5 26 8b 45 70 8d |.......].#.&.Ep.| +000001f0 65 62 9b 7e 01 99 3d 18 f6 10 9a 38 61 9b 2e 57 |eb.~..=....8a..W| +00000200 e4 fa cc b1 8a ce e2 23 a0 87 f0 e1 67 51 eb 16 |.......#....gQ..| +00000210 03 03 00 86 10 00 00 82 00 80 2b 80 6e 49 b8 ec |..........+.nI..| +00000220 12 7a 7c f3 2a d3 7e 16 a0 39 e5 77 61 7a 56 15 |.z|.*.~..9.wazV.| +00000230 97 c6 64 63 13 cf 09 d0 1b f5 b6 78 1d cb 86 4f |..dc.......x...O| +00000240 14 84 c9 e6 5d 3c 6b 61 5e 46 83 7e ef 1d 74 d4 |....]>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 93 a2 18 a9 e2 |................| +00000020 51 be f7 bd c0 05 64 51 0a 17 9d 58 11 d1 a6 b9 |Q.....dQ...X....| +00000030 6d 1e 42 16 e4 bc bf 09 f2 b9 29 20 74 8a cd 8a |m.B.......) t...| +00000040 b6 31 04 64 fb 5b 1f 83 c3 19 78 17 03 03 00 40 |.1.d.[....x....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 ee c4 d0 5d 69 37 2b fc dc 9c f1 77 df 44 6f da |...]i7+....w.Do.| +00000070 4e 22 05 05 3a 6c 32 a8 6c c2 fb ce ca a7 1b 54 |N"..:l2.l......T| +00000080 2a 25 ae cf 77 e4 47 21 33 b6 29 54 62 00 dd 30 |*%..w.G!3.)Tb..0| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 cf e1 fd e3 5f d3 19 cd 05 70 79 |........._....py| +000000b0 be 16 a5 26 18 f1 92 bc 73 bd 6f 4d 33 3d 6f 8a |...&....s.oM3=o.| +000000c0 13 51 7c 57 c7 |.Q|W.| diff --git a/testdata/Server-TLSv12-ClientAuthRequestedAndGiven b/testdata/Server-TLSv12-ClientAuthRequestedAndGiven new file mode 100644 index 0000000..c81acc8 --- /dev/null +++ b/testdata/Server-TLSv12-ClientAuthRequestedAndGiven @@ -0,0 +1,123 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 5d 01 00 00 59 03 03 f3 3a db 98 ff |....]...Y...:...| +00000010 29 a2 30 75 53 87 b3 5f 00 b5 9f 77 4d 88 38 ea |).0uS.._...wM.8.| +00000020 e9 87 f4 a4 e4 da dd 73 00 47 d1 00 00 04 00 2f |.......s.G...../| +00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......| +00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................| +00000060 00 00 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 17 0d 00 00 13 02 01 40 |;..............@| +000002a0 00 0c 04 01 04 03 05 01 05 03 02 01 02 03 00 00 |................| +000002b0 16 03 03 00 04 0e 00 00 00 |.........| +>>> Flow 3 (client to server) +00000000 16 03 03 01 fd 0b 00 01 f9 00 01 f6 00 01 f3 30 |...............0| +00000010 82 01 ef 30 82 01 58 a0 03 02 01 02 02 10 5c 19 |...0..X.......\.| +00000020 c1 89 65 83 55 6f dc 0b c9 b9 93 9f e9 bc 30 0d |..e.Uo........0.| +00000030 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 12 31 |..*.H........0.1| +00000040 10 30 0e 06 03 55 04 0a 13 07 41 63 6d 65 20 43 |.0...U....Acme C| +00000050 6f 30 1e 17 0d 31 36 30 38 31 37 32 31 35 32 33 |o0...16081721523| +00000060 31 5a 17 0d 31 37 30 38 31 37 32 31 35 32 33 31 |1Z..170817215231| +00000070 5a 30 12 31 10 30 0e 06 03 55 04 0a 13 07 41 63 |Z0.1.0...U....Ac| +00000080 6d 65 20 43 6f 30 81 9f 30 0d 06 09 2a 86 48 86 |me Co0..0...*.H.| +00000090 f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 |...........0....| +000000a0 81 00 ba 6f aa 86 bd cf bf 9f f2 ef 5c 94 60 78 |...o........\.`x| +000000b0 6f e8 13 f2 d1 96 6f cd d9 32 6e 22 37 ce 41 f9 |o.....o..2n"7.A.| +000000c0 ca 5d 29 ac e1 27 da 61 a2 ee 81 cb 10 c7 df 34 |.])..'.a.......4| +000000d0 58 95 86 e9 3d 19 e6 5c 27 73 60 c8 8d 78 02 f4 |X...=..\'s`..x..| +000000e0 1d a4 98 09 a3 19 70 69 3c 25 62 66 2a ab 22 23 |......pi<%bf*."#| +000000f0 c5 7b 85 38 4f 2e 09 73 32 a7 bd 3e 9b ad ca 84 |.{.8O..s2..>....| +00000100 07 e6 0f 3a ff 77 c5 9d 41 85 00 8a b6 9b ee b0 |...:.w..A.......| +00000110 a4 3f 2d 4c 4c e6 42 3e bb 51 c8 dd 48 54 f4 0c |.?-LL.B>.Q..HT..| +00000120 8e 47 02 03 01 00 01 a3 46 30 44 30 0e 06 03 55 |.G......F0D0...U| +00000130 1d 0f 01 01 ff 04 04 03 02 05 a0 30 13 06 03 55 |...........0...U| +00000140 1d 25 04 0c 30 0a 06 08 2b 06 01 05 05 07 03 01 |.%..0...+.......| +00000150 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 0f |0...U.......0.0.| +00000160 06 03 55 1d 11 04 08 30 06 87 04 7f 00 00 01 30 |..U....0.......0| +00000170 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 03 81 |...*.H..........| +00000180 81 00 46 ab 44 a2 fb 28 54 f8 5a 67 f8 62 94 f1 |..F.D..(T.Zg.b..| +00000190 9a b2 18 9e f2 b1 de 1d 7e 6f 76 95 a9 ba e7 5d |........~ov....]| +000001a0 a8 16 6c 9c f7 09 d3 37 e4 4b 2b 36 7c 01 ad 41 |..l....7.K+6|..A| +000001b0 d2 32 d8 c3 d2 93 f9 10 6b 8e 95 b9 2c 17 8a a3 |.2......k...,...| +000001c0 44 48 bc 59 13 83 16 04 88 a4 81 5c 25 0d 98 0c |DH.Y.......\%...| +000001d0 ac 11 b1 28 56 be 1d cd 61 62 84 09 bf d6 80 c6 |...(V...ab......| +000001e0 45 8d 82 2c b4 d8 83 9b db c9 22 b7 2a 12 11 7b |E..,......".*..{| +000001f0 fa 02 3b c1 c9 ff ea c9 9d a8 49 d3 95 d7 d5 0e |..;.......I.....| +00000200 e5 35 16 03 03 00 86 10 00 00 82 00 80 47 31 82 |.5...........G1.| +00000210 ae c1 d2 74 3f a4 74 5a 57 16 ae e2 d0 46 72 53 |...t?.tZW....FrS| +00000220 e1 5e 6a e8 e4 d5 8c 84 2b d9 82 c1 4a da 9e 1d |.^j.....+...J...| +00000230 a0 da 60 08 0d 35 0c 55 6d 6a 68 04 09 ee 94 39 |..`..5.Umjh....9| +00000240 c7 a3 49 7f 2c ee 6a cf 09 01 bd 08 d3 59 0a bd |..I.,.j......Y..| +00000250 7f 6c d3 26 eb be 7b fd 9b 17 fd e2 6e 82 d1 c7 |.l.&..{.....n...| +00000260 dd c3 64 8c 87 f0 41 f2 71 75 f1 0a 01 26 5b 97 |..d...A.qu...&[.| +00000270 94 ba ac 50 df 19 32 39 80 ae 14 ea 4a d2 e5 9f |...P..29....J...| +00000280 5d 07 9f 2d 89 ac 83 33 40 aa 8e cc 2c 16 03 03 |]..-...3@...,...| +00000290 00 88 0f 00 00 84 04 01 00 80 7d 37 8b 6f be e9 |..........}7.o..| +000002a0 e7 fa 4c 28 cf 16 0d 28 40 e9 f2 9a 11 22 fc 8a |..L(...(@...."..| +000002b0 2c 52 f7 36 af 1a cf d7 8a f8 17 19 9f ed 9d 1d |,R.6............| +000002c0 43 f9 e2 fb 0f dd ca d6 1d 4c 03 4e 25 8d 5c 4c |C........L.N%.\L| +000002d0 95 98 02 db cf ea 44 2a ad 36 74 e3 08 07 e3 9a |......D*.6t.....| +000002e0 50 6c dc 46 a1 f5 84 9b 65 7f 48 94 b5 de cc a9 |Pl.F....e.H.....| +000002f0 cf ee 0e 31 f2 f8 6f 8f 19 4b 29 14 b4 32 1d 21 |...1..o..K)..2.!| +00000300 02 d2 da 64 68 e8 a1 72 cc ee 64 48 d8 74 e5 64 |...dh..r..dH.t.d| +00000310 90 b3 50 cc 3e 25 0e b1 88 53 14 03 03 00 01 01 |..P.>%...S......| +00000320 16 03 03 00 40 6a 61 6b 3e ea 63 2c b8 26 95 e2 |....@jak>.c,.&..| +00000330 5f 83 e3 c3 cd c3 b7 a8 0b 76 81 8a 5b 46 ff 41 |_........v..[F.A| +00000340 c2 02 eb 21 85 31 b9 ba 2e 30 e7 6e 8d 1c 49 15 |...!.1...0.n..I.| +00000350 af a0 a7 67 62 b7 42 8c fa a8 04 8c 23 7a 3d 39 |...gb.B.....#z=9| +00000360 74 18 70 2b 99 |t.p+.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 a6 5b 7c b0 91 |............[|..| +00000020 53 f6 d5 e4 34 71 4f 64 2a 03 9d 75 62 d9 8d a8 |S...4qOd*..ub...| +00000030 39 7b e1 d8 31 80 26 db 14 f3 3a 52 66 7d 12 31 |9{..1.&...:Rf}.1| +00000040 29 14 7f a1 39 b6 1c e0 c9 55 6e 17 03 03 00 40 |)...9....Un....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 5e 00 64 9b 25 cd 74 94 b7 65 6e 83 8e 5b 68 e8 |^.d.%.t..en..[h.| +00000070 59 4c f0 31 8b f2 0c 59 2a ff 11 8e 43 d4 73 fd |YL.1...Y*...C.s.| +00000080 b3 2a 76 59 25 52 32 76 bd 2e 1d 4d 0a 53 d7 c2 |.*vY%R2v...M.S..| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 23 96 6e 7d 41 bb 51 4f 40 52 07 |.....#.n}A.QO@R.| +000000b0 90 cc 6c bd c0 bb 99 d4 8a 91 7b 8a f3 24 ef 71 |..l.......{..$.q| +000000c0 20 d4 98 b0 14 | ....| diff --git a/testdata/Server-TLSv12-ClientAuthRequestedNotGiven b/testdata/Server-TLSv12-ClientAuthRequestedNotGiven new file mode 100644 index 0000000..091de90 --- /dev/null +++ b/testdata/Server-TLSv12-ClientAuthRequestedNotGiven @@ -0,0 +1,83 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 5d 01 00 00 59 03 03 41 24 db 27 37 |....]...Y..A$.'7| +00000010 2e 1e a8 61 b7 7f 08 f1 83 84 fb d5 a2 96 e0 53 |...a...........S| +00000020 1a 2b cd 8e 50 38 7b a5 64 d8 92 00 00 04 00 2f |.+..P8{.d....../| +00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......| +00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................| +00000060 00 00 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 17 0d 00 00 13 02 01 40 |;..............@| +000002a0 00 0c 04 01 04 03 05 01 05 03 02 01 02 03 00 00 |................| +000002b0 16 03 03 00 04 0e 00 00 00 |.........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 07 0b 00 00 03 00 00 00 16 03 03 00 |................| +00000010 86 10 00 00 82 00 80 61 2e 6b ad 77 48 8d 2f 0e |.......a.k.wH./.| +00000020 e6 27 64 fd 95 22 72 68 80 8e 2b 0e b2 0f cc be |.'d.."rh..+.....| +00000030 19 31 93 1d d3 0a fb 00 da 50 26 66 17 59 6b e9 |.1.......P&f.Yk.| +00000040 7e 16 4e 24 ba 68 0a 0c 69 2f 03 74 34 50 12 85 |~.N$.h..i/.t4P..| +00000050 4a f0 6c 52 d4 dd 13 18 c7 a4 9d ea f0 c6 94 d9 |J.lR............| +00000060 ae fe 19 6c 83 dd ed 38 e3 d2 21 18 e6 76 11 e7 |...l...8..!..v..| +00000070 62 13 8b 56 65 e0 f6 61 d9 db 7c 7b 5b 57 13 3d |b..Ve..a..|{[W.=| +00000080 58 64 67 8d 9f 3f 6a a0 70 c5 c6 d0 db eb 17 3f |Xdg..?j.p......?| +00000090 6c 58 d7 c3 ba ec 4c 14 03 03 00 01 01 16 03 03 |lX....L.........| +000000a0 00 40 6e 24 1b a4 b3 e7 d4 c2 7e cb bd 82 2d 4c |.@n$......~...-L| +000000b0 a8 f1 5e 81 c8 61 a6 2c 6a e3 6d 30 7f fa c7 f3 |..^..a.,j.m0....| +000000c0 f6 b1 b1 4f 0b 23 9a fd 66 81 48 97 4b 0f 88 07 |...O.#..f.H.K...| +000000d0 37 7b 97 b0 62 6c 2a e1 47 65 e9 f9 cd c1 79 99 |7{..bl*.Ge....y.| +000000e0 6d 84 |m.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 40 c6 62 4e 26 |...........@.bN&| +00000020 e7 32 09 ba d6 3b 71 79 8e 75 ee fb af 09 db c5 |.2...;qy.u......| +00000030 a5 8b cd 1f 90 f3 65 86 4a b4 b1 9a e8 1e 80 f6 |......e.J.......| +00000040 ad db bd c2 9f ec 98 42 0b 37 30 17 03 03 00 40 |.......B.70....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 a9 74 3c 13 87 f4 cf 77 be 07 c2 a1 e0 47 4e 52 |.t<....w.....GNR| +00000070 c2 86 da 08 c2 93 21 80 4c 19 51 cc 0d 76 49 75 |......!.L.Q..vIu| +00000080 0b 48 3d e0 e2 01 93 4b f1 73 91 17 aa 00 b5 71 |.H=....K.s.....q| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 1f 2f 2d d7 39 06 c4 59 49 80 66 |....../-.9..YI.f| +000000b0 6c 35 2e a7 45 ee 0a 05 4b 1e 7f 78 5d cd 24 2c |l5..E...K..x].$,| +000000c0 0a 3e 55 1c 7d |.>U.}| diff --git a/testdata/Server-TLSv12-ECDHE-ECDSA-AES b/testdata/Server-TLSv12-ECDHE-ECDSA-AES new file mode 100644 index 0000000..b412980 --- /dev/null +++ b/testdata/Server-TLSv12-ECDHE-ECDSA-AES @@ -0,0 +1,82 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 73 01 00 00 6f 03 03 f0 4f 82 cc 2a |....s...o...O..*| +00000010 27 0b 7f 2e e4 af 6d ba 4e fe 61 99 fc 0a 44 ee |'.....m.N.a...D.| +00000020 c0 4e 7b 3a 7c f0 6d 12 b7 7d 9e 00 00 04 c0 0a |.N{:|.m..}......| +00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........| +00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... | +00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................| +00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................| +00000070 00 16 00 00 00 17 00 00 |........| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 0a 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 03 02 0e 0b 00 02 0a 00 |................| +00000040 02 07 00 02 04 30 82 02 00 30 82 01 62 02 09 00 |.....0...0..b...| +00000050 b8 bf 2d 47 a0 d2 eb f4 30 09 06 07 2a 86 48 ce |..-G....0...*.H.| +00000060 3d 04 01 30 45 31 0b 30 09 06 03 55 04 06 13 02 |=..0E1.0...U....| +00000070 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f 6d |AU1.0...U....Som| +00000080 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 0a |e-State1!0...U..| +00000090 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 69 |..Internet Widgi| +000000a0 74 73 20 50 74 79 20 4c 74 64 30 1e 17 0d 31 32 |ts Pty Ltd0...12| +000000b0 31 31 32 32 31 35 30 36 33 32 5a 17 0d 32 32 31 |1122150632Z..221| +000000c0 31 32 30 31 35 30 36 33 32 5a 30 45 31 0b 30 09 |120150632Z0E1.0.| +000000d0 06 03 55 04 06 13 02 41 55 31 13 30 11 06 03 55 |..U....AU1.0...U| +000000e0 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 |....Some-State1!| +000000f0 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 |0...U....Interne| +00000100 74 20 57 69 64 67 69 74 73 20 50 74 79 20 4c 74 |t Widgits Pty Lt| +00000110 64 30 81 9b 30 10 06 07 2a 86 48 ce 3d 02 01 06 |d0..0...*.H.=...| +00000120 05 2b 81 04 00 23 03 81 86 00 04 00 c4 a1 ed be |.+...#..........| +00000130 98 f9 0b 48 73 36 7e c3 16 56 11 22 f2 3d 53 c3 |...Hs6~..V.".=S.| +00000140 3b 4d 21 3d cd 6b 75 e6 f6 b0 dc 9a df 26 c1 bc |;M!=.ku......&..| +00000150 b2 87 f0 72 32 7c b3 64 2f 1c 90 bc ea 68 23 10 |...r2|.d/....h#.| +00000160 7e fe e3 25 c0 48 3a 69 e0 28 6d d3 37 00 ef 04 |~..%.H:i.(m.7...| +00000170 62 dd 0d a0 9c 70 62 83 d8 81 d3 64 31 aa 9e 97 |b....pb....d1...| +00000180 31 bd 96 b0 68 c0 9b 23 de 76 64 3f 1a 5c 7f e9 |1...h..#.vd?.\..| +00000190 12 0e 58 58 b6 5f 70 dd 9b d8 ea d5 d7 f5 d5 cc |..XX._p.........| +000001a0 b9 b6 9f 30 66 5b 66 9a 20 e2 27 e5 bf fe 3b 30 |...0f[f. .'...;0| +000001b0 09 06 07 2a 86 48 ce 3d 04 01 03 81 8c 00 30 81 |...*.H.=......0.| +000001c0 88 02 42 01 88 a2 4f eb e2 45 c5 48 7d 1b ac f5 |..B...O..E.H}...| +000001d0 ed 98 9d ae 47 70 c0 5e 1b b6 2f bd f1 b6 4d b7 |....Gp.^../...M.| +000001e0 61 40 d3 11 a2 ce ee 0b 7e 92 7e ff 76 9d c3 3b |a@......~.~.v..;| +000001f0 7e a5 3f ce fa 10 e2 59 ec 47 2d 7c ac da 4e 97 |~.?....Y.G-|..N.| +00000200 0e 15 a0 6f d0 02 42 01 4d fc be 67 13 9c 2d 05 |...o..B.M..g..-.| +00000210 0e bd 3f a3 8c 25 c1 33 13 83 0d 94 06 bb d4 37 |..?..%.3.......7| +00000220 7a f6 ec 7a c9 86 2e dd d7 11 69 7f 85 7c 56 de |z..z......i..|V.| +00000230 fb 31 78 2b e4 c7 78 0d ae cb be 9e 4e 36 24 31 |.1x+..x.....N6$1| +00000240 7b 6a 0f 39 95 12 07 8f 2a 16 03 03 00 b7 0c 00 |{j.9....*.......| +00000250 00 b3 03 00 1d 20 2f e5 7d a3 47 cd 62 43 15 28 |..... /.}.G.bC.(| +00000260 da ac 5f bb 29 07 30 ff f6 84 af c4 cf c2 ed 90 |.._.).0.........| +00000270 99 5f 58 cb 3b 74 05 03 00 8b 30 81 88 02 42 01 |._X.;t....0...B.| +00000280 2d d4 82 80 01 6b e6 8c 6a 2a b3 09 1b 0d 86 e6 |-....k..j*......| +00000290 62 92 85 46 d9 e3 b2 e9 f1 5e 77 c2 27 fd 2b 68 |b..F.....^w.'.+h| +000002a0 6a e1 3d e2 42 d2 86 96 42 b1 3b 50 7b e2 2c 34 |j.=.B...B.;P{.,4| +000002b0 d3 e7 f6 14 89 48 eb 5c 9a 98 98 ab f3 db 85 06 |.....H.\........| +000002c0 cb 02 42 00 df 42 94 63 a5 ff 43 a5 20 5d 83 09 |..B..B.c..C. ]..| +000002d0 88 7d 10 ff ec 32 33 28 1d 43 b2 d2 bf 39 0c 63 |.}...23(.C...9.c| +000002e0 9a c0 f8 0e 9f 71 a7 9a 5d 27 1a 5c f2 36 80 b3 |.....q..]'.\.6..| +000002f0 71 0f d3 c0 fd 0d 5d 02 90 c4 9d 90 db 74 ad f6 |q.....]......t..| +00000300 22 8f 6b 9d 55 16 03 03 00 04 0e 00 00 00 |".k.U.........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 af 52 73 d4 46 4d |....%...! .Rs.FM| +00000010 bc 0e dd 56 1f 7f 72 ce 6c 99 b9 64 53 7d 53 8d |...V..r.l..dS}S.| +00000020 0c a4 75 8c 83 3b 4b 76 2d 4f 14 03 03 00 01 01 |..u..;Kv-O......| +00000030 16 03 03 00 40 a0 ef 9f 54 a8 ab 7c 5b 4a a1 b2 |....@...T..|[J..| +00000040 5d 5b 6a d7 a7 32 35 46 58 d0 ba 38 6f 94 6e 9a |][j..25FX..8o.n.| +00000050 41 16 82 ed 4d 39 c4 ff 06 bf 2c 67 47 70 56 4e |A...M9....,gGpVN| +00000060 c5 ac 7f a0 5d d9 89 82 7a d9 36 07 55 b3 20 f4 |....]...z.6.U. .| +00000070 b2 73 cf c3 7d |.s..}| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 73 5f db 9e 08 |...........s_...| +00000020 10 38 3b c0 95 6b dd fc 16 b2 d1 db 63 13 ca d5 |.8;..k......c...| +00000030 b5 be 5a 1d 74 b5 75 f3 a2 63 59 be a7 d0 ab 0d |..Z.t.u..cY.....| +00000040 d3 43 83 8a 1d 59 ed fd ea f0 b9 17 03 03 00 40 |.C...Y.........@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 cf 20 4f 4f bf c4 00 05 1e ca 7f 6f 69 77 e9 52 |. OO.......oiw.R| +00000070 14 61 02 6d f1 c0 ad 7c 1a 34 cf b2 7a 58 4a 70 |.a.m...|.4..zXJp| +00000080 11 36 5f e9 21 62 cb eb 8f e7 11 04 bf 66 03 69 |.6_.!b.......f.i| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 f5 35 92 09 6c 45 c0 27 95 98 a9 |......5..lE.'...| +000000b0 86 56 53 1f a8 01 d5 0b 79 0e 91 15 3b 9a 07 21 |.VS.....y...;..!| +000000c0 cb ce f0 2b 6a |...+j| diff --git a/testdata/Server-TLSv12-IssueTicket b/testdata/Server-TLSv12-IssueTicket new file mode 100644 index 0000000..feced4b --- /dev/null +++ b/testdata/Server-TLSv12-IssueTicket @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 61 01 00 00 5d 03 03 b1 be 1f 18 b6 |....a...].......| +00000010 a2 5d 4f 2f a0 e5 3b c4 4a 2d 76 bd 98 92 32 85 |.]O/..;.J-v...2.| +00000020 9d 6b 9e 10 4b fc 03 7b fb bc e4 00 00 04 00 2f |.k..K..{......./| +00000030 00 ff 01 00 00 30 00 23 00 00 00 0d 00 20 00 1e |.....0.#..... ..| +00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| +00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................| +00000060 00 00 00 17 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.| +00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..| +00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.| +00000060 a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |.0...*.H........| +00000070 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 |0.1.0...U....Go1| +00000080 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f 6f |.0...U....Go Roo| +00000090 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 30 |t0...16010100000| +000000a0 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 30 |0Z..250101000000| +000000b0 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |Z0.1.0...U....Go| +000000c0 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 9f |1.0...U....Go0..| +000000d0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 |0...*.H.........| +000000e0 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e 12 |...0.......F}...| +000000f0 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 |'.H..(!.~...]..R| +00000100 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be 97 |E.z6G....B[.....| +00000110 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 |y.@.Om..+.....g.| +00000120 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 |...."8.J.ts+.4..| +00000130 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 |....t{.X.la<..A.| +00000140 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 cf |.++$#w[.;.u]. T.| +00000150 a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 |.c...$....P....C| +00000160 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 a3 |...ub...R.......| +00000170 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff 04 |..0..0...U......| +00000180 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 |.....0...U.%..0.| +00000190 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 |..+.........+...| +000001a0 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 |....0...U.......| +000001b0 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 16 |0.0...U.........| +000001c0 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 |.CC>I..m....`0..| +000001d0 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 7e |.U.#..0...H.IM.~| +000001e0 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 1d |.1......n{0...U.| +000001f0 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e 67 |...0...example.g| +00000200 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d 01 |olang0...*.H....| +00000210 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 |.........0.@+[P.| +00000220 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 |a...SX...(.X..8.| +00000230 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 |...1Z..f=C.-....| +00000240 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 20 |.. d8.$:....}.@ | +00000250 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c |._...a..v......\| +00000260 ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c |.....l..s..Cw...| +00000270 f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 06 |....@.a.Lr+...F.| +00000280 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 |.M...>...B...=.`| +00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e 00 00 |.\!.;...........| +000002a0 00 |.| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 8f f0 5a 2f 01 |.............Z/.| +00000010 99 79 e6 f2 a0 31 a4 02 d8 c0 1e 70 e8 67 58 bd |.y...1.....p.gX.| +00000020 a0 2a 37 3a 3c 2d 45 53 e7 d2 7d 94 16 ea 10 5c |.*7:<-ES..}....\| +00000030 07 91 36 87 ab f6 d1 7a c7 40 a7 7f 23 1b ef 33 |..6....z.@..#..3| +00000040 80 ea 7d 75 d3 62 de 7d d2 6b cf 90 54 0f e7 02 |..}u.b.}.k..T...| +00000050 03 85 ef 38 f4 e9 88 8f e4 7c 8c ac 95 e6 88 f4 |...8.....|......| +00000060 05 f7 c7 89 4a 64 de 34 5f 09 c2 84 19 36 c1 42 |....Jd.4_....6.B| +00000070 ea 03 69 38 7e 32 10 8a b5 cf c7 2f 8e c6 5f 29 |..i8~2...../.._)| +00000080 4e 8a 8e d4 17 6c 9c 18 7b ea df 14 03 03 00 01 |N....l..{.......| +00000090 01 16 03 03 00 40 5f 50 47 5a 97 52 9d 11 b5 db |.....@_PGZ.R....| +000000a0 ab 7b b9 e3 74 52 c5 cd f4 73 18 cf 12 c4 fe 07 |.{..tR...s......| +000000b0 88 5f a9 18 7a 12 23 67 ec 72 07 9f 19 b5 bf 52 |._..z.#g.r.....R| +000000c0 2f dd 26 66 25 98 8c 5a 07 0f 26 c1 b0 38 6c 01 |/.&f%..Z..&..8l.| +000000d0 e4 f4 ee dd b3 72 |.....r| +>>> Flow 4 (server to client) +00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f 2c 9f 83 61 0b b1 b7 9e 10 2d 0c 56 e8 70 66 |o,..a.....-.V.pf| +00000040 ad de b1 15 74 2f 8b 08 8c 96 bb 4b 1b 4e dd 81 |....t/.....K.N..| +00000050 0e bf 84 4d 43 8f c0 7e a0 7f be c0 59 bf 83 26 |...MC..~....Y..&| +00000060 0f a2 22 52 2c 33 94 5a 77 54 f3 b5 f2 22 51 d5 |.."R,3.ZwT..."Q.| +00000070 24 c2 60 c3 2e 0f 9c 5e 33 3b e8 7c 52 2a 76 08 |$.`....^3;.|R*v.| +00000080 58 ac 47 98 bc 36 b6 14 03 03 00 01 01 16 03 03 |X.G..6..........| +00000090 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |.@..............| +000000a0 00 00 31 fa c3 6c 95 c0 86 a5 55 30 41 c3 2d 6b |..1..l....U0A.-k| +000000b0 a5 00 0b af 33 63 de 80 01 3d 7a 38 8e a7 f4 b1 |....3c...=z8....| +000000c0 2d bb e3 1d 1a b4 61 18 b5 d9 d1 7f d1 9a e7 e8 |-.....a.........| +000000d0 49 ee 17 03 03 00 40 00 00 00 00 00 00 00 00 00 |I.....@.........| +000000e0 00 00 00 00 00 00 00 a6 d5 e4 a8 9b d3 7d 72 1c |.............}r.| +000000f0 ff 14 03 68 34 c9 ca 0d 2e 80 a1 09 f7 92 f6 86 |...h4...........| +00000100 44 22 e8 1c ea e9 dd cc a7 92 9a 72 ec 22 5b 82 |D".........r."[.| +00000110 7b 43 02 f7 fa 59 7b 15 03 03 00 30 00 00 00 00 |{C...Y{....0....| +00000120 00 00 00 00 00 00 00 00 00 00 00 00 5f ab 03 1d |............_...| +00000130 08 72 07 6d 78 66 5b 18 ec 3a b7 ea 75 96 ce 95 |.r.mxf[..:..u...| +00000140 0c c9 6f 86 91 14 30 d6 2e 5d b1 b4 |..o...0..]..| diff --git a/testdata/Server-TLSv12-IssueTicketPreDisable b/testdata/Server-TLSv12-IssueTicketPreDisable new file mode 100644 index 0000000..467e332 --- /dev/null +++ b/testdata/Server-TLSv12-IssueTicketPreDisable @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 61 01 00 00 5d 03 03 91 2f b7 db 1e |....a...].../...| +00000010 41 ac c6 17 1d 0f 0c 8e 86 15 e0 de e9 c8 6b f5 |A.............k.| +00000020 69 c7 bf ad ff 63 58 2b b1 79 a6 00 00 04 00 2f |i....cX+.y...../| +00000030 00 ff 01 00 00 30 00 23 00 00 00 0d 00 20 00 1e |.....0.#..... ..| +00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| +00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................| +00000060 00 00 00 17 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 09 00 23 00 00 ff 01 00 01 00 16 03 03 02 59 0b |..#...........Y.| +00000040 00 02 55 00 02 52 00 02 4f 30 82 02 4b 30 82 01 |..U..R..O0..K0..| +00000050 b4 a0 03 02 01 02 02 09 00 e8 f0 9d 3f e2 5b ea |............?.[.| +00000060 a6 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |.0...*.H........| +00000070 30 1f 31 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 |0.1.0...U....Go1| +00000080 10 30 0e 06 03 55 04 03 13 07 47 6f 20 52 6f 6f |.0...U....Go Roo| +00000090 74 30 1e 17 0d 31 36 30 31 30 31 30 30 30 30 30 |t0...16010100000| +000000a0 30 5a 17 0d 32 35 30 31 30 31 30 30 30 30 30 30 |0Z..250101000000| +000000b0 5a 30 1a 31 0b 30 09 06 03 55 04 0a 13 02 47 6f |Z0.1.0...U....Go| +000000c0 31 0b 30 09 06 03 55 04 03 13 02 47 6f 30 81 9f |1.0...U....Go0..| +000000d0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 |0...*.H.........| +000000e0 81 8d 00 30 81 89 02 81 81 00 db 46 7d 93 2e 12 |...0.......F}...| +000000f0 27 06 48 bc 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 |'.H..(!.~...]..R| +00000100 45 88 7a 36 47 a5 08 0d 92 42 5b c2 81 c0 be 97 |E.z6G....B[.....| +00000110 79 98 40 fb 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 |y.@.Om..+.....g.| +00000120 d4 09 9e d6 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 |...."8.J.ts+.4..| +00000130 93 e5 96 d9 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 |....t{.X.la<..A.| +00000140 d9 2b 2b 24 23 77 5b 1c 3b bd 75 5d ce 20 54 cf |.++$#w[.;.u]. T.| +00000150 a1 63 87 1d 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 |.c...$....P....C| +00000160 ed 97 a7 75 62 f4 14 c8 52 d7 02 03 01 00 01 a3 |...ub...R.......| +00000170 81 93 30 81 90 30 0e 06 03 55 1d 0f 01 01 ff 04 |..0..0...U......| +00000180 04 03 02 05 a0 30 1d 06 03 55 1d 25 04 16 30 14 |.....0...U.%..0.| +00000190 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 |..+.........+...| +000001a0 05 07 03 02 30 0c 06 03 55 1d 13 01 01 ff 04 02 |....0...U.......| +000001b0 30 00 30 19 06 03 55 1d 0e 04 12 04 10 9f 91 16 |0.0...U.........| +000001c0 1f 43 43 3e 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 |.CC>I..m....`0..| +000001d0 03 55 1d 23 04 14 30 12 80 10 48 13 49 4d 13 7e |.U.#..0...H.IM.~| +000001e0 16 31 bb a3 01 d5 ac ab 6e 7b 30 19 06 03 55 1d |.1......n{0...U.| +000001f0 11 04 12 30 10 82 0e 65 78 61 6d 70 6c 65 2e 67 |...0...example.g| +00000200 6f 6c 61 6e 67 30 0d 06 09 2a 86 48 86 f7 0d 01 |olang0...*.H....| +00000210 01 0b 05 00 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 |.........0.@+[P.| +00000220 61 cb ba e5 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 |a...SX...(.X..8.| +00000230 95 a1 ac 31 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 |...1Z..f=C.-....| +00000240 df d3 20 64 38 92 24 3a 00 bc cf 9c 7d b7 40 20 |.. d8.$:....}.@ | +00000250 01 5f aa d3 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c |._...a..v......\| +00000260 ee b1 87 82 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c |.....l..s..Cw...| +00000270 f1 0f a1 d8 40 83 61 c9 4c 72 2b 9d ae db 46 06 |....@.a.Lr+...F.| +00000280 06 4d f4 c1 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 |.M...>...B...=.`| +00000290 84 5c 21 d3 3b e9 fa e7 16 03 03 00 04 0e 00 00 |.\!.;...........| +000002a0 00 |.| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 c5 0c 17 b1 b2 |................| +00000010 65 0b b7 7b 45 6f cb 7d b4 9c 5c 82 3a 1a 75 11 |e..{Eo.}..\.:.u.| +00000020 22 6f 41 3a 81 e2 81 2e 74 f8 70 61 fd e1 7c ce |"oA:....t.pa..|.| +00000030 bf 06 d7 29 77 07 b3 9d cc 33 25 53 17 12 43 ae |...)w....3%S..C.| +00000040 4f df ad a4 3e 49 6e 97 50 b6 23 d0 fa 3d a6 bc |O...>In.P.#..=..| +00000050 38 d8 5f 2b 45 a7 d0 aa cd b1 39 03 8f 62 9e 46 |8._+E.....9..b.F| +00000060 50 d4 83 1d b8 76 41 29 d4 40 9a 65 41 8d 1c f0 |P....vA).@.eA...| +00000070 d4 4d 88 d2 5e 42 ec c8 86 d6 fd df 65 d8 f1 82 |.M..^B......e...| +00000080 8f 6a 80 31 1a 0e fc 13 2b 90 a8 14 03 03 00 01 |.j.1....+.......| +00000090 01 16 03 03 00 40 50 ad ed 91 c4 6a ed f8 aa 06 |.....@P....j....| +000000a0 9e 13 03 38 bf 83 ef 4b 8e d5 89 d4 a3 f8 d9 8d |...8...K........| +000000b0 bb 88 72 a6 16 f6 5d d5 ca 55 bb e4 76 47 08 35 |..r...]..U..vG.5| +000000c0 b9 fb 92 a4 0a b9 36 d7 62 44 81 e8 cf db ad 9a |......6.bD......| +000000d0 6d 72 c0 af 70 bd |mr..p.| +>>> Flow 4 (server to client) +00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP| +00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................| +00000030 6f 2c 9f 83 61 2e fe 48 fe f6 bb 98 a0 6f b0 be |o,..a..H.....o..| +00000040 9e 86 d7 b2 f2 67 c7 44 c7 3d e4 2b de d0 f4 d2 |.....g.D.=.+....| +00000050 17 51 84 8e 7a a7 80 c4 65 14 f7 49 09 68 15 56 |.Q..z...e..I.h.V| +00000060 68 32 41 d1 6f 33 94 a1 3a c9 37 20 5d e6 b0 6f |h2A.o3..:.7 ]..o| +00000070 37 0a 10 e3 28 e1 34 b6 6d e6 7a 44 24 7f 2f cf |7...(.4.m.zD$./.| +00000080 1b ae dd 4c d0 11 75 14 03 03 00 01 01 16 03 03 |...L..u.........| +00000090 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |.@..............| +000000a0 00 00 7e 4a 31 e8 7d c6 eb 34 56 3b 62 0c 11 a2 |..~J1.}..4V;b...| +000000b0 f0 bd 9b 9a 4c c9 39 2d ed 21 dd 0c 72 3a 92 e1 |....L.9-.!..r:..| +000000c0 0f b3 7f 71 c5 cf 2a 6f 68 bc 8e 84 7e d5 10 2e |...q..*oh...~...| +000000d0 c3 d4 17 03 03 00 40 00 00 00 00 00 00 00 00 00 |......@.........| +000000e0 00 00 00 00 00 00 00 43 76 cc 74 b3 1c 89 c0 6b |.......Cv.t....k| +000000f0 96 f7 2c 84 c1 0a 6e d6 7f b4 76 76 2c 2f 74 6a |..,...n...vv,/tj| +00000100 c7 4e 18 69 1c 97 cd ca f2 7a 33 01 3e 6f bb 54 |.N.i.....z3.>o.T| +00000110 49 4e 8e 1d f4 13 74 15 03 03 00 30 00 00 00 00 |IN....t....0....| +00000120 00 00 00 00 00 00 00 00 00 00 00 00 2d 70 b1 13 |............-p..| +00000130 a9 e3 72 ca 05 8e 8d b7 f4 97 de 58 46 aa 2a 9c |..r........XF.*.| +00000140 2f 8c 3e 59 7b 64 e5 51 61 7f a6 39 |/.>Y{d.Qa..9| diff --git a/testdata/Server-TLSv12-RSA-3DES b/testdata/Server-TLSv12-RSA-3DES new file mode 100644 index 0000000..af50381 --- /dev/null +++ b/testdata/Server-TLSv12-RSA-3DES @@ -0,0 +1,76 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 5d 01 00 00 59 03 03 0c fb 72 82 e5 |....]...Y....r..| +00000010 9a 04 90 c8 0d 73 25 9a 3f 88 e3 48 71 a2 33 3e |.....s%.?..Hq.3>| +00000020 90 32 74 bc 12 38 d6 3a d3 11 1d 00 00 04 00 0a |.2t..8.:........| +00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......| +00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................| +00000060 00 00 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 0a 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 04 90 54 41 b9 |.............TA.| +00000010 22 12 39 d9 1d 0b b8 6c d4 b3 8a ec 78 42 80 a5 |".9....l....xB..| +00000020 03 c9 2a 9e 95 6f a0 28 3a 5c e9 59 28 ba 49 9b |..*..o.(:\.Y(.I.| +00000030 37 63 61 3f c4 ac ba 55 6b 85 a5 27 ed 37 b9 25 |7ca?...Uk..'.7.%| +00000040 04 cf 84 ad 43 6b ab 13 fa 72 29 b8 01 d9 aa 0c |....Ck...r).....| +00000050 be b1 9a c4 5a 05 3d 2d 71 b4 72 f5 3a 77 fb 6b |....Z.=-q.r.:w.k| +00000060 45 b0 5b 00 f8 1e f9 70 7f a4 64 c9 1e 35 56 0b |E.[....p..d..5V.| +00000070 68 07 4c 04 95 f4 ca b1 0a b3 25 2b 93 2d be 80 |h.L.......%+.-..| +00000080 76 15 75 07 23 ee 25 f3 1b a8 2f 14 03 03 00 01 |v.u.#.%.../.....| +00000090 01 16 03 03 00 30 e5 cd 56 75 e6 a4 58 e5 33 cc |.....0..Vu..X.3.| +000000a0 95 23 e0 7f 01 f2 45 21 bb 7d 7c 17 1f 59 7c f9 |.#....E!.}|..Y|.| +000000b0 38 05 a3 95 4d 9b f2 3f 9d 84 2c 31 15 8b 4d d4 |8...M..?..,1..M.| +000000c0 17 3c 62 2b f6 71 |.>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 30 00 00 00 00 00 |..........0.....| +00000010 00 00 00 b3 85 c2 1b ac 9e c2 01 f7 0f 76 6d 09 |.............vm.| +00000020 5c 4f 9f a6 89 1b 56 e3 05 0b 7e 0d 9d 6b 36 35 |\O....V...~..k65| +00000030 49 99 aa 4c 14 3b 69 2a 87 71 7d 17 03 03 00 30 |I..L.;i*.q}....0| +00000040 00 00 00 00 00 00 00 00 15 65 d4 be e5 1b c9 29 |.........e.....)| +00000050 e9 3a c4 22 72 f8 0c 40 c7 f5 45 a1 a3 c8 a8 64 |.:."r..@..E....d| +00000060 22 4c 6c 79 3f 32 66 d4 05 09 a8 d4 d8 a8 f3 c7 |"Lly?2f.........| +00000070 15 03 03 00 20 00 00 00 00 00 00 00 00 fc 8d c6 |.... ...........| +00000080 3d b1 c4 9f 30 26 e3 b9 46 8f ce 9f 7e 5b 1e a3 |=...0&..F...~[..| +00000090 d0 98 64 3c 0d |..d<.| diff --git a/testdata/Server-TLSv12-RSA-AES b/testdata/Server-TLSv12-RSA-AES new file mode 100644 index 0000000..813f748 --- /dev/null +++ b/testdata/Server-TLSv12-RSA-AES @@ -0,0 +1,80 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 5d 01 00 00 59 03 03 7a e5 86 e2 0a |....]...Y..z....| +00000010 53 e7 ba 32 d1 57 47 ed 45 29 1b 33 2c 58 33 8f |S..2.WG.E).3,X3.| +00000020 36 2c 50 6f f9 c7 3b 12 40 23 e2 00 00 04 00 2f |6,Po..;.@#...../| +00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......| +00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................| +00000060 00 00 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 8f 13 d1 23 1b |..............#.| +00000010 8d 28 c7 a3 97 66 9f 8a c1 13 a1 c9 3b 25 93 7a |.(...f......;%.z| +00000020 ea 54 58 fc 57 41 ca 92 77 99 13 01 61 e4 73 90 |.TX.WA..w...a.s.| +00000030 c7 f1 2b 5e 5e 79 cf 69 7d 6b 3f 6e 5f 2e b0 f5 |..+^^y.i}k?n_...| +00000040 f7 53 2b 46 15 92 6c 20 95 6b 44 6a 0a 3d 0b 56 |.S+F..l .kDj.=.V| +00000050 66 53 ff 55 ec 38 10 cf 76 2c 0e ab 45 7a 02 6a |fS.U.8..v,..Ez.j| +00000060 75 07 11 80 6c d0 57 79 ed d6 4b b8 a0 04 91 a0 |u...l.Wy..K.....| +00000070 d4 4b 76 38 9c b3 a6 2e 0c 3e 63 a8 18 15 c9 ab |.Kv8.....>c.....| +00000080 54 69 cd e5 6f 3c 56 a6 5f a7 e0 14 03 03 00 01 |Ti..o>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 51 27 cd 07 6e |...........Q'..n| +00000020 72 c8 17 ba e7 62 7c d0 49 55 e7 e6 c5 2c 93 39 |r....b|.IU...,.9| +00000030 55 02 f5 fa 9a 7a 6f c5 79 6f ff 0f 4b b9 3d ad |U....zo.yo..K.=.| +00000040 23 c7 53 ad 13 2d d6 da 83 d0 67 17 03 03 00 40 |#.S..-....g....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 f5 09 3b 69 c2 1f f8 03 78 1b 13 57 ca 92 96 eb |..;i....x..W....| +00000070 f8 71 30 09 5a 68 01 47 96 b1 5b 7d b7 57 5e 70 |.q0.Zh.G..[}.W^p| +00000080 00 77 bb 55 32 7b d9 a5 f7 e2 a8 6d 4b d6 be c6 |.w.U2{.....mK...| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 58 1e a0 14 82 8d e4 c5 92 35 79 |.....X........5y| +000000b0 3b 5e 3a fe 97 18 db 27 19 7e b5 14 8c 01 fb 6a |;^:....'.~.....j| +000000c0 e4 26 96 e6 de |.&...| diff --git a/testdata/Server-TLSv12-RSA-AES-GCM b/testdata/Server-TLSv12-RSA-AES-GCM new file mode 100644 index 0000000..4e52915 --- /dev/null +++ b/testdata/Server-TLSv12-RSA-AES-GCM @@ -0,0 +1,79 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 73 01 00 00 6f 03 03 4e 1a d7 67 e4 |....s...o..N..g.| +00000010 d1 11 85 bc 62 59 da 8f ea d0 a0 2b 9b d3 47 aa |....bY.....+..G.| +00000020 d0 39 6f 3f 42 dc 7c 16 bb 25 ef 00 00 04 c0 2f |.9o?B.|..%...../| +00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........| +00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... | +00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................| +00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................| +00000070 00 16 00 00 00 17 00 00 |........| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............| +000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)| +000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;| +000002c0 74 05 01 00 80 b2 49 30 60 b7 0c 48 cb 9f 1c 75 |t.....I0`..H...u| +000002d0 a6 b0 b0 7b 5e e6 f9 bc 5a 49 d4 51 e2 76 4c 01 |...{^...ZI.Q.vL.| +000002e0 55 bd 37 cf 86 75 4f 33 9b fd 3c fc bb da 81 a9 |U.7..uO3..<.....| +000002f0 26 7b 82 31 c5 51 0f d4 e8 fa a3 16 45 19 c8 40 |&{.1.Q......E..@| +00000300 23 fa 32 bc 05 36 fb a7 a2 d9 6f e7 bc b8 27 0b |#.2..6....o...'.| +00000310 2a 9e 7b 95 fd b4 c0 2e f0 73 fe fb a2 ea 20 a2 |*.{......s.... .| +00000320 73 73 96 c8 bc 82 58 09 84 fc f4 09 2a c8 68 cb |ss....X.....*.h.| +00000330 66 b0 de 2c 78 7a d4 ec 06 f1 1c 52 03 5a 69 24 |f..,xz.....R.Zi$| +00000340 c4 e6 bb 68 f4 16 03 03 00 04 0e 00 00 00 |...h..........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 41 d4 8d 53 2e 47 |....%...! A..S.G| +00000010 b8 35 ba 86 3c 41 07 2e c1 a0 9d c2 e9 11 d8 20 |.5..>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 ec 99 e0 9a 83 28 94 e6 72 4f be 28 24 |........(..rO.($| +00000020 64 bd 9d 86 79 cc ab 05 15 39 06 6e da 0c b8 4e |d...y....9.n...N| +00000030 6c a9 f3 17 03 03 00 25 00 00 00 00 00 00 00 01 |l......%........| +00000040 9a d7 b0 54 dd 3c ae 8e 3f 1f 41 68 a5 01 a0 da |...T.<..?.Ah....| +00000050 e8 8e 90 55 1a 11 f0 70 8d a3 af a4 29 15 03 03 |...U...p....)...| +00000060 00 1a 00 00 00 00 00 00 00 02 a8 96 cb 16 d7 b1 |................| +00000070 41 7e bc 0e 01 8f cc 47 40 e5 c7 2a |A~.....G@..*| diff --git a/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 b/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 new file mode 100644 index 0000000..36be9da --- /dev/null +++ b/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384 @@ -0,0 +1,79 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 73 01 00 00 6f 03 03 b7 d2 dc fe 53 |....s...o......S| +00000010 d6 13 08 19 be 30 22 17 db a7 06 9b 62 82 14 38 |.....0".....b..8| +00000020 2e 68 70 08 02 7d 22 64 13 75 f5 00 00 04 c0 30 |.hp..}"d.u.....0| +00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........| +00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... | +00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................| +00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................| +00000070 00 16 00 00 00 17 00 00 |........| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............| +000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)| +000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;| +000002c0 74 05 01 00 80 b8 c4 6a be 2a dd 47 03 7b 84 72 |t......j.*.G.{.r| +000002d0 0b a4 c0 a7 2e b5 a4 be c7 6a 2a 8b d0 23 6f b5 |.........j*..#o.| +000002e0 bc 0e ba 3c f5 9d a3 90 b0 af 80 11 bd 22 b5 7b |...<.........".{| +000002f0 3c 53 f8 54 d0 b4 b0 53 28 75 0d 15 58 88 c2 90 |>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 20 df 4a b8 02 4f |....%...! .J..O| +00000010 31 db 22 90 59 57 20 23 e1 72 8d 28 60 b3 f2 77 |1.".YW #.r.(`..w| +00000020 db 3a ce 64 5a a5 63 94 be 09 14 03 03 00 01 01 |.:.dZ.c.........| +00000030 16 03 03 00 28 de 72 f3 c3 b2 aa b4 9b b7 fe 35 |....(.r........5| +00000040 3b 25 af 74 47 d3 49 39 07 d9 70 37 30 d0 b7 47 |;%.tG.I9..p70..G| +00000050 bf ad 97 08 44 59 a7 3c 12 f2 4a 2d 7c |....DY.<..J-|| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 16 18 e1 e8 d4 c0 d1 19 3a 50 10 85 fc |...........:P...| +00000020 fc 3e 27 54 e4 57 b6 e7 c4 25 d5 4e 10 ad 0f ff |.>'T.W...%.N....| +00000030 ad 45 8c 17 03 03 00 25 00 00 00 00 00 00 00 01 |.E.....%........| +00000040 50 b8 af 5f a2 3e 0f f7 f0 81 1f 32 69 39 2f f2 |P.._.>.....2i9/.| +00000050 47 28 80 fb d0 46 d4 b7 a2 ba e3 71 ea 15 03 03 |G(...F.....q....| +00000060 00 1a 00 00 00 00 00 00 00 02 c4 64 7a 81 b3 3a |...........dz..:| +00000070 2c 71 35 ec f7 0c 52 36 20 2c eb fe |,q5...R6 ,..| diff --git a/testdata/Server-TLSv12-RSA-RC4 b/testdata/Server-TLSv12-RSA-RC4 new file mode 100644 index 0000000..e49d1bc --- /dev/null +++ b/testdata/Server-TLSv12-RSA-RC4 @@ -0,0 +1,72 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 5d 01 00 00 59 03 03 55 3e 1a 3f cc |....]...Y..U>.?.| +00000010 14 18 07 db 5e 97 15 33 62 9d de 56 7b ea 52 bf |....^..3b..V{.R.| +00000020 a3 ce c2 75 3f 52 0a 2f 3e 99 07 00 00 04 00 05 |...u?R./>.......| +00000030 00 ff 01 00 00 2c 00 0d 00 20 00 1e 06 01 06 02 |.....,... ......| +00000040 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 |................| +00000050 03 02 03 03 02 01 02 02 02 03 00 16 00 00 00 17 |................| +00000060 00 00 |..| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 |................| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 a7 55 0a e7 33 |............U..3| +00000010 8e be 5a 3a b4 f4 06 6e fc 0e 42 6e f3 0c 01 5a |..Z:...n..Bn...Z| +00000020 65 73 36 bd cd be 0f 65 2f d2 88 1a f0 5e f8 07 |es6....e/....^..| +00000030 c1 fe 5f 5f d6 f5 fa 79 24 44 0d 33 4f e6 74 88 |..__...y$D.3O.t.| +00000040 86 f1 76 84 29 b4 f2 ae eb 9b 00 a2 6a e4 97 58 |..v.).......j..X| +00000050 8b 2e 04 8f 8f 5e fe b4 9d 38 1d 8d 40 a4 9b a2 |.....^...8..@...| +00000060 17 50 8a e5 39 c9 e9 41 3e 0d 9c 42 2c 7a 88 bf |.P..9..A>..B,z..| +00000070 f7 09 4e 27 0b fe cc 53 13 07 d5 7e 0e e6 02 3c |..N'...S...~...<| +00000080 8a 3f f9 03 df b6 65 a0 77 ee 50 14 03 03 00 01 |.?....e.w.P.....| +00000090 01 16 03 03 00 24 5f 41 3e 38 05 08 74 62 5b 4e |.....$_A>8..tb[N| +000000a0 94 55 98 74 5c 65 1a 4c 49 08 1d 77 d7 f0 12 47 |.U.t\e.LI..w...G| +000000b0 d2 ef a6 31 5c 36 03 b5 b5 9d |...1\6....| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 24 6f 68 a2 c0 4d |..........$oh..M| +00000010 f4 cb c0 e5 8b 19 f9 2e 46 c3 3b 92 eb a9 42 8b |........F.;...B.| +00000020 03 4a e2 62 9d f1 c0 39 b1 63 61 08 15 b0 ca 17 |.J.b...9.ca.....| +00000030 03 03 00 21 50 9e 16 ce 7e af 8f 43 d1 1c 30 37 |...!P...~..C..07| +00000040 85 e9 68 3a 9c 7e 26 90 dc 14 b1 ec 91 20 2b 4a |..h:.~&...... +J| +00000050 24 b4 fa b1 50 15 03 03 00 16 59 74 08 41 73 01 |$...P.....Yt.As.| +00000060 22 19 0b 35 6b 4d ee d2 15 50 42 de cc cf cc 09 |"..5kM...PB.....| diff --git a/testdata/Server-TLSv12-Resume b/testdata/Server-TLSv12-Resume new file mode 100644 index 0000000..366ca8f --- /dev/null +++ b/testdata/Server-TLSv12-Resume @@ -0,0 +1,41 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f9 01 00 00 f5 03 03 23 77 58 99 0e |...........#wX..| +00000010 44 ed 63 44 e4 e4 eb d1 83 c3 9c d0 24 12 a3 b9 |D.cD........$...| +00000020 55 6b 4d da bf 84 9d 35 de 43 a0 20 7b 93 cb d3 |UkM....5.C. {...| +00000030 c5 ce 5e d5 aa 48 91 a4 b2 c2 d7 72 09 0d 21 78 |..^..H.....r..!x| +00000040 f0 ac 7a ed 9a a9 ad dd 51 8b b2 1c 00 04 00 2f |..z.....Q....../| +00000050 00 ff 01 00 00 a8 00 23 00 78 50 46 ad c1 db a8 |.......#.xPF....| +00000060 38 86 7b 2b bb fd d0 c3 42 3e 00 00 00 00 00 00 |8.{+....B>......| +00000070 00 00 00 00 00 00 00 00 00 00 94 6f 2c 9f 83 61 |...........o,..a| +00000080 0b b1 b7 9e 10 2d 0c 56 e8 70 66 ad de b1 15 74 |.....-.V.pf....t| +00000090 2f 8b 08 8c 96 bb 4b 1b 4e dd 81 0e bf 84 4d 43 |/.....K.N.....MC| +000000a0 8f c0 7e a0 7f be c0 59 bf 83 26 0f a2 22 52 2c |..~....Y..&.."R,| +000000b0 33 94 5a 77 54 f3 b5 f2 22 51 d5 24 c2 60 c3 2e |3.ZwT..."Q.$.`..| +000000c0 0f 9c 5e 33 3b e8 7c 52 2a 76 08 58 ac 47 98 bc |..^3;.|R*v.X.G..| +000000d0 36 b6 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 |6.... ..........| +000000e0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................| +000000f0 02 01 02 02 02 03 00 16 00 00 00 17 00 00 |..............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 51 02 00 00 4d 03 03 00 00 00 00 00 |....Q...M.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 20 7b 93 cb d3 |........... {...| +00000030 c5 ce 5e d5 aa 48 91 a4 b2 c2 d7 72 09 0d 21 78 |..^..H.....r..!x| +00000040 f0 ac 7a ed 9a a9 ad dd 51 8b b2 1c 00 2f 00 00 |..z.....Q..../..| +00000050 05 ff 01 00 01 00 14 03 03 00 01 01 16 03 03 00 |................| +00000060 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |@...............| +00000070 00 ac d9 95 88 c6 37 e8 3c 24 d8 d9 15 46 25 c6 |......7.<$...F%.| +00000080 32 0c 75 80 11 3d 89 53 1c 7a b1 78 6a c1 1a d7 |2.u..=.S.z.xj...| +00000090 91 6e c2 55 99 84 11 43 cd 62 99 3b 28 1b 2e 08 |.n.U...C.b.;(...| +000000a0 a8 |.| +>>> Flow 3 (client to server) +00000000 14 03 03 00 01 01 16 03 03 00 40 67 fd 43 2a 0b |..........@g.C*.| +00000010 14 6b 89 53 84 a8 04 62 d6 30 af 68 eb 8e 2a de |.k.S...b.0.h..*.| +00000020 67 c9 40 af 8b ac dd 29 a4 20 e4 da b0 dd c3 05 |g.@....). ......| +00000030 82 83 8f 75 77 db 6c fe e7 20 54 e3 eb 51 31 68 |...uw.l.. T..Q1h| +00000040 da 11 a3 6d a1 34 d9 f5 d1 ef c9 |...m.4.....| +>>> Flow 4 (server to client) +00000000 17 03 03 00 40 00 00 00 00 00 00 00 00 00 00 00 |....@...........| +00000010 00 00 00 00 00 ee e2 75 6f 78 b0 88 1a 8b 9b 91 |.......uox......| +00000020 c9 8c 3b ae a5 93 71 12 55 66 f8 09 a5 1f 4b 1b |..;...q.Uf....K.| +00000030 c2 fe 65 8b 3d d9 dc fa af dc 29 1b 83 da e0 6a |..e.=.....)....j| +00000040 4b cd d0 dc 27 |K...'| diff --git a/testdata/Server-TLSv12-ResumeDisabled b/testdata/Server-TLSv12-ResumeDisabled new file mode 100644 index 0000000..3474837 --- /dev/null +++ b/testdata/Server-TLSv12-ResumeDisabled @@ -0,0 +1,89 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 f9 01 00 00 f5 03 03 e8 59 b4 a7 b2 |............Y...| +00000010 77 86 57 47 0d d7 7b 2b c1 a2 04 fd 8d 4d e4 f5 |w.WG..{+.....M..| +00000020 be e2 65 8e 28 9a fe c3 19 fc 43 20 40 38 fb 60 |..e.(.....C @8.`| +00000030 f8 2f 36 f4 85 1d ee f1 53 f2 90 cf 3c 58 36 cd |./6.....S.........| +00000070 00 00 00 00 00 00 00 00 00 00 94 6f 2c 9f 83 61 |...........o,..a| +00000080 2e fe 48 fe f6 bb 98 a0 6f b0 be 9e 86 d7 b2 f2 |..H.....o.......| +00000090 67 c7 44 c7 3d e4 2b de d0 f4 d2 17 51 84 8e 7a |g.D.=.+.....Q..z| +000000a0 a7 80 c4 65 14 f7 49 09 68 15 56 68 32 41 d1 6f |...e..I.h.Vh2A.o| +000000b0 33 94 a1 3a c9 37 20 5d e6 b0 6f 37 0a 10 e3 28 |3..:.7 ]..o7...(| +000000c0 e1 34 b6 6d e6 7a 44 24 7f 2f cf 1b ae dd 4c d0 |.4.m.zD$./....L.| +000000d0 11 75 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 |.u... ..........| +000000e0 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 |................| +000000f0 02 01 02 02 02 03 00 16 00 00 00 17 00 00 |..............| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 5e 04 66 f2 27 |...........^.f.'| +00000010 99 3b f8 15 9f b8 4a ab 8c 32 10 0d 5b c9 5b 0b |.;....J..2..[.[.| +00000020 04 69 dc 2b 9e bb 28 38 b6 a0 0f 32 ae 8c 96 64 |.i.+..(8...2...d| +00000030 63 97 6b b6 63 94 45 84 03 28 d1 d8 85 2f a7 bb |c.k.c.E..(.../..| +00000040 be ca 3e f5 30 27 e1 fd e5 cc bc b5 61 3d 26 8d |..>.0'......a=&.| +00000050 0e 93 dd 78 07 5c fe 1b a9 57 c7 ce e6 df eb 28 |...x.\...W.....(| +00000060 74 ce 12 f3 df 3f c0 9e 54 b6 e0 b0 ea f7 08 c6 |t....?..T.......| +00000070 e1 9b cb e7 e9 41 b0 b4 68 2f f2 9b 1a 0a e3 17 |.....A..h/......| +00000080 df d7 18 ff 95 ca 36 07 32 ff f9 14 03 03 00 01 |......6.2.......| +00000090 01 16 03 03 00 40 cb c3 74 05 82 ab 93 07 a2 8b |.....@..t.......| +000000a0 24 27 c0 21 3e d1 15 12 9a 85 20 5b f5 7e 7e 0a |$'.!>..... [.~~.| +000000b0 a0 8e b2 de aa 25 2a b3 3d 12 1b 01 45 ec 36 53 |.....%*.=...E.6S| +000000c0 32 1d 81 c7 1d a6 96 c2 a9 2e af fa 90 6e 76 bb |2............nv.| +000000d0 a2 bc 43 91 c9 ca |..C...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 7f 39 4c 83 d4 |............9L..| +00000020 ca a2 7a a8 eb 3e 45 18 6e 33 3d 6f eb 2d 4f 72 |..z..>E.n3=o.-Or| +00000030 35 ee c3 f8 22 fd 39 28 47 23 55 16 6c 47 80 b7 |5...".9(G#U.lG..| +00000040 65 31 15 f6 89 79 96 bd 6a df 1d 17 03 03 00 40 |e1...y..j......@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 0c ea 0d 87 9a 24 d5 cc 26 9a a2 32 df 04 24 7d |.....$..&..2..$}| +00000070 45 ed 35 4e 5b a0 57 c1 c7 f1 0f 8b b0 f9 49 85 |E.5N[.W.......I.| +00000080 d6 e6 36 26 d5 f3 e4 00 76 d0 d6 20 be b3 31 e5 |..6&....v.. ..1.| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 6c 51 e9 c2 e8 4f 43 e2 ce 01 9d |.....lQ...OC....| +000000b0 d9 6f d7 c7 bf 16 d9 28 ca 8a ea 5e d5 84 ba 55 |.o.....(...^...U| +000000c0 b7 23 9d 79 28 |.#.y(| diff --git a/testdata/Server-TLSv12-SNI b/testdata/Server-TLSv12-SNI new file mode 100644 index 0000000..852cc63 --- /dev/null +++ b/testdata/Server-TLSv12-SNI @@ -0,0 +1,81 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 71 01 00 00 6d 03 03 35 8f 03 0b f4 |....q...m..5....| +00000010 81 dd d7 ec 8b cc 85 bd 07 5b 83 16 cc 6e b2 67 |.........[...n.g| +00000020 fd 33 69 81 14 9a 14 9d 37 43 5a 00 00 04 00 2f |.3i.....7CZ..../| +00000030 00 ff 01 00 00 40 00 00 00 10 00 0e 00 00 0b 73 |.....@.........s| +00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 1e |nitest.com... ..| +00000050 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| +00000060 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................| +00000070 00 00 00 17 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 4c 15 46 23 91 |...........L.F#.| +00000010 a0 d8 6c 45 f0 49 7e 70 84 9f bf 53 3d 68 2c cc |..lE.I~p...S=h,.| +00000020 20 3f 28 bd cf e6 6e fd e6 90 ff 87 14 82 65 00 | ?(...n.......e.| +00000030 d6 b6 ef 5a 0c d6 30 76 88 d2 37 33 39 de 00 b4 |...Z..0v..739...| +00000040 ec dd 30 3b f6 88 ff 4c b2 98 75 77 fd c3 61 38 |..0;...L..uw..a8| +00000050 2d 00 f7 14 d8 a4 37 22 c0 db 8a bd 12 0b b8 cc |-.....7"........| +00000060 37 82 78 d3 0e f2 0b 9b 51 c5 26 c5 e2 ce 3e 0e |7.x.....Q.&...>.| +00000070 04 34 39 83 a8 f5 65 ff 40 d9 9b 4a 11 6b b3 d2 |.49...e.@..J.k..| +00000080 f7 02 78 a9 7c f4 69 56 3a a4 98 14 03 03 00 01 |..x.|.iV:.......| +00000090 01 16 03 03 00 40 d6 90 b3 07 d1 a1 c1 12 35 07 |.....@........5.| +000000a0 4e c0 df 4b 17 cc fa 49 47 c9 22 c3 6f 70 fa ee |N..K...IG.".op..| +000000b0 cf b3 61 d6 06 54 cd ce c2 15 17 8a a0 f6 5c 43 |..a..T........\C| +000000c0 7c 92 ce 89 d4 96 53 d0 c7 e6 9a 24 bc 5a 83 e5 ||.....S....$.Z..| +000000d0 9c 65 72 e7 80 a4 |.er...| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 a0 61 69 4c 9d |............aiL.| +00000020 68 f3 f8 f6 a0 ef 1b f4 a2 f5 83 fa 03 87 ad 67 |h..............g| +00000030 7e 9f df c6 ce 9f 69 ce 22 fc de 91 0d 18 00 fb |~.....i.".......| +00000040 c1 5d a1 2d bb 89 29 4f f6 de 57 17 03 03 00 40 |.].-..)O..W....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 bb 54 f4 80 69 1d 3b 9c e7 9c 1a fb 4e 3d c1 02 |.T..i.;.....N=..| +00000070 d3 05 86 35 47 61 59 aa 45 54 ae a2 59 4c 75 8c |...5GaY.ET..YLu.| +00000080 8d a9 7d 7f a0 4b d9 65 7a 53 ef 7e ed a3 fa 9e |..}..K.ezS.~....| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 cc fd 0f cb 74 a5 36 ce c1 cd 54 |.........t.6...T| +000000b0 6f 66 81 c0 ab ff 72 ea f3 1f a6 b7 ef 46 45 68 |of....r......FEh| +000000c0 9b 0b 7f 4f 46 |...OF| diff --git a/testdata/Server-TLSv12-SNI-GetCertificate b/testdata/Server-TLSv12-SNI-GetCertificate new file mode 100644 index 0000000..b35cd8d --- /dev/null +++ b/testdata/Server-TLSv12-SNI-GetCertificate @@ -0,0 +1,81 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 71 01 00 00 6d 03 03 31 c7 3f 2b 99 |....q...m..1.?+.| +00000010 95 d8 d5 b7 91 ab 95 c6 09 35 0c 2b bd b6 94 1e |.........5.+....| +00000020 64 4a 2d b6 43 23 a0 01 e7 93 22 00 00 04 00 2f |dJ-.C#...."..../| +00000030 00 ff 01 00 00 40 00 00 00 10 00 0e 00 00 0b 73 |.....@.........s| +00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 1e |nitest.com... ..| +00000050 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| +00000060 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................| +00000070 00 00 00 17 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 c9 3a 9d ea e3 |............:...| +00000010 19 f1 07 77 61 ef 5a aa ed 0f 26 b4 7a 45 db 05 |...wa.Z...&.zE..| +00000020 bd 51 77 f5 ee 7b c1 83 9c 95 49 7b 70 5e 5b fe |.Qw..{....I{p^[.| +00000030 25 d2 3d 64 74 b8 a4 97 fd cb b9 75 7b 8f b0 59 |%.=dt......u{..Y| +00000040 30 bf b3 41 ce 54 83 0a ca 29 49 5a fe 29 4c 53 |0..A.T...)IZ.)LS| +00000050 fb d6 6e 46 d9 f7 31 17 d6 ee f9 ac 41 82 22 11 |..nF..1.....A.".| +00000060 a7 34 07 41 50 43 2f 83 f6 1f c6 c0 9d 4a 67 5a |.4.APC/......JgZ| +00000070 af 44 59 c0 00 33 be 24 f7 0a a4 fe 76 6b 03 05 |.DY..3.$....vk..| +00000080 2e ec 4d 49 db 6e e5 0a 5f af 09 14 03 03 00 01 |..MI.n.._.......| +00000090 01 16 03 03 00 40 ad 89 4d 25 a2 ce 98 8c cf b6 |.....@..M%......| +000000a0 f5 f4 76 6b e7 71 66 4a f9 a7 67 fb 1d 6c a7 83 |..vk.qfJ..g..l..| +000000b0 3b 1d 6a af 65 f2 c1 1d 97 03 5b c2 34 ee 3b 8e |;.j.e.....[.4.;.| +000000c0 cc bd 8f 3a b8 9b 4f 90 3f de 1e 97 1e 8e 61 37 |...:..O.?.....a7| +000000d0 2d 30 35 84 3b 26 |-05.;&| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 fe 23 de 33 4b |............#.3K| +00000020 55 f2 8e 73 09 ba ae f1 12 bd f7 15 75 90 8f 19 |U..s........u...| +00000030 1b 19 b6 3f 2c 19 47 87 a9 43 d5 1e 85 fb 0c 90 |...?,.G..C......| +00000040 c8 18 72 8f 08 6f 48 43 3c 5c 5a 17 03 03 00 40 |..r..oHC<\Z....@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 4d 44 d7 eb a3 94 00 74 90 9d c0 bd 8e 11 eb b6 |MD.....t........| +00000070 93 43 c6 14 0d ba c2 aa f0 f5 2d 85 9a 7c 27 44 |.C........-..|'D| +00000080 fc d8 46 76 b2 21 4f 70 1a 9a df 9e 3a 8f a3 58 |..Fv.!Op....:..X| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 91 0f c3 2a 98 79 57 39 3c 68 98 |........*.yW9>> Flow 1 (client to server) +00000000 16 03 01 00 71 01 00 00 6d 03 03 f8 16 6b 20 c3 |....q...m....k .| +00000010 a4 cf fc ca 04 47 7a f9 cc d9 cf 4a 15 ff 6e 82 |.....Gz....J..n.| +00000020 14 6a 91 91 7f f1 f4 42 e6 7c d4 00 00 04 00 2f |.j.....B.|...../| +00000030 00 ff 01 00 00 40 00 00 00 10 00 0e 00 00 0b 73 |.....@.........s| +00000040 6e 69 74 65 73 74 2e 63 6f 6d 00 0d 00 20 00 1e |nitest.com... ..| +00000050 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................| +00000060 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 16 |................| +00000070 00 00 00 17 00 00 |......| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 04 0e 00 00 00 |;............| +>>> Flow 3 (client to server) +00000000 16 03 03 00 86 10 00 00 82 00 80 80 e8 00 cc 09 |................| +00000010 fc 87 20 9f 2a 38 33 6f cb 61 71 86 6d 55 6a 87 |.. .*83o.aq.mUj.| +00000020 e0 22 78 62 4e 3b 98 5c 87 fd 3b 1c 73 d3 77 7e |."xbN;.\..;.s.w~| +00000030 a4 c3 6f d4 6d 82 65 40 0e 70 2f 24 e9 7d ff 49 |..o.m.e@.p/$.}.I| +00000040 c7 bd 45 44 af ae a5 7a 06 06 5e 1e ce 31 73 4b |..ED...z..^..1sK| +00000050 4a 38 f0 11 ba 32 58 ab a5 94 12 13 30 83 95 85 |J8...2X.....0...| +00000060 f5 7e 8d a7 cc 6d 19 14 f9 b0 dc 64 e5 4d b1 7d |.~...m.....d.M.}| +00000070 e6 95 d4 4a 7f 85 11 5b a7 c9 32 84 c2 ec 2e c3 |...J...[..2.....| +00000080 40 fe 5c e2 cf 5b 96 8a 72 9f 9f 14 03 03 00 01 |@.\..[..r.......| +00000090 01 16 03 03 00 40 a8 d2 5b 24 28 2b 86 1e c1 2e |.....@..[$(+....| +000000a0 6f da 7a ac 6b bf 02 ea 10 5d 9c 71 fb 19 eb 17 |o.z.k....].q....| +000000b0 19 b2 07 7c b9 df d0 6d 9f 80 cf 37 a0 2a 18 c9 |...|...m...7.*..| +000000c0 e9 b5 9f 94 42 6a 6b 33 55 fb 6d 94 3b 79 ed 26 |....Bjk3U.m.;y.&| +000000d0 5c 5a 7f 68 2c d8 |\Z.h,.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 40 00 00 00 00 00 |..........@.....| +00000010 00 00 00 00 00 00 00 00 00 00 00 18 e9 b5 96 14 |................| +00000020 38 98 d4 23 cd e5 32 0e 09 ae b3 3b 90 a4 4d c2 |8..#..2....;..M.| +00000030 e5 a8 df 72 e8 97 0b 67 cb 87 f4 d0 3e 52 ca d1 |...r...g....>R..| +00000040 28 94 ed 88 6c cb 62 53 b2 a1 04 17 03 03 00 40 |(...l.bS.......@| +00000050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000060 0e e3 b0 da 4b 19 ca 29 7b 1d c8 e3 0d d7 f2 97 |....K..){.......| +00000070 b0 0b 6e f0 d2 4b f0 c4 ca 87 75 3c ae 66 e1 b3 |..n..K....u<.f..| +00000080 06 e3 e6 90 54 fd 31 f7 5d 3b 6f de 0f d5 e4 09 |....T.1.];o.....| +00000090 15 03 03 00 30 00 00 00 00 00 00 00 00 00 00 00 |....0...........| +000000a0 00 00 00 00 00 ee a1 b0 94 b5 86 71 73 66 14 ac |...........qsf..| +000000b0 5c 4e 1b 67 27 af db b6 e3 44 15 38 b1 f5 e0 13 |\N.g'....D.8....| +000000c0 a5 e1 82 c0 6a |....j| diff --git a/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM b/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM new file mode 100644 index 0000000..89587e9 --- /dev/null +++ b/testdata/Server-TLSv12-X25519-ECDHE-RSA-AES-GCM @@ -0,0 +1,79 @@ +>>> Flow 1 (client to server) +00000000 16 03 01 00 73 01 00 00 6f 03 03 33 6d f4 4a 4b |....s...o..3m.JK| +00000010 48 35 ef 62 e9 bd 66 90 7e 73 62 bf 93 51 3d 90 |H5.b..f.~sb..Q=.| +00000020 9e f1 17 ae bd 24 28 54 44 50 8e 00 00 04 c0 2f |.....$(TDP...../| +00000030 00 ff 01 00 00 42 00 0b 00 04 03 00 01 02 00 0a |.....B..........| +00000040 00 0a 00 08 00 1d 00 17 00 19 00 18 00 0d 00 20 |............... | +00000050 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 |................| +00000060 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 |................| +00000070 00 16 00 00 00 17 00 00 |........| +>>> Flow 2 (server to client) +00000000 16 03 03 00 31 02 00 00 2d 03 03 00 00 00 00 00 |....1...-.......| +00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| +00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 2f 00 00 |............./..| +00000030 05 ff 01 00 01 00 16 03 03 02 59 0b 00 02 55 00 |..........Y...U.| +00000040 02 52 00 02 4f 30 82 02 4b 30 82 01 b4 a0 03 02 |.R..O0..K0......| +00000050 01 02 02 09 00 e8 f0 9d 3f e2 5b ea a6 30 0d 06 |........?.[..0..| +00000060 09 2a 86 48 86 f7 0d 01 01 0b 05 00 30 1f 31 0b |.*.H........0.1.| +00000070 30 09 06 03 55 04 0a 13 02 47 6f 31 10 30 0e 06 |0...U....Go1.0..| +00000080 03 55 04 03 13 07 47 6f 20 52 6f 6f 74 30 1e 17 |.U....Go Root0..| +00000090 0d 31 36 30 31 30 31 30 30 30 30 30 30 5a 17 0d |.160101000000Z..| +000000a0 32 35 30 31 30 31 30 30 30 30 30 30 5a 30 1a 31 |250101000000Z0.1| +000000b0 0b 30 09 06 03 55 04 0a 13 02 47 6f 31 0b 30 09 |.0...U....Go1.0.| +000000c0 06 03 55 04 03 13 02 47 6f 30 81 9f 30 0d 06 09 |..U....Go0..0...| +000000d0 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d 00 30 |*.H............0| +000000e0 81 89 02 81 81 00 db 46 7d 93 2e 12 27 06 48 bc |.......F}...'.H.| +000000f0 06 28 21 ab 7e c4 b6 a2 5d fe 1e 52 45 88 7a 36 |.(!.~...]..RE.z6| +00000100 47 a5 08 0d 92 42 5b c2 81 c0 be 97 79 98 40 fb |G....B[.....y.@.| +00000110 4f 6d 14 fd 2b 13 8b c2 a5 2e 67 d8 d4 09 9e d6 |Om..+.....g.....| +00000120 22 38 b7 4a 0b 74 73 2b c2 34 f1 d1 93 e5 96 d9 |"8.J.ts+.4......| +00000130 74 7b f3 58 9f 6c 61 3c c0 b0 41 d4 d9 2b 2b 24 |t{.X.la<..A..++$| +00000140 23 77 5b 1c 3b bd 75 5d ce 20 54 cf a1 63 87 1d |#w[.;.u]. T..c..| +00000150 1e 24 c4 f3 1d 1a 50 8b aa b6 14 43 ed 97 a7 75 |.$....P....C...u| +00000160 62 f4 14 c8 52 d7 02 03 01 00 01 a3 81 93 30 81 |b...R.........0.| +00000170 90 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 |.0...U..........| +00000180 a0 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 |.0...U.%..0...+.| +00000190 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 |........+.......| +000001a0 30 0c 06 03 55 1d 13 01 01 ff 04 02 30 00 30 19 |0...U.......0.0.| +000001b0 06 03 55 1d 0e 04 12 04 10 9f 91 16 1f 43 43 3e |..U..........CC>| +000001c0 49 a6 de 6d b6 80 d7 9f 60 30 1b 06 03 55 1d 23 |I..m....`0...U.#| +000001d0 04 14 30 12 80 10 48 13 49 4d 13 7e 16 31 bb a3 |..0...H.IM.~.1..| +000001e0 01 d5 ac ab 6e 7b 30 19 06 03 55 1d 11 04 12 30 |....n{0...U....0| +000001f0 10 82 0e 65 78 61 6d 70 6c 65 2e 67 6f 6c 61 6e |...example.golan| +00000200 67 30 0d 06 09 2a 86 48 86 f7 0d 01 01 0b 05 00 |g0...*.H........| +00000210 03 81 81 00 9d 30 cc 40 2b 5b 50 a0 61 cb ba e5 |.....0.@+[P.a...| +00000220 53 58 e1 ed 83 28 a9 58 1a a9 38 a4 95 a1 ac 31 |SX...(.X..8....1| +00000230 5a 1a 84 66 3d 43 d3 2d d9 0b f2 97 df d3 20 64 |Z..f=C.-...... d| +00000240 38 92 24 3a 00 bc cf 9c 7d b7 40 20 01 5f aa d3 |8.$:....}.@ ._..| +00000250 16 61 09 a2 76 fd 13 c3 cc e1 0c 5c ee b1 87 82 |.a..v......\....| +00000260 f1 6c 04 ed 73 bb b3 43 77 8d 0c 1c f1 0f a1 d8 |.l..s..Cw.......| +00000270 40 83 61 c9 4c 72 2b 9d ae db 46 06 06 4d f4 c1 |@.a.Lr+...F..M..| +00000280 b3 3e c0 d1 bd 42 d4 db fe 3d 13 60 84 5c 21 d3 |.>...B...=.`.\!.| +00000290 3b e9 fa e7 16 03 03 00 ac 0c 00 00 a8 03 00 1d |;...............| +000002a0 20 2f e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 | /.}.G.bC.(.._.)| +000002b0 07 30 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b |.0.........._X.;| +000002c0 74 05 01 00 80 61 aa 96 74 97 9f 2a 81 df 73 4d |t....a..t..*..sM| +000002d0 58 fb 8b 34 d9 51 02 1d 30 45 98 11 fa 20 cc 48 |X..4.Q..0E... .H| +000002e0 18 8d 92 4a bc bf 34 c2 52 cc 7b 7d 93 32 f9 98 |...J..4.R.{}.2..| +000002f0 eb d0 6d 58 4c 24 71 f1 78 cc ee 4d f8 26 26 d3 |..mXL$q.x..M.&&.| +00000300 b0 1c 46 67 ff 75 fc b5 b3 75 31 f3 9d d6 51 07 |..Fg.u...u1...Q.| +00000310 7a c1 2f 52 3f 88 23 f2 90 74 d0 77 6d 2b c7 31 |z./R?.#..t.wm+.1| +00000320 3d 81 a8 b9 84 a6 8f 96 25 91 e8 31 3b e9 20 b8 |=.......%..1;. .| +00000330 c4 11 68 da 58 0a ee 79 de fe 32 29 d6 24 b0 56 |..h.X..y..2).$.V| +00000340 ab e8 b5 57 fc 16 03 03 00 04 0e 00 00 00 |...W..........| +>>> Flow 3 (client to server) +00000000 16 03 03 00 25 10 00 00 21 20 eb 0e 38 40 3f 32 |....%...! ..8@?2| +00000010 a4 95 fb c4 de e5 82 9a 4b 46 37 de 29 e5 6b e6 |........KF7.).k.| +00000020 44 bf f0 af 0c 62 19 bd 5c 0e 14 03 03 00 01 01 |D....b..\.......| +00000030 16 03 03 00 28 67 ad 91 f6 8d 8a 39 f7 f2 a6 42 |....(g.....9...B| +00000040 f2 8c 2f 1d b3 1d dd f1 88 65 7e 66 d2 d9 70 09 |../......e~f..p.| +00000050 4e 12 90 0d 0b d5 a5 a6 20 bc 32 63 05 |N....... .2c.| +>>> Flow 4 (server to client) +00000000 14 03 03 00 01 01 16 03 03 00 28 00 00 00 00 00 |..........(.....| +00000010 00 00 00 56 b1 b8 16 9a 27 c6 ee d4 7f b7 68 83 |...V....'.....h.| +00000020 43 3b 04 92 ec cc c7 db 82 f8 7d 04 64 1d 55 cf |C;........}.d.U.| +00000030 02 69 ac 17 03 03 00 25 00 00 00 00 00 00 00 01 |.i.....%........| +00000040 d6 69 51 5d 3b 00 93 c2 a6 19 97 7d bf a9 d9 96 |.iQ];......}....| +00000050 43 1d ae 32 c3 52 1a f0 18 ba 10 4c e0 15 03 03 |C..2.R.....L....| +00000060 00 1a 00 00 00 00 00 00 00 02 1e 8a 5e 37 c0 b1 |............^7..| +00000070 0d 1e c9 6a 90 23 d6 4c 5c 47 5b bf |...j.#.L\G[.| diff --git a/ticket.go b/ticket.go new file mode 100644 index 0000000..3e7aa93 --- /dev/null +++ b/ticket.go @@ -0,0 +1,200 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto/aes" + "crypto/cipher" + "crypto/hmac" + "crypto/sha256" + "crypto/subtle" + "errors" + "io" +) + +// sessionState contains the information that is serialized into a session +// ticket in order to later resume a connection. +type sessionState struct { + vers uint16 + cipherSuite uint16 + masterSecret []byte + certificates [][]byte + // usedOldKey is true if the ticket from which this session came from + // was encrypted with an older key and thus should be refreshed. + usedOldKey bool +} + +func (s *sessionState) equal(i interface{}) bool { + s1, ok := i.(*sessionState) + if !ok { + return false + } + + if s.vers != s1.vers || + s.cipherSuite != s1.cipherSuite || + !bytes.Equal(s.masterSecret, s1.masterSecret) { + return false + } + + if len(s.certificates) != len(s1.certificates) { + return false + } + + for i := range s.certificates { + if !bytes.Equal(s.certificates[i], s1.certificates[i]) { + return false + } + } + + return true +} + +func (s *sessionState) marshal() []byte { + length := 2 + 2 + 2 + len(s.masterSecret) + 2 + for _, cert := range s.certificates { + length += 4 + len(cert) + } + + ret := make([]byte, length) + x := ret + x[0] = byte(s.vers >> 8) + x[1] = byte(s.vers) + x[2] = byte(s.cipherSuite >> 8) + x[3] = byte(s.cipherSuite) + x[4] = byte(len(s.masterSecret) >> 8) + x[5] = byte(len(s.masterSecret)) + x = x[6:] + copy(x, s.masterSecret) + x = x[len(s.masterSecret):] + + x[0] = byte(len(s.certificates) >> 8) + x[1] = byte(len(s.certificates)) + x = x[2:] + + for _, cert := range s.certificates { + x[0] = byte(len(cert) >> 24) + x[1] = byte(len(cert) >> 16) + x[2] = byte(len(cert) >> 8) + x[3] = byte(len(cert)) + copy(x[4:], cert) + x = x[4+len(cert):] + } + + return ret +} + +func (s *sessionState) unmarshal(data []byte) bool { + if len(data) < 8 { + return false + } + + s.vers = uint16(data[0])<<8 | uint16(data[1]) + s.cipherSuite = uint16(data[2])<<8 | uint16(data[3]) + masterSecretLen := int(data[4])<<8 | int(data[5]) + data = data[6:] + if len(data) < masterSecretLen { + return false + } + + s.masterSecret = data[:masterSecretLen] + data = data[masterSecretLen:] + + if len(data) < 2 { + return false + } + + numCerts := int(data[0])<<8 | int(data[1]) + data = data[2:] + + s.certificates = make([][]byte, numCerts) + for i := range s.certificates { + if len(data) < 4 { + return false + } + certLen := int(data[0])<<24 | int(data[1])<<16 | int(data[2])<<8 | int(data[3]) + data = data[4:] + if certLen < 0 { + return false + } + if len(data) < certLen { + return false + } + s.certificates[i] = data[:certLen] + data = data[certLen:] + } + + return len(data) == 0 +} + +func (c *Conn) encryptTicket(state *sessionState) ([]byte, error) { + serialized := state.marshal() + encrypted := make([]byte, ticketKeyNameLen+aes.BlockSize+len(serialized)+sha256.Size) + keyName := encrypted[:ticketKeyNameLen] + iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize] + macBytes := encrypted[len(encrypted)-sha256.Size:] + + if _, err := io.ReadFull(c.config.rand(), iv); err != nil { + return nil, err + } + key := c.config.ticketKeys()[0] + copy(keyName, key.keyName[:]) + block, err := aes.NewCipher(key.aesKey[:]) + if err != nil { + return nil, errors.New("tls: failed to create cipher while encrypting ticket: " + err.Error()) + } + cipher.NewCTR(block, iv).XORKeyStream(encrypted[ticketKeyNameLen+aes.BlockSize:], serialized) + + mac := hmac.New(sha256.New, key.hmacKey[:]) + mac.Write(encrypted[:len(encrypted)-sha256.Size]) + mac.Sum(macBytes[:0]) + + return encrypted, nil +} + +func (c *Conn) decryptTicket(encrypted []byte) (*sessionState, bool) { + if c.config.SessionTicketsDisabled || + len(encrypted) < ticketKeyNameLen+aes.BlockSize+sha256.Size { + return nil, false + } + + keyName := encrypted[:ticketKeyNameLen] + iv := encrypted[ticketKeyNameLen : ticketKeyNameLen+aes.BlockSize] + macBytes := encrypted[len(encrypted)-sha256.Size:] + + keys := c.config.ticketKeys() + keyIndex := -1 + for i, candidateKey := range keys { + if bytes.Equal(keyName, candidateKey.keyName[:]) { + keyIndex = i + break + } + } + + if keyIndex == -1 { + return nil, false + } + key := &keys[keyIndex] + + mac := hmac.New(sha256.New, key.hmacKey[:]) + mac.Write(encrypted[:len(encrypted)-sha256.Size]) + expected := mac.Sum(nil) + + if subtle.ConstantTimeCompare(macBytes, expected) != 1 { + return nil, false + } + + block, err := aes.NewCipher(key.aesKey[:]) + if err != nil { + return nil, false + } + ciphertext := encrypted[ticketKeyNameLen+aes.BlockSize : len(encrypted)-sha256.Size] + plaintext := ciphertext + cipher.NewCTR(block, iv).XORKeyStream(plaintext, ciphertext) + + state := &sessionState{usedOldKey: keyIndex > 0} + ok := state.unmarshal(plaintext) + return state, ok +} diff --git a/tls.go b/tls.go new file mode 100644 index 0000000..615d1e5 --- /dev/null +++ b/tls.go @@ -0,0 +1,297 @@ +// Copyright 2009 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package tls partially implements TLS 1.2, as specified in RFC 5246. +package tls + +// BUG(agl): The crypto/tls package only implements some countermeasures +// against Lucky13 attacks on CBC-mode encryption, and only on SHA1 +// variants. See http://www.isg.rhul.ac.uk/tls/TLStiming.pdf and +// https://www.imperialviolet.org/2013/02/04/luckythirteen.html. + +import ( + "crypto" + "crypto/ecdsa" + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "errors" + "fmt" + "io/ioutil" + "net" + "strings" + "time" +) + +// Server returns a new TLS server side connection +// using conn as the underlying transport. +// The configuration config must be non-nil and must include +// at least one certificate or else set GetCertificate. +func Server(conn net.Conn, config *Config) *Conn { + return &Conn{conn: conn, config: config} +} + +// Client returns a new TLS client side connection +// using conn as the underlying transport. +// The config cannot be nil: users must set either ServerName or +// InsecureSkipVerify in the config. +func Client(conn net.Conn, config *Config) *Conn { + return &Conn{conn: conn, config: config, isClient: true} +} + +// A listener implements a network listener (net.Listener) for TLS connections. +type listener struct { + net.Listener + config *Config +} + +// Accept waits for and returns the next incoming TLS connection. +// The returned connection is of type *Conn. +func (l *listener) Accept() (net.Conn, error) { + c, err := l.Listener.Accept() + if err != nil { + return nil, err + } + return Server(c, l.config), nil +} + +// NewListener creates a Listener which accepts connections from an inner +// Listener and wraps each connection with Server. +// The configuration config must be non-nil and must include +// at least one certificate or else set GetCertificate. +func NewListener(inner net.Listener, config *Config) net.Listener { + l := new(listener) + l.Listener = inner + l.config = config + return l +} + +// Listen creates a TLS listener accepting connections on the +// given network address using net.Listen. +// The configuration config must be non-nil and must include +// at least one certificate or else set GetCertificate. +func Listen(network, laddr string, config *Config) (net.Listener, error) { + if config == nil || (len(config.Certificates) == 0 && config.GetCertificate == nil) { + return nil, errors.New("tls: neither Certificates nor GetCertificate set in Config") + } + l, err := net.Listen(network, laddr) + if err != nil { + return nil, err + } + return NewListener(l, config), nil +} + +type timeoutError struct{} + +func (timeoutError) Error() string { return "tls: DialWithDialer timed out" } +func (timeoutError) Timeout() bool { return true } +func (timeoutError) Temporary() bool { return true } + +// DialWithDialer connects to the given network address using dialer.Dial and +// then initiates a TLS handshake, returning the resulting TLS connection. Any +// timeout or deadline given in the dialer apply to connection and TLS +// handshake as a whole. +// +// DialWithDialer interprets a nil configuration as equivalent to the zero +// configuration; see the documentation of Config for the defaults. +func DialWithDialer(dialer *net.Dialer, network, addr string, config *Config) (*Conn, error) { + // We want the Timeout and Deadline values from dialer to cover the + // whole process: TCP connection and TLS handshake. This means that we + // also need to start our own timers now. + timeout := dialer.Timeout + + if !dialer.Deadline.IsZero() { + deadlineTimeout := time.Until(dialer.Deadline) + if timeout == 0 || deadlineTimeout < timeout { + timeout = deadlineTimeout + } + } + + var errChannel chan error + + if timeout != 0 { + errChannel = make(chan error, 2) + time.AfterFunc(timeout, func() { + errChannel <- timeoutError{} + }) + } + + rawConn, err := dialer.Dial(network, addr) + if err != nil { + return nil, err + } + + colonPos := strings.LastIndex(addr, ":") + if colonPos == -1 { + colonPos = len(addr) + } + hostname := addr[:colonPos] + + if config == nil { + config = defaultConfig() + } + // If no ServerName is set, infer the ServerName + // from the hostname we're connecting to. + if config.ServerName == "" { + // Make a copy to avoid polluting argument or default. + c := config.Clone() + c.ServerName = hostname + config = c + } + + conn := Client(rawConn, config) + + if timeout == 0 { + err = conn.Handshake() + } else { + go func() { + errChannel <- conn.Handshake() + }() + + err = <-errChannel + } + + if err != nil { + rawConn.Close() + return nil, err + } + + return conn, nil +} + +// Dial connects to the given network address using net.Dial +// and then initiates a TLS handshake, returning the resulting +// TLS connection. +// Dial interprets a nil configuration as equivalent to +// the zero configuration; see the documentation of Config +// for the defaults. +func Dial(network, addr string, config *Config) (*Conn, error) { + return DialWithDialer(new(net.Dialer), network, addr, config) +} + +// LoadX509KeyPair reads and parses a public/private key pair from a pair +// of files. The files must contain PEM encoded data. The certificate file +// may contain intermediate certificates following the leaf certificate to +// form a certificate chain. On successful return, Certificate.Leaf will +// be nil because the parsed form of the certificate is not retained. +func LoadX509KeyPair(certFile, keyFile string) (Certificate, error) { + certPEMBlock, err := ioutil.ReadFile(certFile) + if err != nil { + return Certificate{}, err + } + keyPEMBlock, err := ioutil.ReadFile(keyFile) + if err != nil { + return Certificate{}, err + } + return X509KeyPair(certPEMBlock, keyPEMBlock) +} + +// X509KeyPair parses a public/private key pair from a pair of +// PEM encoded data. On successful return, Certificate.Leaf will be nil because +// the parsed form of the certificate is not retained. +func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error) { + fail := func(err error) (Certificate, error) { return Certificate{}, err } + + var cert Certificate + var skippedBlockTypes []string + for { + var certDERBlock *pem.Block + certDERBlock, certPEMBlock = pem.Decode(certPEMBlock) + if certDERBlock == nil { + break + } + if certDERBlock.Type == "CERTIFICATE" { + cert.Certificate = append(cert.Certificate, certDERBlock.Bytes) + } else { + skippedBlockTypes = append(skippedBlockTypes, certDERBlock.Type) + } + } + + if len(cert.Certificate) == 0 { + if len(skippedBlockTypes) == 0 { + return fail(errors.New("tls: failed to find any PEM data in certificate input")) + } + if len(skippedBlockTypes) == 1 && strings.HasSuffix(skippedBlockTypes[0], "PRIVATE KEY") { + return fail(errors.New("tls: failed to find certificate PEM data in certificate input, but did find a private key; PEM inputs may have been switched")) + } + return fail(fmt.Errorf("tls: failed to find \"CERTIFICATE\" PEM block in certificate input after skipping PEM blocks of the following types: %v", skippedBlockTypes)) + } + + skippedBlockTypes = skippedBlockTypes[:0] + var keyDERBlock *pem.Block + for { + keyDERBlock, keyPEMBlock = pem.Decode(keyPEMBlock) + if keyDERBlock == nil { + if len(skippedBlockTypes) == 0 { + return fail(errors.New("tls: failed to find any PEM data in key input")) + } + if len(skippedBlockTypes) == 1 && skippedBlockTypes[0] == "CERTIFICATE" { + return fail(errors.New("tls: found a certificate rather than a key in the PEM for the private key")) + } + return fail(fmt.Errorf("tls: failed to find PEM block with type ending in \"PRIVATE KEY\" in key input after skipping PEM blocks of the following types: %v", skippedBlockTypes)) + } + if keyDERBlock.Type == "PRIVATE KEY" || strings.HasSuffix(keyDERBlock.Type, " PRIVATE KEY") { + break + } + skippedBlockTypes = append(skippedBlockTypes, keyDERBlock.Type) + } + + var err error + cert.PrivateKey, err = parsePrivateKey(keyDERBlock.Bytes) + if err != nil { + return fail(err) + } + + // We don't need to parse the public key for TLS, but we so do anyway + // to check that it looks sane and matches the private key. + x509Cert, err := x509.ParseCertificate(cert.Certificate[0]) + if err != nil { + return fail(err) + } + + switch pub := x509Cert.PublicKey.(type) { + case *rsa.PublicKey: + priv, ok := cert.PrivateKey.(*rsa.PrivateKey) + if !ok { + return fail(errors.New("tls: private key type does not match public key type")) + } + if pub.N.Cmp(priv.N) != 0 { + return fail(errors.New("tls: private key does not match public key")) + } + case *ecdsa.PublicKey: + priv, ok := cert.PrivateKey.(*ecdsa.PrivateKey) + if !ok { + return fail(errors.New("tls: private key type does not match public key type")) + } + if pub.X.Cmp(priv.X) != 0 || pub.Y.Cmp(priv.Y) != 0 { + return fail(errors.New("tls: private key does not match public key")) + } + default: + return fail(errors.New("tls: unknown public key algorithm")) + } + + return cert, nil +} + +// Attempt to parse the given private key DER block. OpenSSL 0.9.8 generates +// PKCS#1 private keys by default, while OpenSSL 1.0.0 generates PKCS#8 keys. +// OpenSSL ecparam generates SEC1 EC private keys for ECDSA. We try all three. +func parsePrivateKey(der []byte) (crypto.PrivateKey, error) { + if key, err := x509.ParsePKCS1PrivateKey(der); err == nil { + return key, nil + } + if key, err := x509.ParsePKCS8PrivateKey(der); err == nil { + switch key := key.(type) { + case *rsa.PrivateKey, *ecdsa.PrivateKey: + return key, nil + default: + return nil, errors.New("tls: found unknown private key type in PKCS#8 wrapping") + } + } + if key, err := x509.ParseECPrivateKey(der); err == nil { + return key, nil + } + + return nil, errors.New("tls: failed to parse private key") +} diff --git a/tls_test.go b/tls_test.go new file mode 100644 index 0000000..86812f0 --- /dev/null +++ b/tls_test.go @@ -0,0 +1,857 @@ +// Copyright 2012 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +package tls + +import ( + "bytes" + "crypto/x509" + "errors" + "fmt" + "internal/testenv" + "io" + "io/ioutil" + "math" + "net" + "os" + "reflect" + "strings" + "testing" + "time" +) + +var rsaCertPEM = `-----BEGIN CERTIFICATE----- +MIIB0zCCAX2gAwIBAgIJAI/M7BYjwB+uMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQwHhcNMTIwOTEyMjE1MjAyWhcNMTUwOTEyMjE1MjAyWjBF +MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 +ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANLJ +hPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wok/4xIA+ui35/MmNa +rtNuC+BdZ1tMuVCPFZcCAwEAAaNQME4wHQYDVR0OBBYEFJvKs8RfJaXTH08W+SGv +zQyKn0H8MB8GA1UdIwQYMBaAFJvKs8RfJaXTH08W+SGvzQyKn0H8MAwGA1UdEwQF +MAMBAf8wDQYJKoZIhvcNAQEFBQADQQBJlffJHybjDGxRMqaRmDhX0+6v02TUKZsW +r5QuVbpQhH6u+0UgcW0jp9QwpxoPTLTWGXEWBBBurxFwiCBhkQ+V +-----END CERTIFICATE----- +` + +var rsaKeyPEM = `-----BEGIN RSA PRIVATE KEY----- +MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo +k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G +6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N +MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW +SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T +xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi +D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== +-----END RSA PRIVATE KEY----- +` + +// keyPEM is the same as rsaKeyPEM, but declares itself as just +// "PRIVATE KEY", not "RSA PRIVATE KEY". https://golang.org/issue/4477 +var keyPEM = `-----BEGIN PRIVATE KEY----- +MIIBOwIBAAJBANLJhPHhITqQbPklG3ibCVxwGMRfp/v4XqhfdQHdcVfHap6NQ5Wo +k/4xIA+ui35/MmNartNuC+BdZ1tMuVCPFZcCAwEAAQJAEJ2N+zsR0Xn8/Q6twa4G +6OB1M1WO+k+ztnX/1SvNeWu8D6GImtupLTYgjZcHufykj09jiHmjHx8u8ZZB/o1N +MQIhAPW+eyZo7ay3lMz1V01WVjNKK9QSn1MJlb06h/LuYv9FAiEA25WPedKgVyCW +SmUwbPw8fnTcpqDWE3yTO3vKcebqMSsCIBF3UmVue8YU3jybC3NxuXq3wNm34R8T +xVLHwDXh/6NJAiEAl2oHGGLz64BuAfjKrqwz7qMYr9HCLIe/YsoWq/olzScCIQDi +D2lWusoe2/nEqfDVVWGWlyJ7yOmqaVm/iNUN9B2N2g== +-----END PRIVATE KEY----- +` + +var ecdsaCertPEM = `-----BEGIN CERTIFICATE----- +MIIB/jCCAWICCQDscdUxw16XFDAJBgcqhkjOPQQBMEUxCzAJBgNVBAYTAkFVMRMw +EQYDVQQIEwpTb21lLVN0YXRlMSEwHwYDVQQKExhJbnRlcm5ldCBXaWRnaXRzIFB0 +eSBMdGQwHhcNMTIxMTE0MTI0MDQ4WhcNMTUxMTE0MTI0MDQ4WjBFMQswCQYDVQQG +EwJBVTETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lk +Z2l0cyBQdHkgTHRkMIGbMBAGByqGSM49AgEGBSuBBAAjA4GGAAQBY9+my9OoeSUR +lDQdV/x8LsOuLilthhiS1Tz4aGDHIPwC1mlvnf7fg5lecYpMCrLLhauAc1UJXcgl +01xoLuzgtAEAgv2P/jgytzRSpUYvgLBt1UA0leLYBy6mQQbrNEuqT3INapKIcUv8 +XxYP0xMEUksLPq6Ca+CRSqTtrd/23uTnapkwCQYHKoZIzj0EAQOBigAwgYYCQXJo +A7Sl2nLVf+4Iu/tAX/IF4MavARKC4PPHK3zfuGfPR3oCCcsAoz3kAzOeijvd0iXb +H5jBImIxPL4WxQNiBTexAkF8D1EtpYuWdlVQ80/h/f4pBcGiXPqX5h2PQSQY7hP1 ++jwM1FGS4fREIOvlBYr/SzzQRtwrvrzGYxDEDbsC0ZGRnA== +-----END CERTIFICATE----- +` + +var ecdsaKeyPEM = `-----BEGIN EC PARAMETERS----- +BgUrgQQAIw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MIHcAgEBBEIBrsoKp0oqcv6/JovJJDoDVSGWdirrkgCWxrprGlzB9o0X8fV675X0 +NwuBenXFfeZvVcwluO7/Q9wkYoPd/t3jGImgBwYFK4EEACOhgYkDgYYABAFj36bL +06h5JRGUNB1X/Hwuw64uKW2GGJLVPPhoYMcg/ALWaW+d/t+DmV5xikwKssuFq4Bz +VQldyCXTXGgu7OC0AQCC/Y/+ODK3NFKlRi+AsG3VQDSV4tgHLqZBBus0S6pPcg1q +kohxS/xfFg/TEwRSSws+roJr4JFKpO2t3/be5OdqmQ== +-----END EC PRIVATE KEY----- +` + +var keyPairTests = []struct { + algo string + cert string + key string +}{ + {"ECDSA", ecdsaCertPEM, ecdsaKeyPEM}, + {"RSA", rsaCertPEM, rsaKeyPEM}, + {"RSA-untyped", rsaCertPEM, keyPEM}, // golang.org/issue/4477 +} + +func TestX509KeyPair(t *testing.T) { + t.Parallel() + var pem []byte + for _, test := range keyPairTests { + pem = []byte(test.cert + test.key) + if _, err := X509KeyPair(pem, pem); err != nil { + t.Errorf("Failed to load %s cert followed by %s key: %s", test.algo, test.algo, err) + } + pem = []byte(test.key + test.cert) + if _, err := X509KeyPair(pem, pem); err != nil { + t.Errorf("Failed to load %s key followed by %s cert: %s", test.algo, test.algo, err) + } + } +} + +func TestX509KeyPairErrors(t *testing.T) { + _, err := X509KeyPair([]byte(rsaKeyPEM), []byte(rsaCertPEM)) + if err == nil { + t.Fatalf("X509KeyPair didn't return an error when arguments were switched") + } + if subStr := "been switched"; !strings.Contains(err.Error(), subStr) { + t.Fatalf("Expected %q in the error when switching arguments to X509KeyPair, but the error was %q", subStr, err) + } + + _, err = X509KeyPair([]byte(rsaCertPEM), []byte(rsaCertPEM)) + if err == nil { + t.Fatalf("X509KeyPair didn't return an error when both arguments were certificates") + } + if subStr := "certificate"; !strings.Contains(err.Error(), subStr) { + t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were certificates, but the error was %q", subStr, err) + } + + const nonsensePEM = ` +-----BEGIN NONSENSE----- +Zm9vZm9vZm9v +-----END NONSENSE----- +` + + _, err = X509KeyPair([]byte(nonsensePEM), []byte(nonsensePEM)) + if err == nil { + t.Fatalf("X509KeyPair didn't return an error when both arguments were nonsense") + } + if subStr := "NONSENSE"; !strings.Contains(err.Error(), subStr) { + t.Fatalf("Expected %q in the error when both arguments to X509KeyPair were nonsense, but the error was %q", subStr, err) + } +} + +func TestX509MixedKeyPair(t *testing.T) { + if _, err := X509KeyPair([]byte(rsaCertPEM), []byte(ecdsaKeyPEM)); err == nil { + t.Error("Load of RSA certificate succeeded with ECDSA private key") + } + if _, err := X509KeyPair([]byte(ecdsaCertPEM), []byte(rsaKeyPEM)); err == nil { + t.Error("Load of ECDSA certificate succeeded with RSA private key") + } +} + +func newLocalListener(t testing.TB) net.Listener { + ln, err := net.Listen("tcp", "127.0.0.1:0") + if err != nil { + ln, err = net.Listen("tcp6", "[::1]:0") + } + if err != nil { + t.Fatal(err) + } + return ln +} + +func TestDialTimeout(t *testing.T) { + if testing.Short() { + t.Skip("skipping in short mode") + } + listener := newLocalListener(t) + + addr := listener.Addr().String() + defer listener.Close() + + complete := make(chan bool) + defer close(complete) + + go func() { + conn, err := listener.Accept() + if err != nil { + t.Error(err) + return + } + <-complete + conn.Close() + }() + + dialer := &net.Dialer{ + Timeout: 10 * time.Millisecond, + } + + var err error + if _, err = DialWithDialer(dialer, "tcp", addr, nil); err == nil { + t.Fatal("DialWithTimeout completed successfully") + } + + if !isTimeoutError(err) { + t.Errorf("resulting error not a timeout: %v\nType %T: %#v", err, err, err) + } +} + +func isTimeoutError(err error) bool { + if ne, ok := err.(net.Error); ok { + return ne.Timeout() + } + return false +} + +// tests that Conn.Read returns (non-zero, io.EOF) instead of +// (non-zero, nil) when a Close (alertCloseNotify) is sitting right +// behind the application data in the buffer. +func TestConnReadNonzeroAndEOF(t *testing.T) { + // This test is racy: it assumes that after a write to a + // localhost TCP connection, the peer TCP connection can + // immediately read it. Because it's racy, we skip this test + // in short mode, and then retry it several times with an + // increasing sleep in between our final write (via srv.Close + // below) and the following read. + if testing.Short() { + t.Skip("skipping in short mode") + } + var err error + for delay := time.Millisecond; delay <= 64*time.Millisecond; delay *= 2 { + if err = testConnReadNonzeroAndEOF(t, delay); err == nil { + return + } + } + t.Error(err) +} + +func testConnReadNonzeroAndEOF(t *testing.T, delay time.Duration) error { + ln := newLocalListener(t) + defer ln.Close() + + srvCh := make(chan *Conn, 1) + var serr error + go func() { + sconn, err := ln.Accept() + if err != nil { + serr = err + srvCh <- nil + return + } + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + serr = fmt.Errorf("handshake: %v", err) + srvCh <- nil + return + } + srvCh <- srv + }() + + clientConfig := testConfig.Clone() + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + t.Fatal(err) + } + defer conn.Close() + + srv := <-srvCh + if srv == nil { + return serr + } + + buf := make([]byte, 6) + + srv.Write([]byte("foobar")) + n, err := conn.Read(buf) + if n != 6 || err != nil || string(buf) != "foobar" { + return fmt.Errorf("Read = %d, %v, data %q; want 6, nil, foobar", n, err, buf) + } + + srv.Write([]byte("abcdef")) + srv.Close() + time.Sleep(delay) + n, err = conn.Read(buf) + if n != 6 || string(buf) != "abcdef" { + return fmt.Errorf("Read = %d, buf= %q; want 6, abcdef", n, buf) + } + if err != io.EOF { + return fmt.Errorf("Second Read error = %v; want io.EOF", err) + } + return nil +} + +func TestTLSUniqueMatches(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + serverTLSUniques := make(chan []byte) + go func() { + for i := 0; i < 2; i++ { + sconn, err := ln.Accept() + if err != nil { + t.Error(err) + return + } + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + t.Error(err) + return + } + serverTLSUniques <- srv.ConnectionState().TLSUnique + } + }() + + clientConfig := testConfig.Clone() + clientConfig.ClientSessionCache = NewLRUClientSessionCache(1) + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + t.Fatal(err) + } + if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) { + t.Error("client and server channel bindings differ") + } + conn.Close() + + conn, err = Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + t.Fatal(err) + } + defer conn.Close() + if !conn.ConnectionState().DidResume { + t.Error("second session did not use resumption") + } + if !bytes.Equal(conn.ConnectionState().TLSUnique, <-serverTLSUniques) { + t.Error("client and server channel bindings differ when session resumption is used") + } +} + +func TestVerifyHostname(t *testing.T) { + testenv.MustHaveExternalNetwork(t) + + c, err := Dial("tcp", "www.google.com:https", nil) + if err != nil { + t.Fatal(err) + } + if err := c.VerifyHostname("www.google.com"); err != nil { + t.Fatalf("verify www.google.com: %v", err) + } + if err := c.VerifyHostname("www.yahoo.com"); err == nil { + t.Fatalf("verify www.yahoo.com succeeded") + } + + c, err = Dial("tcp", "www.google.com:https", &Config{InsecureSkipVerify: true}) + if err != nil { + t.Fatal(err) + } + if err := c.VerifyHostname("www.google.com"); err == nil { + t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") + } + if err := c.VerifyHostname("www.yahoo.com"); err == nil { + t.Fatalf("verify www.google.com succeeded with InsecureSkipVerify=true") + } +} + +func TestVerifyHostnameResumed(t *testing.T) { + testenv.MustHaveExternalNetwork(t) + + config := &Config{ + ClientSessionCache: NewLRUClientSessionCache(32), + } + for i := 0; i < 2; i++ { + c, err := Dial("tcp", "www.google.com:https", config) + if err != nil { + t.Fatalf("Dial #%d: %v", i, err) + } + cs := c.ConnectionState() + if i > 0 && !cs.DidResume { + t.Fatalf("Subsequent connection unexpectedly didn't resume") + } + if cs.VerifiedChains == nil { + t.Fatalf("Dial #%d: cs.VerifiedChains == nil", i) + } + if err := c.VerifyHostname("www.google.com"); err != nil { + t.Fatalf("verify www.google.com #%d: %v", i, err) + } + c.Close() + } +} + +func TestConnCloseBreakingWrite(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + srvCh := make(chan *Conn, 1) + var serr error + var sconn net.Conn + go func() { + var err error + sconn, err = ln.Accept() + if err != nil { + serr = err + srvCh <- nil + return + } + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + serr = fmt.Errorf("handshake: %v", err) + srvCh <- nil + return + } + srvCh <- srv + }() + + cconn, err := net.Dial("tcp", ln.Addr().String()) + if err != nil { + t.Fatal(err) + } + defer cconn.Close() + + conn := &changeImplConn{ + Conn: cconn, + } + + clientConfig := testConfig.Clone() + tconn := Client(conn, clientConfig) + if err := tconn.Handshake(); err != nil { + t.Fatal(err) + } + + srv := <-srvCh + if srv == nil { + t.Fatal(serr) + } + defer sconn.Close() + + connClosed := make(chan struct{}) + conn.closeFunc = func() error { + close(connClosed) + return nil + } + + inWrite := make(chan bool, 1) + var errConnClosed = errors.New("conn closed for test") + conn.writeFunc = func(p []byte) (n int, err error) { + inWrite <- true + <-connClosed + return 0, errConnClosed + } + + closeReturned := make(chan bool, 1) + go func() { + <-inWrite + tconn.Close() // test that this doesn't block forever. + closeReturned <- true + }() + + _, err = tconn.Write([]byte("foo")) + if err != errConnClosed { + t.Errorf("Write error = %v; want errConnClosed", err) + } + + <-closeReturned + if err := tconn.Close(); err != errClosed { + t.Errorf("Close error = %v; want errClosed", err) + } +} + +func TestConnCloseWrite(t *testing.T) { + ln := newLocalListener(t) + defer ln.Close() + + clientDoneChan := make(chan struct{}) + + serverCloseWrite := func() error { + sconn, err := ln.Accept() + if err != nil { + return fmt.Errorf("accept: %v", err) + } + defer sconn.Close() + + serverConfig := testConfig.Clone() + srv := Server(sconn, serverConfig) + if err := srv.Handshake(); err != nil { + return fmt.Errorf("handshake: %v", err) + } + defer srv.Close() + + data, err := ioutil.ReadAll(srv) + if err != nil { + return err + } + if len(data) > 0 { + return fmt.Errorf("Read data = %q; want nothing", data) + } + + if err := srv.CloseWrite(); err != nil { + return fmt.Errorf("server CloseWrite: %v", err) + } + + // Wait for clientCloseWrite to finish, so we know we + // tested the CloseWrite before we defer the + // sconn.Close above, which would also cause the + // client to unblock like CloseWrite. + <-clientDoneChan + return nil + } + + clientCloseWrite := func() error { + defer close(clientDoneChan) + + clientConfig := testConfig.Clone() + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + return err + } + if err := conn.Handshake(); err != nil { + return err + } + defer conn.Close() + + if err := conn.CloseWrite(); err != nil { + return fmt.Errorf("client CloseWrite: %v", err) + } + + if _, err := conn.Write([]byte{0}); err != errShutdown { + return fmt.Errorf("CloseWrite error = %v; want errShutdown", err) + } + + data, err := ioutil.ReadAll(conn) + if err != nil { + return err + } + if len(data) > 0 { + return fmt.Errorf("Read data = %q; want nothing", data) + } + return nil + } + + errChan := make(chan error, 2) + + go func() { errChan <- serverCloseWrite() }() + go func() { errChan <- clientCloseWrite() }() + + for i := 0; i < 2; i++ { + select { + case err := <-errChan: + if err != nil { + t.Fatal(err) + } + case <-time.After(10 * time.Second): + t.Fatal("deadlock") + } + } + + // Also test CloseWrite being called before the handshake is + // finished: + { + ln2 := newLocalListener(t) + defer ln2.Close() + + netConn, err := net.Dial("tcp", ln2.Addr().String()) + if err != nil { + t.Fatal(err) + } + defer netConn.Close() + conn := Client(netConn, testConfig.Clone()) + + if err := conn.CloseWrite(); err != errEarlyCloseWrite { + t.Errorf("CloseWrite error = %v; want errEarlyCloseWrite", err) + } + } +} + +func TestCloneFuncFields(t *testing.T) { + const expectedCount = 5 + called := 0 + + c1 := Config{ + Time: func() time.Time { + called |= 1 << 0 + return time.Time{} + }, + GetCertificate: func(*ClientHelloInfo) (*Certificate, error) { + called |= 1 << 1 + return nil, nil + }, + GetClientCertificate: func(*CertificateRequestInfo) (*Certificate, error) { + called |= 1 << 2 + return nil, nil + }, + GetConfigForClient: func(*ClientHelloInfo) (*Config, error) { + called |= 1 << 3 + return nil, nil + }, + VerifyPeerCertificate: func(rawCerts [][]byte, verifiedChains [][]*x509.Certificate) error { + called |= 1 << 4 + return nil + }, + } + + c2 := c1.Clone() + + c2.Time() + c2.GetCertificate(nil) + c2.GetClientCertificate(nil) + c2.GetConfigForClient(nil) + c2.VerifyPeerCertificate(nil, nil) + + if called != (1< len(p) { + allowed = len(p) + } + if wrote < allowed { + n, err := c.Conn.Write(p[wrote:allowed]) + wrote += n + if err != nil { + return wrote, err + } + } + } + return len(p), nil +} + +func latency(b *testing.B, bps int, dynamicRecordSizingDisabled bool) { + ln := newLocalListener(b) + defer ln.Close() + + N := b.N + + go func() { + for i := 0; i < N; i++ { + sconn, err := ln.Accept() + if err != nil { + // panic rather than synchronize to avoid benchmark overhead + // (cannot call b.Fatal in goroutine) + panic(fmt.Errorf("accept: %v", err)) + } + serverConfig := testConfig.Clone() + serverConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled + srv := Server(&slowConn{sconn, bps}, serverConfig) + if err := srv.Handshake(); err != nil { + panic(fmt.Errorf("handshake: %v", err)) + } + io.Copy(srv, srv) + } + }() + + clientConfig := testConfig.Clone() + clientConfig.DynamicRecordSizingDisabled = dynamicRecordSizingDisabled + + buf := make([]byte, 16384) + peek := make([]byte, 1) + + for i := 0; i < N; i++ { + conn, err := Dial("tcp", ln.Addr().String(), clientConfig) + if err != nil { + b.Fatal(err) + } + // make sure we're connected and previous connection has stopped + if _, err := conn.Write(buf[:1]); err != nil { + b.Fatal(err) + } + if _, err := io.ReadFull(conn, peek); err != nil { + b.Fatal(err) + } + if _, err := conn.Write(buf); err != nil { + b.Fatal(err) + } + if _, err = io.ReadFull(conn, peek); err != nil { + b.Fatal(err) + } + conn.Close() + } +} + +func BenchmarkLatency(b *testing.B) { + for _, mode := range []string{"Max", "Dynamic"} { + for _, kbps := range []int{200, 500, 1000, 2000, 5000} { + name := fmt.Sprintf("%sPacket/%dkbps", mode, kbps) + b.Run(name, func(b *testing.B) { + latency(b, kbps*1000, mode == "Max") + }) + } + } +}